9cfae7dbb668da698752a85e6e8b50f45aeddadd2927b0de247064d0da675a16

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 11:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d62dd2aa680c0aec0a6299f8a0e24fee_JaffaCakes118.html
Size

213KB
MD5

d62dd2aa680c0aec0a6299f8a0e24fee
SHA1

aaeba156b4e3062598b2bb73af0e73ab3bed52c6
SHA256

9cfae7dbb668da698752a85e6e8b50f45aeddadd2927b0de247064d0da675a16
SHA512

964a5b5e6e5a0e66b6b31b61782b42ac35765c26d0de330aba4b444f53648901d4ffe9aefe8c4c3dc989557dbadc601d0800857f56bc9520f1cc260d75a4c945
SSDEEP

3072:S0ECWnlPbUxoI0AljGhyfkMY+BES09JXAnyrZalI+YQ:SfCWlPo1lcksMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432041529"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC48A2D1-6E9A-11EF-9188-62D153EDECD4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2732	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2732	iexplore.exe
2732	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2836	2732	iexplore.exe	30
PID 2732 wrote to memory of 2836	2732	iexplore.exe	30
PID 2732 wrote to memory of 2836	2732	iexplore.exe	30
PID 2732 wrote to memory of 2836	2732	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d62dd2aa680c0aec0a6299f8a0e24fee_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b8e9d4629d6d7c5769316e429e9c93c

SHA1
9fa363c09977dc17da01c987013fd0714704e4b6

SHA256
d88dcc931c80809e49ff2b1c3f360cae0799044f6d80b3a727ef1209529e96d6

SHA512
7940243d457d54f060c106531c584ed28f0c0bc7cb906f585a9ced4bfd038c84dd7f9afa11255b257017a01cb13970f4790de1c14319be91f7d954c8d76e756b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b12eb29fa68535620c39dd4072ea0da6

SHA1
213157754a3e15512552b2624b3bcfbe97c58768

SHA256
f0fb69d26113fb156e458fff37d2a21e0b72a4f70f196ae61db35b00fc9930ea

SHA512
8ce0d6bd8672755c4899bef033f4b49eb24757f5dddd6627cecd7e8f1e317c619d77bce6dea64b92e559f34bc0c18c5ab3042f623178535fca961ca7036c8bd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
839a40f6b67b9499bb824bcfaa44a5e7

SHA1
78b3e982143b43086e81c885dd46b94605da8312

SHA256
144b8aace5b720ed687fbc9a7f205b092cbf63570fa5f394e35333c7b2d9f15e

SHA512
723800ef5d9577ee81aa804f6e52bec095590650dd22de43bbcff513f278256bb7e8a70113b6aaec38aa6ebbee915c001527dd0d11d5de81b0e32291fc49e852

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c412203c96d44a8fd956a9093cb8da7

SHA1
e1e7c89450eb0a5becedcbd26c7027dfc3306774

SHA256
6ca05281bd379bacbbc22be88d32a2ee9cef9f668f06bebbd03f106d42514da2

SHA512
58a4defa26f273b34be5d3a2c2d7b9af425d34719edd2227111c9756a30143edbe2931b36cb284c764622a2bc526f4b2f5de00d140d213ee302bff5a506d3814

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
403029cfe147ebf7f5c7f4813c5d42ba

SHA1
a659bd9d3cfd55ffa97874e99c36a8ae9fb1d0d8

SHA256
c1542ec6fbf764fed70ebfd58834b6b4ba3ef9a4089bef7140f508a2d39ed355

SHA512
3f19cd1b61bafcc773a4a860d5565d42e05973f73af2fce5355f44504d17be3447b037d2eadfd8531b47a0b7594d951055c13c9b213adf31f54d0509b9b034f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0abb25510cf12ca0ea29567639480296

SHA1
af29cd419f01470a8af5dd8dad3d26f676f3526c

SHA256
ec98f668bb6b0bd67c8ad92d2d50f3980a6886e2982aac3f29dc0f03fb8ebe48

SHA512
48a8604e1ac0efef568afba30535e081be43bc208d3690987fb231134840a961fd0421708f976c1d7dfa0b456f99cf2d4be2e54719f93d70cc2075daaedd5ba6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05f66aa0cce7bebd2e3dbad52aa9e47f

SHA1
4fa4762cc7b8ee1c954810b30ad3e396ff51a88f

SHA256
8c3b53519165c46dccd4d3b10dee17316fa234fb160bc570306ca43d6f57a32a

SHA512
0bd94b9eccec74523bfb237262f29a4c75843a0b0d311fce007a37c06db27dda815dec224e0a924731095b58d83598c28b6c0759867795ceba5ad1e1faa0ae7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7d6b7f4efd2f1749aa438e4365fc67d

SHA1
c87b4901db542266c1b4f3b5eb08f65416d1dfee

SHA256
d0abedded8634c87c46c786550644cb32f54c0e378e98f75c66ab2ab834c5459

SHA512
689655f6621ab0ef740aa6d0400260bae9e679f88fd2dc9e353f2cb86ec98e9fb29e4ea5c745ef06f2edbc2218ea7a93cf792a0b5c8166cbf838248a1acd209d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a10b2f4d3ae9aa565e1862332429c380

SHA1
636102f253a4014fd2671b863c31651f5504295d

SHA256
8a03412ead7e7cd4f30f88a3d2fab219ae7a4bb548c0fd74125efce4992d8f72

SHA512
851c9fb2a82b6360679cbf0c9f8ae95d173e2486ea0bded05c6fbc5d7fc165efb605fdf3052b62631ac01d8ded763b375fb98ace4284ec04db6d7e171a147c7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12b5b86689f9660a3f553eeba5219019

SHA1
abec61e0a45aa131017f151cb20dea0cdfff7132

SHA256
b3d8be0db8b963b8a44f43f21cd761d192132cb0a24713f3cb19a54e66983458

SHA512
653ffe92142b67a8e8ddd953349d9cf7f308923b00bf1ce93ded6fb6d1f1d2fc9857cf1126024502dd3ef448a34dfb56b28e006749be6df175c106d03339cb6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3b73a9a269ebd406639a4972a24aea7

SHA1
50c0e80da31a5587496492bdad5895d22a5ea92e

SHA256
6c4fe3eb6c5db8be04ac99120aa4eaf7e93e52ee5bc9f60837e26d026d63c1f2

SHA512
392f0dd3e2d32fd9cb4377125c710892fc66c160deb748ee7723c825c33350e42f81714ab8cca35ea2ca2ebd342aa190b5253b96e138cc961216cf07ab82627a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
260ee822f1fcbebcc7355c4622c7af5d

SHA1
ceddb66057cb4f59a01fc16ee5dabb01badeb18f

SHA256
c349fa918e841187c0c45771ecedc6bb892786e1535d5c5ff265047d41a6602b

SHA512
fe43f2ab3fc92885e3f62ccd3e32571e053e48b77136c2a8f87627cdff13d7fa8769fc6f8f015ce9e7fb15883f08cf907e33af542f4b57b1ecee1ebb6810d818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
008cdccd43846ef161225b0ac699ebf5

SHA1
f76d45c576377d9445adb4ef33da828d97ff39c2

SHA256
6b2131eccab0a953de4d1fd933303cae5249a7ddcdfe957a477012f035ea44e0

SHA512
15bcd2c97c370fd5eb5175ad698b3a7ce37b15b1da54a87babee9eeb1fe845189c47d3c790ebaffb44944580789c2f14df37fa62586dc94831982c5214d675f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7ba96abc280bfecce786795a5c0a459

SHA1
64d2939884baf314e224ffaa7898c3ebdce614c7

SHA256
b371083ebdf3fdc6652a2f0f8862d4c871c9db2effc82bd27f633da1d11e65bb

SHA512
6813d63962ff935868f02acf18d59b0211aec6ef6b8fc2af13729ee52aba371283e2b9a6d23869a13f171613e0628a07a8868cffa7dc8e4d02c71de6091b26d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4663f0c2f7b33c6cc0f450bcfab7cf51

SHA1
0c5ab40e5f999e675841603b9cabdf04a6657db6

SHA256
da200081ed047bb2d1921405ae17586f18115b0f091e88784c0a790f0c7de4e3

SHA512
3ef56dd4e60754a4071e37c47dd8c9e8fcb87e4a344dca48e355888cf194d5f1cc7a5b5abbbfa9f72bdefb0fea28cd6225666e9e43c7935116a2d97365a38e18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97671dcfdd425a96dca89f17fc9640f1

SHA1
8a929b373558942268e61896dcba6f0dfc9d1451

SHA256
6b783a85c6fb49888774f852f0e4d48af258d9cebf0f37124fbd409683544e05

SHA512
99bba5c520a60c547abcfd389e29ce7cd928c56a4af38d60468d626845fc59718643db9beaf1450b2ef6fc934eb1e117bf00dbc528e30d6e849d66cdefc4d06e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
807932b0f60ae5e04c3d97ad95f68682

SHA1
e6721deddecc80eb17f95490aa3952f7f7aab500

SHA256
03ac027ff8ade77c5015bb26a63ef89b0188429f47a943bce0d5507358dacd92

SHA512
17d91716a8146c8c577f7563c4471177ab9da06240393f0fcf113e60a8b78e05c10c3e50b5919bc59a9dc147ba1fc63fe748bb16cb584bc41fd4ba15c2cb86ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26546534b734c2e231418b4da424c1b4

SHA1
9ec6151d0e3897e52b5d8be5e7ab559cf998612c

SHA256
12d601759446aa36d2a9dedb3c3ba8b5957d54489fe0d8139f433872f2ba65d1

SHA512
6307ef27bc84ca1e082e3b6c90152723429479fce95a23124349f3e6674463f097404f383aa4c7b54e79d44ab13609b073746582be9eb745913d835f1b6fc34a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c268d7821f9771f2110af1f2693b7c98

SHA1
0bc9d285798625f38584efb66fbc90f07ce958c7

SHA256
81fd4cef321662cfa6aa87865cf570e02d21abf69af45663747f911724766ea4

SHA512
0f74b8da47f887e424447af2eb0f54cf7d50da6bd1d7bdfc2131ac36f2863b1119e50abd388d155a38628d519a7113b686f97462db68e7388e44f91234eefc21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2722.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2792.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit