8e2d9bd9e2ebecd71c438e0d3fc1834a8f1c5411751ec5658a9f827280f35265

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 04:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d9a7c8d8fb76d0402fbb8769e7f9a47f_JaffaCakes118.html
Size

29KB
MD5

d9a7c8d8fb76d0402fbb8769e7f9a47f
SHA1

7a37825a7aee0d04ad06259e9d5e15533b1b54f2
SHA256

8e2d9bd9e2ebecd71c438e0d3fc1834a8f1c5411751ec5658a9f827280f35265
SHA512

30de499efa3720c4c6709cb6daf066eb96ae93a6f7598a596c55ee4e20ec54c6be2eb4eebc08bd9a71ad657dd1986204c96fdd039513313684de3f31a8ad8cf1
SSDEEP

768:Fp7tr9dkINs7eO4tcn02lOKDPbesGidM6LwO+04kuaG9eT:Fp7tr9dkINs7eptcn06OKDPbesGidM6t

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{801508C1-6FFA-11EF-9BF0-D60C98DC526F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432192583"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1392	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1392	iexplore.exe
1392	iexplore.exe
1660	IEXPLORE.EXE
1660	IEXPLORE.EXE
1660	IEXPLORE.EXE
1660	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 1660	1392	iexplore.exe	28
PID 1392 wrote to memory of 1660	1392	iexplore.exe	28
PID 1392 wrote to memory of 1660	1392	iexplore.exe	28
PID 1392 wrote to memory of 1660	1392	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d9a7c8d8fb76d0402fbb8769e7f9a47f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1392 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c39fe5114ece6290dcfb76adf22be738

SHA1
7ef267a7afdee14b61f68e53fe2e1a72c472e44d

SHA256
cd5bff9adf41e4ca423e4bcd8c4fe707d65e5e82cac39cc38700e2afc9fb8a9d

SHA512
528eba1353a34508866d6758649aabbf9fee5d6b0c95d835d9375f838bf3ac117b10ca2949e88ca88fd47971b80a1184d7a4740832f51b0a63827f13ef47dd9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dda87129c514a890fe1d6fdcb802468f

SHA1
4200415d77a4a0a12e1ad8780ff4d4679cd09b1c

SHA256
cc4a96ccc5a4d9eb6aee1a8133434f01deb24d12da5d373041a919641c0427a6

SHA512
d1a9d8d2b81c865ffa4834414103f6d851157f0d3f1c6c6e44162aae7410153afbf572d4435c5f86e565b755c24ce0c80797451bb50404301ace52d4d7105b3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97a07446bc0209acb81a132e1286ee8a

SHA1
a99b8d02176580b1cb094089a1386ef14a8fc8b2

SHA256
ea8542e70322c57cc788b994acbe68ab88f94f834bc2bc93ee8a4539de49da36

SHA512
d4dcf98369799481187745d90903c628a79843445d226b97530c800763b1959f31bfbcb4c216d3bc90e5d56764b75b5050d01d6bfc6ea9c0a0d66df116a249f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c0927b1cdccfcc3562f33ae18f14468

SHA1
945059eb3c0a9ba75e33aa7f54f7a41db06a7566

SHA256
a497966cbc25c0c2e28917b26725ec60cdc5a86961ecaa7832017c6d3cfb10f3

SHA512
9ca4ebda82a4307658abea632bfb9760818bc629fc51c6c331340cf9c29330f82abeb064dbb5011cba0dc1f17091c06457b68819ad1f8cc2e0a5a17bdf0076d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dabfbf549ea34dc0d7c8abd390940c5a

SHA1
82fcf4ab0ef7e20a46aef20e7203a960042c9819

SHA256
e11086b90f0cd614c69487eb4fefcc4b335a0ffad91278d19503fd32fc9d9a2b

SHA512
05fa6f00e2d971b17e1686165f74d7fb13cfb1a666957f157dd5612ced009f6c354e99a9762dc72085d38a8e4ae6632b6a7305b76d4006a0df611e85970e6254

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d5432be4216e7e21b3e4e46aaf0236e

SHA1
908465db81d44d32681e0ce9b2afcd04820e770b

SHA256
12c7208c6944bdb87d7caae36b70872bdfd25067578be683b495b7dd27164f1c

SHA512
d1643fe68966804a4a40d052611930418594fac30817f980c046cb02181eff9218576f86d270ed5686df58f2e544460c8c3f0f53fab139f3093ad8e588faf4b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
248d68221d14a70fcb56f69719cad9dd

SHA1
1c26941707ae181a4bb675d92ab9de66cb483abf

SHA256
de032d76ee382d5db9122ae017608675edaec158153eb95f4a6b9978ee75a647

SHA512
9069a2f9ff02ffdb1357cbc90e80ebed4980204db2fb9062e3867023a7ae19e8cd0f002f2201a85a8ed6ea2b55228474dec479b8376f467fb4b0ae2f8c1affd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c90d422ef5247c4ee741e8d5204c7ac

SHA1
16e36d23c7b4412b10461fd49a44b26c7c1c82f6

SHA256
890c2e79f3f851b11ff017147b24e8c0325133f01b00002c08cd70d5039c1ef0

SHA512
07edd235fb6b5c49bb55d91be9e937d4b95ef65c426895525c0ead4aaf754b5d922c0ddfcf40990bf1bc1c68d857a90a98777ffe8bde127127f9973cf56c5181

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
849c3aff08355fbdde127ddfbba5cbae

SHA1
99782a86b7839b9f8aa389b06121d292ec4ee811

SHA256
5ba99500b38ee731b3bc17c195e6091237d76dcf059e0cfd906d19f787d3c42a

SHA512
6d6c393d18ae1138ec7297e1360a4e0459c380361115051fff9d09d21194b5bfb9645e4e187f3c10e1fdbf34fa079614829b11cd27cc43dd3eb3303ef45d074c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9a30d69d86ac7921010b4c1ca11fdf5

SHA1
db69423febcd19da725d6e39cf18b026e27e6fea

SHA256
83ceeaeadc630692cb2044c08f179642cb4a23aea95a13cf6a193ec18878d40c

SHA512
79b51a968050a5495f39e3ee03382e6c32cf126bc25a08320d5a5f913653a6b7b5039befc2d45f759a97e4396449688cad04a85c4f5e9b7a20b50e8b8f5f4186

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a9b5d3fe034fe8506d127ef1ad8949a

SHA1
dfc5ef238a40215512a8a0a3bdf89a4d33cf67dd

SHA256
fcc51eb48cedcd3f8a46a759d2750b76e4af93cc1f6f3ab64f48b41979929d73

SHA512
2a13565d1b2d0a43135cba725f1b836dfa26d233947d205a2f32a05fac36e53557eed80ab845cca738fb0e298ed19beb9007b8b022a81b3c6f7e108b7f5b0ac2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f10f4cc6516b3a573c95e9859fe9b99

SHA1
09b051e871521fe4d9b26522bb018530c1191955

SHA256
9fae61a3a54e21b1456c3a772b1a609e6f741a85ee515719b35edcd463025365

SHA512
224745089500de4bd33369fcd784dc914882082a69b8296cd2c75be4611835cf71952e1d12032668fd98a2cabfbad7274fcf634f524b422aa6a4a618a3dc2d05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91f331a209c8fae5e94dd50b313d1d68

SHA1
85bf321d8c6b1bc938f33ca0dacaa7903a1310d6

SHA256
8d15c8c4d76a9c19cb0762911ae26080ad30a13dca1288ba4bc69194456f0c24

SHA512
223fe459907b9ce4eec696364f3eecfb5334ba6072ccfcb4edca4157382ab1d4b1edc92adfca8234c462a61613747b85a815ce5391139fc7ff66ced098010c24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41b334e00494f33f1f32ac3761fa749f

SHA1
cd2bd3e6c69fa27be22268f368775d69eac94013

SHA256
cae8565020ff51af57b66aadd54f1cf8e391a09e28d75dd4d1606f492478f88c

SHA512
c4ec15cbca2e4ace413f1cf478b3f3e4bcd357a02d27462bb112c7ca5e6f492fdd2b2fa3bfc722b45651f8149b3bfaeb9956486cddca494abe4467384bf4d4dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
992443e35ce733bb6f2a9fe44fb74c85

SHA1
b55643f5176da09f3aec893b05a55395dc427139

SHA256
65a567804d5b56a86b813d3f1e6cd7907e693f523c920c87c11ca2991105485c

SHA512
32422e28c1e447acc809d6c119dfcb2c632ce83c5ccd3a26e92db24590c45006daff50569401ecda9e0ce6275ddb247e459ebb990aa124fbd47a190b1470b7a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c25e81414b959e33d2c9589ff53c7a6

SHA1
5277a57ce0da7cdc7ad14f614bc23829aa248847

SHA256
f4a34783ffbce93bce21997aec4ae741a57eef1e3a62510124ec520bad0f3f5b

SHA512
12a571f2420c912583268c942654dd5f44c56ab488dcb6d99114bfc7d5d137ae6a269641222c3ae0d4f707104ea8468d9754e330631f51c7c5bacda4de68b11b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dce9d5205e64729cf7b1f26ffff1b64c

SHA1
05066e9f68f79c61584912f845dfe8d159133b33

SHA256
db07bcac9fb7871af6182caf4b6f267225aa24f81991eb74b16692a33a4f59bb

SHA512
5b092287cf07b3853ee0ff9fd3dd26adbf68da2513102d7ba0e724c002b89d2c533f20f64603db283871780e3b9d1cb4968ffa84d36c7587a930a47eaf514a52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b8c5bde59af898bcb92fbbeaddd0dd3

SHA1
a49b3a15acfaa5b3f24cb67382fdf96b4b991093

SHA256
67cfe06260efbd6bfa1852552ad2c940fc53e80e0c55dc9aeee22d788e354ced

SHA512
ff52fea19bd0acea1c526354cddca813870fba04ce11a6ad37a5269f3ddc2b1ff295b82d7ff591ebac4087f8171b28f091263deeb267d01e787308a99a034a45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c03efe9e9bbb38f2fefeb5097ec39355

SHA1
f18de6f8be2205ef9276440e2f42a032ae48fd3b

SHA256
40f8c89e8e1ebea395b1fe6aec5dfc1ef7f044af21905160ad84936882642c98

SHA512
732a73e10103cd2d52c2a2995a18e254eecf95fcd41649418d4edc4b522b506fcc4123268259cc8c0524d5272d0d62045cde115d92bea8f2c3a787e0a8cdeef5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a91084d27322c696a71595809aac5d9c

SHA1
6002b9af1c91dc505197d03048bd4e98a82e07b0

SHA256
53ddd3de027fe829347147dd2b6470382e779cbe33bee58b0483e8d99455e140

SHA512
dde959a8ce0df1c5d0f205ae186ddd3aa5ff4164ccbca83348749925f1f1a2c07aca10c1131500b3eba706ab90129f60436c4cb6ea2f6bf56323949bfab42249

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5AA0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5B5E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit