0af1f2531d51d1c19e5a07d86d40d16953beb05bed6eebb0295c05b21b6be3f4

Analysis

max time kernel
149s
max time network
154s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 08:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d9ef89ae15c3aacd94eafecd07be7227_JaffaCakes118.html
Size

143KB
MD5

d9ef89ae15c3aacd94eafecd07be7227
SHA1

668cc1f383740f318715667fcfe2d4070386c9b5
SHA256

0af1f2531d51d1c19e5a07d86d40d16953beb05bed6eebb0295c05b21b6be3f4
SHA512

549930163cc1fc8cb87a3a0ac271e0e63259db4081b6228846c5763f5e01339ee8e70d485b046e6f248aac7fe0f82dc7b3a0d0b7cff4ceb37e7a2e81aca2e52e
SSDEEP

3072:SblrwpR+x7dyfkMY+BES09JXAnyrZalI+YQ:Sbl7x7osMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6147DB51-7015-11EF-9E99-E699F793024F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432204129"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2068	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2068	iexplore.exe
2068	iexplore.exe
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE
2852	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2852	2068	iexplore.exe	29
PID 2068 wrote to memory of 2852	2068	iexplore.exe	29
PID 2068 wrote to memory of 2852	2068	iexplore.exe	29
PID 2068 wrote to memory of 2852	2068	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d9ef89ae15c3aacd94eafecd07be7227_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e4266ee8d9665d16dc8087f581cb30f

SHA1
13331089b6329f76d2a534f36f0fbea645b565d2

SHA256
34f8ea107aeb4850a8ca0d065212c9bcb1dcc730376115b9d16c76ee3831e03b

SHA512
340c40c01b67733c289faa1e9b7f378b4b3001be78c08e4cfbcbefe229d0db2b18f0613f230e3ae71ab3ac14062a10116018ca49496d3a9d44952b36c947fd24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
750ac8b0c455514b352c6e3983bda8cb

SHA1
58a245d7d9e7c1089c45e18282c52de3b67723bc

SHA256
3fbfbe93358638172c1c1a2a7c752d42ac66d1515d6f4c6979311f8894a55041

SHA512
202ac99140777e501f692229b2b73e328255229e90368350463c197e8117149c3521635dde9a184cbb1b9382a941fc764847699817156e9f53aff9929ccc7b1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9328a8c65afe1eb60dd2c4bef2f5105

SHA1
a7c4f246020ba93d2dbea3f4d6e3ece6228949db

SHA256
e1a066547857baac8ae4aa43dea9391782424a5a0f382e923c738430c04ab59c

SHA512
f32e88cd7f999027b1666325f89eca43e57c237203151705bedf1b21ba4acc3617a504c7df7541ccd3e45c9c3dd2bcd111f8de8c7f655be9406c55f8ac68db77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9a19fbb3975efb74fca7e2f3c8e397f

SHA1
918f4727397afe320b363b06b3bc79a381a29b39

SHA256
b4cebe4a6ec6d1732bf9c1b2fe077475c528ec24a7b5159f6db83987e88f7d2a

SHA512
1b6205f08d75cf27725efec2f62c67eaf988d098ef581999eb3141f1b62bab597e75a47a4cad2feae1d5d8ccb447c2cd507eb5471868a0a3353c8b2a144ad0b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99040d0ea8b788a25f63477a6c2df5db

SHA1
58847c649ccbc0a1f2f5c408f687ad2ec341aac9

SHA256
885b6f5072f2d062c52320f42ecfa1a0203f4482cb6a5e26b19f4fae1cec9cce

SHA512
f3254074fa1c8a7725feafe8c1fa01fb9835ad664aca872e3a9e3aaae00149d761cecb7e2b586d89f453d9efa719074a1e1a17bcf78b47eb17f14786b95402bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26e916608633e54d42198434ad4e8f59

SHA1
72b2c39fb04117d1666e37fbacedf97b20e23e0f

SHA256
36e3c72a6566cb9e173a52cf64529a0b35253811fb114eb1b6169a3017a5a89d

SHA512
b0ea439722c42633cb0cd581dc47dc470100ccf0b83094e5ce57f3593b468c0b63cc4d5609baa68d7d0ccf395069f418bf4ab4ffa48758843226bab6fe4493c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40e26b1d42e201211559013037042991

SHA1
4748ec005028c1f3aeb5ad4f5dc7837c3a7254bc

SHA256
fdff54cd79cfe22339c951f632269bd0b5ed1e474fb373f37234b19af2e87905

SHA512
ce01dcad0444b8b66d90780c1e2bd7d8a34f5fded5a8ad5a22d1abb4c0f74a2d8a7aad053a1548218a9c8bb7723838a6b919cd72a44e506db6fea5b4c8861c13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83b27e264e78d94fabcab1a05570d1d9

SHA1
5daf4bf4a238af30dcf7bb2a891babeb1ee4a4d3

SHA256
33d10e30416b1e472716a6630846a00dde9b567469af646245355b0654cb078f

SHA512
c2810faf58cb868146370ecbbf2d4afc33bd8450520806493c883c0a8eca5143f36c1c8753c6d7d163b3848a4454c1837d9e5bd6b4ba14e7fd5dae311afd28f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e33250923592c03b6442595b0887243a

SHA1
e190ec280e55fe6bb142ab0ff9b69b78fd846dd8

SHA256
3bc76645f986d14978569bb28e5c0859b69c2411dd802d107ac5bec5da87dba4

SHA512
34e81a1ce4af37c5e86200b4ff7dd0dc0200fda8c1a9a39a6d9579e6257e63d1b5feebca92386e4bcc631ee6a22afdc62fdba6fe662ed8d0a65172b072801b5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
834d2792e9d94a30caaa22fea10fe187

SHA1
2f9ca9ed5aab3d7681beee1b66882a3b4cc3ac2c

SHA256
4650de8bb9d371ffb27d2f143fb71f123953e01e4e7fadde417da65ac0aa70b5

SHA512
656a0c13b761b39352e9a9e362c1abab581c563491fa41294ef9ee9f1c40f2349069b560732918459fb2c2406fab0c3ed8b97976cd202e5b53e29504f64870be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f65f042524dbee4176b82499bea405fd

SHA1
5e03cfae9ac6179ef3f96383bfc294dfa207632c

SHA256
fd534c10368ccd89a0ed6d086f41ffa89cfce7025c1e4031854287107a40a465

SHA512
e95bb0347519e2cab42c5b93879e5b0d2c1cb722ac66168a0cdaf94b319d67b0d91b5ddba1d7dd34854a853ec08eac5ac802c1d1759b52b4ebb20a9eac9678a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bc8b6286b77846626ccf465cdd9a4a8

SHA1
e32599463945460ce33dc7e43104177ecaefc55c

SHA256
b44df051df695b704ee343315c7ea7208c4925aeaafead654e38009e6f50da8b

SHA512
d884ecb462ae841e76d4de699beccddd07730711b7cddfcde38d070dcb9dd653945f5918a9f2a36ca38c1261da0d9ebf7f7ad767ea2a216c44ac24c7a2c6f4b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47a2e7668b292948316e1b23096a1f34

SHA1
1f95452fedd4d824ffd4d70cbdd3305d79d7ebcb

SHA256
b2a16c91b81584d2bed23a2912c9722a00da4a9d8bcad74d628c04cd4d014df8

SHA512
9619411793ea38186c1a91e088c50622119aa8fcdb1cb0a3e162f1c509c828d669fcad7041855a17b93a066f78c368fa1c97c4fde89b932427834bb997347540

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1063d450ff62784a6488fb655122b64

SHA1
9a4f39a027802914fb47dffe867041decdc4ec3e

SHA256
43d258aef1b299d4e1f9537fec627f6bafcd590dc92863518f223f232fa39438

SHA512
bd2c9762eb0469811c8aa37107b26ec00044b6e2c3bf3fbb14b80e7e4c44b73dd34c56f96e0d9466abdad25575adf14875960468e7f620fc505e53890e4764c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c027701c46dfacc8d2b21fd20998e3d2

SHA1
8cd7dc725169c5c26cccc21237f5227f0409dbc5

SHA256
974fcd78628578d3c3ecdf9dfb9ad713491786004e628b443d5e7b4b0321d9ce

SHA512
c4a795308f60f954e164adde0131a19439d5025134697f2bcb7f61da7e95d28af1fcd95ab16fceb233b9eda902f9364462c384402e187b0ee5fc49d8ab651c87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7ab08ad08fa5131a764f6258745e042

SHA1
5887eff3e1a9958f67b16e1aa96795d20e43929a

SHA256
5451cee30abd9b0a7851e7c86c8a5d04b4ef2b2e48814be14afe34554aafc830

SHA512
9b257e1ce96c3e2b1f84108271b1c125faa889ab8dac12a94dcc54586ea8ecc1403870cece735d73b69d5d457a543a6ad366041ab082032e3cc2040f313f64c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
210cd23af9556f64616c0cb577a8618f

SHA1
43aedf4b015bd435aa6d0666ea1604405b4d468d

SHA256
e4de48bc3ffbcc761cb500abbebb41460d8dfe83727ab023dce2f3778b1baa15

SHA512
a9e15b5875182bca2b13f71acf97220776200744b94d8701924c53023a0d0ee0fb2de994f74001de27316999b5b584816d170d362510e6167488850e4815c6f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1f330c5e530f4beaa0f2098e58831ce

SHA1
599a44c29bc57b9ce2b2b9967fc504a894124084

SHA256
527525ca663344e6ca790c96063f951aa7f3696230710d6204cad7ff1b2d5c27

SHA512
84a9cc2c6941e75645f89a879a77a40870269ac748ff1dd1431c5bee2e7149a69b5a1f6f82d47cd400a1856cee3d489448b3b870d9a5476dd1bc6238b104cbbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5556a16a9324120f2463a3148f4ad425

SHA1
b2f93031541c854f08d86a077e65e0143884f21b

SHA256
80093c75e5d04bad0859cec9ff9765f158076bc15b19930b41f1f4c01c664f51

SHA512
f6eb9b5ec5d957c66ae3252b4f3a4812852f26455ef634bfae3c96135d349726fcf231c1fdc722fd17874b565f89bc2e6f17169eb6f85cd58040e3f044c539bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8C1B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8CE9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit