130224992319e6271f02d05e5cc560688bc01741cce74be8d4b3fdbd9189ef67

Analysis

max time kernel
149s
max time network
139s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 13:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da803f378a4b5d12867c56e66128bf00_JaffaCakes118.html
Size

37KB
MD5

da803f378a4b5d12867c56e66128bf00
SHA1

e6565df7937387dfd04ce6b3aed9ea6dfebf4257
SHA256

130224992319e6271f02d05e5cc560688bc01741cce74be8d4b3fdbd9189ef67
SHA512

f94b8b0fcf71484fdb77512f92243cf54976e77b955efa1bf6b149d292a7191a9f2219368279c860ed1d8c6bb8a4f1fb5d9b89c4e0ce5bd11141c3ae2b9da165
SSDEEP

384:Sb1oCNiZo/FMf6jIBBBM6gBM9/uZLc5uLy+o5r30wvOFx16nYpKtiLgQxGf77UsM:SWVi/FTjInC6gCIZw5raKdZP8GQb

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01432D01-7046-11EF-8F1B-EAF933E40231} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432225012"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1600	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1600	iexplore.exe
1600	iexplore.exe
2792	IEXPLORE.EXE
2792	IEXPLORE.EXE
2792	IEXPLORE.EXE
2792	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 2792	1600	iexplore.exe	30
PID 1600 wrote to memory of 2792	1600	iexplore.exe	30
PID 1600 wrote to memory of 2792	1600	iexplore.exe	30
PID 1600 wrote to memory of 2792	1600	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\da803f378a4b5d12867c56e66128bf00_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5559b88a4efe6688bdbbb7c468832b43

SHA1
9c183c41779ef48a38f48f33ad25dffefd3a9eec

SHA256
a191f917a4b0a817b495bc1307997797539764be64443c9797e36fce185fba0d

SHA512
9bf042dcb3324a83f348dd6ed9c030c764f809d0edfdc8660cb17e048c5cd629468847004304dffb21f33b4f76a75164b1d130ee88afd5d8ec12dadee35e15d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17f938c62e73663bf05b8a8934c03c94

SHA1
56c2d4496497a21e2aa2d0909a998330d468ac91

SHA256
74acb660cf50103529580f9a50c55996ab719a2adcf2585694bbae0614f32c86

SHA512
a5994006371b9a97bf2488c40e2d0055b61c0adaa99115e4b2968af8d6d3853586197b811563545d61b5c9d25644b52ef031462a503b934d2779b37fe92f5781

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29f15e3c872f0821bb3142fcd749e56c

SHA1
17e7143b286c1d63c9a23f027df96239c7052ebc

SHA256
a8f48149806d07d139d45b7327117409131c03097a3e78daeabd444374604cb0

SHA512
14d65a8639f08e7793ca0e03531a643d36d9bcaa0c7b325c7e3b865b3c1fb8798c79c9d6ef563b2c39d5db4bd6267c98295d5e411953c66397a94db002b47c1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51dbc8c09807e880928f511073fbf8f3

SHA1
ac512e4201da1030e25adcf88092ad678a39297e

SHA256
436940f626799ff49e8db20289bd691ac679c3f4b15dbcc8b28d9fe477749ff0

SHA512
ed31ddbfb608ea50b6b8aae096c6fd0808a0c10dded7a359eb17e6dadce7c9e7338a3a86cc7b78e16a7408ff611a5e324a3c01a000f116be7bceb1a14571cd4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69ee3921e444723dfd91746ccbbda6b9

SHA1
86dd1e1c4ffe39d0042b7ec1b6a34c406085d294

SHA256
c70c5a37597686fe9646f6439728a6ae7e35f29d292a5171a5ebc88ab879a85f

SHA512
c1f5122e20d9f08b0b339a7c03b60363f397aaaf2d0670be4d23f9827a41d8cbf278a86fe4886a1f81041b392eecb7dd528c48edba218758e2f2429f6f7e500f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39426a25a8e8c410a4986eb3aa9b1894

SHA1
cd3b0b1d1eb7422d1178561694d225001219a0b6

SHA256
7e18d756071322d9ede395aca20b9899fc6cc9b2d37b5127e3f493bc5f7efd21

SHA512
60b4c4227f06bd6f2a6582e6494b99656e971f6aa0f5d39ba4d04de8ebe9ec808d6e3ba425224fd8877bc59a72d8a1e1fa53063e1314b5d25ad985563299c574

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bca00cc6fcf7f12a0f5835c454bc83f

SHA1
6586fc9ed6c693029a53ed9caf0cdbe8a4c50481

SHA256
6d7d56c2622e65672042a2e1b375ad9ae386ef92bb4e4d5aafcec79d964aa105

SHA512
43bc424a2e584f6c6de93283fb993788c90a410f3a8d393f42e11f938cf8f5aa2209b755b0e1adc51da72231046ec4fdc667f23616e5aa413de34473ee7e2007

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f510d52c72a56af9e41db461daeb6c88

SHA1
a93b6de003970678c8796b26e19b4e44d32a2c4b

SHA256
3fb7f772a6886df3a14026ed17420ee11ceab0d9b53ef25ae24393c7668cf17b

SHA512
b10eccc29a2430821b8eee47c4fb457ca81469c4e2f464268bdb11660e453f4315b34a7eaad1ce87ccefaf8e0d991c54bfce81d78cb25aa087571c0cf60e5bfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73dae5e19c3ad74ca99e37a5f7491550

SHA1
415f33c9856bfd4b0acbffff11b0a9331e2d0762

SHA256
0e4673f2c495bb83dbacbbd86d0f6e8f60ec526f92b05c2948b1ac13db784200

SHA512
ef7f600083e037f0349bb9aabaec1f2ad15f46aeaef7d9d5899377cf7f1ab6288e0c5df44d06b68d99a687e69334de44bb37f368a6652192082ff633111daeef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d72c93401a81fe9ba28585a794aa9248

SHA1
9858606fe502220a8ce54f21804199cbb3be44b9

SHA256
91c7dea6c5bb66215ba44dd5eebc563c0a75ce5b6c429cc7618efe958be595b6

SHA512
17e4237ea4a4bf5d4295bebb3a03d9a5846838505d2f361eff82956e7107c1f7091275f2cd6688e37c67959601730174c0d3463bd2545898cbea514b80eec33e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f01c8c9e87c2f35dfb811c2d9983ec3

SHA1
0d62c7bc25a25236d079cb6e49f03252bf1d1f3c

SHA256
1171333d1266480162a6e3b5ab79c9b7cb71521563a9534c1ae2f4e42d5aed0f

SHA512
c94c39097c41dd2a20b25db97cec943a9608ceaa1931d59c4838d009d2dc2e09251bd0ad28d5d0e8952b709be5ebd3caa7d3561cab7d01ade58db13d17d63965

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddd8a7e0b736fe9a6e1a9894bced1565

SHA1
bf581c00dc12e14b60e9466b152f912d38520ede

SHA256
a47208ffcd2f18bbe2ccdd6d7d0b9ba7a52c14432c77d3a64219e019a384f9de

SHA512
92cb609caa057f924e3efa17177a975b55d7c02214274c0d467bd90cb93d0439f45952d72fed4f595ded2a658e0418b91522fc01055a9f7a47b991e808216c7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71211469b795ad9c214328347f5e613c

SHA1
07c3d5b744ff13ba8b1798c9d5149ad0136397e3

SHA256
59ecc6fc409ba50397d5bdcf8b29e00dc79560a7281cb8a60ef1b3e4e8fa056b

SHA512
decab530f41c67c4448063978fd4c889d989858da5d3cd6319f2595ac2bbdc021196d8c278fba4fdd6486a7c447be4b74dc49fb1e509198442d93207060dbcef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbd4c0431a9fc71f14126315c2cec643

SHA1
260b5062a28b8b4923330cf84264251e0cc54129

SHA256
f505b5a5b1841b402817060f16d72e8de4b5a3d14c9a72538a17ac71699bb3f6

SHA512
08edc05f7135a4a618e8e11317705ee083bee2336c483c24fb09d91dce22b27a5386d8122589f65499c7ec55bece3203848d28c82e915d318872d6adfbbae86a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2101c2c9893106c11ba4ece139f6de82

SHA1
ceffc768fcd260d64072e9b26a394ad64d4c1ab7

SHA256
e058c91c3013386b799ab0883ead18a45c0851428cd0b78678b0b01d738b33bb

SHA512
13177ce143b939d272e2dad70beacfcf438b19f30f58d8d61dad4bfbf8665d1864bf08e46e0bdc818bb7f254484203d11130bbfd971629a79658582ed771c337

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1E3C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar213C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit