ad960d8bbfa13e46e6a147d8cadf6d2b0fee45d5d14a965bd405ac8b27d5c35f

Analysis

max time kernel
146s
max time network
147s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da897030a33f2c38ad1d718f7f380f88_JaffaCakes118.html
Size

42KB
MD5

da897030a33f2c38ad1d718f7f380f88
SHA1

eb07f8e38fd0d6d9f9fe05de3e2bb810e329dea6
SHA256

ad960d8bbfa13e46e6a147d8cadf6d2b0fee45d5d14a965bd405ac8b27d5c35f
SHA512

02bf4f50ae7f51f21e9a3fa42b0fd31cd6d7786683b5516289d4eada6df90bf588b21c739e763ce00a26d1eea98300daed2dc7794c1d01dc063ebb0ca8f241b5
SSDEEP

768:H7qhb+JmHKpma++NCBsssNHMyhsLyVN2KSoW2TKarn5LOT1Egd1V0Y/gLo:H+hb+JmHKpma++NCBsssBMyhsLnPoW2K

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50E0FBA1-7049-11EF-B798-7A3ECDA2562B} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432226450"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2528	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2528	iexplore.exe
2528	iexplore.exe
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2136	2528	iexplore.exe	30
PID 2528 wrote to memory of 2136	2528	iexplore.exe	30
PID 2528 wrote to memory of 2136	2528	iexplore.exe	30
PID 2528 wrote to memory of 2136	2528	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\da897030a33f2c38ad1d718f7f380f88_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
8b294b35c89e8d62c864427b37914f1d

SHA1
2ae333e28dd6c4ab2d8f1758d290670939f02f2f

SHA256
31533c6bb9e414c9c24fa18effad4f4ae5896a8083b1844e4886750a2c4649ed

SHA512
9b1f138295482a608dcc3d200d204bcae53b36a2e3e0cefafbd67ff0623f61872dd0f53e3f0143d0ffaa9950c40c972e843c51e9c36783e75b8b6cb4a9094d09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2791513e9357665467ad9ee4ac9deebe

SHA1
9a7bfb719475cab36613c7c23e6f682dbe63998a

SHA256
6d4f71f90e4720f8794527f49cbc36b567816a35796ab57b4a0308a4061185cd

SHA512
e121c0c8848083b4de922433aa9a6e92aa8f3218ff022d08a729e51d1c4a1341f54d02e68257f7621e4bf5d1fe3294ccb3ffaad94e79cc82841a8875efe1043b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb01daa9717c42b866d78a3ae298187e

SHA1
7bc24c7ed2f4848774bcd9c50e92c6b45448494c

SHA256
17bb7315d3711bc6392c2ee0356ccdbdcf9064c02527eef640da0dbd9724768e

SHA512
99366e4efd9bd7d21df93dfa492de9302932697f2d93b5e5a86c4c97331d32bca715a8b76d2f14c9fde25172cc5c5c0a126bd66f617d19976db21285c5525e0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1539639775f785198f27a22dea5b2c5

SHA1
a38c50febccb1f11a4509e6b3147c0ea58c864ec

SHA256
9e93ac1b2afd821a4c44d985f25dddbcda443274d9f636731300bb7e26edbd57

SHA512
50d51e8dd91148a2e19000a105d69215659ca1e1669188f7e4361dfdedfd3e2e99d7caca0e7b8de41c22745dfa5422184ab16d3efca73a6721f4612bbaa610d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9820f7750e048dc4262f243472e804c0

SHA1
0bd1a0f1baef0eabc37e6034fa72278f45329120

SHA256
c9476e85a61e71d03e71265db3f269c22407864ae6b3c7fecae5db89174b714f

SHA512
427f57e3146b090b056f368480793658c507031687248e41c602ae0a1a6fcd67d18b76e21612d278ca40521054933e0be038add59175014562467363ec90c6a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b3e7e396b892e3c57d2e2cf82bd1180

SHA1
2a2d7bc2213e01a89f7431526003f1b717adddff

SHA256
4125a3fb02fa52f764527d1e8a967ddfdc7d2f93772486de6013bcafdf84dfab

SHA512
e91fa270242fc37a3cd27746f0b80d727ee8948066855f59f4977a262f6ef760b097c59551b3a3be00c671cfc1ccdbb4e1d812b0091158167fc354f184fe4a1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ff85a26f24338cc44c7d60d44015561

SHA1
9984922e753c1e3372ad5acc817036ea79783503

SHA256
2bbcc6dc1dba9aa4103dc2ef4c9fa32963b0c6880086843b24c1a816b968fcf1

SHA512
70f2bb6a5336a79c8b9ce14b8b29857098ea9ec8eb4684ae7fc8889e640cdf8b4d0dec05936adac53f9daacae0899d78b6bfc5bfac8a4ce0e89cd817c14181a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6eeb735a1534f2318826b64f7f356deb

SHA1
e8f6754bac99eb0d9bb7cce351266caee57ca5f9

SHA256
8abcae636fa4f847b2ae2520b95fee5c1c2094e451f570b5cf9e623111f62e21

SHA512
0de6a9ce658fdff755d1d2c4d80ec5f2fbc5094b30860feed2bebfc5090ce0f7cd788f8792f0f1248e2fb5c4b71a3d77ebedc897785ad4a41c129b62b0b8ce0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06417e4dccf72350ba553b4e7932fe23

SHA1
051e0d1176e97c593e590f3ead2fe11d31b3376d

SHA256
78acf56bcf990b09aa9c1b532da2916c704fe86fad6a1a5bcbf7a4ea190d4fce

SHA512
e07f5d76977a80643da889dae0b63e29cbd4122bbf4d8096ace53559bb656aba7ad1a50f6ce1e4b9a534de372f0ade449d0be87ef3214bd1c202a8e7f2ca9024

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15508e87fa4cae14436719529c3fc877

SHA1
4ca8eeae135bebc3377ce29355c851d9598e1125

SHA256
d735bdad53d288763a716bc11d377296c19b2c98789373bd04f873c1c195eb23

SHA512
2ee7d24d0576ca0e0abc9039f05a916ac30a2ae3d96ebf48e0ec71baead0e1547defcf2ba45c46210239cd237530865da23e91faa87917c48d13ba8c7a715b40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c191314285dccf0bc207f5a3868ff426

SHA1
bb68c305d027d35c9edf359ebbae936cb25d2aae

SHA256
b5110b8f40da0369469b78680d6e92ca95ec630a96d8cdf36d1705079a5c1b0a

SHA512
3cbf751d228d06196e894a1bf3781ae2889adf799fa3f6437289dbadab6a008214e5a974933ba429cb46d4f4d1cca40d85e6b7f91dd6ed120e622ffc61a79116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RXRX1VH\fe_plupload[1].htm

Filesize
807B

MD5
67350b578d9973f467bd6bda8aa91c0a

SHA1
9ef811a0a6ce8387b1f2ae8f65ff77a7e84ade74

SHA256
0e7ac3c9977aa16e57675b006190206491ae5a00841cac52f39019504887c332

SHA512
7470a060a238b1689b81fcd21fb61e01e88d3755bf88fbbb9369259fd7600669ff980362f1a01e07ce071343f7a5d5b370fcbe9c5469f19114f2662b9533396a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD4ED.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE0D3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit