f889d8c0601471d1ae267b08c59de7661c276010b886547a63e6ca307aaacb6b

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db125c486c26d28c8e1598fac56789ab_JaffaCakes118.html
Size

104KB
MD5

db125c486c26d28c8e1598fac56789ab
SHA1

bbdfe5759775abd78945b5f2af7b8c838d5637c4
SHA256

f889d8c0601471d1ae267b08c59de7661c276010b886547a63e6ca307aaacb6b
SHA512

28f8b3d326a6208f1458bc11b0eb73900508edfcf8a01c273b1a3d3aea119fa6d9f7cd53b40a5127db094746914959224df992ce74209f65a1261a96f36f6a3f
SSDEEP

3072:/qEijZeqLyEijZeqLua8yHOxHu7x1R9qhTxLTtMX2PlFx:/qEijZeqLyEijZeqLxHFO

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{379D3E81-7074-11EF-846E-46BBF83CD43C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432244860"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2364	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2364	iexplore.exe
2364	iexplore.exe
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2776	2364	iexplore.exe	30
PID 2364 wrote to memory of 2776	2364	iexplore.exe	30
PID 2364 wrote to memory of 2776	2364	iexplore.exe	30
PID 2364 wrote to memory of 2776	2364	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\db125c486c26d28c8e1598fac56789ab_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
d0cc138c4f018baedb042c62553ba766

SHA1
e9e3f0ad9015f386908033ad5ffb71a26bc62c7d

SHA256
c9c9328e5c802e2b039c830c9eeb1da26ed9acf56243b3f387b55ef46e062cfd

SHA512
5dcd00ce32f6bc341c2486a07ad7fd6787612e9dada14efce7846f855d9b71b7d36bdd7d47107727786b5e3d9be4ce8d4031a2c823e6e47df4822d6ac04a359f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
471B

MD5
6cdf768605e07f67b096369383625eeb

SHA1
35063292683b2ec622e15b1ee229edc5d5f24de0

SHA256
27827dff8f84b6776f429434ba4217ef087d08cc15ed33dc9d90d5f7e406e4c9

SHA512
8c890cbb24c2414c5b9f9f0bb9b0c984ea2973c6169bcbc3a7877bba152aa0d7988348ed0c630bb04df30a8cdc6b29fd551e08bf38e31c06429cf7a8a0e68877

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
138d169268c38f18edaac37cfc10fff7

SHA1
89c8ccf932d136dc45776066ea7c70ca362f89a9

SHA256
92d38dcf4710bc0de7a33b7bc2d47169fb49490c21a0f347c3dd89e89c949a06

SHA512
ac5a54c52567d02b7bab0069eb58331d416a93706ddde4c61da178b66e3f924c6c6ac67333db3b7260155bf653f034e1fe29a6c72ab20686dd8f9729d274b6d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
fb0afbe94fd460c55b9e632317f59845

SHA1
bbb5d0b879aaed1d9fe8d279006462342ce562d6

SHA256
a7e4131744c7dcf4844d00554787c25266c4532501d3a2283f3e95f906b5ac26

SHA512
fbacd541398bfbea4fb4180072c58211d85d8e506bc4c8ffa52de8375c58ebc9374619b7030d9a0edc2ac5c72b90cc1d37014b57e5a710ef9d988357a5bdec17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
d26cce2dea37da597dc324c817627212

SHA1
5def7d0f9186e4dae5738edb03120a852cecf6fe

SHA256
f68d84287018c929c51e32ec7c39895e0f5c1291be998a32aeaf56654c366f8b

SHA512
fd13b9b8c9be3dc7b60aac9cba71f890b8e773b163b6829df6cd3c5fab1682badf5b77cc91a9492eb366b0af46e0c2e7d43be69e0b5aa55bffba2a4191c67445

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae7dcc97322a5e4020f5d4b74812e97c

SHA1
fd8c5180555e2ecbc42d0389ea576fb263bd865a

SHA256
279f7de1c855fe428a77126f24f72d8ec0b1d48370d0a9fafceaba9bef664fa0

SHA512
6928df658fe6a8b1d186d560f7f20f7194834e37c76bdd17253b4f302c53292728de12f474f4b25d966be6519f7d3711f64de6341e7efe1b7723c5845af6d218

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
048857c2712a1cb663c05aa9f5ee83f5

SHA1
1f1fcece5d92f07ca5e942c473f983ea9a1e312d

SHA256
f1a3e75778258ed45d092c45d03a9b92934f51444a4314daabfcdce4634cb400

SHA512
fb68a15784468489a6171148e6196c7d2f72488adf1e860ead2941c70f61a74e16959ee9b7fe21113b556d38191e27df240557ee38160d39ce5eff49f85824dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41f77f43ca60bf27d9f486b0ad10d6eb

SHA1
1a94bc2f73911e34e4812b90e46474b7a47c1aef

SHA256
9023d80a8353e6ef01bc7ace1db8f1ebfa22f523792f62f7cb54e2566fa1232b

SHA512
f30b6fe6834dbcc2ae968f93aa21b9a7f544e8a7fdc42857f837257020efd05a877e40e33139f8d4c859c8bad023fe304a9b9294141a69e7cbd3b782fbb67428

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7a3c353b6a1f8712d24351ecc1c9afd

SHA1
0487727f8e8da890f92619f158513fa78d1d7ef8

SHA256
9d4170a072cbc59faf950170cbe478d704526c51e8daf9b8ae19ed35280050af

SHA512
db79abf7a413e068f9dd8b3b9e3ac60ff3ac7fc861754433206544e4ef27b414e8bf45517400a7da98b8e844e1fa669c8606880f4410c092eeb7593c91b854a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8921838108b951a8ccce0ead1198fd7d

SHA1
fb39da40ce8167e4a201aefb98cfefc9f64ac433

SHA256
012da8f29341fb687f44a8ecef86c1ac4b3dba181954e9dab58b48ca4ca1e5a2

SHA512
e47900cd1b95364150fab44316ef62ab5862019bcec3e048c9ecd5310f892688f9fe81d5ffcac68f862c2f8e047549d55d9c3900ec49508c03598be70686c178

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f1e8389be8f4b9833c869d8f0d5bf51

SHA1
cde3c8fd0755d0e80233a447a7cca9aeb796dd79

SHA256
3efdd0a66396d0d0b8190657934db4fac372add829da9d6e7074ae721128a08a

SHA512
558465393d96b40d7ae1659d825d6703d1ed44d4b73828b9f1de81207467a99db3fabb2b15156ada41b66ac2bcee91f5c7f2d4ae2256e246f794361ad3cd33fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb2b874f2c63bf27c27d969a7c47dc9d

SHA1
decdbdab64419d443f771c190421170538b1d7e9

SHA256
ffb142c5e1c3f1a0b4336e8b3abcda093412601b4ccc4ffbedaa81e6427738c9

SHA512
e1ad6b9574882b6c80a14468193d7e7666ccc7426537d3e45e6ba40c0bdd88d7342b7fb15630ace1ece32591b6fc724930a5ac7ab789e2b248dc133b64536bff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
727890881b383a1e6f9d30b5cbce44c3

SHA1
d5c0e19a34266054755fe6d65e944bcb9b64617d

SHA256
5d0ee849c18951eec2bce4540e41bb54b3f2ecb9bb166a1a7943883849058cf3

SHA512
ebe8664440aecc1b5144e939815cc9388ae47ca080b2397b5a9415d5b02c99a91cef2eae71cea76eeaa396dab5fab754a7ecfef9b2cbc49d3618c021e1b342bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5eb3a95272f6b97470dd0c424ce1bcc9

SHA1
aff242c38c920fc9e222df4afda0e3e9b9a06dfd

SHA256
3f8757632c65db9e7c3167a79f12a9c71eb711f1cadc68551499095441df7486

SHA512
b7ce32346413640db335b6631d3d19fcf1a9e197a6efd553f1a867c16a6ef9fd8f5a686f648be92658a4973339ebcdc239ec66a909951e16298b6de4165d3124

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86dc0cb2b1c992b682d0931952626bf2

SHA1
c63470bdbafcf73a85c72d7aad762ceb1fc12f01

SHA256
4089518baf8beca8f5767e87361300099aa562612a1dd0f92bfa3c4d805fa8df

SHA512
d74c98b8c72d6f06bd23741d6d12af0870376fc029bbb9af0cb4ccf0f273bac392d8befd4bfa38b3426fdc0fd1f641d9d0eeff811761385348735c099384f8cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
901ce6f8e9be725c9778a699efb00fb9

SHA1
73b2a35b898a4e80a3c62e531c78c3136d8f9ea4

SHA256
37bc54c7541defeed067e6b0ab07365ddb08233aef19fa6744e57d6fb39adb6d

SHA512
35bc3de662037bd3364b6533c024777584871864d01f2b3265a67df887788ada1b9960922c5edc775f27c03811e3ffc0d494dfc0ca9b701e800e7146dbdad7a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ccefa14f1e410f1cb51fa4036612db4

SHA1
b379e1d38796ab6721b6933bc1286e491fa4e67b

SHA256
b4a35ba84c06affad730286b30a9269aa99426bfde7ba19477149e33ab3a727b

SHA512
4028dbd2340813ffa4e65871b8c4063276b5fbc70bd82ab1fe3c3afd8f02f27424d7f7cd08ece306042d606629e9e47562c65e90be9387d400ca716cb99b637f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1122.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1441.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit