ddc68925a347dc60ac96106e85ff5a450fb0609ed12258baa22a5917fd6baabb

Analysis

max time kernel
140s
max time network
141s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dca555bf7f9b6da36dc327692a39d7f8_JaffaCakes118.html
Size

91KB
MD5

dca555bf7f9b6da36dc327692a39d7f8
SHA1

32d8f5aa7a95a8a20afb7f6b99475d30d6ddd6fa
SHA256

ddc68925a347dc60ac96106e85ff5a450fb0609ed12258baa22a5917fd6baabb
SHA512

226edbcc9c98ce9d4940e6931df448c5691a521058f5e035c888a2900b90e31dac642588b2c8e971fe925e984cbcda418fadec40e593aa07fa7b539a51e25681
SSDEEP

1536:4xLOfZ6xyxyxwAwMqwMhAc6f+RuyubTehBNbcykuQGAuLb7DxeAc/4Zv8ht/G:4xLOhCwMqwMhAc71uehBN+LGAqPDxeAp

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{22C5BBF1-7127-11EF-8002-C6DA928D33CD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432321705"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
372	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
372	iexplore.exe
372	iexplore.exe
768	IEXPLORE.EXE
768	IEXPLORE.EXE
768	IEXPLORE.EXE
768	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 372 wrote to memory of 768	372	iexplore.exe	30
PID 372 wrote to memory of 768	372	iexplore.exe	30
PID 372 wrote to memory of 768	372	iexplore.exe	30
PID 372 wrote to memory of 768	372	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dca555bf7f9b6da36dc327692a39d7f8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:372
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:372 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
57ac34ce1482a8b8c7f3f04164219aa1

SHA1
03904f6d6ae7c3ef675813a2f1355fe422c9f279

SHA256
e8ea8eb1989d06b3baa480612d09f46387be61a5b8fcc114687c5b469c8c2268

SHA512
22393032f3d0b613511178aa3031eaf620adecea98f8d9a271d7e8177c3a62881946eece25f6001b567ee016dfdb04d6bdcb29ac47016aae3c82fa860c5e49e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
471B

MD5
6cdf768605e07f67b096369383625eeb

SHA1
35063292683b2ec622e15b1ee229edc5d5f24de0

SHA256
27827dff8f84b6776f429434ba4217ef087d08cc15ed33dc9d90d5f7e406e4c9

SHA512
8c890cbb24c2414c5b9f9f0bb9b0c984ea2973c6169bcbc3a7877bba152aa0d7988348ed0c630bb04df30a8cdc6b29fd551e08bf38e31c06429cf7a8a0e68877

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
e6332b6c553fb4308660d8983e63e257

SHA1
12f6c4affeaaf9357e41d8050b2243417941dd19

SHA256
bc74636a7881a90ed05c9214b8584f767c9c62e6f5c8cac2ae7b1977a3341891

SHA512
d9b18db147f3d9b6a445f0edbee93b6e3df08285499c071707fec38afcb11d2a006ef348c56a0a867df5177a876e3b94aeeb49a219f8dc425e237ddd106071e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
3d4b6dc02649a3f91df102ad68f4e859

SHA1
9bc97aa9869ae2efdbf0746109a72c3cb4b31f7a

SHA256
0ab4fc5dbab360f621d1a4575d1a6beee6878cbf1a2135edf8c1025b5c8cb0d8

SHA512
ee6c0bb026b4b8e65e000dd1405a698968092a0cb333fa62fd7dbcab5b27a44a6f5293051d24572c07f291c9c07126b23d8f515bd80d685c70b1f51790bb8fb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
b5e4ac43f1e7ac0ed18662a21ea9c74f

SHA1
1fe3c08658efd11b0a78f9090d6156105cb804fe

SHA256
95b9f478870d3fc135dbf4e52aa000c9786f8362250565b267eb3fd5ee88506a

SHA512
0a3af4701f1ea97bd5d66b8431578aaeb160e0e320912bba4dbc836782ce0c779fc8fe3ed80fc7ead675213a554c612f1278ed3677563efe128a3e52fcee831c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
219d3e329aaaed48a4ca656d7d442a95

SHA1
bc3c77dd972c15fc66b8e225e5be566c507f6d51

SHA256
10bca546e2adef261f70b1bd4de0444f81d75e0b6a367decc9206c4d1104e645

SHA512
a6dfb4d8e052b7e13800647f810e2d9f92dc87c9362cd31cb6dd905096fe075b05c71bb48864989d714a069f5fe71a94e6784c94fd32315be09d6c497cf3ebfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
0c0eb765be07e553c67185d945c4d32e

SHA1
ba56728a2abf16a6f78acbfb4e2ada80d685e506

SHA256
dd3aa57a714339b1a231b4bb96a7b0528499599c0da3610347042541c2328475

SHA512
51ab025e38d02afed98c625d7ef1efa592c81954e5d2a88e171daa3ee9cb93af5cbb9409eb24c7dc5652a670501c21b3017ea5629c531f506c43b35f55a3bcb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9558c40bc4c093ee0ebe8b4e2b7b9c5

SHA1
ae627c8f308a25f7d30f570b228e334f2d9dac15

SHA256
4168ad41822369debe6724f3d8d507195cc412735838444ad533702b5dbde74c

SHA512
018291b8921f26e4ab20d42e35521544493913902bfd953ec24a6a06c5d804a6eb857c9192d6124a27b5c5961ab3b917ace8d7a8cf3fdabfd25d9567f6f9a40a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
caeb3feb5bab01cf8e62edba159271da

SHA1
6e01b57ac0aa547ef85ee93952b169f7428932e7

SHA256
bb082ea1d847b634732b31e685614d13af1fb71810f195237175ec7fb2d5e32d

SHA512
f776a560a4efdc437abda95e66129e1cc3640f61fe533be4863d331aa12778ba8aafaef3391c1c410f2f9a3f6f6dc2f53dc3faa87bcc55a0b99707b3382971aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b78494d69dcd5f02386bdb830446dc9

SHA1
89552152190c8c84dd5343e2644bccc5e13d7c98

SHA256
26f3bbc1a1cc2cbe7276a023106c91b6f6d190a6743eeb82d6868947cef0577d

SHA512
bd88466f3bfeec2682183e3005b01a25c45b4ca213faf2a54ba2833f287ed6afed3bed7d2ad5874fe04942759c1b1f4998c0eaaca0e402d5b489a24543205edf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c67c3e6c7f3aa89739e9079d77451e41

SHA1
a03e357e3f63f46d07ac34cde101ba3447aed0a4

SHA256
e6d260e8b34d0658470184ab3b3df3c163b343fd3d3c1ad0007dbd70bb535df6

SHA512
5710089be330e001a427e021acab6f0dafe1bd10317493c591a51099d112e3f2f6c737a47d628ac6e65c5742d972253c1e8c2969edec92cc37ae3255a4f47c51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9288b6b12a74cd7b077af25e4ad66fed

SHA1
c5ee0466ed3e6b500e8d48507bbc1a49a24db0c6

SHA256
d28744c466e4d19c3fc41b6a72682626979ba7b3c414b069f65d4db8db570d93

SHA512
85f7950f0336cf1d5f886555eaaf0485687222b35149f10fa5ef8eedcbcc0e033f1de706ecd52df48537f4813345d601cca69c5ab7f3c91fb56dd04a5ed32791

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20c99b4eb7a8801b80e0a435017e6980

SHA1
d13b61eb613f1f787962b9e4fa18f65a93b36d3e

SHA256
c56f787828ccb47fd173dda18b26a1994364cd55ceef3e5be1ef9c04c3873aee

SHA512
61d0ad1c23f2feb7eb3294aec96c6a973e90db5f4bb7e9f6c8d5f1885580f80857322ccee21c23b6019558e07080aeb874f84e05887e9533270197e4af8dd689

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
678c9fb1454a3bbbe9dd66783cde047f

SHA1
adba175b65ef96db516b28d7487922761ea6598c

SHA256
7b42396f85fc3cf3f41f95011bc5c69d5fa9861d8d655abcba71b8342c1309fa

SHA512
2b904827a6e15e63bb99d9b1f8d41a81480960ddc04e97a906492cb7e942e07d3e974f71abf36315a3f7a8beec1820043e564fa04eb7b3d5f7dd7e374f590633

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0e56685eff9fba7d967b2b5f02269a4

SHA1
d9efef4bd5f33a35f26a3ec2b75a25c791fd5c59

SHA256
dad7f6f7a730236883d5063770aa9236395430e734709d21cb2f747e665b7797

SHA512
a3eb15083f6df367dbfd62c59931bf06f09d38fb117c86e6de92fdc5a78d4bd544c00c7d45b2d92ecc98d8e4eb45e62d2e02a068a7038cb92dd97bad06a4a605

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
339aea4f1d07ed27175132899a41f556

SHA1
e01199af692751ade05d3cce0d33ee6c5d4bc435

SHA256
525c2203fd3b6ae554d431590ebb170ab47e4165736bceb5541949f43a162f79

SHA512
4aa6b6775f45a2cb0415b3aad68ac8b363c14f90b337d41d73074ddd3450017f64b2cef6da6909b68d6b7dccdfe0fef59a573519f11f3ba277b31ec1b37b1c5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f30b700c8999cb62b2859fc8c3dac79

SHA1
fb270c18509de55dd586c0bb87dd84a91add6f77

SHA256
1f9e3848a7aedde881abbb23d9321c4b14475123918211508caedefc7e4a2709

SHA512
adb087428fcc879555a25d6ad3fb853ccabc5026071bb600aab53d3dc44540447e7b62d5c0fa35d5909e13c638ced119455ca71cd14f11683a4af483db185c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EOYL2MRI\banner[1].htm

Filesize
251B

MD5
13d4e6ef14c144a5732c8a16f07d3ce5

SHA1
2ff71998fe3f628f0e23ee13accaa7d4da661d05

SHA256
d82245c9619e575516401968aebeb93342e781e1a36fdd034a5359ef74e0de25

SHA512
dd4c4a8e9b52c5a01535a02ec174b18e19dc35ef90012ae8a87307480e3c1f192c533b2615e7ce2b86e1cf2bc82907ec18789252961952410948923b70b8fc8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB75F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB81E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit