0d5080df61f4e72504283ca37d0c92f8eb9aea9568c1280f31dfa4182ac8f307

Analysis

max time kernel
143s
max time network
147s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd74865017f0d154f037fb63ed195d95_JaffaCakes118.html
Size

131KB
MD5

dd74865017f0d154f037fb63ed195d95
SHA1

e8ab067541a76a90cb72722fd6d1c8ff2ad07aca
SHA256

0d5080df61f4e72504283ca37d0c92f8eb9aea9568c1280f31dfa4182ac8f307
SHA512

6818b3c753f07bb47814e9f70291447721e33ce4c5f50e46ad370ac15a7eab216e1bc0b101eb8ad2956b7e81696b5592afc1307546c4643953712b76154907fc
SSDEEP

1536:FHXHEHT17To0FRroXlWNKvvN+B3OsDONoPJ5+WG9iONoPJ5+LzowoRZb:FHXHqbRrJONdWGTdL8woRZb

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{14A64CD1-7175-11EF-BB15-5A85C185DB3E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432355182"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2668	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2668	iexplore.exe
2668	iexplore.exe
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2664	2668	iexplore.exe	30
PID 2668 wrote to memory of 2664	2668	iexplore.exe	30
PID 2668 wrote to memory of 2664	2668	iexplore.exe	30
PID 2668 wrote to memory of 2664	2668	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dd74865017f0d154f037fb63ed195d95_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
7829302a4591b6ff787f7438e0a30884

SHA1
72c3a4d98b29e5fd88ce60c54cf2b84750edbdf1

SHA256
58e0923608a6d43da818b8e9544ec4ac543345263144c984e8d925c51e455255

SHA512
e6dc54796190eaca8e84cb881343c5340e41f7570c2d70ff7e3c3ffcf98a59e306d1795124c81a65a05f0ac5e00847b227cbfca5205b6db0acf2a1ef5a2d2b08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
471B

MD5
a2332a00413969879158aa89799a5b8d

SHA1
89db73c5fdfff2085028516af168e1b6e372bc1b

SHA256
03eb52927e466d8efce64b6182e8f1e015435959e884b80598ef08a4317dddf4

SHA512
e6b021ed9a40f1240ca8282515a61eadb9593ca8e2d5e7941e851c708fafc799a40e2319840afd35df60292bcf3dc60bd2ad566301cae36021ac82004ed3334b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
3d4b39311aeeef0982d45aa9a5c16f4c

SHA1
0fa87b54726094720862f6504b3fddf6510876ed

SHA256
15bb57ff14451e1fd123552c4a58016aa567828476e0dcb01358b37035305c4b

SHA512
3ee26e2eb2ff1f7af27064c9cb2e4d7224f138169b2a21ad3125a0550613540b7a66f0405bbfe4abc3a91461dcbeeae748887cd06f0c13b9e1aaae9751ba1ae5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
062cc9159467f6e01399a129deb9df48

SHA1
08903cf585a8047a400d7e9d1aba96fd8a4abde2

SHA256
9911b85ee07500948809b6efed9ecfd300d6ad4423bfd90fa5ef35e997050827

SHA512
7b4b42de263047de82e0bc219616837a634acd982fec662cc0c3514227cae7cb36bff66f08b3ec8cc9439fc944185e73c1edcbfd2af430562a7a0a93ed94d126

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
55e7dd8e8f73e7b2226062619be0ea5f

SHA1
d1b7ede3a7781164c0fa070f959b4d89b0b9b4fc

SHA256
c91169cbe8a45db661ada94f841b643cdf47ba4640cab4be394a78b12759fb3d

SHA512
84730f0b8c0dfacb9d67a89f0dede85f3aee3c0c4892efeb5908fcb700b4b1ae3a7dc14ac994bac6c0f048b327e87a6ace7d54b7bbad0730b002136050650e43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
67f63a3bf666c55b9b937ffb9e1fbb55

SHA1
e561ff80de56578857d2c8245d93eccf4abe90c6

SHA256
b95bfb595cde152967be245c22349f4fb84a2158474c70ac6728538b17f9ccc2

SHA512
99bfed5708dd1b3ceea240e3b7eeb2707960a852906b74bb4d39e6150b3d678fe217a738dad7bc542b6a6e5fc0ca7ffcd0ba585cb435a9e06abed1596d5b4dad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
13137e4b021bee1034b48630ccc6f162

SHA1
ba96cbef785c8980ec81b9c248979f8e71a9d64a

SHA256
a40ecf052a963fe8ff0bc29376e27117b08e257309e78549c896d5a3bfad41d9

SHA512
ee7462be4ab9c438889277e65b178e76994eefa35edc13e9cd1448ae1585a0d31c465496582a6bbca764474b2d32fdcee05cafc4e26c2027f61e46837327ca89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a97aad498d0d8ffd0fdd40dde03c0554

SHA1
81b39795da8dd3c7a2801ada05d0eb983e333b9d

SHA256
e2286f0b04f54d84b6a7d8b1ab84d7fdd39dce5108905e2d56f62a9057136b6b

SHA512
2c3cde8438ad72b5ed449445d86da5498847c839d87f0bdcf3e3c7a5ed0798f013f9d3eef1fac37f85e05fc55e5ac1c8ddfe5906d111faad98661186daf28f59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e362addf3a5fbcf9946b075eb18013c

SHA1
18a91652357067661d3c1dad3773b0f93fbbc976

SHA256
62f8d6ad18c3e04f518eabaf41b132dea4d66081e8003a4833e0de3de9e1d1b8

SHA512
05f5dad7da9cab0268b9c689d9f109cba2226a05b6f4f0d7ac9b4e3a199b6f4bffc3f1b54e453a7ee9fa59ff6c38415b3210b17eca745eccd3d82c5b2b6425d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f178645f072188c4d18f534e2190a84

SHA1
695576a6fc91c3f99b1164516012c72608e8f0f6

SHA256
1107621d6a81e657dc1450a7d3d1150f5a313abf6c356f74a259b9bef390a0c6

SHA512
79b62d7e54d168dd0585e67cfc18e0850ae1a1ebab283d666d92d03049a744eefbb4bfdc85edb181af7825ae70cf6cfd608e415ca67d2e6717cadddb10e824b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87551db3872282940806448da637dcad

SHA1
abd7752078fc092402b0965100cfe680cacd5ae8

SHA256
d17aad5ed6052e16d75b6ef5d26c77721f1a818e6e714eb379ebfb73433b8486

SHA512
26fe6b952b2d4e48dd2ac6f5650a4d4e5b45641a114f2ba006882f697993bf671f9225530ac9f0eaaff39e9d2d8b3762ac4d3c70ad92d7210cf9abf44b22938e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a8eba985dc69d4aa2bd92e2508c380b

SHA1
1cbaf02b50203e845a29c3430219e830c4f95642

SHA256
0396a1e96c7cc40631ddcc07cb8122dfeeb356ef46a5bf9af820206548eef46e

SHA512
e3aa98c2fa69ab5b87a333a34f11ef29dfa70c78f0b12190262db875e1f7d310fa4c4c2a8ea6f201b6a4093ab8c0ddc9a6a324cc3d6ca14026a311615f3683a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25b4eaa71351035d2411edbd763976fa

SHA1
b27ae11498d63d5863deb82d4b0862665da40121

SHA256
0d3f2eaff9cd3ab2c1c1b54ef8b1156c6490d4f5ba075b20a4943f73591e76ea

SHA512
8a663b58a8c739b1f942bdbcf9cf2bc3348b7c7ea24101bc8c916ffe768ac2b83a525d546bf1256be0b6e9eb3fdd03417d9d123656a5dad0562ad5d7f716ab22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bea40935fa8deed5dc5978c69c747023

SHA1
ff28b1ac7be48f38141ba0dd2cd7501daec13f05

SHA256
cecbac01ebfcedd7a2bee960aa5024c4826039724bd7194b68d3627a4cdbc1e1

SHA512
9f5b23602c030edd608bbffaa61063d22734756ab14a2bab9236fc257508ee1dfe9f6c069a12f5215d35f66a77d216dce7009019da7afdff34c07536fc7113be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e60caeb8b1094fda96f9d5c3bd645b10

SHA1
c4d7d382af4d487bda43f69db04a174864c8ca68

SHA256
6fefd5dfa379c2e94a4e1927977e3374f764ed35e188811d7d646582727560db

SHA512
0fe0e1713db85fa52f26835fe07722cdf80b76fff4389b6da7afeb8f601135605f15bc3fc3e2060d99e9aeda10472438bb77c42214451864ecca8cfe653c978a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa17c8fe23415a8061233d4f14b3aae1

SHA1
d15c9099bff63f2fe67061faa699c80d53491525

SHA256
98d2a7e870d7f23e76c7045d2a1475df7fd5ad10d5c804e669ee47ddfe74d9c2

SHA512
7ca85497106f488f3c0fce4b6eeb9efe089b2de7a49d7f7428bdc110450e4ecea919b2e0f19134065db8786df75496e5222e30ecd16f5baa5e072952ffaae5cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1bc0a0162aa3fe613ed031aa4b3ac30b

SHA1
24a89cabb41e90a211040ef809f94d14b7c87cd1

SHA256
67a0f46e488af622a7a29fa31a5846a1becb3df1ff8e6bfab48a56500e28978c

SHA512
0a0419dfd39b950db23b60e572646fd67b3bd5b7fae297a3185ce7a11cd85020fbc7ca17e313106a5251893957ec07686569ca5fe224e234b7a10a1e7b442bd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
402B

MD5
f5dec149f84257714f578a94c781c4d7

SHA1
2ad00ceb44c6db5fdf7441c9d5568cb1e7ecaf53

SHA256
582d72ffb37ee55f33104b278a7a3d6a4f9c29dfdcdc38f4edcd33315d9a23ea

SHA512
ef22543427ac881d688b2ec10626a6ecb268189cd4e6953cc5c20068c79090895c2b25736ee258b14d7967f9c343c6893e1c59bc9f6749e6e05c6858f7a336f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab53EA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar53ED.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit