ba2be99f65eb94c694b1ad1a74dabe1eed219eb3cba174835adc713fcb4c3106

Analysis

max time kernel
129s
max time network
139s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df481b1300658ca0bf7ef86927231468_JaffaCakes118.html
Size

9KB
MD5

df481b1300658ca0bf7ef86927231468
SHA1

d7943ede18756793f541436b900b4b7ef0bb7295
SHA256

ba2be99f65eb94c694b1ad1a74dabe1eed219eb3cba174835adc713fcb4c3106
SHA512

8beae7290c01574d29b75ae64eb0889dcbb80670999af6c0a4af1b3be8007826ee9a2762cf81fc04cff6087554e751cb0e572b80aaaf62b12c4abd954f16433d
SSDEEP

192:+Ig12wR4/Euq7EKQ213mAsvO+gMEcG54w3vkiUM5/CD:3g1TwEucQkB5ag9w

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5BA1F681-723C-11EF-B788-5A85C185DB3E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432440770"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2336	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2336	iexplore.exe
2336	iexplore.exe
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2972	2336	iexplore.exe	31
PID 2336 wrote to memory of 2972	2336	iexplore.exe	31
PID 2336 wrote to memory of 2972	2336	iexplore.exe	31
PID 2336 wrote to memory of 2972	2336	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\df481b1300658ca0bf7ef86927231468_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac282f66d0043925b92fcd2cf4cc9c77

SHA1
2b7fd16dd2e8d109be73384dbc14ad7a81c50935

SHA256
1e53674c820a4e441d33a95c9f2b91d050161a38b9b0f92569849ae36d641fb1

SHA512
992587ac47d11174c9425e00ba9461d28c75d546b7ae62e28492499f933166ee6347550d7e2b5f8da6dc38ad0a276c22ca2d6087f7010cb82d858c3ca81b8b57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbc9ad74f7f0a8ffa3d7102c08ae4455

SHA1
74b84de994c625851f1561d52c39439f26d2ab0b

SHA256
43f3117ab2f89429057ce9f07910f399bd87d1fbf172fb4c7645fa2c5b69219e

SHA512
1023cb1e79870414de0f12420f1024fbe1cd6e369b5e9c31b784fa8b0aab173ca4517f263c57ee8914a5e32cb42855676475223d781c25ce186863e338ee1e16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb7516b953a875c40a3148b85a0da1ff

SHA1
9d9f010f99db944709005f19dea3d2ed363faf69

SHA256
164436f450de41831f92f8ee2f47dae85edb6bae636b50aa9c30262d03286dcf

SHA512
ebeea7eeb3af8c2740a64278a3ba4ed3951749b0649b9a3debc3c05fa9582538583e444d25599865729fcedae3a4d4d85f709a6bebfc89973745e7d5f0ef3836

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d74b671981ab8c3870227ca5f878e793

SHA1
426719d119b3de8a2167675c4b76b7ade338f3f9

SHA256
303af12ce7f911af205fe0df29b76d18d01d5dfdb816b965fa1fbc6753405767

SHA512
ee1b14efe9fdb2931eb87de79f6de473e56b3ea1dddbc5eda5a8384f48697841256b5936db6140f57ed6fbdfe5a2ee2057760b1812134aba3771e8d52539ba8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbc403f1d285d0ec1bff88901928223b

SHA1
090a3bc0b4e758fe6b6aa33654e2bc71d8531be5

SHA256
80bab56ac303d03c84a531ddce183b76f31e3a24169fcc9069885182b686844f

SHA512
5842d3d3da3728f9a4823d63b25142d0eb0db4cf81b52ff108873f501b7d240d5ef80625095b4af101f72a61548ad29b7c69906568e84216652a872ef399c933

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
633cb1cb31811e5ae3d9845836c75c78

SHA1
af8d2e0d06be38102212a9caf493b67027abfdab

SHA256
e159edcfbb27a63775d01dad804a91a7219a3fe3f63979dea1cea072f82a27c0

SHA512
643acb082d128424c5b517cd9656fb9d13c8d43ee73ae563e2e97f5c0c021d871708d1981f3f1eb532834b610f5d402427b16a59a4b69ce16c9726b4c437fcc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26ce183ef2e6c722c55175a131d0be45

SHA1
fe0bd32fc8c86719b6f2a7ba57a216568b21c811

SHA256
e60dc6970e7f5e9dfa7b77fdafe469128264150ed44c4f064cd2bc700bd72bbc

SHA512
a3363571cb1e0fc9ea232b8148ed7495c8bd2d287fddbe7f4b6b3d4902e67078697c78994dd068ee569f923b37ca84a10a4449b674bef1f2c0103f3233ff3864

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7c86fdce4ef493ccccf9282fb5196e2

SHA1
a26becc9988d1498cae79765f6a8fa6eb67099a0

SHA256
a1fa1a5d0dec32eaa0a1687379e948859e6559f6e0615afc2bb8fdf1120bdc9a

SHA512
8b9f5c00097a2014da16baf07391a0294bce818334f26d4c76c86efb384e781d793db50c06a416046640e6ff849eb95c0f7b1ba1793896210cac514682f8c56a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95a0717c515c3da8507ace17614ee01d

SHA1
3dbc23cd0ce43315c0f5c19079cc6cbd92eb2461

SHA256
95b1bf4ad870445aafd2f430d2330a2506a09cb9749bd34d8c65a10950b23e11

SHA512
6b981e7346df714ebb71c2ed9bbb6956f9f912789382994a6f6cf25cc58c755e7b4852514552603ec6f240a9aeab007e6ab03d34f3c55d9371a3d1283fa17c5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a7de824f14b8648f8cf671290acefef

SHA1
6a73459cc28a2acf7f55cb5a003d3f4704512382

SHA256
644929dd406ca840c56ee24a84ccd3f877366b260d01689a265656c07dc6ec00

SHA512
aacf3a5bf6235501f482d736483afad1d9fd2c5cc930a3d18fac5bb4ceed8256c986b92c02dcac283ac7b68aa7778614779358dc49760458154a8e2b52ae7c96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15464a5b447017f929ca21d88ded3342

SHA1
62d37c8da602f4aacad5ff60d9a95bd48a90020d

SHA256
77abb73e21368b849cf183954ddbdc076c8e6f7e696f0287e6025fb9fce16495

SHA512
9f3d7950c76fcea136b8f296731114eeefe419ee3e7ee568f1f5c5183528ac1093bb483d008ea075fdaac58fa9fb92c5ec02fadf4bc1ca9dfcbad6f9cea24013

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85b74c1209d7439683face9d6e897538

SHA1
ba5add2d126deec512e41e728176bb45f1f97fe1

SHA256
a5247a065eee4d1ac43ea05b91269ad9444e857d263007d986f335566394db83

SHA512
893a0cda71dff405f8dc5e979aca25619cfe3e50ced840c5c6eb5b465d84c6e5944074b5883c1e1ca62be96263693d6cebc2255119a2e4b439ea4ef361ae2c03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b14c20c04756420d915679c6f461ddf0

SHA1
7da478179b90d38074c189daf094d3ecdd1c4547

SHA256
e615d655eca9c59053c0684563195b546800d94499d8308d7bf642284f3e2272

SHA512
17f2787ff50134ab76004eec3f312d63c7eccf8e903077a65df91dbdee2506dc313243f57452457311433c4383220d365021414b178600216d7be0f1a6e0c77e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f2f087a704d0ee0f960650e73a189bd

SHA1
f2d6ee1486b76308e7ea01c5298f59d4b396cf57

SHA256
12aeab339e0b46053564b1f3af0878da3897a2fd7965249d3cce1af116f74f0c

SHA512
5968a766a775e454fa5a94646b54fc26524ccd15dd269a56c41a96618648a2aa017820b639cacef8041942cc05bf8b142594fba0c3de3b1c5173cdd09af5c02a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3da8ceeb46ec8a8dddb970d66f7e7ba

SHA1
ba37fe9282136c642eb1236ac03af544173e8d98

SHA256
7fb14b23f8fc8643b484101069738f6a6b7c7cb9062bfafa7773cc4de2077ff5

SHA512
4856d55c87182ed665a8314d0987dd472b903d92325d3fe886080f8479802fe24b59dd78a438094c03db3580a0931bacd5e0001bd4525069c0db401a604cc5da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86ee9e4a246953d15cacc4e777e03054

SHA1
dbbe94364a7e5099c21d9411de6c13bbf051f06e

SHA256
8b8825944e143ee1162205f73eb77190e31ccd08bb5542d7b8d265ef666312f4

SHA512
1571283c527fce1dccf9ad91c29eaef93fbf7a7741bab4428cfb4e3717728e8a0545eeb055063657163b9b0c3d257e1f5129c3a46f6bc9005e0bfdd492d8512e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b19284efb202761d20f32b5a63dd952e

SHA1
69c8125511bf48b1b240e9d0034f4c531c476899

SHA256
a0ff9aab8f3055f530709f2ed570daf9f900c8174a9ab4ec8e0f0db6d14b67a9

SHA512
c3031ec4279a6d4577bf3e8740c128dfcfa8c186828644deb2846823204134e2f587ea0d19d6048dc5faa37720f77831868aa78dc8f2be01413a15ecdfa5d2e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfd52b0607cc2793d5d2b0a0a2009003

SHA1
d5c29af3d1e36724348d4ca3f8e80788fe788495

SHA256
3a246ce27a25929d4a246a02e13b06fb2407b1e256b9dc120fed2ba7423d7507

SHA512
49eb9801bfdc36e53951251bbdc0161511cb97f6b3a284c60d0a8c8b59bc5a2c2a0c850812edc2ed92e3192362c36ca227b2debaf280ff6034a65f49af0ad892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
615928b415e51f1f91915e3a91fa2544

SHA1
9d16d55a361a5742c98990781cb42264fd853a9d

SHA256
fc821d4b25ee06e56ee476f2075ee9e390775f835517db774d6930d332ddcf37

SHA512
dea0721bae36b616f3055024825184869d87fcb4e845628253f5c18deada709aaab14ad07d2ee94b9009365f5ed9e0855afd68f51846fe9bc8aff9cf8ff1999f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c484314818e2972e4f2169dd918ea32

SHA1
515cdc60be10df51d6a92a9f9cd5deac6f4c786a

SHA256
d48b27c4884ef66c3a488e084bab6457f6d0db8c07ea247c530fce01ad7c527e

SHA512
090bc22da06bfb2e135539e0bd2d0cdd803fdc93b084bafffb9c1a941a1714fb3c5a28879eb2358b229857ae81d59d6cd220070fef126a980128545170f0968a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ae7beb0f3f70b3902f31ca73e05570d

SHA1
19905254af38e84deb7a05abd2c0ef76ed530fa6

SHA256
4f7059545a5437fca715112179285a6f9edbc7d442f0b4491835b039e6332797

SHA512
63387e62af7958dae7568143145dd98d00154130ff3a2ca31b9c7380322289c9dd7c4bb3e984a089819da1bbcf1b2e550d955a8a2e00719c75bd77becd306fd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14ebaf3473d5f75ea2d3c6a41d1f846d

SHA1
c2bc83d553a7638e898743c00f74875bf6b40470

SHA256
cc00f2158295a30443ae494eb94f8affbd89822ad6111af5c0ad31fa34554e95

SHA512
6739e4b737c8eb2cfc7593122dfef310e9d840bda81dc782365e32315635a9342335a7c639e2a1d6c5bb7f108ac2d80e6717fd3e923bda0d6f8d09d9898e1b41

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEDEA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEE5C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit