0627c1425e308a3e1acb350c1861fb3ade0190354c08da028681fdef1750b9e6

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e06d0b4fa84e4a3213b105475d365edf_JaffaCakes118.html
Size

232KB
MD5

e06d0b4fa84e4a3213b105475d365edf
SHA1

4e730d4cb4ed51c57d879349a9baca403bc9f135
SHA256

0627c1425e308a3e1acb350c1861fb3ade0190354c08da028681fdef1750b9e6
SHA512

872868d7dfe89633e269ccbfe1c6ae13f7b2181a8bc46ced1bd0a19a6ed8385261bf11e517f305c96fb9aad53f28503755d5e8482878e6de9e26236d0b7f5a03
SSDEEP

3072:SwSHuMPeg4VyVS2yK6OANyCDneLknz/C4r5vIU:SwSHuseg4VyVS1K6VwCDneQz/C4ZIU

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432487716"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A912F4B1-72A9-11EF-A5CD-E699F793024F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2132	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2132	iexplore.exe
2132	iexplore.exe
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE
2608	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2608	2132	iexplore.exe	28
PID 2132 wrote to memory of 2608	2132	iexplore.exe	28
PID 2132 wrote to memory of 2608	2132	iexplore.exe	28
PID 2132 wrote to memory of 2608	2132	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e06d0b4fa84e4a3213b105475d365edf_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d12d0d94bb68f716ffa071e54a444a0e

SHA1
d1c7153d5a7646c5bb0cd47e24460c3394f5fe48

SHA256
f948f26bc6198525e052e248f4066001386c66a7f162c141da145d3c61aea1df

SHA512
bd674b969817e0eefb8329e732848306b060d5f5fd922bf3a3499208db1cfc958dd79f26ac6e0e4581a131101e0060d4843693f877cb13bc471d64c935bd883b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c85db3495d60c1e0fa571bd29097519

SHA1
79b426fb23c7d8a422cf75347d6419a0419960f7

SHA256
f74e594d2cb7822a4e61d89605b375584a923af841f5574bcd14ba5227e5c2a6

SHA512
c26aaff2d32e73a160bb4286a5c1c4441fd74161d928b1ad2c3b34b62b94bcf8305955d563de61c2d9a24d4fd0277b9af8e4d1c955dbcc579604ef0f4d2bf7b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee2bb29150185dde66ba144e90a41e71

SHA1
0c1f8fc9d19845a3d9f34c59075f4fb8b4873f51

SHA256
9badc8962d89dc69763dde97e4feb622b35b70180b59c705f2105e5a3b0ec2ea

SHA512
6c1d8c4a6d8f92233eaebb6ca1b44cf8f99cfab366d4747955cba0d574f1a4d0c0b03b753577386e4105e0a197992d300e084a09c00b6b38fd183f9cf4189fff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca712b1eb55b7cd9b52de1001fdab72e

SHA1
c8c0f140a70f8df44d51aeee3358192b8b883647

SHA256
565bfa97886ce503009ef9338610c545d5b2f2ac5618cacb3e67150d6534c4aa

SHA512
12a9c4ae7a45d315ae803c0094451b8d4ca41c95ae7114f86281cb615f31e260c940a0c3092db04c405aa325f07a686a58ce91180d24c573e8dc2343e6ddb625

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
785dcab26d1f58b2ea761a9d1004fb0b

SHA1
d3d6af728fbce3925c7efb29d70a1544b8c18ef1

SHA256
d82716770b4ab79e49b5240afe73ae67f83d28be7a68af95415bef18a7ef5800

SHA512
45144342647c8c67005dfaf6ab3e555f309d09e36f9b5ce4490e4b24fdb3d3d30feefc45b920cae6fa5fcaf0e9faea7647cbb7611013f71e45ad92567c78f066

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc18fdcff1679405274d0a651c4ecf79

SHA1
ea3e6cce7f538cfcb22295a8e9f81aa975c2acf0

SHA256
a0b0dc72a8e4ca606769871534fee5a9e14d35a42c6b0fb43b5e992ec59442de

SHA512
a0d0687bdb8cccd6c04c1294d7912783e0b8393c4b330a26899ffd9d1ef1eb6b226d18232f8121ae12b0415197106277c6a49ccaa3a4befa3cc88f728b4a994c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb693484196aa85f830898325ec897dc

SHA1
b5c14c03f9647f776bdeb5ee63ba11316bde24f4

SHA256
faa77ad712eb6acf5fecf68c3d93c0a8df51a839eb976e0ef1b428af09c46099

SHA512
442ec114c0344c4d7a7d6e8abee9223b51a1d1e8e315671e7b2a00769a424c0970116aa6ef13abad47a7acdb04e6af534e3f66260e83b41cd15461de60930c72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8242d016cb7f9f3ad1d1d7f8a1ff2773

SHA1
b666fe7138e18e1fb96fbbc8dbb7d64a6697e0c6

SHA256
a3b1ffbd58ff5e20c20a67b1eba3b21a37c343c4f1819d8133046c70ebdb0ddc

SHA512
8f761c8604eeaba47e1e49de6fe7fc00bc9dfdc4fab962f8ede556756fb47baaf20f6dea14fc68a2b39d59d9de0ef7bc8e394ed1633f9966ee52fa08cd25902b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
214126986bf68a9f1918e9a3b929b25f

SHA1
a9f104c7cdb3dca619a532f31eb30d017efe93ad

SHA256
3f0926e11e6e4831612ad2e802a7f4236ed1bb841752df6a9e7ee26b015cecf4

SHA512
81a6fcdb05bbcf1bedbcbe9abac8cf3a6a9a19f43ee0aa2b61dea3fafda395dcda08c73551f47c1c502178d07215ec2e6225c5b36dbfa43343c0237e1151edd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b758f7bcb887795b13d9b29faeceee9

SHA1
0787f387bd52f1bd16a79eb9ceed7053f219c1a1

SHA256
53f51eca1c495ad95c7a2a042236df5737141c5d3339aff29e07897e3a25bc4a

SHA512
d5bc8932ee89f9954247070093a86dac1975bb6c30eb3446807b19f8baf81dd4e7722916c9b544485eb30307a75d84444024c8955c73f1e47f0b1c517e404f77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c9423e9a9b7198f3a7845fb95fddc51

SHA1
04dfc5172ade20781801dbbb161148aef1c7c314

SHA256
840a1d845185f4f37160a9b98b440ff8b7a431258514aae784d95215cccfe526

SHA512
3203ac55e956d9cae4165ce4b7c2bc6e6ef65b17cdc1fe706f8c7ecbadf471daee2d8070dd72d1073ba89ad942353c92eb0dee56bda8b6b1f9d834968adcbd1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
916f8246184f0c58639d2b0609c7c3e0

SHA1
0603461946796d516fadf66d2f067da21108a155

SHA256
a550f640533cdca9ffd22b4c2b95e3eb3bbcc900d76b549cc7a95e97d91abfd5

SHA512
a4b16f033fffcd85649bfcb18a4604d8b17be5b0dc7ecb0c0555f660e3e0ead8e4c394a9c27228d6066452c07ca1ff562890eb6d29dd468315b7ee551f6344a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8574754f1ea833508ce37d0475040cbd

SHA1
04e19e035bee7f8d63025ebae8059005820ba6b3

SHA256
9023b63c70679be6bb4718fb7a05116ab0d3422b72bdb9056ff0ae31fcdf70c4

SHA512
48566aa78449207bc7491c0aed2dc7d3412a33c5613e9ff4757034b03a1ef92f88b15d72467cf54dee44dd9126743cdb837051cbe6ab9f1e0598a524a500547e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0085f581eee2249eca25c5aa6e1fb03

SHA1
92548724397b25eac59cee5e375f7e9b664abb34

SHA256
3c9646393493abf5acc1d9403da28b70b2d53a9864f5e7b89830f22e0798b95a

SHA512
55cb97a65ae0d0272f72c4001786924071151b5947a8ad71983583b7637bbd5f1a2815f6da3eeb5ed07de2d464186403fbbc3f444153b47ac34945662bc94e63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88a552a35983cfc65f2743afe32da088

SHA1
9fa4a0e0a4413535afde3b137cc229b3a7aad3b3

SHA256
372312ce003691d4672aa34e1a81d934c3c9c868a58bb282068c87393a27c8a9

SHA512
e30aaf1821045732dfa03d354c01779d555d1f87b4cf0423b773a72bc1667bc5915d90e85ebf42b135030582774a85b2c9fc4d909ae241395b0899429e2d0c0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c76107f81c97d381b7dc5d95d84dbf3

SHA1
5879c41c8aefc0b964b92c6fb7ae2e3adab3f34d

SHA256
5d9e361dc402326b92714b7620cbc7f406bbaaca5a9e0658b0a50819644dbc83

SHA512
e5f5e2948b48867cd17fda3e32cb4d814c3ed2b8d0023ddd4253f5fd4f5c24516c37052fe620c926ecda56e1945b9084caad68af35b766326f929ea3461ee4ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
911bd6e1171db70154bae6476539d81b

SHA1
e4bacd21ed717cc144ed138f5d422026c74184cf

SHA256
1724571de3da1842c1ac91c4afe95ce608418e2c5699c18b998427b8e4b78dd9

SHA512
ae56252f3b96ac4d9dc7b8d8b80a94d7b37eed609998ef178aa9720c4f37ec29027e7bbecc653f963c03684c88a258b47c8a45096b64d7711a8e82c614266718

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c0b31446344ce515961d5a245d2ddb1

SHA1
882cbaa67a962cdc24c6e432d3686061f2ce7957

SHA256
b769c66b0f2e86df2112307b05cdc364fe00b677caa996d7e34de7fcd5744200

SHA512
6657c50109ccbd6804745b04e8f270489bfe9851467925653064b32a482bee5394eb6ff158df978ddb52e5596b1c5b3be53d52718bacc57e49b1549aa9fb3d77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
327df697b58d91c52aa55bfb51b8084d

SHA1
60a43c184d162e4e5aea8b41ce6951cab44f128b

SHA256
79c4cbd0ccdeb4d3e892dc2a1f775c618e21908fd920922ef028dbbb5ee34ffe

SHA512
3c08ddf25105bde8c11b6efd79e238eec4fe81c18458f2d5244f6596f9cd8aa71990b8b3b3bc923bcb23134ef2601bbca03f0d96983e8085d817ccf189ccab6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab476C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar484B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit