06e647fe1feb25949d5e60d280e476e8ac5e13b6a7064d16578c5ec7451e42c6

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0d899d7235db1d2d30744863473b7b4_JaffaCakes118.html
Size

84KB
MD5

e0d899d7235db1d2d30744863473b7b4
SHA1

616ca495b74f0589ba5ea9a7a5bdc9c4cb2fdf68
SHA256

06e647fe1feb25949d5e60d280e476e8ac5e13b6a7064d16578c5ec7451e42c6
SHA512

82529c566b5a6525d6ba0cc8ac0b84a64a961d368a87c738f2804d6e9941bfe56dd914bb79104ab25eb99c4784408326ebedca1dea5ade8686bc9524dcaebfec
SSDEEP

1536:uh25oP2gpB8mlMV98Ba/hUZHQ6HkHUHsHkH7rjqH+HmHpcF0HGH/HTaHQinHxH6/:922OlMVeA/6faKyagQIpc8oPT0QiHN6/

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CF95F1A1-72CC-11EF-B57C-E61828AB23DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432502812"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2380	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2380	iexplore.exe
2380	iexplore.exe
2328	IEXPLORE.EXE
2328	IEXPLORE.EXE
2328	IEXPLORE.EXE
2328	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2328	2380	iexplore.exe	30
PID 2380 wrote to memory of 2328	2380	iexplore.exe	30
PID 2380 wrote to memory of 2328	2380	iexplore.exe	30
PID 2380 wrote to memory of 2328	2380	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e0d899d7235db1d2d30744863473b7b4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C0818D6C839FFFA99AF7D6971537495F

Filesize
1KB

MD5
4fdd07e4d42264391e0c3742ead1c6ae

SHA1
8094640eb5a7a1ca119c1fddd59f810263a7fbd1

SHA256
2cabeafe37d06ca22aba7391c0033d25982952c453647349763a3ab5ad6ccf69

SHA512
626261dcc0001d3bf73f9bd041067c78cbd19337c9dfcb2fb0854f24015efa662a7441dc5389de7c1ca4f464b44bf99b6df710661a9a8902ad907ee231dba74a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
855a6bc85fadad8161fcd87ffee1396a

SHA1
7a67a6e0653b097204f3e4664feadb0d50683c57

SHA256
a1b8c4eca7b09dcefa8a3b99378f6524e7e1b18b25db6732ed2997bc5b4f1815

SHA512
16ed5f13f2bc21cc4b08cce4e30ed31127092bac9464a109e0b466e5d59c0a8d3cb2f08ab6d3b8b49e2b1264c7c97a2d7a6c1cba6a57671189945ac108991337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7840301f92226d94b7333574b221b29

SHA1
22c454850154b5dd9f5d7bfac52db17acbacaf2f

SHA256
c4144e7b80a7355f9f838a1b22d49ec61d505ed58848b3263d450f22754b8555

SHA512
1cea13b4580f6938fa4e1380cc16753a2d36ede997b7e49e6f7d6ca97e23462d16881639519a360a9e5256f79abaf9f7be7d3e5f1a4378ad3f60000ff34fb190

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17b5d2fffcfcb70664e77eacd5e53724

SHA1
389bfd704b1904dd6d787126ef039045cb25800e

SHA256
11e845bda45f147854ab386816231831a77128232c67f9028495383a2e0ca21e

SHA512
a4f1dd5671c3c6a9e2e0e0a97c6f96e9c1b7235cd738a315ecb2829d227ac312cc66da30e98bad3a8c1e7a606e280f6e473bac4517e6b060f3bec9ec9e1deadd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a27aeb817c992c0f5513db11b8f4b3b

SHA1
0cb5ba8692fc08d16ef0689704c2e8daa90832a6

SHA256
29547f3d6d7a5467b864be1bdf5de455935ff056e853a91cb8a4c5f58b6ba61a

SHA512
2eb0c74e8d4b92b68f7e3569acf8cf018101451588458e2d20c121c6d84b6679a7d0c93e89186f65fa2133451dd5b1ca7496700cafd769eac9f44c7a53ed481e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e6577b9c5cfe0a60b861464dd98ba1c

SHA1
5d011d09dbf2e89ec683bbd25951af19a6cba9f4

SHA256
c3741f1249942cf68dac900fa9020a03007db4ca6fb35a92359350f9be472ce4

SHA512
64a7c83aaf24bd74783b7455c3ee1f0dbb9ac884c5ee2249caf5e01f8f5894e82cab4bc7e8ff09b372568849914ddf6db867c3d69ee0b55df3a4ba3384ece052

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5926f2c5ef4d2726417c5d8e23544c0

SHA1
e2e83edd16f601d00f93fa4693929b884582f293

SHA256
60dd6c9c751abea6cd487817f8f5144d60e34bbcd34f470bad9710f1569bced4

SHA512
1afc63b3663636c3b74a631136d0208b859401c6e397c3d13979b2ad4aec32915385a01ab3077bbeedfcef21ef276da4ec978f19ee21e6530284ea226b3b02b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9aa734ff978e72f8342230e3e80a55ae

SHA1
502610811ba8e9a99d42a3ec6a3449b968b6373c

SHA256
475ff2a4d9f8ba99f03a170af21cc2e50e984353d49fa784f73f555f163635dc

SHA512
6e700886f7ee707623aa2ade9f57cf432d923bf04969d434f9910e9ac810efd111509ec01a66d944dc0944f4d64f2b56cb97c8279b508117738cdd9031cdb189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd2550a990964dc4aebba7797d90bf2d

SHA1
54510ceea59b412dc8a67a5287a96c398d132363

SHA256
73096d7561516d3209a5fac85b83b3e044db4df7ddc3036bf324c1ffe5df5ab6

SHA512
d7906367a66e5fdbef3cfc0944b3c724cc2b6581f5eba5e1f4ea252e5143582130fb9e3d37b77e717efce9ed2e86a20a7d65d800e67e8395ab43086c56589a71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
affb7970cddeddaf8aa7cf3e56879601

SHA1
f98452bcb5f1727b152e50cfdfbb160e75d98c87

SHA256
7a9989a8fa9bba57abbfe1a3c1ad299ef8df3cca79709a7937669904b57cc036

SHA512
2efa95384371539749df495a8c3bf4cac7e4b0be293750432714a93fe26d48410b30272359830876be8f80b65b212ce7328f4ab83fd41cdbc72f687f928dffd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a690cfc9b3c3f7238b272c64c52412b2

SHA1
61897f367a42de2e36df4de081439eec204d5cb7

SHA256
6f1717679df5dc7fc34c5728decfcf74ecb2f768204fe99671088660970d074e

SHA512
c5fa73997780e4bb61504847151dcb62cda6a0107fac87438871f3b7219efec633642eefcf5b71f42de2c77245daed7c980b2cf31d771d1c6606406f4b9635f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C0818D6C839FFFA99AF7D6971537495F

Filesize
242B

MD5
0cc107a6be0694bdd0a03ada5dadde1c

SHA1
71864b60dc520567a5c9fc6a07a3ebb23704b2de

SHA256
a4c98f9f378632ebd0535566c8ab57c4f64f693248e831beba5ba12bf8e85294

SHA512
b99c235d5bb8222ed67a60777e47a255888d4208efb89c78d439e6d843fb3b3252aa1433becd5bdebd7c63f67d6ddb9dfde2b60312528acd407a92c90644a90c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S8GI6B9B\s39309029[1].htm

Filesize
178B

MD5
cd2e0e43980a00fb6a2742d3afd803b8

SHA1
81ffbd1712afe8cdf138b570c0fc9934742c33c1

SHA256
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d

SHA512
0344c6b2757d4d787ed4a31ec7043c9dc9bf57017e451f60cecb9ad8f5febf64acf2a6c996346ae4b23297623ebf747954410aee27ee3c2f3c6ccd15a15d0f2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE340.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF3C6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit