1093ae3a4a21cd3d76b6f18eebf338f02fa5627521a6496a0fbea55af64d5aae

Analysis

max time kernel
137s
max time network
139s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0f94e0e61577e67f84648474a29d3d3_JaffaCakes118.html
Size

214KB
MD5

e0f94e0e61577e67f84648474a29d3d3
SHA1

dbb2f1f2c0bbd92ec5615ffd3ce8d148eb392ac7
SHA256

1093ae3a4a21cd3d76b6f18eebf338f02fa5627521a6496a0fbea55af64d5aae
SHA512

7226bcbf9467487afc977c268a0cbdcd17d629567b864da6d08177632aa09a6ae6f4a771d02fe81ea5ebd1407ff4ebe90315e0688a988cd2b4e52d37fcb9e8ec
SSDEEP

3072:IrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJy:Qz9VxLY7iAVLTBQJly

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432507621"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{00BF7B11-72D8-11EF-ABB3-E67A421F41DB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2056	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2056	iexplore.exe
2056	iexplore.exe
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 3068	2056	iexplore.exe	30
PID 2056 wrote to memory of 3068	2056	iexplore.exe	30
PID 2056 wrote to memory of 3068	2056	iexplore.exe	30
PID 2056 wrote to memory of 3068	2056	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e0f94e0e61577e67f84648474a29d3d3_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfc55801c4ff185ec394e72aa2e4c4aa

SHA1
d05cac9d3aac4eabf14d7d5d08c627041eeb37ab

SHA256
437364e09566f3d4804aebd2508f26951b8c86559d5398ed1f222212638fdf46

SHA512
5574d485a741c1e21fe6d47fa24b260ab10a1618936ddf82005bf7cfdf4e9240adc0a3796a7816fdcc1e2072a18a3c9ea68567ae7c3ea1c074180344e7b3ae67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33120bae701ac5e357f01a9f5fe52120

SHA1
d840ba9dc3305b11a9b8721a7661f6dd787aed0c

SHA256
41402079776fa91d4e26c85836b6ff7e0c42b7989b2a512f756e3c51c3c7cb13

SHA512
ee7c677d4ff522a6e3357c35caf5f5947e1067702532b7bbd2e6feafc1b5f8319e2399a54557389681a1ec058a5b58fd8793b20fbf6c6ff71dbb7a34f7322444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd682ff31e01b6a42a521ce50cded520

SHA1
fbe0c372a115681c04fb2bbb7f2dba406ae56111

SHA256
f6d08cb0a14953f981f43a09576fc8e48194f31ccc63c46d6020f04968d242de

SHA512
c75bd2dabb78a7c724a1467fd3d7124158189b0de4bdc3c49dbb012abe2aaf3156e35cc962d3e9449835dd0e2e2b67bc20e5b23d7ddceae3d848cdffacf71481

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89cb6d5b5494b789e14f06077cb4f3de

SHA1
b97215170a958feb74830b05d24c2ddade6d36c1

SHA256
b718c46ed9b86fe564a2f5cd6a1a8fcd9854eb9e85e48b5a4564e6b46104615f

SHA512
68136b83f3f0d08803f896c45213f3086bc92aece35d2959243442a9eeb1cf38c7db2ace8dde779bfacc0fd791714779a32ebafbd4d13ca0e94a37b9186908b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e8abc6ba28df918db8245e04d371aea

SHA1
587378e3388614166100f1e3af0faf51abee7aaa

SHA256
989b7d68a4c975e4379403ffd043b31474dda667d23f3efd9f88c63f4acfcf81

SHA512
fd986cfc53c02e3dbf8191c4a991ee5ada77eacb178ad64852225cdeb26dd7af254a3e101010a8d6c6bc92c5e27ea129ae0855f24a03c4d55eeb9e184a604932

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
115d58e7587023465ede40627cdac3b3

SHA1
1eb32fc2489c6e2d91e6093dc4979f22963ca6f6

SHA256
fb953a87281bd1b69fb992b4f82fa740d13158e16f5e176d76d87ab003408100

SHA512
c05bd6a958ffdbe57158f64401c4cf16cad811f3e12656925104a42ef986ec4c4236c420fd3da650c4bad79e87bbfd7a3da7da9ccc537451695a8ceb13a1c9fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a395391962eb408028bbfc412b7745f5

SHA1
faa53727e3fcda1305e7c7bcf75e5cba439b8a40

SHA256
c67299f7cdb19eaaec1efa1eb863339fbf3a284abf1670351cd7a43ef7bdbef0

SHA512
64b76369480c6abc0e14bdbb7bafcfddbb5a0fda5b44591ae1f36ffbf4948694dc50f51a42497689e9c175de41449a53a209067546c127522dd6fa2bcf686ae2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b758ed96b2185cf6b2f619462f51178

SHA1
f95a986cadba8bc73fe5c5e8067314c776310237

SHA256
d496a46129859a114f3c6da45d8f91413fc2a4d3f6f1944430e342f3e1b7c83d

SHA512
521e573b092221a1d3a7ca6da7d288b0803e7b0b2bd7d50f05b22b19e6fe7049639f1b63170593e6ea34019af18604a1f0224fae20f406de33e651b900435645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
526f31018b843bc38092318e363fb1c9

SHA1
a39b70ccfcafef6835edc99bfb1a6e4066e68bf1

SHA256
243bfba324abda15b6b3312e78bd8c498e934dcfcc2efc4f8732dd57765b0105

SHA512
273ed8674a96d21dd6603f1ac791b79925b055e6bc3d8b3c83c47977ed305a96bb6ec8d4a4e5ca4cb02baf016bdf3558842f6b21254b7e3743293277a443cc7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57aaa41cbfe313ac6ccbe4639bda63cb

SHA1
97dc92a2464e9af8fcb09d42430b0aacf088f65f

SHA256
19613cf336b95bc595d1c56c7fe0fac1c451adf1993dfdb7d33d2a86902b7b9f

SHA512
a2b18069a393ad64b957b3ecee686b7af11c297dc2ee5b800e99a173e1054c2b49e5f83227fb595b7dfb52ede0eb15b1d8993e9d7b3b5de554e704637e58e409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
927aa380d843c4ea94530ed8d5a3c796

SHA1
6037585f7ce2717ee246c1cb86ff52ce27315d04

SHA256
c194ba82cdab2a5bea908841c91e2cfd30486b7e327677e5a59cd0623080ae1e

SHA512
45503cc88812e197cc545dd0a634aa535f7d6f237710bdce0b8a749eca7b40ccd244b63c844d304f6eb798debc89f1bec44843be761ba590321c83b3d2a64f23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9cbd1f99c3e82a1dee095b62dae39ff

SHA1
104ea5a085976d4db49d2050f03013ac53432a21

SHA256
dcc92664788a00235749cbceb711c196dbd543caceacc1a994ea9f0828eae707

SHA512
b343ee9b20e9e21992ef1c20d2af8d0e1a998a6b0b909a610c82f6a50d7a215079a2523bc6a962a3ffc0241da4c26902e4406526af19164da1bba2fe30e918d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de3fe08cf309cb05940ee49013f3638a

SHA1
3b1f8b346efcad3dfc23d91a1b59210f8b27f20e

SHA256
9fe43ae63171f14dc534ae400db09101a19368ed3a890bbdfdadc806c3148879

SHA512
35ccc76f56ea15a6a5401739f531eac4bd94698c619fad9ebed99b841b5e173b73e35ad1e59bd3444293df82430a83d0f87c1cf4de7443d91d5ff8ff59315acd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b210926e156cc1d3818db89ee892eaa5

SHA1
4f9746438976eae63fe21d81dbe370d6dd493c50

SHA256
3e380da98227586c444b6bc4207d77d04f7d67bc782d360af71972fa5326cbf3

SHA512
b3fceb85d80f8e1d53c09b8fe4834d4eec4d00f29f23b07347c1a90e57d6b2214f2cf9d3c9df0c04a95bc42111dde319285e5d11c639c091686707bd680b76c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
596a9f97140cfbb654743901add88a49

SHA1
e1d10ca6fe0e8c006121f5b55f2966723797e087

SHA256
32d65670a5e3ec763803b3cec912fd46d2b1954ce95a0df1cb8d2de719a83d44

SHA512
439f511c163936876a8e07cd0f0b36a6463b02ecec2c814dd9a032c473b9cfe7d07d5ed024c23380efb9853859f3ccb305c9436e04de780ede389ba172ea7b0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a909376ca6ebb2a4ff0880b7c15c7db

SHA1
ca728171a42a2ff62787b7735f12859403152d2a

SHA256
d25179c33bf22eb203769c5aa3da929291ed520e10d0e90bacfceb3c68144489

SHA512
c0509d920a282cc7d8921746959604b8b85cf8fbb69ebd2cd51b5c1bebcd99254cfccfacec0569a193b606ba9086fe49ef21bc9777974feb3217215ec77bb3fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d820c30d2776d3cf3ec8ecc35e758410

SHA1
8e9d0638990121e6dde4c1d365c33f734f29c65e

SHA256
c871795169d56cfaeaa9c2911ccd715473cab9b11a46967af0b559ac267beda5

SHA512
6e0c6b4ca205db10be81836e7bb6270cc8492ad910006b0d8d4c972c801deb5d32e96a98dc431db0456a45822a182017faa8ba9c9b0e1da98a2c471dc43ab2d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64578e8bbc275810ec4cba4a37f7773a

SHA1
c88ee657d19100bb70af0c500833192feb307e40

SHA256
659ac66b0c53061bac5f2a9826b7a28af4eef795bbf75aa70e8365211750dbd4

SHA512
efa72667cdcc1ac3a3097c734c309da0ca1b791262371a0feafa5d78d9d3c1bc631dd009ab8dcf47b5931da53a1e4e46d1f5939d6cc0c26bf8e3f98943dca9ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06d9923d0e87e6d414787a2856f42c91

SHA1
8f5ec72f2271f1e8191a773926d164d7bad5d4a0

SHA256
fb7287f13de78b955ac8236e89258e437c796ea0121def0d3a13943715b3dea7

SHA512
0635d60423504e7d83cbb48f11e250e2331d9e4beebd9ac39cb26683a7b539c491f4e807bd07a805696dfdc0e32d7f7a3a9fed8339cc69e8348d2cdef0b636c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA47B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA52A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit