5b030cf7a504d2f988fb61c60b2850d8e1b569c512505901cb7239101cfd12d5

Analysis

max time kernel
118s
max time network
134s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 08:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e220efca434633efe220d558035eb920_JaffaCakes118.html
Size

41KB
MD5

e220efca434633efe220d558035eb920
SHA1

9882f0dc091a57a84bd2a4ff2542a759e52df0a9
SHA256

5b030cf7a504d2f988fb61c60b2850d8e1b569c512505901cb7239101cfd12d5
SHA512

ff835227b5d72c60e35a7516a311f4dce9fde66c5c4de157a774aada8e05a21114b62c1eab50fafc2b5495cefe5a308a4da2dd5622e09ae102788bc1303a47cb
SSDEEP

768:BlSUSViwRFy8HAC7tbrITuDc77ca3gLwRxsCSDBWS0GVHh8cj0Q/CfKb9wibjLEs:BlSXv3Ahfe

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8B3C9FD1-7340-11EF-9112-4E15D54E5731} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432552521"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2696	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2696	iexplore.exe
2696	iexplore.exe
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2736	2696	iexplore.exe	30
PID 2696 wrote to memory of 2736	2696	iexplore.exe	30
PID 2696 wrote to memory of 2736	2696	iexplore.exe	30
PID 2696 wrote to memory of 2736	2696	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e220efca434633efe220d558035eb920_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
a1e6a3b9f15d5bd5e194bd38a41577cc

SHA1
81d1757226e99d9b692854e12fcc0732395343d9

SHA256
6cbb3e1d2ef825ed586f838a8ee5bd19d95a1a57fd1f4e57fdeac4f404550368

SHA512
75466938998df62003920699c3e6eabac9ccea5b3a543aa7484e8adcedf96d342c547a28c0124916c9f9717ac0e2c5857a68d939c577d28257dd31c41f4be5aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f92193d7cf829ba89a45ad246caa0044

SHA1
dfdcfa33ff312b9056b6a3f94f76d7f105af0c1a

SHA256
d0285403304e363f3633f821fb6081fa28a5bea474ffa81d738f1bd7733e81a8

SHA512
6052a92994b166832d5f110b817cce9f2236c6dcf3989809c6f4e72e1429f0cfd65c70e5c7bd197ea348757210049e6e172c131a3856ca9f18604d07404d1b63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76b592c5c663da21dd5c91ad7ec35e7e

SHA1
b0cb68375d336f56702f09b4d65f2d3fd367c1d3

SHA256
61ac3b8e394a28e6fc079a269e88eb4c4301cd1a2b4daf0d3a5ebe133e289e59

SHA512
70fc12633133ebff9745dd9605076706c06b9e7d7b4a24d9a5d7c58b39e7b439f5d63c02fb3d924267168acef3a9a2e4b8a7a42b0c07b2ef8a4eaae53d3d85a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52ccc35f5b8cb21a06daa197a0d10c45

SHA1
a6fd616d6501c8a70350cd0101342809329ea0d8

SHA256
e6c396a7da92e0a37e3c3b7fcadc6d70838e3b7764575d8fd5edc201cc8c6649

SHA512
c6cef6a5b5ae08fd63c9a194f302504ca26edb4188fa14cf41e02eb0bcbdb160cd8f28813a4c3c4d0609e7ea79adebaf9cf49981efa98440e95dac9e2f3841b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f33fbf40534246272d0d3447c343275

SHA1
52945ef035660fc8c47677c5e683dbdaea1b75ff

SHA256
6416859b1197ee7a335c8a059be17f2fa535319cc33271ee0a6d9c29586db7eb

SHA512
ec7f214551d13875a1529a2cb8a7f01bd635cb8208b1112ff93381fcfe0970599eba4ed774ed64be7ec4f9a130e0112a3f0ba488472633f3e4eaae72517e0aed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ad8733f47a6710ba937dc5c8899574a

SHA1
06b7fd786352d8afb41afbc49986edcd0aa11dfc

SHA256
85d4f18811656292d91f8d3d6fe5aa04a27c7aed8ff09eddd3bfa66328fb5348

SHA512
9fb2bdb6b8a5321b680203ca9fa796eaa24e8fb06b0ca8efe6a292f6a1c74677fa87833a40e21b410f1c72e78eb4d80c7646ddaa98146e5d0fe19b79a21e3a77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b4a4b13f1cf14c93856a6a7177a2071

SHA1
4a37aba23d1fe32eb5554c08717f728b355e70c5

SHA256
8a759acd7fe00bf2eead9b09834b1e2f630ee77c7ff1e3dd287aae3ebb52f721

SHA512
27b8770c7f3c9d2d017e123d495d35c05d6ffed4c7fdfccecef08de4e083a6ddf776be8870c7e887f61abf556a93916af04041cb0edebf002e125539c4c877b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
521c4bfd0a80d0f75ea4a5ba3220fc3f

SHA1
5711fe27d986d9cf60d51c1c6e7a36725a157294

SHA256
99217c4d0f40341df331d71dc1e7eae6eac7ab3186a5631b4ddf93ced23e812b

SHA512
9aad24db07b7e1769cbbc75efcd40268f4c6a571a5c4b7c0da6e20ae6e38b59438dd20db22daa194996df9ad4311f185c7b875921a444b19e4e4aba1a9a78e79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c01781ad61ccad1edbcd209168bfbc6

SHA1
a3cc84cb52077b6c2ced9d1794236126c5e20fe7

SHA256
8f09a26515120e0b4e935130286ceaa2df19caae02878d3eed882de8f36c95f5

SHA512
125139f704a987b67e21b79af62547ef26acc06b06321f717db092506005578937bb19fc879ad9eaed7e646a6da37aa557c5569398a27c6d2a4c314f03c80e62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e1bd06bd2a202f8fb374ab2d40d126f

SHA1
fac8da6dca1c61d2065e81b0eeade65cd44deb38

SHA256
e3931c57fbc2e395b56c8e0acd5458e95a87f913cc48b52ef94e6cfe21fc8ad3

SHA512
a418a2de8b41674e1b07746df984da04e1fd43392000a4bd65b272156bf222f3df00d0329ec8f8bc95a2ae40ebb994b15703e8ad594b4d31d5c78e87245f4300

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08f9468de380319c3d2308fbc3ecc1fe

SHA1
4a682e1d85d0a3fe7b8dca8dd2512b4c7ada7e71

SHA256
a974007eaa5a5c1d40c8741c8e100aa6405600358b39939a9dbd403b4afdc457

SHA512
8155daf8867c3fb3a13389b6fb43e1318f7f63bd73ece51fd3f08c561a9525df50255a1ae799140ccff74f1637770d2522c0b6f0002dd683eb8e0e7d21dd5b87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
f149aee65676dcaba4557737177e8b28

SHA1
9102c2c440bec6fc6ae5793c1d45fd1b2ec2f139

SHA256
350f866d5377d1fa73bc75264927c30319cbbe3c65416351c245c6031d881c3c

SHA512
441d0446d014f352977cad18a76e05692d7e1970bf5a3951cd6c421542224b9193262caae9e557e8a129c45f936f3c678cee6f72b52f9a06b9dc5a24f83d3ec6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7689.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7688.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit