d1ff06adad998f1d32117f69bcabb376225a978c7cbd4ec8889889ef39ab89c2

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 04:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea96add71db7547f2c53f74ce94d6b22_JaffaCakes118.html
Size

142KB
MD5

ea96add71db7547f2c53f74ce94d6b22
SHA1

e83896361f2f1f45698084304b4b2d1332ce56f2
SHA256

d1ff06adad998f1d32117f69bcabb376225a978c7cbd4ec8889889ef39ab89c2
SHA512

e9095fcb92f0c82e8fed0b7c399c63010052d13bfb0a71a97544bfa74c8404cfeb98fed1c1f7a79fcebee8de0de7e6c7bf920f1817321ec0f5cf674242a4ed17
SSDEEP

3072:Ssn51Nx7dyfkMY+BES09JXAnyrZalI+YQ:SK51Nx7osMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F5EE8711-763F-11EF-8EE0-F67F0CB12BFA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432882123"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2716	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2716	iexplore.exe
2716	iexplore.exe
996	IEXPLORE.EXE
996	IEXPLORE.EXE
996	IEXPLORE.EXE
996	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 996	2716	iexplore.exe	30
PID 2716 wrote to memory of 996	2716	iexplore.exe	30
PID 2716 wrote to memory of 996	2716	iexplore.exe	30
PID 2716 wrote to memory of 996	2716	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ea96add71db7547f2c53f74ce94d6b22_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c94a6077d402c6424fbc0e7cbb699aaf

SHA1
62b96665be77a566f173387fa519e75440e6506d

SHA256
5c35d9faaf111f6969bd0707054abcef74756d5c19f1522f8556ec0d383af22a

SHA512
83f5a54808b55daacdbf4b4842644bd64504273e683f3c70f8bba52ea1a41e9707d57baf0e26b48a4b67ca481b500238e17f31a90c230561f81629e20ba9f744

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29beba7ebbf034015f1b151afe07f42e

SHA1
9c8d22938836c0b3ffd724178bef1b5104b0b3c8

SHA256
5923c439b445603ece9b812d48f2141e89c2f3c2a63ae38d6411ec625cef290f

SHA512
f94b12216ac33b5884bb5a243613265ec8bca91560a22b370363d43ca289dd3f9b15055d29d1e32c9ef27e270a5a85331958c4c78847e4f2fd76464850a3e5b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26db62cb4ae7e5ec44cc2a81aad54d5a

SHA1
fabe4511f7ddb77c4506d3cc1baa4ad04b0b0083

SHA256
04cb9008d92fafd5cdcdd0880c015d339717f72789d0cec77a4365b93c8d9af2

SHA512
527bf026f9b34fd7d8afa7a06d06634ca1b36989fc1784c21c5c2a8f489aba7237dcf906cb24bf45d7b8a76277c731bb2e604bd3e53cff56e3b19f9610555da5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9692d376f5f20dae647a5f4a9425ce1f

SHA1
1a6b5a606bf27ffdaa8b4549ea3435e818f3915a

SHA256
8f8bae44867d53a521aa7c3a930f3c02895a695f9daedb2ce87c28876c0e6f89

SHA512
8ec9bf21d4284532804131c873fa5b44935052fb2d425588b44b290436d68e836e40829211e887b552eb42feeb7d3406c89576506cf7ebba75609e0e5d94b3e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
374b9224e9ab23af939c1757ed68de4e

SHA1
043daf7b59675de683fa73ff6f5339b8c4d4fc23

SHA256
da5cb28e0fe04d130861c10c47323d859512de43838cafb92d3625bd65cbca0d

SHA512
25c9211eb61deec0d5785aaa6c99027cb648ad855fde9589cfe8003708101f2cbc1395042a53bf1ac7735432e1f4acd44760f628d9c862fb09199a794e25c1c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
439cdd3bfc2d6fabffc1590e4e5c381d

SHA1
2e21da5a8be917b1a3166dd2e4325a37663e7281

SHA256
8886098e8cb9c1cb1075e71430da272bd962d1a35154ea3f030375bfa141e4d0

SHA512
b347d4009ef85ab39683c25b2a6c52d812626b7f1726272a36b0596c4e086ee58c160af5cd6f61a5c0656e7180374439d5352ab0d3772138b2ea830a2caab91a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61301fcd7438d1a6386ca3b7e48f5612

SHA1
a0db8c0e44d15bc5281466b5df8e170eb74eeb97

SHA256
c4c1d95efe5f4d294c13919b19bc2a7488c441f7ed1592bcf92dd6055aa0faec

SHA512
86f768d857320b9724c4707750cceddbddf7380d9873454851485f51cecffe92eeb83b81a46d782914f553a282c0826df4e616b53bb4bf116d7a0538c0cc88b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04c4ff800296ffc98d19e43d15e97ffe

SHA1
438108d3badc26b38f913bc278bf9ece2819fb87

SHA256
ed407688aa0a31d53193d182e5a53f90cc2472dd9fa88dba9664a1eb5ac9d6b6

SHA512
7aa529b48d303f418df7ff9c5a9ee3ade9c88975c183caf512bb7c0d683f8abe07dbf5aec072e3aafaee02bb01583c893464e1afb64936d72059800f6c3d3125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bf24d48dd7907ea131f2a672a502c65

SHA1
979bf85676a3af6f40a5c05b091b3ef3c5bc0366

SHA256
530b0485359ec92fe6355e57c19227c22a0f7c1f386586a2b9ed67bbc231c92d

SHA512
8b24e92e4dd83eff56f0643333f2d5e92514f5e8ab5993ec08bdc86ea77be745d15dfd825a69ec3d601ae0c006db8a209f51ace4841a6fe08a6eaa87f3382972

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bcfe228e7445d5a3908f1f15d3246bc

SHA1
32a98db9c585bac3b80102e24f94ca4d9ebbcb97

SHA256
d09a402f09dc73de90689c1568eea08a114ac7724cd448fbc18345a56c820089

SHA512
e3c0ec96f825546b366d2c7e5a7fd9022dc94b8558dd8cbed347642a8f843133542b807835fdc6263e0605db04ccbd36cfa23fc34029f8f988a4da4511f6eda8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6848e9fe33a04c33da53a2aea6b37cc7

SHA1
4bd988c573d2adced5b80ff5d21813d4555a1d7e

SHA256
4f675424370e869b7250866741da85870d5e589a3e090c6edddeb221aaa71890

SHA512
48dea7bd623b28aee8840b68630d27e1f9487db8e6f66f821cd5345259d24483695ca9400ce81e7d988b23b7eaac0380e99aef8d2aa43bacae0752d05e08ab6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41f727fd0c1de73843339ac86c3e3041

SHA1
acabd9fa07b11eb7a1fb92aba57a0a12476bccb6

SHA256
d967c07618605694add5d3f4a185acf0c9658032e97dc7d491285227b044e6a6

SHA512
81dae184f8d59509d01f9909ce5d509375cabf4307b7f5b3a304530e479c590d5c52e218627e9e1b827cbaa6b66397228bd6ad1c98424f9de409973aed93a7b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28e9b804fb611c57b8681f96fe0fb52d

SHA1
e48aa6ae50194c80fb844d3b2e9f40f2cd135200

SHA256
df935d3c435aa8ff390b3dc091511ed97d5fd44b3279aadee3419455bc945b7b

SHA512
5bfabc8f16f32f43c8d95c8dcd655d802ee0915a71e226003c69c3342c36e257b943ba130951bf360f764fa9c384773d88c82e372118a127523e4d45ad639e20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ead61c75a38ada730766d887494af354

SHA1
66e13f53097cdbc45d3747fe447b4bdd3ff811bf

SHA256
a4cdcd5245d69300fd398356a848d3948c53282475717390050ef61fb41a0458

SHA512
d447e68c46839e82f1f13b67ebb9bdf1441d56eaa9974c19b4a40b8d03d34867b1dc68cebb383b631caf54e2c158cc89f325616c84f0762f85c352d35cee6f74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9eb1f4c6e1f05bd67609026cfbf23b9

SHA1
c01a786c543a62a9a412421a8073e9cbe9fc941c

SHA256
35778b29e5f43b4233bab420520cb656ee8e7ea641bdc64a7a2d9a9ee8d552e5

SHA512
3b224fc126fd190ecb8babff0e42c52b790863cd38ebf4fad0714a1662afa2eb3129bdf3aabf273d4659ffef7837777c801ffbf306d56fd58a4d17f95d6741fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed91cb01dad9ce9b7c0a616c93b35131

SHA1
4ba0fce39caf8b7410a8d551b3126d02fde4cfc3

SHA256
3256a64da6287156a0b2caacd88338dba67f31de7cc5e85bdb2871da8834af7f

SHA512
9984e9ef05e16ecb3efa6c051c86abe3940ea66a85f45c78d425de9371a61bced59f9aff33de142ba26542da603708bfeef6a3b1bc39fd5673e13ab0516f60e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe19cf2aa6c2bcea5c29d27517da0273

SHA1
7758f098aca7575f82e2f632705fcc8b91198c91

SHA256
2846f4ad8d8fd14fb81d2419da83d72fe38325060d55ed4c4f27ec2442a37dce

SHA512
8c3666d4421911ff5d8a497c16b0313d30ccf878525abcede70269f2063f43150b7f50cbb402b255b35d07d08768bc200b36028fa287f2210048719d5369e95f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6167e64ac9a0126bec2bf3e8a9e29ecd

SHA1
85e1e593afd8b775207f496848a93908d6497631

SHA256
8dde0aca065f01bfcda790d71b9ae60f7f86528b508e8b4307f13b0f7d8a86bf

SHA512
e7b6fe963ac055b2f07eee3395f178fe63b308cefb70589ed4576f3c0f6bab2e7b2f1b9f5715a26f6cd91d6121176bf07e9ad995aa6854915b857db592dee45d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9dacb1cf9ec92f056714b94cfd2dc2d

SHA1
409367c973a5b5e27d9e14c8c8ad515885672c5f

SHA256
abcd3737bd156ec38646d2e4540e9cfc0f79b9392c3068d65ac5c4781f002c1e

SHA512
dac34dbe94f24c301ea17eeb89ae8043cd7d05d708de6767a44b5d7c6f24863be21d9c9eec4943c9a388bd523a958e515695b259617f12ebd7151fbaa9e5e76a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC064.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC113.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit