023244fb30fc33eb3e2b1a493f470a7e9a4e526e6a4e996e8eadbc244c1082ed

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea87b026c63e6e308d91fbc5e9baf84c_JaffaCakes118.html
Size

213KB
MD5

ea87b026c63e6e308d91fbc5e9baf84c
SHA1

1c18f1cfcf2138722f5323f87d30591256f71795
SHA256

023244fb30fc33eb3e2b1a493f470a7e9a4e526e6a4e996e8eadbc244c1082ed
SHA512

060e5760c271dcf94d08d6f60f6c7e84bd43c9a2958f6cef2945ac602d44675b34b6be7afc3ffd79a2198826fc0eaf24b319deb7074aec29c3ad4c8fb3237788
SSDEEP

3072:Szzb4bn8NWVyfkMY+BES09JXAnyrZalI+YQ:SzmfAsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0F8722F1-763A-11EF-873B-E28DDE128E91} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432879589"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2300	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2300	iexplore.exe
2300	iexplore.exe
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 1276	2300	iexplore.exe	29
PID 2300 wrote to memory of 1276	2300	iexplore.exe	29
PID 2300 wrote to memory of 1276	2300	iexplore.exe	29
PID 2300 wrote to memory of 1276	2300	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ea87b026c63e6e308d91fbc5e9baf84c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2300 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3de8b5608bb913c33a015ff09f4a4bf

SHA1
c5e098f6b8c0a780dada9a97d54e58a3e900bb42

SHA256
717f30caabaf36100f074042a77e10a2d26f0ec24d698627a2791e0962c25e2c

SHA512
e627c3cb27d614622d4292b248b5900e6be781384fca3be4efe04e863f9a9937ebb6cf39e68fbb26619627ceb2ed111e8b6762be85401df00d174739e396bd36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41ac8d42ff14024abc680d8c0cac5882

SHA1
944979f1eae4a8faf7042bcd9171f5d0171f79ed

SHA256
cc83a53adc5a810dd3374c7855ae70e36e95eea3444bfe7bfc5d077eb78919f3

SHA512
a6469d1bc6c46b8730de4c2cdd398359e7cc74c3118f42041f240bb3e94cee62f510dc67b01dfa1bd8a64054720d50d8acf977687993fed09424a227702f0171

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9a4ed3cb42d92e872fe134b6f06b5de

SHA1
379c821122851e47b84b5d860aae1547db9219ce

SHA256
f706588d3a810ac19e8e15bace1b49e24a6e1f2ffd946466510e2542572e6139

SHA512
a3b207f38981279e8ace4cb74d7180a0b2609a37245471a6bc51340017e19a7eb21e421cfe447eaa46344e4eaeea2cb6a0c271bd990d5a1b2a6e4ba6e07bdd9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77c7790718dec4c94de3ef576052cd83

SHA1
ee66d4cf75a0c101c8716257d4527a169e485309

SHA256
262b9846259512d49f70a299c06efe4c15ecee6651a27c9fcc85551fd6d3f9b8

SHA512
f386167c8e59a8885f7e77e7a1c706b599d8b6732fa0004c2d994aa8527b7c7678ab3d81456396ccc3ee28dea3bd5f8091c2d480653a583017e3edeb488f9683

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19f6a9343d32be4f5d965690b3d962aa

SHA1
8eda73072e7bd917185193c227df403b610d4f47

SHA256
d23685611a87bc5366dc1e030816193066914f5e4d89f652632518bc051eaadf

SHA512
12c69f4f4ff52514f34eb9645c2bf4bf7630b6c52c2a05cf00e5099a5ad77d068d57453bfa8e8bf5d4a93496ab603989290f2e1418ca4c1664b5faff672c0498

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11c3e4c815601e8e67e98845a92c46aa

SHA1
ef22db00513695d68b39ebddc9307966703b76cc

SHA256
7f5bda859cd2442b4a538529db88bfd3d96ef67f88fe7721e74b3398959f4880

SHA512
ffe511ba4f874a4f31fc2c6275c836069568b27dbdf4c12978836a30ec0973f6ed11e7bc4e3e07b07c3df0ca200bd86311407c23be85e78186a45c238dcffc06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c03f744cbf96f3352a06c96d6cdf05f7

SHA1
21ae0d46a378544451f21605c02af1bf0a9bf392

SHA256
0a4d07fc7dcc8dc5f83e29dc20983411089eff3cd2b2d01e7456729fb868989c

SHA512
9f37eb7113a00c1e364dcdc7eac55647a27f55dcfa26793d4fef5cd47f5fd9a3ae7bde171c0c3b3089370cb24090ab46346db1ae87090c4a0d72d47417d7da54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b18308e109286bbc505b9ce755818a8

SHA1
d182169117830931355cc453124173d69c6ead98

SHA256
2eaa42bfa3986473272bf086a30c039c3a3743c50a10d8b7844c15569524a6f8

SHA512
f9fcb823df92f9da982f71d010f6260d9912e7f7d5b9587868001e249db8e38707039a09d5fe42b1cc9101c639663917e5f5eb6f6d374cf2e3264ec32adf0432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a67b101587e40b4c6ba603cf11569e2

SHA1
e50398464ab612ba1d605c9fa6c840a951af1e18

SHA256
5de3c56b711f606d201ec5951f04e1613842448e3001a8c6400a8c5c18db7214

SHA512
6774108daefb5064d09925b59f793d846aaba43828c2f171617838516c057133bae7a775682d5f451f9f603ce043e0a530a56fed059cb3c7442ae24299e696f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4064d64f02171fb41cde427b29d18516

SHA1
d25533f097f486968b83c14ebff5d6d323cd26b9

SHA256
f16e320b3cbae1b4b92a31df099bfaffa7f06b418b9a1ad0cfc8049f72bae280

SHA512
339cb334425425d4a8a29675b0db3e5abf2188b3451af9642be700628fcd3ab125d7f41b9f47fd7434043b018e101724fc9a29b77620d666d90efb11e14bb74b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61e5dff69c045487fb3832a60fe39ca1

SHA1
4f2db77506625d0c759e65a47a520acea7429de5

SHA256
1d50895df29bf8adb327dc700967620d2438052eac9cb9c8aeb7f2f47fbe8b20

SHA512
8c4cb999d460b8eda44148aa2d29f9d78772c87f49edd774715e91bada77f9d45eb7c8a435962833bfdc109369492d309641470a4bbd459d7732cf08a945e2a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3881cac2bf840167247cd254b3cdb59

SHA1
4e1dceef4b9906c90fda1410d452468279b0300a

SHA256
c7f1656943fd83d54739d8b38e81b8082068f694762eafd006bfb69de3263d57

SHA512
2d3ac9d6829b3010d62f51aa46960595ce746540dc8b8089ef8f88dc938babab505b4866c82e53fe17b302beb6c0fcffc02b712f5458d0081583aaec0dff8807

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a7e560f3aad1ce242b358d4b621377b

SHA1
57d0126b9bafac3fb8ae7a093d8da0fd53cb70f0

SHA256
1e790e200ba1520702fc34ee5f3cb392cb2ed61d0ccd6778be065d1c9a8f8167

SHA512
81ecfa71d7609196d00bbadf6b960c7bf5c9e1b3f3ec75efc63fb6cce170c125287249f9962b492a294d831c92385852256d0080673572573cf0ffda89c8de78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7631a82578994e705a11009111aabe6

SHA1
707196abfe7ddfa91dd02efd4e33feee5241f06c

SHA256
ddd30d8c92a41ec1e99b865ff17957b47de68cab8bf0452c4275e5cc6265f7a8

SHA512
1b78541e7485513523eb08c4d9b39303562cc2db11d2c88ff72026f2e7ce68b2a02fe23969c4eda9b346adba4fc5f69c37d944e5288cd273a0b012a8d2308ab0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cc218cd88a173e077f2d113dc5adcbc

SHA1
eba04af2e24c0704d76c5dcc68b156379c2827f7

SHA256
bfc785a456a2e174bb8fd9e3317188cb4a25989a397ec1a902ff5c8e0754d31f

SHA512
99a121c636f250c13d57657a906a885713a9d849fcdbe7463b910b049b631f71ed905cf90c2fe3de3e06936090749c0773160f84ef80334a91aefcd4f2af3b12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d684964d2d12f77ef59bec4b558b3d3

SHA1
4267d081c0ec188f74c5db159d94c92d105cfcf6

SHA256
d42325af502c5a252067f12970e938f735e6a5a1ddb8b422c7575cf040487186

SHA512
71f16e9273ac9888d1448437cb0b9a85145fda22304bad0c7f2f577337dbc0ce7ec96a1cba4be9f849d7992f419c50ed0deb50103c7930e67857aae3889bcf77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22017c58ce3039bc7657cc04620d5731

SHA1
8b571bc26a4c7bce55c126ffb37f2e024895bc42

SHA256
78c0e4ec29e6728919897f98025256e91bc15e9881d39c6e9f1871f6b936a91e

SHA512
1059135c9b1a53a9082736af301312aa93480d39325248201e5642cd3925b28e8644d2b8ef8eaaf758371f4108496cb78dc21ff88b83080da02d78b1f2061e38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b170a265211dc9f775f9db6e5d2018d

SHA1
fd454dcfd6be864ecd01a854f6f22dce783ecfc9

SHA256
cd89d93e231df8c023d11aa7f5742e54ae2a93188d6a45b52e9454c90f930cf8

SHA512
bbf2f8b630f410cf8975e97d0d62b11bf90c5500193c98f43a447a8cfd7d2e70cd298e171ab86bb9aa4c245f23be1fdfac6959c47b343a37614cb3bc9f977f19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82c83917238023a8e507ed0dec5a20d3

SHA1
af03cc10cb84ddf0748bad2a497ea641dd66e26b

SHA256
053d4adb5c9260541773d5a30e0fc3312b8dd1c9e85568a08b31399afa0f4e99

SHA512
7191c8115b3609e5d4950f13747491143cce5ff99dfee1998a5ca60535b47e99cea4c50a0e3a13b18d1e1a365af6bcc79a29822364e1725d71bb1987b08e4866

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA5D3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA672.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit