38d1f5fd51828e4021714f5806243574e3788bb43fa0314b7d945bbc12903476

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 04:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea9dce43ed7f6e4d59f99261c58bafae_JaffaCakes118.html
Size

214KB
MD5

ea9dce43ed7f6e4d59f99261c58bafae
SHA1

7974ac4d2f9d90812dfa72b83e6ffc2917e97dbe
SHA256

38d1f5fd51828e4021714f5806243574e3788bb43fa0314b7d945bbc12903476
SHA512

378397906f823be0bc42e0b0111df7104ce0fa43f47be3b6ca0a2b3e2669a06110975f2e1106acf809c793e0629fdf69f0db840d69666d875c21070d2d4fe03f
SSDEEP

3072:orhB9CyHxX7Be7iAvtLPbAwuBNKifXTJw:wz9VxLY7iAVLTBQJlw

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432883224"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{863472B1-7642-11EF-9E5F-7A7F57CBBBB1} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2088	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2088	iexplore.exe
2088	iexplore.exe
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2776	2088	iexplore.exe	30
PID 2088 wrote to memory of 2776	2088	iexplore.exe	30
PID 2088 wrote to memory of 2776	2088	iexplore.exe	30
PID 2088 wrote to memory of 2776	2088	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ea9dce43ed7f6e4d59f99261c58bafae_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46ef22c0865136af46f5ae052f3625c7

SHA1
69591e949835d3778902e945d84a9fe9de849e53

SHA256
d7b5bd950b9d3b48f5d5d6f7549c09bd35f2a837b03070673031335d150353be

SHA512
044e2a97eb7f70f8341f79ec7bacb4cd9ae74141e8d7fa69ec5a8ed969d91605924414389403145c927af93418282cb1bba229c74ccaf2454e83d9cd6d51b2e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d3d5ba00d214eb8aa5117844752f5f6

SHA1
29bde2ea77ce143f8ac33c3b175b41b495212b3f

SHA256
fb96975ff7ecba4da17f7d19e638c96d45549941ac12c577ab0245519a948e24

SHA512
e38518e7051b3fc4fb5a4d52c35060cf23e61b9c829b65baef1a5d7a8ae3b7ffe033bf73640a52a6306414c118c68026b8f9385ed7cf9512a44c8e8a88e9f7ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0b8c1567ce6a15ea9f18e1030404bbf

SHA1
dda35d2c1f27275111687c17983a0ff8839e8a42

SHA256
8fb815889dca0ef095fe5a4833db079e8c5560c9e219508a82b1eca27bac32f4

SHA512
bd4bee610161d5d03b37e88e675e8edcb98aecaaa92c9b8e1198f4fed49d61594abc761f5c016ea04f5015e1d101504eebb20e94296d79ea1564096d4fea9153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fec22f18d00115fbabb53d4575ca107

SHA1
ad76f487c1c34be9fb853e9245bd9b4765b7b863

SHA256
5ed871e1be58ca679af984b65abab757bd459c4ac84a607a0fb4367583db960e

SHA512
ca46702ea887edf21ff55bf7ecdecef0474f1a8a688ac604abae984e97abf92ef8e303dc91b14d76d843dd861ee16e3864ec247863b8d26c761ce04ff8b2502e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
532373f65f1e2509ed154caa016dd7af

SHA1
74143ebb7c609e8421f508e20e0aa34b1a7367ec

SHA256
c6194f85b5b72e97f44ca0415cad7f8ac495a27dba59ad2154a8abf7fadb011c

SHA512
cd00cfadc98a1c69d4ee375adec31c9913b2a43ca1780071e7f72f5f12c57892b73c8acd8314501988523a08417bf0145e3602e3b660baf0bf4894d069a43eca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33ba940a01c2037ed958e6205102f6dc

SHA1
fccbb8d501311e556b1ac7501c8ec25ca71b5e03

SHA256
14896dba22ecca637903808a3303aad5a9c2a055b3239427fceae5f61d2a5106

SHA512
86622d3f791babe1eb149811b005cb04cb48b081a810a84678e7fbd0c099d929ab103b97150c1c58c27ce22982d2ab79d121a2e7b2f933d9cd3d157aa3f6304b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7da57517bb78618d010744602cd9c79

SHA1
f70f48fb04500cfeef2b55b9e57bfce9e0cab85c

SHA256
3ca33a7107541cf4032773e7c658e7153987abe239ba693c462e73ab552b463e

SHA512
c354d38b2e6a4878ffa9bca8b166b3fba3976a0e43214bce5e883ee1a9ea7d5b17f03850b8cc1d2bde96fe50b8c88bd6201e1655ff33abfb8b1441835caa84b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a0ac3fa89d78ed1995be6b0c138a083

SHA1
e1752a200625d47ba46b5ba10c618c9c09253318

SHA256
4833efa9751eebfa607cdef1d39cc5a8e8eb469ca0ef543aba13c940875038a5

SHA512
48688b89bb77d87ee06d7242bc1579e0671dc4d382c32ce24feac4b9132f7aa885fa7848efe9468b96a8b4fb44ae1c0caa8cea89235b8ad8f2e0f7e467bfd849

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecfc3ac8cecf833559391176ce1927fb

SHA1
7513886550b27ae30e0b27476e003be0152ff060

SHA256
72189d9d97c0320f0ac3600ba769a5e8e70af75d93f9865eacd38c89811347a0

SHA512
89d4c3f805c586586d42077f642019941f17e269fbf99826c77ab7f52b8c0bd7cbd097e8cdf22d2af9f1295baff83cd13444c259e0c570a0b3e69c2d8c077f04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06113c692152495e5b2ad21455e8c5cc

SHA1
a2ecbdb670f99de4b09cfb20c2a1f75c33cb29c1

SHA256
4fa22444d3aa8b37b11ae7ac8bca52cb2ed29a176549beb4d6bf3ffcc4134ac5

SHA512
9bdbcbe6e41a50afdba4bf981f17c468f08400f20c9a18f9c2601bba03d04170e69ef8156b58247b3c6fa9c71126ed621b6abce05988c550d3ed25916bd77778

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d015237a230ecc215eecf790e7eb4a1

SHA1
d90079daadcd30a1071db7c1700f8b82f825c19e

SHA256
5e3bfa4cc285d40b30920b728d28d0cc38bab508c1eca43b3afee265e0e12c1d

SHA512
2762ed4e40b75f8b2a98bf6139fee381c916f541e8bd0048cea5b17aa2da7e2556ce1f2b7866d31936ac412e20852b92ecf8f0fc419e66f19cead976ec543306

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac14e2edb90f34d0b5a8ac8f000e9985

SHA1
a64f58d666c06d3b648c3baf4d92ba94119c2c8b

SHA256
c71efb05bee2752ba5eb06b226af419624a0d711ac002cedd712c58d56bbd952

SHA512
a3ec4571ae159f524512f9de0a0bb8435d3279b2f7c68ec7df22a534a29b775dd5f98e538f68d2292e2e201fd7ded36006db2299fb759b16ca890b1aaf4f1731

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab69000ff7d3f77f9da5251ec4ef7207

SHA1
5e65b3144b531d57cd445708875e6baacc7a5a10

SHA256
de0a0488bafe22c8733d51cb0c56ca8a54354dc4ba0aced9feda9006793b869c

SHA512
16e7e7463675c6c61ac52cab6b40897e8902c3649e1d08410e50028790a2248e64b8b0c3265a229931da218e7de82ea266336b5c0f013aa29153afebcac767ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
351ee4a481253a4741a43f9ba0f98e7d

SHA1
c9087e62a380fb87c8014998141b63fc47d79685

SHA256
fa572633b450060ff548f68c78db41e95c42398a15da39dd7ed298a81bd275dd

SHA512
cea98629c7cc47682602409d11bb239b7be6c1dad2fb606c1a6a99fa699db10d3b5f1089eb08a077f775c303d6d59cf0c08f6ec37a1305bcea7749bf2456120e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3eaeaa06f08c725f4f775b66fd8b515

SHA1
3a2afc61c2e90fa400d7a5ad5035b0c7d3cea658

SHA256
ba7e634e2f12c6bdbe37bef00521b4449248f740156e6f100b9d1e473de4c85d

SHA512
82ca898d9081322a58d85154385349d0a65d9d55b031f389c27d6f03316b1a57e18470a35dd364d085b1c9f9a42bc7dfb115c68ec47158a09e78a490f33f5d0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5578334926d6c55b64935aa3e90cc716

SHA1
421fe9321baed333d8c6d597b1bb08bc98f4b18a

SHA256
b78f5e6747eca11c62b86d2b70c54034d3e8422effb9658c5eab04d6ba418b59

SHA512
0124391c58634f2d41dd0329a15e904e8810bcb983a9786226e60eefefee6664e7d2ff650442eb13d14f8e9f60dc4bcd2166f842875056c453d1a2b056b8805e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d705c29278ef475c5a4b1b1392729c06

SHA1
340359c8e7f779907fc56c0c4cc6dfe1771ced02

SHA256
d40e68dba3cbafc696546f9bbc98565d0cd6c45edb856069656925f61cf361b4

SHA512
1403defe7b42313f85ee42d3b5a1d533534075fbf68e43efdf96310b4c73e4d0f4ceedf55bd8bebcece675e14b3c9d6dc3515372f0e2c54bb212697548611a6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ed3cb29825b2653f618985444911e0d

SHA1
203147a04a84013f220288d7147db7e8b8cfbf1f

SHA256
0735d0f63db75af87c50c133ef79b05e75cba4fddd59b049e92499e6b11c991e

SHA512
5ee4d48b99995c853e666b239646bee682d116b966d0b92b2a48a0c13371a261d7476c660c641aab5f1d5cfc08469b799e52c173dbf2b5bf006bacc4b7b17379

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3F81.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3FE3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit