8aa92d15478910dd4aec03c421596d4a0e2a0735f09ead01a405f04707cdd86f

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaa5cdfad16df54f27ba1e033e412582_JaffaCakes118.html
Size

54KB
MD5

eaa5cdfad16df54f27ba1e033e412582
SHA1

b44767183cf7ec7412f2a246d509017ba87cd733
SHA256

8aa92d15478910dd4aec03c421596d4a0e2a0735f09ead01a405f04707cdd86f
SHA512

b733b46e0a0d059b947f67f77c8d822528b4e8f6f6e53ea3164fdbfa4adafcb083efff1d9a449182eaacd154fbd657361650a87434a1413cb6e2b07c52b380a5
SSDEEP

1536:tnFXKZ4KpB3HbSYpZRlmv/MItSA7BzzQZ:tnK4KpB3HWWmv/MI0A7BO

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7F0B041-7645-11EF-AC29-D6FE44FD4752} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432884596"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2444	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2444	iexplore.exe
2444	iexplore.exe
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2088	2444	iexplore.exe	30
PID 2444 wrote to memory of 2088	2444	iexplore.exe	30
PID 2444 wrote to memory of 2088	2444	iexplore.exe	30
PID 2444 wrote to memory of 2088	2444	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eaa5cdfad16df54f27ba1e033e412582_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
ba9164eb7fff24bb8b02834a1ebe84ab

SHA1
d96530a6510fbf8da500a0b5edb4fa5366931460

SHA256
23aaaaf54e62dddcca4a36855a83dc28a070c814f87e251ae0b68e36f1a555c1

SHA512
ecbce18b9d029f6595165bbc1825c2709e689bc96e73a8fe2d20bcdf85813259ac138737679f17c3df67b8f155106c5c0655c0ed7daeb12030081c133cae2096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
471B

MD5
a8b199d725e204fa9db45cf198e23b91

SHA1
cfdb28ca6c3d4bf5873016fdc265d4d54ddbd086

SHA256
f1eddef6988eb7ef72df5c71df7e57aaf2e9097a8db30479c97c0417cde415e2

SHA512
b6edffbb3b072034f804845e9c373ade96b8ec6c42ac9ef819c68dbd2840f2a8728dda9710c98d56a4b59f9736342c46edcf1c646525bee6eb400a545d8224ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
0892849abbf06ac4b4fb9cadebc852e0

SHA1
aa0435e2fd5057b9597eb28f53062194654d3261

SHA256
2d921a4f44e7a652d51bf1b60e3e49fdf38ddeba40a2de46c4e90249106a6f81

SHA512
df0c833b4d1bb14101fb64bcd85161956907a815e8aa5cacdc03b026e7121f9d9389a2aa70cb8736d1620a53e7f813495ba8d9cb941c74acfcf21835b10a437e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
90ed967c3af34dab17b882bc71915aa7

SHA1
1a57109942715bcd450f328f33a4709622c81ec5

SHA256
bc4f3a0fd5d70f6512d6f13ab3d5e26c248c081fb5aecbf971efb8f222807254

SHA512
6c46ddb25cee5874cf9afbdc8c0f84ce86b61c13ba4ee8d3b8c142e63773f45d151349afe4cf20a8eed98ee2855826563b6c1c540c89b29664b80133cd11277a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
aca6816931f643f41fc8ae6f94a02195

SHA1
d02d34a47b9b52295047c77cb5f074bbebc5180e

SHA256
0e1797a1a6248c4a6dd9486a07af0182f0f3d7e0021557171758303992d2f7f3

SHA512
5b0523e15241aa467d9d696d39fc9eb05fdd442242cba25677df3fa70f5f1919a8926f0b40d5c17a8fa834731f948ee924dc3ce79e1c67a2021bf73258fa0326

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0743584af4c645db8a9f64acb7e03e89

SHA1
60f010e852f9f585c153acae82be958d0d9836b3

SHA256
376c862dee07bd5b2ddcd54d91da3518b081600ecac6b8e2eb4ec24334116a9a

SHA512
18cb18fbec8d0fc92cb69b4f108697228cb8434ccefb142d2113ee8ae5180be449ebc2159f202f53f9d79aac224f280fb487f51057ea7e399672af68272abfdc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
533f4d6001d29c591e41c58d853f3863

SHA1
cab5f5ea8a4a06d03f9e5030801aefa990031d69

SHA256
efdaa50fae5f06bf0c20bd8a447914f5e072f32337622be559f274aa8bd8bc3d

SHA512
0c878a2cd4800ba7714212400e06ad9a8bac5dda2b232a566e9130fe6467cd6436dadac10aa86a17d82d3328853b44c4213cf65d25bb5efb81abda225c292e06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55e956c098b117b994d2dfa67e99dbd0

SHA1
737211356eeb256ae071f3fbddd650fa6175dbe7

SHA256
740b50a2036551e1308a82e8f6d2a928f59600e37c0a905cecdd9c162ae79f9c

SHA512
ececc3fdb3314599300b8ccae311e5791d7a86e7ac672f2e52f71be6e3094a4cc60c06f1cd481eeea8b4c0ac75affa8604e39a269794eb3ede9ab8f022e5cba6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d52ae44d3b641af6d0f3a8fced82cb9

SHA1
f3febeb88292d7eaa51c41c76632de5e290596c3

SHA256
4283b52b867e206337ec27ea6465575732823a8d4a4a3bb9d53c745b9346f5c0

SHA512
de83f6356aee363c68d4b5493ad656024ae1186299229c23112e42e76b045e53e18d729cd86780eb60412eeffcc52eb39e7349a8b84e42b2e60afbd5130f517f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a924ba0eab07cc918fbd9d9183edd64d

SHA1
435ef21368cf4d4e89358cfbbe82fb281381627b

SHA256
cf70eabe5b3b7759507a79b165378b79cf0c9154d7b7fa0485fba2bcfe4b9362

SHA512
541d8586b142de21b9f80918da24dfa601620fb6e1318b6429df8d7882821658903ba3be272d87b38dfdcd75fc8d5d579a7d268bbbe046f5b9bddbcbd8d44222

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb40bb72c718ec6942bca61af74bc578

SHA1
d7b32451ab1fb5c20e5e40259fd3e4adba664000

SHA256
3ff19a26c1dcc6092bd6188142c7cfccf5280af9bc7e6c5e378c4d91a619387b

SHA512
dad0d547be3cd3423394dab06c7e716570a5e51556940899d793a2911a4cf235bcc14ccc80c92279527ee38ba7f6420bc5ef05ac98fd65b852de34a3668ccca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81cc4cf4f9dfa2af06e3857edf03718f

SHA1
6dc565acb815b20ff633c76e67284ec9746aa587

SHA256
ca098cf5de464c43e4bd392bc3ea25c850fa3a8c695ec4af6029e12134560bcb

SHA512
6c6012638803dbb2e9b73e75592c81a8789f4676d63fb73f456d45ccae80ecd5b16039a926d837f79882cfae5597fef369705ac0e113a2fdaa2003c4064c71be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d546b51310ae7f499dca78a4b60b3f02

SHA1
338ebec8e5dd810e4bf93777fc08011b7b150942

SHA256
58f758128c2d1731f5795a522c0d61f517cafc66bd6d6c25e00d94f9f2b0c16d

SHA512
e24f14c1d66c0db618b0d879e07b1857d2f85e5a5543936957cde5fbdd58b4006439723bfc4b606cfd430b6caeea1c725b6d366baf57f8152415e35c04f512ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
191dae5ea5f070eecd6aea147ac5b959

SHA1
8129f203d9334bea5b3efc335e0830e2d60c4776

SHA256
07b8a59fbc00f100b6b358d81dffd4fd8d2420a452bdf2006da42c5423109ee7

SHA512
1c51adf133b4c19ae25ecb8bfc7a131063c5e4436bbb94dad1f2136cb12f0fd29404e0b2ba0a0d9040d7a1e96d1b61a3ee6099c2b6f1e45cfd86e644e28495f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b5e22b20c9f5a9112f05b79611d44e8

SHA1
0a1edcd75b688ea68f1402bbe44a744cc37b8d32

SHA256
8d91b5a708b4f01a0f3c5a157f8a44b3e8859788c9f284afb7e513da1eedeca7

SHA512
5aa9a8d0ec30f50ddb40edb9f239094aeb0fc1eb7b35f17d025b3242394f580acb92b7654f25540417b5dceb8ee66537cd1f5156d7c7092552d9424c5ceb9d74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89e1171343654c8936687922cd8c37ad

SHA1
dbd9a6259dacfc29dda861e13f0a76fd193af2b4

SHA256
6b8aad2f1a83ad37283e10d66892cbc75e19043749d53991a395d47a638ef864

SHA512
a9d6295d75259996e13f9f11b67d5bdb6dec8cb8349c15b1d7eeaaa7206953793700fa12f14a70468e82cbb255eff899550ee30cb85bd7d6b70d6ac301427057

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
402B

MD5
90ab4116ec6b341d10aba3ca1e208895

SHA1
e930222c6f18b948fd6964d8005ecd58a61913c4

SHA256
f6d67df25f58854920fddc0866764098083c204970107f37634d1508e6595b27

SHA512
b9be34ade5b3ec39bfe39899b9c311a5a0172234ce270d462cafea03d62028698100b26537e859bde73cdd01df3630d603aee7ad9dc23ddfc415d854af116564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b60bc7193788649e999dcce6d6daec97

SHA1
3de93699d1f686fe2660e1e5c0ac32892a1b0701

SHA256
d1e4994442ec55335a8df128cdf362bf3f6df6db2d94e615a1486c80a7a180a1

SHA512
8d6b6cdc71bbfbd8f2baa630fb6d208c7983c3aca24198d9e8364580a1cf0f3b86057fd408d7563f02e6a3bc68ca413bb6b3837c68313f0d4da354c1c8b38c2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab936.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar949.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit