7553365d389ac62b6bf82308cabc46971c1763ba2b5928f940233848c02b406f

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eabb5664d977db5730876ffa64608432_JaffaCakes118.html
Size

112KB
MD5

eabb5664d977db5730876ffa64608432
SHA1

cb5cc1aa319552a89b1d22842a390112932d2006
SHA256

7553365d389ac62b6bf82308cabc46971c1763ba2b5928f940233848c02b406f
SHA512

bc9f096efa6e82b31c89976b14a0eff7e107d5169cd1690323506ff0dc7c35c9d84037be36bd81b8263527d6be9db9169cebfe7f105696d9d3b6ac3121cc591b
SSDEEP

1536:SgSW9tDbciFcMaTp+tcbFEGyVeKkOs00G1jiCvRpE5UmYvLc+rgv3iT07s2RVR8W:SgSWP0ajosY

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432888002"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A6182BC1-764D-11EF-9BF6-6AE4CEDF004B} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2468	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2468	iexplore.exe
2468	iexplore.exe
1056	IEXPLORE.EXE
1056	IEXPLORE.EXE
1056	IEXPLORE.EXE
1056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 1056	2468	iexplore.exe	30
PID 2468 wrote to memory of 1056	2468	iexplore.exe	30
PID 2468 wrote to memory of 1056	2468	iexplore.exe	30
PID 2468 wrote to memory of 1056	2468	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eabb5664d977db5730876ffa64608432_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\14561BF7422BB6F70A9CB14F5AA8A7DA_2663024D1F790F239D18BAE848B68947

Filesize
727B

MD5
a9556881a90c48e789415837e739afd6

SHA1
8699087c97cbe07aac5041332d70fb6909edb599

SHA256
2af061162662361610a602b58300db2a48a4d9360b0f5d2cc156a0f9f917ff74

SHA512
cf56050a57e4fcb0155184e32e8ff4da051bc0c0486b1ae2f2560ce1bfafa5662961df001868a813004bae2586681380f1cc3a39901c73a61352115df71e72a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57

Filesize
471B

MD5
141ad9e326ebc6b1c7752d0c9006e3cc

SHA1
ca1af96268de9039343b40c2e2aa111d7353f7e4

SHA256
f034d1d5df0272734938f89e323066f6fad824cb58d9a6c6663cdbf53c7a5be2

SHA512
ad540abebe5822a87deb707b6b61409afc359e1f00f567b55291cebef1c07128c17a445a372800ab781e886f9bc9f3d8463334551f00980aeb94763e7a82149e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\14561BF7422BB6F70A9CB14F5AA8A7DA_2663024D1F790F239D18BAE848B68947

Filesize
408B

MD5
f849dbd5853f940c4e34aada4d0b84b8

SHA1
c49d3b03fb299a949ce063ebcff404bc5b1d2b8f

SHA256
ae236239428a4e2288930675031ecd1b92d15645867be42c08bf2f400d1f37f1

SHA512
088dc44d16f303be1cbc19b6bd4a02668f5cf69a663a1e0356acaceb2aa4dfcc9eb23795bf4daf90e79638ecb59994914872b217d75b872fe5a568006cd4bc62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
1a76e2fb383815a69722dd618261c498

SHA1
532b48fff5feb1044a747470dca2dd620de2a0db

SHA256
fe4931fde2db006c110f572f22db6cd91e9fe4f61c725af6fbdc3feaad9dea99

SHA512
b038e8f7c8871a2e56a7cc2a83538e50999d5e6cf1999b5bf44b94c2146e99c32af8ffd777fabf0d2a8f828e69bca9aa40976514bd9037318d3c7c8cf3d57695

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b53ed3973fdd675ef932265b843a3741

SHA1
8baad0e5dcd55236e9d409691858c42d8389816c

SHA256
6ebe486fb84691555fc327ee67e9905d957ba1b97736b35939abcf4a93c51674

SHA512
e62e2b40a5b086efd7dc3b6841523c4318918c4244c8cd24c9e2416313826b8ea4fab68af8dc7c488424e78a152fa2f01c780ba5cced917d8e2eab9a09a2a0d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e058e0a428920692464d395067444740

SHA1
9a0a038120e7690c9776b9a72a1b0ceed578786b

SHA256
5b7c3a0449b9359c0528b05031bf92b39d8af0b8401b51cc4ad25ebc5e0cec92

SHA512
b97179ecf7c4b1ba2d465344d4b2cbbd1802e97bf2310858523b852226c6072b2bb8335c1196eb043536f85cb68f7e0cd3887d62932c427636e78c71befa8de7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aee68b03beb0f8016f5620a6ea91ca69

SHA1
a426754f06afd534b6be1a32cbe153f06bc14fae

SHA256
1108b2578e8ee02b9f949dff150dc4fd207c7f22f6a9dfbce641c43ba21f4e8b

SHA512
ca8bae8d80c66ec34b26d982f23425eb559afc1aa06ba4323b50c7a4efdcbc161d1c619742af12e824e437dc0c4487925db444f08c4933889dcda7a36ac78810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85a6d5a57020f9fa1bd83118f98550a8

SHA1
837ff630d9d1e8efaa66503dd89c8a0a070e84e5

SHA256
1ceb766a4a640b8a714c977f94e0e81417774de3f8e99f83555cd573263ac0d1

SHA512
d0c7d4685c229fdcae185f6c306eccba3657409b34608380851d8f5c094bc7fd70f4209f7f850ba486ffd93d61c17b9b104272d5a6c25fad0ccf1211915834c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
678aa7f50e22fa976cb3a86bc90ba42a

SHA1
24994452ccf673e9ea40f6dc91e6b1423e82a5e7

SHA256
0578f635fb99f9b7a97f8ceb2d4e9752ec628469abfa6a7f8e7f17cefd1dc6d3

SHA512
ff62772e80d173c9333cf560ce3d96288199d838e0f9a154e413b8afb3bf577ccbbd700c4a6fbfeafb3e07f8727af1b4672eac6fad6d7ab4ecd5fd9f4a371ddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8392f4ae68aac93f525893d50b6c7421

SHA1
5d926432ee4acdbe3c69f0c35b35e43873100677

SHA256
b0a070e9e12b02d541887ad47bb6a2950a5e72f17b967659a564775b283b135d

SHA512
dcf5677ead0565e0ee342d871020c593bdcbe5602810f764061f5605faf21cf3d2eeef8f3fed67b28986e9703a27c7a1c96119b1a4e67dc35a331619dd4f9117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37d58e4ef9ca7499360b489097d9397f

SHA1
b927b46a41e560c060c8bf48c0fb806af40030ef

SHA256
bd56e11abeff191f249117841e32cc2c9679dc7c7dd20bfa93ce7132e45796c2

SHA512
1e7535122ccc286be9d770aa0d8479f99fb6a12b2e0ac1b2e8807d7ce86e9cc537f9ba7e3409765e3f834e9153e5a1b730678378f9ed0fed4452bccd66d54288

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52de0765538a9f2920b521efd2bc02c0

SHA1
40bb65442ff7b69bfe903bf60a020b39fe359f09

SHA256
5f79cc24b3c4a17cfa06206519d01adcb85c0e992843d1465059e78ae1751030

SHA512
22ef237c7aecab9e5cbeae306b30868be660da34867899001fd4ffffbc9503d2803376fdc095a6f671a17318898fce222581cd2a7ade70ca05821a7c447dd960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2aa245fcd807273dab6b93309abccac

SHA1
3b5a04cbc42e1dbb516498abaf613d05f6182a2c

SHA256
b559379988f6b07ad5cd0b105e7e2864a0386569b659c45b21e156a99d584d35

SHA512
99bfe679b24b5ee6ab03ca26b2d0924ee3db5afe5380921703e8d5468309264cd7da7fcc83cc486138882a56f1f32ea3c1550cf2518eb9da029906760462f994

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57

Filesize
400B

MD5
6337ddd483f60833e6e2afa8d31afbc6

SHA1
cb398107afeedc4b6a2ceac111bfe05f15b01fb2

SHA256
54d61358d8cb2e2a9727e8b849b4c2a187c157822d63bc89c9ebdb91220591fe

SHA512
3514851ec73a14f5e0c1e30a50b2fd75d0e3518a6385f8805620e7ca2b059159257fcccb1c7822289aea23c728da9ff08a1e3205fc7298cbae4dc343eb80827c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
0d9838ec50ebc728a1762656ec99683c

SHA1
f7539a8f3cf0f244e4fb105486984a39ed14a123

SHA256
95393fb0bd7d047a48d1c039ae0fd6db78736f6501f76a3524a45ba9fe1854d3

SHA512
e984c6c6e9e90e61f9d83281767f229db1683a1177a33a01b6ebfe0ed3e2ba1df859b5b88a44e54aa8714c83353223b1320adfa619738765a7b3829e04f6426f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6F3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar709.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit