c0e964842873cca60d2997507bdf5b8b8e6f33e722945e6f98ce0e45086faa74

Analysis

max time kernel
129s
max time network
139s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 06:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eabdefc5f47f60a3017f41d4ee57fbdc_JaffaCakes118.html
Size

459KB
MD5

eabdefc5f47f60a3017f41d4ee57fbdc
SHA1

fea8c17efb3c23b9c132cb7f714e8e31efd07a90
SHA256

c0e964842873cca60d2997507bdf5b8b8e6f33e722945e6f98ce0e45086faa74
SHA512

69c8427cf2b85c412f47bf9b5f59a059d238d5b0b27fe0de657f296030dd0c9e9b370add358f336e42d682e7730cb5ded88e7de38d4485f6c334916e2637479e
SSDEEP

6144:SisMYod+X3oI+YosMYod+X3oI+YusMYod+X3oI+YjsMYod+X3oI+YQ:L5d+X3M5d+X3m5d+X3R5d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{89C311A1-764E-11EF-ABB3-E67A421F41DB} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432888383"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2420	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2420	iexplore.exe
2420	iexplore.exe
1416	IEXPLORE.EXE
1416	IEXPLORE.EXE
1416	IEXPLORE.EXE
1416	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 1416	2420	iexplore.exe	30
PID 2420 wrote to memory of 1416	2420	iexplore.exe	30
PID 2420 wrote to memory of 1416	2420	iexplore.exe	30
PID 2420 wrote to memory of 1416	2420	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eabdefc5f47f60a3017f41d4ee57fbdc_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf2cb96fa6d631e4f0bef4ee5fc49953

SHA1
288bfc2386b72c52ce38827e5b55b9be18f91f96

SHA256
101959886d69a3905b94727c8f88a65efb746073d793b11059ba22ee0d3c919b

SHA512
19f5fa604c96b9ab6023b89c3086a78c986e47bffe52b4841f930ed80f9e20d5e142f165225e4cd936a69cd69287dd6ce594de28d2a4a819fe6af0ff28e79fe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
624c8d2a6dcfcd4beff0d1968044302e

SHA1
29357dc46464bfcf5c60ef2b7e275fb680914a5c

SHA256
827650902a66ebe17abb7a7883e66e17784f1a8e230db96abfc365f56dd877e0

SHA512
d5f19ae3e2688d1bbb7f67639845a5be5bc0ed3faf67dc4b67e268ce264a6014d11d7fd92b04e45f104efdc195f77ea763065e90117c3e87290d11681478964e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfc8fcfe5200102ed63051b9906a4fe4

SHA1
d4f5443f7d97111c3e77051c631b00f0bd8eb69e

SHA256
dcd407155d160b9b46c101915fdb9678a03f86fa16059911b6f34efe652de52b

SHA512
c4134569559241c0f042d09ae721c1df577144becef357121e314982f03368aee180f6bc59eff7ce813d0b99720f0b2a1e48879fecddda7a2431f99aed6e534c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e519705c1728f29c0f957023ac96297c

SHA1
39ca3fadc3aed53cbde24c4988ab5a0ebbe0b445

SHA256
dccb47f246df612c8768349692bba9677ac3f74a36396e159380bde715029ea4

SHA512
1ebba1bb8966d8c7550668b14bc67dc47f081bcf1b2364201c1d959335660bb817b7e6b4f25ee28dd30e16b26f7e13d50357538a86db588b15ea519c328d773f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
103178fede2688f3b3a51934e4ccdc31

SHA1
ec2f5ca4c32cbc438625feaa7d115b54009bf936

SHA256
b5d2ffc3daba0fb8beda4810f9f232ea2e6c37649e7910264c6a5171fb4f572a

SHA512
e56c12faf9d8e2bf3ac1fe55cf2ede6d05d2b3583e96ef7af1fddb2eea828e8124852aaa2f302b81285228b1d170dc3987f223edc229a21db91f20a658259a47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28f9041f508da7c745060302d25b7d18

SHA1
a87856ef92ba49bc6804df41b5d987c9f0028016

SHA256
81d90fd4190ec5795c016f7cd0c6dcfd926599c23d1042a2bef577936156882e

SHA512
261a51e8d26e066b33ee84fcb484264bb4c42f7a42959ab65c14dceb4ae67e73746972dc3eef156668f1f6d5cc2e32b0511324f11934b36fc17a735a425d2fb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba5cc91ed58e8b04d3f7ef51660a63d6

SHA1
abc6082cb8316df75d07858939d78cd0c500b03a

SHA256
2d39231f7642814a0901f84717894b7017b9190621ddcffebae9b27e48d681f5

SHA512
e639719792043cf9e2cbc757db199205fcf3feb85825b0db28450dffbe4e0fe27f212f31fbea642a31fb255e4742a30f73c4d70e66be90921ef2673eec758f07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcbbd57e2952d1d6d2f13e0df19634a6

SHA1
f9d90cd18c39f0a539d05eb285a2598c83116d13

SHA256
26b10c372b0c587ceaa85d94d90791bf39526c50621a78c082d22d3ecc2f6b1a

SHA512
aeb8cad72f1f6ce0a4b04e3ef652c64c3745193a47c56f236d3a890a4c3cf2038754a66d339f5209ca0802f48c425cfe39fa3ae79bf3a00e4a9af25affd94d56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4702e85f08d6fda1b9854d430bdef86b

SHA1
13edfd2b7ba7284b82ca0041a7c689bce2c77c3c

SHA256
a10ed93e51d0cf8e22b0957f05dd2b60f741d55b98cd406b373ee701ea8a4eae

SHA512
14cbea0b6bbe4ddf86e840f0680848bf35631bf6ba7419d8f1b8a7f6df2a7fbe9597496d5e64737dee2c956ca6f74cdf8ec9e109949b3a6f97ec10a618d56007

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bfaa9e69edcede061274b2f4ff86f99

SHA1
7a17890fd89259222947a496a8332fbe574e68ca

SHA256
0e5930d9389e1de2fe5314f76ae50b0d89ef7be26850c46b98f5423a239869c0

SHA512
107cdcbf35c160dd0481ccca223e6436981d571de11751480e85353549ee25bc7bacd184257d6e9b110bd142bb424236583dd036ccd6fccc0a031504b19e39c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5be4e4aa0791bcc3b7aaa0450e0185d8

SHA1
7e7a017fa22ae8ba6a6b9ff4eb7e6b2b03be4a9f

SHA256
595daf5ca2e088b6ccc73527dcfcb97096bca0d688b013f86e65b297146ce001

SHA512
5770817ce17a5e413794e48e36b221ddd02c8241e6e20a46b135b89b966575239af5cfbee1f1efd0c7fb231adeccbd2ee465fe330b574537cd8166a4157da4e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA3ED.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA450.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit