880b2d4f73471836ff7d352c8cee29c0060ec8b34360f9bb3da322784ebde9df

Analysis

max time kernel
141s
max time network
141s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eac3b9261c0357d3203d69ab47ecd204_JaffaCakes118.html
Size

112KB
MD5

eac3b9261c0357d3203d69ab47ecd204
SHA1

e90965a804d0b26e4f1d69b1aa5d2428dcb00f8a
SHA256

880b2d4f73471836ff7d352c8cee29c0060ec8b34360f9bb3da322784ebde9df
SHA512

92fc0fc6a5a054509b48b81fd30219552c7ecfd140ff21c0e30e4c0d9c07901e31f90625988b8c4008917ea3610fca9625bfd92c5c65b0b3659e34cd3619edfe
SSDEEP

1536:3Js639r3bCjAG6SRbWwS2/VFKt6Jw/WlNOVjA3mEPlqKHFn:5btrLsQgM6JwC4VjA3DHFn

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D6B26EF1-7650-11EF-9F7F-EAF82BEC9AF0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432889372"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2372	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2372	iexplore.exe
2372	iexplore.exe
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2808	2372	iexplore.exe	30
PID 2372 wrote to memory of 2808	2372	iexplore.exe	30
PID 2372 wrote to memory of 2808	2372	iexplore.exe	30
PID 2372 wrote to memory of 2808	2372	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eac3b9261c0357d3203d69ab47ecd204_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
ba9164eb7fff24bb8b02834a1ebe84ab

SHA1
d96530a6510fbf8da500a0b5edb4fa5366931460

SHA256
23aaaaf54e62dddcca4a36855a83dc28a070c814f87e251ae0b68e36f1a555c1

SHA512
ecbce18b9d029f6595165bbc1825c2709e689bc96e73a8fe2d20bcdf85813259ac138737679f17c3df67b8f155106c5c0655c0ed7daeb12030081c133cae2096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
471B

MD5
a8b199d725e204fa9db45cf198e23b91

SHA1
cfdb28ca6c3d4bf5873016fdc265d4d54ddbd086

SHA256
f1eddef6988eb7ef72df5c71df7e57aaf2e9097a8db30479c97c0417cde415e2

SHA512
b6edffbb3b072034f804845e9c373ade96b8ec6c42ac9ef819c68dbd2840f2a8728dda9710c98d56a4b59f9736342c46edcf1c646525bee6eb400a545d8224ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
971a8442a85f396c771e2fa8b209471b

SHA1
e5e3aa1812bf170cd885663421720a3c5cea7f87

SHA256
fcf04bf39717bcd77fb7595da12692742614c08e8a795cd54efba49ec34c4be7

SHA512
e81cec95f2738f0cf986419886d94b94866512306fff5eb499a0cbe164d6114d1d79b194c1bc3e68da1535729e596abe422c4e01e875f09d6966937e3ffc0656

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
dbf0bf5a3c5b7699652bb146f6a7585c

SHA1
85bf05e0df0932bcbe91a0b088001a928f10cac1

SHA256
4bfc1089b7cba445e3f3e5b0b2e2fd5c471240bf3b9014811b8bfe13be458b57

SHA512
946215b281f10b8bd54d5f67570c41f77308594a12d0034f9567eb3cc47ee14e9e3be1b2ec893cc1e9d7e8fc59ee63f3acd6a2fed2272ab6791d4a5b1ef4b4a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f6b34bab53b1237e3cb396ad5a97ba7

SHA1
94605eda7c30a4085b1072b329fb46e5c749e149

SHA256
0329b410c62a197a5d71e17611c772634d217165a2b22a8d877694f103397e4e

SHA512
2205b460728eac583f771964b7d450ce8ca6cbd26d22207ec4286ee7e06e732d1f4f6f86aba58111328fdc23fcd611772ed5305c35a7386db8be3cb0ab71977e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72de5d5df4cb90458cf785bb7059d803

SHA1
6f96be5c8f6842dca86af69c191d5dc5b7022138

SHA256
8837f0941020357669b1b0442fd51534b1e063b3300b0d0272635f1aebb794b7

SHA512
bb6ed1bbbade2a21326b1d12aedcb472da645855d122c6269a016a804b4b197e16cbec6f7ffd78f8f7829dc1a29118c9e9749d87a836db1dd5bbb867428d5e0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c7ec1d9d54b24a242e5b8a9128a4f29

SHA1
33189a4e3c123937cca688bd0ef7dd6813bbc193

SHA256
0b33817ea5d4fca46b55dff95c6dbbca31a20658ee90e46cdb60c1f61b511321

SHA512
f1863fbed24f87413f1094c969563867bd949ee7da28acf843b7050b72995372f554dc21b62bafffd8fa50c08583ce19fa83e329cea315173c574015d926f4b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
597e276e5526ff0949c31dd04584a99b

SHA1
b108e6a0032b5547d99d3a3eaa3395d589a78d96

SHA256
bd1bd4b66b2e221e0e9502596c8ff5994c7b5e3a55d1fd38c4dcb92274cd99a2

SHA512
c3b47db20bfac4497f093e86df81bc91dc873964461dc76964bfc601d401656a5f4155de490c0a6798561576414cc5cff1624abf4d730931405c239afc94d7e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4916b672243b5e21f052eedda5fa77bb

SHA1
f3ff8a5f7c3825c6b208fd663088da7b78a2d558

SHA256
d1ce0f438d7d6ca25a1d5065d82c1a5a5d32024ab50e37701b68efeff1a3d9ac

SHA512
13acc1dcadf08dc3ee1f7c8252b18585b41e492d6cb61c950502f5d8cb09c4c24334f772646dfe65bb1852acb7a5bbf22ccf242e9f5d0b30d95cc3cb209ac7db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bfdbf8d3d187bb545ba5987917ca77e

SHA1
5f0310e8c10d234ed68db913bf71e4a050101ab4

SHA256
55fdb06823e2bd5efaff7a95b976ad443e99ab29a1c03d12957bada5250625cc

SHA512
c4908bae52c6ed6ac0edbcfb6e310d9f449f29ddffb120acc15978cc406a9969cf2ac11efc17b55b801aa848b45063fcbc579ec66dd47db2f8505f9c991511e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9de23e8105593ae2494f112fd95d6a32

SHA1
6a304177b6fdb1d9bdfafba07cb80d77e6bbc9ee

SHA256
0588d0f520a40ae6af7f5abf803066fbb85224c413281a2dda43376aef242147

SHA512
0cb8e98ad77fd3101006b8ee6ac9a3bc224b3093a37d1f8c9f5a1957212899c4637cf49de95342872827eacbd1bc4c8faecbae5bb8c457bf3482ba96559c9871

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
872ac4bc5cf6f9f334edc80ec454fef6

SHA1
dfd12845a59cc67bc5dea937197bf96bf13953ef

SHA256
77a7d7a706e6ed3dc8ca5d4136472f5155a521d07c0cb2fec67e689adf72fc3a

SHA512
4a120b65b91d142fb239e6b09fa283f7705ed3cd2275c43572c111d17df7694d6b2a30b083672029729237c05862622bcf21742852e5938bca56d31f9385de97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
866d1bb2c09b045766763d9ca30a7bd0

SHA1
c3808e6917959734648c0962b5b0234634cee2db

SHA256
cd0889f23cf3e67aa32b2cbcc1c0862a7d350adc9c17f0d92eacf435bf0679b7

SHA512
390dacef72c5d7cfa8f615aadb9e3ac76dec5106883d8442543d4d79c1e60e2ec30a6e15b4bb5e1abff0358a1bf9be2aba29c285047226d12ddcb4c4b4f6a0a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
312c9f3e1ad57c0d9c62f94cb0729415

SHA1
82df0c8fa5f2e0748dac290087ad2c0f02d184de

SHA256
e65d16008c0b141daf3699b6989435abd4aab70f8e01a1b67ecee73cb28b7133

SHA512
b5a12dd5f9faaac1c46f7b5fc6f8ba268d742bf06720e8d6a54375d607cd6263f2886f26dfdfd3447db22e4736acec1d87b58a1090b0f3086dd02dd1b7cc1c07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
402B

MD5
b40343135e20be63a2443f881ac6de59

SHA1
13ef5103e702248aa9272aecfeac6f256e6a3e40

SHA256
4e770f3ee2396f81a8650af2931d1f5ef027511c1a88522c6fb40c6c4fa073e0

SHA512
e3a4d8766c6f0183892f2c3848803a0a6a44f5c44d2201ee6c129c8bd1842a942d1abfaa578abbe320fa164477da58aacad6ca1d6f801f7fd2b5a468628ac8ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab565A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar565D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit