a81fbcc5e3f2954dc7e6a20cf0d1bdd95c71d35d1e0cf61b699388bc53774545

Analysis

max time kernel
52s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eac4f31576c4b6ac53427b334d087d1e_JaffaCakes118.html
Size

50KB
MD5

eac4f31576c4b6ac53427b334d087d1e
SHA1

2f68b2417865e99b003c3d419c75dee9485fb107
SHA256

a81fbcc5e3f2954dc7e6a20cf0d1bdd95c71d35d1e0cf61b699388bc53774545
SHA512

e32006b2c3a2192246f26f541568c931fc09b5ab88135533f67118feb3618955f89c1009eae16b8941be86e41827e4369716283149e8e26b8b7562d0b68cf2ee
SSDEEP

384:doNcCt0T8MaJ06bsFYejFE3tHaFgFUE5FhJH4IfjMY5KVzb04JAIBCCEaUn+jTTp:vVDSXpepE3tHQgnFhhwAYES4LK

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50240871-7651-11EF-B6CD-7E918DD97D05} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2216	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2216	iexplore.exe
2216	iexplore.exe
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2808	2216	iexplore.exe	30
PID 2216 wrote to memory of 2808	2216	iexplore.exe	30
PID 2216 wrote to memory of 2808	2216	iexplore.exe	30
PID 2216 wrote to memory of 2808	2216	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eac4f31576c4b6ac53427b334d087d1e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c5b1c9850e52ff57934f3470dfb1596

SHA1
9f2c5624de72ddf647812b5af82933e5a9331cdc

SHA256
347c2f19cf27dafd9dcea37c1617f6d963f63f90a10dd7181c4c198759aa8ef4

SHA512
4ce8bff18f48533cb583ae7f9cb2c7a2408af356f544164c348963af99e4dbbe1ac57ed4b2d64630b41ebf7748ba6db9cba5f03f851d0d2267cab6c34c56ffb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41efaed28bd5170359ec24c6108a57fd

SHA1
db7e4608d533977f97b38fcec7a7539b757b1dde

SHA256
c8b5d513b83b025cf4adfc9a89c9467ebbb2a6cce2a2d83fce236d89bd6cb7e1

SHA512
c5394e098e7f9762b29e078f1d7f2d3414e671f548cea3210cc62f4b463cb201713086529531272ca2bcd43761df685af25cb1c3958abce37314a619d3e8a9df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9fd4af5dda7bc3d65424724fbc2e00d6

SHA1
5ded1d45da9ac9b6ea0545ab994e57bd0681d6ad

SHA256
23f04c0acf486b62807f93f2915cff79577c186cd1bfde63437581dccf0c7317

SHA512
87d4d9d70ebbfc62bedd526e280321bcb43e8416a77073bb6082658b6d15f2ed815b626789d40d45d6dc6be41ec044d2109b316f68d836195c6bdb185164d3c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
857758b30f8e265e897df1f5100db0e9

SHA1
ff41d47f645110c8b66afcfd93d1a0f457d2b1d2

SHA256
892fa6d105769472b4607dbe8a3babd288caf8e89eb261fe5d9f088ceb5db81b

SHA512
6773d9745d7c11b2b49be2e795d89bbd7d77b9252fd30f6b31ded095d4c2cb4fa288c40c42639680a6d8600caedd84251d3de0a3392d48f37f89eb1810245f55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4e12dbca2c4bea3e4c3d4387c4614d8

SHA1
2b05f99ed67dfb169bcc947e8f8cbb5c95dbef0f

SHA256
d9a70eb5125ecc0e91a8edb7a140aa23353405121de3127c79977b298f30e1b7

SHA512
4f9a6bf36077fc1fbea31af004fd4621ba03ed9f3aee77046a9add3fa6bc1b9e7104a450c3475615f39871b78cd04cf9f41598c825190be39941065dd95c5f06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b14e5e81da664d908cb72819990f198e

SHA1
bc1bdfe933a7dd7f15895fcff181b620d25a1f97

SHA256
22688eb4b151a615efa3ea7cf67f4e348040baf7673be3e06aba60e9f76cc356

SHA512
b454152f27e9f4a5b773ef5b51fc3c20c34e8e6bad13d364c991634260133d12abf007a3526a74fead9fbbf7aa101ba04f0f9c8e740760bf3b6794b3832ac106

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64ff22912314728dda5ca62a21027ac6

SHA1
e8988910b3c3674f775794e371ac08195df38337

SHA256
a4d03a3e3dd78b131d41b8af4400532db1b11c5f78ed74653cc43bc2af4a7e95

SHA512
7ccd16ca22f628b33dcc854548ac9870666982948cd5367504616713494e5b23cb28fe97046c77ca9eb5319271f0230dcd6acc87523cc23813eacc1d32d01e28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0af14920c38857047b475ed222170e92

SHA1
1ba49f8db495663d194b6eee4ab88235ba92d740

SHA256
b17a3d74543321c4fe5f00df2ac304520ec79bab6cfa399ad880a734a4859583

SHA512
201ec35ab9eb7d2b945951176faf46f54fbc8e938d9c3e9aa9b6373485f26340c852b9a3a6089015da7f1064e3ad4d2a798f0da763ab8263d3a60c9ad9da9cff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0ecab1afb57e09f3ff4b37997838cd4

SHA1
07c3636eab9354127c6c5ac6ca3c17e8982db205

SHA256
5460503b91cfa6000f799970134297bc29cc4d0fb5837af88818919a3022ca43

SHA512
ce746ed692c62c8474e95cf881bad46be7b703c5e0c89b34cdfa57b17255f2734a4383759f0347f70c51a3f3f0deb315b6aaa040687a191106fe85d934d9553e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34aba638f0f32486a1f42ce3a8f1d6f7

SHA1
9b6bcb87e33ad5eb46c6a504e53f092a65fa6e26

SHA256
f0376a56771a6feaba58022f1aff066239a55f57264681eedcd4311dcedba874

SHA512
89b1c94bea6569f0cc2dd6e8f1f640eb010f4d73fcfb4694c19aecfab72623eeb2ee90f7cdd9154c7b249cf7ba40a19a18bd3f2254889d76a45b29f7ae1df793

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee34364716091c68639db9527853a7f5

SHA1
4bd96ff4802868c4bccaa87ee509933edeb5ce84

SHA256
423bfc7eac4f9a1145d3f8ff4447b299c534f4eb9034a9a37421a0f29231d9c1

SHA512
c5e9b688190bfc0d4e08cf801d2c390aabf3f0bb997e8b8849d22d64441c00c1b3c060dced87620b1f3961471d61e68b2695c50f37fc4fd03ea2037388e451e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5e79e09e7a7690b66607156ea41c12e

SHA1
cb941eaf67ad23d0b1420944b86b069728a41f65

SHA256
4457faec35038f9e880db57607ccbc17541f3f3e8992aec3648c24ef4d289683

SHA512
78e371ced06a68866bbe4b1ba90397fb17fd3c1c3fa37f21989d32c22d54f168c7f23de177c459e048b9f14e13aace069f232ac50fbe41a566a01dfe9e5b075d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8bc916d977f900b0961b2ca7d4a54c7

SHA1
e0496389945da5f1ced76aace0c08b487bee399a

SHA256
f5f4c55afffc56a54ae987bec828e02160c4bc2f622ded4f010ee98df8ca6a2c

SHA512
a28c36adb9517483208cc8cb15b82e139df83f1ae1cd96c3fd64c0fbb21ee35936b4de966afb5e180360636d0c8149641be6c69a143cebb31ac9d586853a51fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59b5e9fffc45a65014964c2dfeabec0c

SHA1
0904269c3d5f452e6aec87baff0bc79faa978541

SHA256
2616bf05fc46112ec8f7cdeb1d8d45383695a1914ebdd5e8cbef9f578ef91da9

SHA512
b7e523c4ad1503253a1497a7140d1f27ad3a56b9e60205db5de42e2bc7e329f0e42245eb8b206fea184ba0454b87486c629b9fdb810d65f78f4318e186526d09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dca3d5d0776083976470b67d1cd3434a

SHA1
46a1b95e56fb06ffd178ef1c5dea3436175c1912

SHA256
737f54b5ab38f0601a7af811c58649c1de5a3fd737a975f99cb4037923da603b

SHA512
19b0d4768be1cabb33ad4aa57ac60c3fed4471017e2e9faa5372ab588094394a8ca72b998a5ead70fb49a168136ebee5768f3ba335640fc48f8d60d48aba9c76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50419c786ad84d3e0dde01eeab9bc19a

SHA1
78d618c39d1b3a6116bdd18a061587cf89f978b9

SHA256
4efe3c3e1b282b1ff6742b3554c663e07da5e3f3c1ed07e87865aff73352746b

SHA512
c08cf1b0e70cbd022a667bfbc803cf5b11a4f623c28a093f173455af4ae6c4f6e300e36d571afd21f8129332e9a6a682df6422223204e3cea3b2d9f4ca3953d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8565320d4b5669f8becfc9d83850b3ea

SHA1
2348b001b0362d847c57854a9ba4e6f22d8ba636

SHA256
78c7363d917479a597fdb5d590b593e6f24d7d956bb8131b129f2f8b7622c922

SHA512
85c2ada984fd1396a7429dfad0563c0750a8af041b8ef8e47c9774df40020cceb91cc8f245634cb333c78f72e58620970372ae216cae2056406e42b30c7a4d1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef833c89964dee08d3d6104c43ce3d12

SHA1
f72b835817f24b59526342d9309ff04e6aed8c88

SHA256
42b78e26f561086bd4da822acdab72f77084ffe86ed2b9d067ffd6bc0d7ea1e2

SHA512
f485994205521124b943209a09447be418184235a1226c7064007bdf7d220980f9763901a709310544acbc49d070bc70e1ad24af9a1a223107f2edd10c37dd84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebdc3f3ea5b4c2f982a6565fedb04af6

SHA1
5896c30c208d59f80042d16c9ae2bff5b767b452

SHA256
119bddc790088757d6e82c514ce8a61d87c022a00970d1ae3ab083ec5ec9f431

SHA512
deaacc6fd20b439da9094a5d08bdf62def06d73f65b8e84a90ba95db64d37d01b8f453e89d2f997f8740de44d3107270f3a5fedb7e1961ba92641ca460f96a6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
126f0f6db9e3634b60056b5730099cbf

SHA1
640cf3c166253859f97a22a01c5461cf3fc7bd7c

SHA256
58887fda182bd8ff37781c2794e39ab5647459985fdce62ef2f9be40ebbee209

SHA512
f56dbe696f2380591384bd0e3dc9d8cdcaed6c84bbac36532556a51f19db6ab4856a11119affe4d7fd55e6a5a3a91cd45ccd8d9842c16aa35bb94b50b0314689

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab34A9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar34AA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit