009b82828b6c8eca55d7a568ee33fb0db316596e50a07d65c0f35ce2e891d11e

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eacaa0949fdc926bb8a822a937bdeca7_JaffaCakes118.html
Size

88KB
MD5

eacaa0949fdc926bb8a822a937bdeca7
SHA1

27db3dbffa7f151e015637bcad36e3b3b2cd3bd2
SHA256

009b82828b6c8eca55d7a568ee33fb0db316596e50a07d65c0f35ce2e891d11e
SHA512

c44e564e2042489ff5f00ae1f2aeed4fb7cbf6ba2def548bb3d0b84bd435d77dff3e0374399b7dc84cf62d68fe1fc9d626bae72a307abd52f740078fbb1b0755
SSDEEP

1536:W6kcl0aNe8/ob4QjhAhTJ8yZfjUy5t6qTw47to9rCX7CesAKsQC7INYZhh56uqZ6:tkclLNsSTb6s6cw47G9rCX7CessQsICD

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{60FC47A1-7653-11EF-A540-C28ADB222BBA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432890463"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2384	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2384	iexplore.exe
2384	iexplore.exe
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2316	2384	iexplore.exe	30
PID 2384 wrote to memory of 2316	2384	iexplore.exe	30
PID 2384 wrote to memory of 2316	2384	iexplore.exe	30
PID 2384 wrote to memory of 2316	2384	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eacaa0949fdc926bb8a822a937bdeca7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
ba9164eb7fff24bb8b02834a1ebe84ab

SHA1
d96530a6510fbf8da500a0b5edb4fa5366931460

SHA256
23aaaaf54e62dddcca4a36855a83dc28a070c814f87e251ae0b68e36f1a555c1

SHA512
ecbce18b9d029f6595165bbc1825c2709e689bc96e73a8fe2d20bcdf85813259ac138737679f17c3df67b8f155106c5c0655c0ed7daeb12030081c133cae2096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
471B

MD5
a8b199d725e204fa9db45cf198e23b91

SHA1
cfdb28ca6c3d4bf5873016fdc265d4d54ddbd086

SHA256
f1eddef6988eb7ef72df5c71df7e57aaf2e9097a8db30479c97c0417cde415e2

SHA512
b6edffbb3b072034f804845e9c373ade96b8ec6c42ac9ef819c68dbd2840f2a8728dda9710c98d56a4b59f9736342c46edcf1c646525bee6eb400a545d8224ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
fc4608bef5e3aac6e826950145389ab1

SHA1
e2e6f88a091df10223736b8f6b531da93e7c8fe4

SHA256
ed64cb5d8c47c6ea4ef3ac52852ed93991988e03a4c9a6a7e64733afb79042e6

SHA512
6ffca1bb678eb3aa0ff8a4947ea248a6d724725c5895c0cca61b7aec50eb1c8d51daf1d613a2a7a326540f02a38cdb0368e7f00bb6abbd6969c15256fffd23d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e17a9ee70233bcaa73752499fed2c2fa

SHA1
2ad3e4be95e23f7971807a9ab19e60bbe0919042

SHA256
f26cd9030070bd21d63df996fc7338e9f9654e2b3d79fe72046ae0bbb7f1bd2d

SHA512
23c1f762c78772e6b7dc87d4983087629e9a0d827d1bc6b020b8ef008af6d8cd1e331e63f5cc2c0204a32655d0cb359fd05bbc82beb13d7812d597d3ee9a9013

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59537ee69cb189327ff9dc14e3019e9a

SHA1
e3a530f27396492080625b95c6e4a65fb4ffc19f

SHA256
5641e6d866a22dda2c973ccf4be2740600c6000c947913ac6a948a5ec3db41f7

SHA512
4c4e81cca8bfc9218c70af355d636189d14633aa62e63d11fbc44b4e43dc442d7bddeb04f3a8aa41a32566caf07791430e434483d0215560aff7935bc8fbf570

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c35d4b73e7a53c97f74ed0f84c7a451

SHA1
f7ab421716cc64c5957a1f5884f7c28e2fcd0b27

SHA256
70363fa1a530f0482298c4f7b563acfb92bedb7ce4d41e1828cde9363692adf1

SHA512
ea46f0c2ae845d91f773d780f21607e1856fa3b47d90f25e44a0c6736f7eb4d5cffa6e8a0850a20f30e11d0c1369cd82c98d8337c0f7376e0db980042929352f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d61716e08bc2ca129d61e1eb9691623

SHA1
3cb623bceeb259ac674582159287cef6725b5ce1

SHA256
b5267893ab3b21b6c0675137f97a0c856e582f76025a889527a4591f85d63ae7

SHA512
f3ce65b5933e4ab6c72bcef7f28d0dc21f64899194b13b5efd3f33fc5a01af143adf8e61f9b99009143c90b007a63e8b3d0216dea7b58e2c382e4dfe2ffc4e00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b81645bf490e830d3b0a4f4e41ffa11

SHA1
ed440daef173b883f5fce5386a151b58c637ea15

SHA256
2ab8f95fc689edf367ed7f78af0d06912d9c9c3511cca59ecdeaa6e711fd36de

SHA512
072a606e7617b6c1a48ac39d60ded7e0b553127959fe5988ee6ce9be8a764001cf0123e15cf3f23bac9707ede14cf34daa989761d69d143670510ea3e4fab85d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2517e41ebdd4c39f6ef5bcff952360b

SHA1
0a676c167a21cb3895759c9797bce11c261efcbe

SHA256
d260ac81f06118991985275e020bad96ffa37124634fedcb5a3f48d5e57235d4

SHA512
ad693bbfdab1a222d32ef95937cf2573dba1bdceedf8669d6daf2fb0a5f6f3aa5787d86b8827aea51b040010c8f51dde6c9f1cf4f584c9a7f14bb08b3c94e967

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
465e782914334ed53a64a94d8d5be05b

SHA1
277b72e469b567864959b6eb7b9f5c64b0b66896

SHA256
8717a5e5adff16d66246b7852aa2f7f76a0db6970cf940ecdf66a310900dcbb5

SHA512
81dd966740feac80bdc7d3fa0eed6d7341b021c2c09e522807553fc51ece1f070818a6811fa27de7ff985dc2198e23c80963f3a5d20c80168eb08398e682b8da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e18425bca8590c53c27aad521a097d7

SHA1
4aa5b5efc496a186417e51f821b55bb43af882eb

SHA256
c564c9e7cd20f9225fe1937619d8a8460417f17aba8745009094962e11d2c772

SHA512
e4e31ac59e355f19872bb1a358058ea3fc0662c0d7b62c6462c57feec2e387d5a3bf9ae5b2d4e6f36c2cd97ff455deda78d9134a8dbe00a07f97da7b7538490c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8020151ac4e4a81393cd8ab80c0014fa

SHA1
17a5968abb8ecea0e6481574769377dcb145d410

SHA256
d81205384da9ccde79f4a022ca606e424f51bb0dcda8862a0ac4b725461658d6

SHA512
e50d9f27b367091b36a2e9a2daa6c3070ad60e0450dad51fd893c609bfa79c28702df005bfa8e50287d8582adca8d4e7396f146f8a733e5eb67ff61d80c3df3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db06ac910d64a668feb6d547c66e14a2

SHA1
2723774e93df988766e09ea36f60581132548e08

SHA256
ba0c2f1134ea326f2cebd34bd2ca9a149d91da4cf2cc6977342d85592d8a4549

SHA512
65a762384a9e44f33f1d6d2aa822b43098570fd55276aa8beae91958ebb145caf0095598fd27133ef1aa92653d1f0749f0239f8d5423cc34471c209439ce95f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA6AD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA6C0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit