7ca93384f2f1bc7fb0d296529c4a2475c12cbb7c28baf2665b8026c373aa78cc

Analysis

max time kernel
134s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 14:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eb8bbded2045d8e6a31e06db65aee31a_JaffaCakes118.html
Size

66KB
MD5

eb8bbded2045d8e6a31e06db65aee31a
SHA1

b0ce2e902338bc72b91d453e0ed8d5ac758ef728
SHA256

7ca93384f2f1bc7fb0d296529c4a2475c12cbb7c28baf2665b8026c373aa78cc
SHA512

ca1a5d7f478cabba859471df4da34ee256c7e719dbf91808ab2e183b6ba31c03e95ce68ee95eeb04b1f065750eb6d942b7f2e8d118f2a9b82cd02603850f79a7
SSDEEP

768:JiWmgcM0St8tN99OIsna3dVioTyOqhCZkoTnMdtbBnfBgN8/oycc8QFVG8sP/Ijh:Jp+PdVrTIgec0tbrgaCcFNnzAC

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C7781D1-7695-11EF-A7A5-465533733A50} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000007a3d14040c5df7bb25f4c5f601af79c297199e3d90714c810a2dbdf2c2c28da6000000000e80000000020000200000001cd6d8554facb469af3937fdad5fdeec3eb3d89863d2b8e14c9891de0c6b9a442000000083874539540bff28c57cc07a0ab3807e53400fadf5f7a307cda65da517a8d24840000000eb5368cc4c46f3acb254f54863b63219d559aa876e82bc336ffb8ae7659a21717260d0b9e56d322c6b361ff4f44cfb982be832c7e71f197ce065d65dd5f99b0d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10779ee2a10adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432918668"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000cf146b5ddc2f810ed76b75b98d53819127d72c707950f3b30db382fe2503e9c4000000000e8000000002000020000000f6fd69d7a123d291a53506298ec07789c56cb738649ea2608354bcb4a942b920900000004de7d449820f25a2eb776f3c3c448440b287d1e3a45754cdc1359829d3a42c5bf306293fc7706fa4abcf98bc7ae4e9da0472be37534112467f1a49308513802dc84d957d09f46606bc8e6c496c527a73f65c1796d125154e51f9ef380bf13792c5f18ed2e81d22e36a914d2b27e17b4f4f82d7f016c5ec3bbe016502d5f1b91da6d27fb3ee0671c8db3169bed4f10d6e400000003d88ffd168d1253d29f91761f16e9bb9370fa52572cc5b2a9f3be70ef3476bf801edd7f057637ae840b0e540197a772cd9fe9dc8ff80a434bade539bf1c17642	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2160	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2160	iexplore.exe
2160	iexplore.exe
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE
2520	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2520	2160	iexplore.exe	30
PID 2160 wrote to memory of 2520	2160	iexplore.exe	30
PID 2160 wrote to memory of 2520	2160	iexplore.exe	30
PID 2160 wrote to memory of 2520	2160	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eb8bbded2045d8e6a31e06db65aee31a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80ce071d1a0a9b632f45f8914cee9f09

SHA1
bc8ceb6d46019a6a2270989b93d974ac2e3a91a4

SHA256
3b711daf52dcbf22d6931e4d310fe2802518c1bc419723329a8733dd87b8bfdd

SHA512
bb56e617616ac4fa6c000a7edd500102c8f546118bb964233eedf614afd49a6becc259942427f9b251b559e291fd8064bdf19f24fbe79d18f1829a72520fa33c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdbd09d2d2db2d1d1432072a41214c58

SHA1
7341cee5bc8f8443be919bb0557b80e85e717e64

SHA256
18e11ee7bba5a897be36b8c73059c9f1963578fbe647779699636dc46afc6c8a

SHA512
0571ed6bdeb99fd2d94d940973f580967f609f3638db60f96711d9ced7b605d09776fba63c7fd33f236a0bfa41261500f51ec9ae4eb9c984b8c9587756587368

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccc3db8957d0522b183f08a931bd2a48

SHA1
9886504e592957e41a778dd9f0c9e66a63b9d689

SHA256
ddf793ee859619e173db12d5667196e4aa3cca9768e3167ed8fdba69ec7b13eb

SHA512
51bf65e76059a3112cf966b3c52545d6811b6cf6c490f231cd1df3a8ae260c537055c7b08021b6ef9915ec5933ddc718a9f22a92dcb134d53be2106f918ae5dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc79ce5e1c5810f99efa6c8a564f6721

SHA1
617376502ce15f0f511b1d13e0fa9fc29ba26f27

SHA256
85b44ec5f87f15e289a8877f84b48b8b5499789a3fd8852543446cdc11f16bc2

SHA512
c093a59177a76ef3034db5310cbedfeda4486ab978be7140ef35f21642d70a336763e27897701632fd58f59175102fbded0aa1a1adcf47158146ff71ba374ecd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53cea9416c2705bf0c89bbb359b958df

SHA1
fbb9168b86988527a09268ecbd1e5b360e2663f8

SHA256
3ecbe5795ac8f9015a4185e10bf968dd1eb5dc19bc62cf9ad9674127575e4563

SHA512
f80a38b92fb962a701cef68595780809852c3f1c828bef53cd64c94c0c429734ce8a1bb5c0f221f50fae03a85e03ae199ceb904fc4f62f72ebaf15ba7d35877f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6de5eb7b05fb1c4ccf4cec4b0183cf5

SHA1
ca3a6dd6a1470419ae33b37a3ac0d03cadb65616

SHA256
a16b1de017ae90c6b91949eabaaae79919089b0faf661fcef8c6de83eefa8e82

SHA512
67fdd7a44ec760fb34da04b14e6f966c4feb370520b8e0d2c237fb28ffb233f51451a6181dc6fbb9ea3d4825afb5e73c21d8cd2476193a1bcaf09f5667135f59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a7a7f48db1fed27404455f9c00330ed

SHA1
bed4bb73151715d8cb04c9b642f55e743aa02658

SHA256
2c3abaf36f4090fccfc4a07cb5c40d5650bd63f18cca52eef42a7404a5ca9c78

SHA512
1eaebdad3cc5ec97617dd4412c8c686d90e37a2febd42a3cc67d3f4004216fdd9c36dbf6544678bd6e522f466e87d246ef6bf212d5d6552e6c71be8086eeb34e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb389393c2d8d22607d13bb44d9f49ae

SHA1
b871e71142b54748a30a511824c6291a1df96747

SHA256
8bb1ea45d7d0b9deeea0eb2bda8367f5f29e770403f45ca82476c2de1d76cd88

SHA512
078cb7ee9e805e3c3accfd9415773be0df2a583cf8d3705161e3d6ba528e10e8d383bcfc96c8a76762a33e60766ed369117e9d292a8646600628091a6d36425f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36b7bd79ec0e167f2782481c42f772b1

SHA1
7d5c32eb1883d1b24de1c9a9c6eeabcf4a07df38

SHA256
995076318abf60f9cd699fbcebc8b388e536dab4cfb5481a692e2e7e954c8c5d

SHA512
69e8f8f8f1280f3c1087f88bdd83222787fa5e53214d35feada5cce802d433d13dd78f6ab1fb8eae8d475f501ddb5214a62240a96a000bb4ce84d3c55f1c768b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
226fcba081963ac4e293bd9464f9c4d2

SHA1
a940d5c9bf8f6245e47c3dbdceb7244b21d4f91a

SHA256
b960194a282e89e42753ad4277029fdcc1a9852e707944cccc2f20aa4f3f305a

SHA512
37dfa0a3ad944f34a8a75076289e1599f1e6cc46b9470165bb9d0d751caec72df98c0fa954dfb4a3fa2721abf966ef8ecb7b2c3641a63899e49b922db38f97c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0233b0e54fd026330f4a15d36613c022

SHA1
12582b0c1064d83bccf544acdf5db51c97e01194

SHA256
353bb35905f9268c7ae3f4a4f772a4a6ce2fc705b03afb7c5520db576f327bd9

SHA512
e410c041ed03adfa68bc914f7d5c96d149c3906ac7027dd36e7ce32ae98dbcd56ddae7c6f4a6a5831e887ab4688c265c010d6013e22d167e5884643ca9c29abd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8b1687bb5a5d3e5d0b037ca7db5e6bb

SHA1
304025869018059adf8e79531629ad9040b30ca7

SHA256
6e493b5bc28b9d6dba0799dd753e823a9b3ee76e2850a88bf0e1d70c8c7a534a

SHA512
89d31299181ebec2ac1ca92fda5c70eeac15c4204136924b9b5cc05bd55f0e8d61abf026848790bf00252057e4e5dd7a30f9f2bf7c61fbddfbbd1334791b317a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c2aa9847a354f036a666ec0ca8e84e1

SHA1
932258665e64972f4d8812412f20adc377569da0

SHA256
e15c88c0996af0bf35044a431e9ad8221da8d5dd70ba44e43490448f3a479170

SHA512
6c84312205b5446e8f20e24446e6b7454d09499e1d8cd228fa5c2f8da9a8977f38ccc375eced6861e7896ffa5112dfb08528127eb7df21cc0deac9ea05b09931

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a5df0100a85b4c55b9e0c91a226b373

SHA1
921817bb7fb73e29a3db23cc1d1a7e81e928aaa1

SHA256
a8d8461981d55d8b1b80717fc21ceccf7d0ae9d133557a7bf441a667ecca4a8a

SHA512
fac721a3b1406de601329ede9e44022dbd2060be8602ff3ad22fbad5a1fc6024b40f98f93c1209870b3a5308b3939db4b529e550484380739ddc63367d1f7783

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b39498eeb645250504eb9e04658b6c90

SHA1
ebd87478479ece7672ba460ef644ff6eb38cf0e9

SHA256
79017b6bf1f5fa5fe98bef30effb77b653796a76705102e16e4ce1fa73d66c25

SHA512
67b26f9ea7f38628f0caf91b1bf001ebc6d6304f54cb417b3526b68829902f0bedaf03fddd9cb6b62530dc8083f3fabb1cbb54ea67acfc4ba3976329e15cda18

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD3F5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD475.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit