e4c74d207f962340ade7f387ab89b56a3cb04395a16751fc3f37df4ef6d7914c

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebe1532b34b9a35ab4327e110aea445b_JaffaCakes118.html
Size

221KB
MD5

ebe1532b34b9a35ab4327e110aea445b
SHA1

97072cc88a9fb33c0fbcdce4470af2b024529d2f
SHA256

e4c74d207f962340ade7f387ab89b56a3cb04395a16751fc3f37df4ef6d7914c
SHA512

dbe1ca0d01d884b79199e20a6abadc49d022527231663357d0aa619aa121dc476965c07fdabd0952c44b0f9b1ace343a6d26df69558f893483166d926b7edfa7
SSDEEP

3072:SjDXT3yCQLP6lKKyfkMY+BES09JXAnyrZalI+YQ:SjPNQsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432930148"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C70FD281-76AF-11EF-9C49-4E0B11BE40FD} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2584	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2584	iexplore.exe
2584	iexplore.exe
1672	IEXPLORE.EXE
1672	IEXPLORE.EXE
1672	IEXPLORE.EXE
1672	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 1672	2584	iexplore.exe	30
PID 2584 wrote to memory of 1672	2584	iexplore.exe	30
PID 2584 wrote to memory of 1672	2584	iexplore.exe	30
PID 2584 wrote to memory of 1672	2584	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ebe1532b34b9a35ab4327e110aea445b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17a73bed65fbb376997491727c17212d

SHA1
b19bd9bb4797e0bcf02ec2fb9c8476ae73f172e4

SHA256
6cbe8ef857c4f38358c1877da2d8b05d418d3f30442f1dce65cd51b99b166d69

SHA512
74be3958c3c65d92dc648e8f3fa0232051283e71b65e5d5094980dcf07726eb7f676caa5625b827faf24cafc421d53d32c5e62dea3f718a25793a01540b58ad9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ecac6d71ccb57963c072e296608a1f8

SHA1
c51477b282e6dd0387e4b47f38d9221aa663d4b2

SHA256
972fb2d9d945e8b0e2dd858e00618d4ef17028e51e221bdbacc3d6394c84eac8

SHA512
baaa5d7de0f41a9dfa24f623d0418a2c086876a1ee22e0dd28d78ba42841e57f09619826be4b6601e3c8b0105bfbd64161d14a7ff28b28bcce3a28fb1a027f39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4676fa36d0a89a6147aedcd5f190cf56

SHA1
f506bd9a9e0759d8fac32f313e2a1a33279a5c4e

SHA256
6099dba90e8c410f5abcd758e8f0cb3c8f2c9e92c1ee03f0a5f959662684e4cb

SHA512
64d35f3652474762f36e230518a4901d7d28f58888d8fbd84f434bfb6d427e2ddb21f39d79bfeacb22e4e920b081e71565a823a8a85dc7b7880c68739134e17f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
affa382728a48d38ff11e48869e340e2

SHA1
783e46086315489f6dd920e3f82536edffaf09ed

SHA256
20c6913cff3fd247a7dc3cd428aae55cdc2811913accaa25b89ce69e8c6b8383

SHA512
500de02085bf177bab763e3d1557e7158eff57dc49bc8147a02f2a02329d5b774e74914cf92f6a7d314c7cb61f5f9d8595545ff3f72fbc5f3d5a8eb91cec61aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4f35dda934c918c2b9800d1625ab0e3

SHA1
df50482eb6bdacdc1c5ca66d810328345ea899b1

SHA256
2dfc2ead827bde40bfc676fb0e3493a4d2e3c39d8e02130412cec26958bbc7b7

SHA512
773632de320aacd7fe5eec37ae19040a3aba0001dc9b64cd15485b69c8a6a2cae323fab3fba5ab4855d9542f65dfb04a92ddf25d9dcdd76a73eda42d1e32dfb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0f967813e1ae3533874ec87c15ed052

SHA1
503a2dfc695eab9f96a490915bfa615cbaa7544c

SHA256
9cc58dcc26ea729834ee0f2ea0fa5cf1b85f6f61e31f7173e639a6ed72109d6a

SHA512
899b0bb31bd9635d89c6d6b31eb231f8ece282c5b597b3eb9cc8e99c483d2e6e63704ada0caa4243d806a15a24d351d2f6448a0b676845869c420917c4be3b1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7aaf970c01b92add0f43eb57d81ac6aa

SHA1
02f6277a8a6ce14331969afe9947a0baddd7f587

SHA256
cfe855041bfa2680806a21226bca76b900476f00781cdce1429ec46cb0114f7a

SHA512
afb6bae08d2686cb35103116dde7b52b566b863fb2a1bef103feb98b8329c641f7e6708a350f0960dcc601a08044becdb750e6bf9ea087dc1ef7b795b72ccca5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1654578ab1383bf1e558e398a49b99c5

SHA1
f8fda097183d19a38b8d46504c6353d227747ef6

SHA256
45375a923b93cbb0bdadaf2a1217203ee38d974bdb7b5f3cf2eea4e60bbe3d4c

SHA512
6246777b80396bbc86017ea707572ea2f9a8920aa8ead328e458d51d914de7c3789051eca0e7808444cb52ed963cd0f6d0555537533e8fdf7caa2a7bebb55b1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a11071514c93afb574903829bdb0be22

SHA1
02267e7e438d72e45f4fee8cb20b1c372bdf25fe

SHA256
ac9c968bebc50f4f4727bb965f64a1bfe8e0d49de9bdecce541c22b46ad912d7

SHA512
ae0c216fa24d721ff575ca541068d1b534ccd8bbd4e7941f7730706e34f936be8b913312e6fb4f421de1d55b3ada25b36c824bd21e2b540aec5e5ed9a30dc8e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a61ced71426b10bdda0b25baf05ab72

SHA1
8f138ec33a54abae703bd482e38988a8b53e2447

SHA256
8fd100349302cae09be6c54fc005c3857a7b10ba85ed9222696a0a4bfa969f73

SHA512
ec3c017890082b261983e9f1ef3afdada720c1011486e0c1b6ed8166cc9674d2455c35bfc4d0e857584c77cb078b0e6df6cfdc0b73c3036d29d69eaa78ebd01f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53795fc0009ee87f32fa55d2b8df3f67

SHA1
4c1092e750c55ef08c97c1a91e38b26b567ef768

SHA256
85fdb19cacdaa879dce5a2482757095313087c28909e194e927eeb8980b60790

SHA512
c96001bd94030f025f6b50e6fcb9d6086c253b9bc759c584630823654400022894852cd1733d4a81d0dd345bb88fddd7408d0c6089332c775d61d08dd1a063ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2868ccf518daa59d6599e408a3f27db9

SHA1
ebeeba10703cd626fdfe9b3b67f6a92453cba6aa

SHA256
690eb1c0760fbdf8883342c9fe506c24e40566db59070c76544cdfb3803e9826

SHA512
9888af10824600e0a33ceef7f874a5215f835771eae8dfebe19f60daa65e212209259a93148ff89f47e713ecccc8c152f697913247d284fc93d3a529a555e63a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6a86377d298e16dc158dba63e831290

SHA1
8ed2474c8ab9f166af7d3190d0773ee9cdf69a63

SHA256
3d7e5c5a92382a94873164c4766b5e3ed1ff76b5170e88074fb9d6af13239d62

SHA512
332e477e2c4cc88392ddfb8004d783c48123e8ed11423a9f8c78779444385f1357f676e9641c94907847d3c0cd53ba84c2292c9bc1db534eb4bce986616825bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
093e4271c020929b9c8cc011c3f3772a

SHA1
9d5bdf328632dc78cd7f7e8ea536cdc47f556ade

SHA256
3a08f32191a174201fc4a42538cefee0b6fb96d6d6fdd9944dbf0ca6de0ca402

SHA512
0cbb705c6d9e3047df64b392f56afca04620b4f1ea439a4df089d6e2e5c9753bcf9c386b3002e6d69ebab6b92823ffc95b855fe4e2674f621a481128ab919d8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fd4d64ac64b1b03f68271ba05976221

SHA1
c95d3f7bd6e4d8a38538a50bba6401fd86455f50

SHA256
41094d5e9f82936ac32b0f80539ea5048b78bd45aa2138c43e2058bf82f88982

SHA512
b0469269a910ba6a63888f24985c158e56721cb8b8692e19efa04c7b6e4310cd2684caf266d373d936628d5d7dfdd0b51a91d579738eac9d081d7071f65dac49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26381332cf60a650dab615af7bd9b54d

SHA1
244e293d578edd9849cafe450b0ec11746256720

SHA256
06421468f718c61b8c8737b537bad5b3611a4760b0a5ddfbbefc72f631f7ce60

SHA512
eb4b35fb2d2735b4be8a9eeda1e99fe853aac1cdfc8cac33870cdcd4d6fb3fab5028fef47d17f2ef05aa74fbeb4b27b6f0cfd1663c2e6a7d4439df8a0faf6ba5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77051d1f38b65bc91b73d16999e7891a

SHA1
52271f4b1eb5226cd170aab95f89c8efff415baa

SHA256
79a890ca26b8b1216f5d2c6653e2fb3bfd94ee3c4137facc1352305b8ebbabb5

SHA512
dc49dddb09ccb57151af2465b5b910170842cd74accad2666756ca98a814ff1af9c0c8ccb9f5dcd9a19ba180d2512a5f68eebb6578d49e0d8ced91efbbea0ba4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33535b07af1c8c040b40c0d760eb7f6e

SHA1
086cdcf109363327fd7c725151277d2215dc2d3b

SHA256
b6d8efc6aa61a0dbf265a58bb7679e1c930fce59c47c6dc835ce1ab586b1dfb3

SHA512
f4a91113615956c62896c9ee531f468e60a50b929211803502eecde494cf166ee9d940860a2bdf75fcf03428556c5980b31e9bc660cd1555267e1090550177b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2aa360d22abea9a50f285412491a1310

SHA1
465dcf7cd50ef331047b14629e5725b0f89629d4

SHA256
170fa5b84a2a07f36e1123f55720459a1ce89216eda66871d25f30f9bad237ab

SHA512
9eea16db640c492651f3d270767f2d0eac3bc9000092aebeaf6fa62591caf52cff0c264eab835d27979223b07c88afab41074296420d0c431056bcf44487cb18

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB943.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB9F2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit