2fab901b566782bddb5e5836ca031a490da1cf878dce74fe7c591b71db9bfc62

Analysis

max time kernel
140s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f0bc94025fd2f74550ee568d6ea3f752_JaffaCakes118.html
Size

29KB
MD5

f0bc94025fd2f74550ee568d6ea3f752
SHA1

5645cfc48b2ea7b79e874dc6f5a04b09250c5361
SHA256

2fab901b566782bddb5e5836ca031a490da1cf878dce74fe7c591b71db9bfc62
SHA512

1402b0ef2bb7281aafc0a592f5f25384bde3aa48f577a32d072a71760506f45f94cc675ad15294b72be708d150843f4477f9e9dd46dec4814cd741b11e9718d9
SSDEEP

768:Fp7tr9dkINs7eO4tcn02eOs8D3WeszidM6ZwO+04kuaG9eT:Fp7tr9dkINs7eptcn0pOVD3WeszidM6r

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4C319D1-7868-11EF-AA6F-523A95B0E536} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433119607"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2528	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2528	iexplore.exe
2528	iexplore.exe
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 2964	2528	iexplore.exe	31
PID 2528 wrote to memory of 2964	2528	iexplore.exe	31
PID 2528 wrote to memory of 2964	2528	iexplore.exe	31
PID 2528 wrote to memory of 2964	2528	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f0bc94025fd2f74550ee568d6ea3f752_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d1ed7cfa327f2b6c3184df7fe5b5e7c

SHA1
2d942efb4423b35796fe9a0d0ca86561a7b497f2

SHA256
b6d9d80305b9b0f9d8cb2b668521fca00ceaaf4465a0b60058c87cd8b2e2c774

SHA512
55ca95b64c7632185f35914b89668139cb84579f842fa147469f160416702fd98b632b23aa1202ff35c6512613a6081974c79e953d0911a2dbdee596d3dcee60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54145dd38cd3987085d91eae2629075f

SHA1
fbd2ea59467acac9e6d7340b8e74b14745517eb2

SHA256
517f15d7981cb6dfaf4946471e11648ee0e8ecfe07a7786ac10052764b4648a8

SHA512
b0866435bafa3f28096124b82710b132ffeda15ce82fb3b3495d3a8facc033669634485410f7beb7b8ce6614e92a159f790362bcecf041b91c201b5f4e22b199

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d1e720bf83f25315fd8fa14b2490004

SHA1
1e1a3aca14b3fff533afd1ffa0edaa942e844338

SHA256
b6b37ecd4015ae9ec419f2c49e12f2177be338e4accb676051d8581a2f49ab74

SHA512
e855798dd7d4f7a89bda2f53976721f03b63a5db59ee6b2ac01cc1a637783c2d504a75ac9a313e443ab786ba252fc85aeb48d490b06ebcca154fbf2514f1c9b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
405df9e5a608d3cc34e488cb9e42551c

SHA1
a449b1c885f7801aacedc24626d931f654f6093e

SHA256
6b68a75ed70cc08e34d0fe1c298bad1a39ecccc9675ac42a25c41e4e3dbbbb27

SHA512
55ec59b7037eaff0aff64d1dce2a4894a790d634bd0bbaad58993a092f77bf8afe2c4b77c7087a9219bcfe1cb85294326e4af790e1c99cd8923c304a25fa7286

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d0436f3a35066d4d1dd26ab65c95b2e

SHA1
44fa9bec61c8e28e3b2744aaa89454b6cf12fe97

SHA256
fa4789ef2141664d91713c6500dd1f12cf36d2bbdcbc4f3a461775d21611fcce

SHA512
7f48763418de66f69f58d42de9f5444d8a5e2385163edd09f827d34910458cf74bbe22584cf7aadffbeabb58f36fac2667c2d83a86d39f007a9bdc823a27483c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad6d59d5545ed87ea4ffe414ba262111

SHA1
1d37e346a34e483d14510ad7157ecdd1dcf3dce7

SHA256
08933cf5b072795464652e412fcb3a8fa44a5410b686cc4f5d00ffd8cc62f748

SHA512
2291daf988c362c62a00482333f90ecfb83b93c39d72251d57dac9083b174684bc5306ccd635342b235b4ad92fd7b7f27a4ba67c37f57727a87a53cf67771444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34ffc0bb6e57176c370cbdbf1241f38e

SHA1
29e861f549585e7966bfd53454cbc35e94429e22

SHA256
42f3293b4ff673ca2ff530b78866b66776e9d74f2d15e79a2cab82ca449171ef

SHA512
7528720a4c386f5198120c94fe34c105a21f0c89f54cbfe19ad7055f7f1a9705c6000744b3841d81d6afbe5433b064f468e5475a5efcd9651215c12ff26cf4da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd471a3ee25df7339ca673be0fd423f8

SHA1
a1c4cbe11dbeea627a9ba61363e01f8565a92aeb

SHA256
389a8f87511ac1593cf412c5f9e07a8744ad8fdfc532853e98696a5fd6a03db3

SHA512
cf6105f73940e203460f9ed2a63800be371d9d78c40cabd6e9188c66d2616d84b67f7de7a39e817ce031516a42b3a1cf0adc1b2feb8c5b205a59a0343563db81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ca894dda8cd1730bf75a430e7286f44

SHA1
b8f79ba951010a1d432b823a9b51cb4e789f15f8

SHA256
3fa68b6b709c2e4ecb0f37f3dcdb77469b38116b1b08769a7f5e121c822eee63

SHA512
f676b7b37fb8d050cab4cb80eeb9cf97513d5415421eb6fff203ff4edb623e0fa0722ae5769fa23820aa02364287af15906e940f80959cb1b71b78b10007f771

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8960ea925962a3be7eb9277ea42607ad

SHA1
809c424bc90f58a03ec378c9f2f51f582c4a68d0

SHA256
55046db85f54b965c95329200d83c1d5c09449be581b968a6fd12776e61d89c7

SHA512
62fb654ed4030f0f782e5670e8f9238c49e658e7833d605b63e334d1a34642719b7764cff66b535bb14b0efd189d6f899e4d2d7e1e78bd3211c16509d5d2c329

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
979e57e041e42b47fd5abdab24afc363

SHA1
f6a5671957cb81e257fdcaa84b460e28e10595cf

SHA256
9117cfe0eedb4f10e04dd1eddde52ffdce778af67eca04ae490e8764b9944329

SHA512
33bd520da78ddde98b0c907bd6a3fec2539419f53c9db4b13efcfc1c695c04a6c4e5bda18ffc92c834fb012c3d4eb63e2349ec404349a3cc3015905575f85d2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0207e9130cafc383e3d51a308325bab

SHA1
be0b6491012ab5de85c6fedcb869857f418b45dc

SHA256
58d3d74794c0c831e8bd9db96a426b70d7ec174348e916b18233d95e370f53e7

SHA512
450babd5db3e4199e00ccd48eec08dd8298834f39b1a8013d5b15705b2b630c977f5818e8c6fed85ad011af113795786fa1042ca2ca88aa668fbc14d2115ccc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96da28ca168e81f42ee6359348911ced

SHA1
a2522168839346c80013b1ecf2b67adb8d07190e

SHA256
768032181ae8cbc3cbcc50e27b12db75bc2bb70facf74147787aeada2c97e792

SHA512
ae756e2f14d71b9d413d115854e9ded4793d7548f511a0714a5e6da184584667433448bcc7c5e07c1e6218b8458f690ac63f6fc865b38ecbe04e0361230b6082

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ed912e0489aee09e844bbe4a7606e0f

SHA1
6efdff81c844ed397446ef6a5a13438ba8ed8fe4

SHA256
6875a15042e9a8f7890d643d9534987d7cea66f0c18170eb848af5c261c77c94

SHA512
66b807bdbe8b8b9d0c2778bc8037724c947d9e3104f5659400130aa61f1ffa53e76678e0f4335d0e527a2e65c72ef5f111ee418b047b7690337af862ad6627ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7dbb8998545f2b80adabfccaeb571cd

SHA1
166553a61ab989d958155e41baa0b3fe3fab063b

SHA256
4a2efdf0d670f79aff946bfa22285afc121a3e67eb3580c98da4271897fc87cb

SHA512
98a594b649f37bf4a038c90b8a93fd453fd5e4f624d6f808807df894ed7c052c2650aaa0c54fa3bb86fd43b1f7b5bece8690180bf0b90c19f3ceaad8ad79ce6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78192fdfdeaee2378d74075caf64a748

SHA1
c84878a12ebb13cd73416f50585f0eebd537970e

SHA256
eaad457daa7a42d6106307ceeb66cc6271c6a35c4b0dd540f004f4ca5c29be3d

SHA512
d8e02b57a82687613b3bc98144484bcb835c6048e407a0769c9485bb8519b8131a2fc97ee0f92b1dd2768e5ad17f94773a20784dce12604739700271621cf912

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ceca08cab6cce7864a39836d6e7a4b65

SHA1
ba6f13817b495315753081e19ac48302c1c83994

SHA256
86c21e465d447e825c0f4355b5a3fa8c20cef810069973015d4b4d90018c88a7

SHA512
116100501a3392034cd78d399cf32b00bf87a146f6f5b3d74609413827682ac161c5cd105b740fe60fc7e6d1f3ac175a42454b4cf313eed36f3a962c210798b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04b1871ec269b81e2c885884a240af99

SHA1
fee9b313beb44b0da0fed3c18ceef4ff1625c8e5

SHA256
6891f048fe7bdddf967fd496dc8f03000d5eb3557acd1a356531e0bf1ac79abe

SHA512
74d8874dac235864456f58e39ff40fbb34b295dbf87392f81d7c160f5644441e4de275da497c2631cd8764f491de9c57c9f56c470fddc21027d6f0a55805aed0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59982588e48892b23c6b2c8c88eaa062

SHA1
f710b2f0ab15c70180fa1eec87928cc50269be12

SHA256
28dd2e0dfe96340faf7997f0003fb17384a9c26babe6289b60394b5919e680f9

SHA512
b90b4f7aebf89a4d50ff8bb65a315acaa347f124d9bec8ed9b59efc9526225d7d880a204cfdab5e460abbdd5ba2b1f478a9aaac5730dd0d27a6410850d8d9ed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f167c460d448e5948671abe0b2ede2c0

SHA1
565b711125c0fbf87e950782b3f377572c96413d

SHA256
c83b1762ea72790ab4fb00076b316602510fc8f9cd32ff058162816cc7cdd912

SHA512
48561694ce333f7c14f57a42ab472396ad9235b7c62df289b258c0aba499837ab938e55222f4c8faa61fa500a6a67c0664a85b589b25efa3582839a2d5182fb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF631.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF76E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit