180cbbab06349592eea02edb94c78f5b07e5c3c6800cc029eaf86fa8603e52c6

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 04:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef0880ceb2a320719ad685ec75c87fd8_JaffaCakes118.html
Size

22KB
MD5

ef0880ceb2a320719ad685ec75c87fd8
SHA1

2d04fae227dd6da9442d407843409b1090ed34f1
SHA256

180cbbab06349592eea02edb94c78f5b07e5c3c6800cc029eaf86fa8603e52c6
SHA512

ed3a782aa67d26e1946a58b712c551ed392eedebe4623a082fb61a83ac85f2e2c3a17438d7e9f881a654b84bbade21c616c23891435e8894ddb498f6f1e893bc
SSDEEP

384:odlIcEtR4eDGTHApNE+tjF08n6Z8W/gRnsw8guLZ:BT0p8sgZkxLZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{663CE591-77CE-11EF-9257-F6C828CC4EA3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433053251"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2388	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2388	iexplore.exe
2388	iexplore.exe
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE
2372	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2372	2388	iexplore.exe	30
PID 2388 wrote to memory of 2372	2388	iexplore.exe	30
PID 2388 wrote to memory of 2372	2388	iexplore.exe	30
PID 2388 wrote to memory of 2372	2388	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ef0880ceb2a320719ad685ec75c87fd8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9ab77ad7054daf9d83975e1c76c7915

SHA1
4412a92374cc44cdb4c02eb610d78275426a3d06

SHA256
7166b6cbe0fb0fb9368f8a97d1562f5293a5102a160cfc5a1856891e4d2ebd69

SHA512
3ecb1983a0496d90d8cf7d61aa28b05eafabf5f8b2eeabf1e1b2896aeb960c4bfa575657959a223718c8527a2922d2ec3f4a91a37260a2c3dee98ff517c20d57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fee7b06f41d7509ad8a663ef94bc32d8

SHA1
76b72c0921f046bbe4ff41c5d67956d51d1809a8

SHA256
d1b238661222d7312b3e4b22c10799406d8bb764eaf3eec14beef743a11e6d65

SHA512
e93cf45cbe64ee6fd004b7c271b7fecdc90363c81ea36da6c0dddcb26c5d1bf8769278983e890e649bb2deb0fda931e8bb06be6c1331109b5efa0c64b83fcc25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14bd372c79c18851d348cf52d14f8864

SHA1
3dcbdc95bb8008c940899a3e09deb86499b3d2a5

SHA256
2ae2a47ca48660797f390f172c6f9d5d74539255d5381f57feab246eea0e47b9

SHA512
30e0e8065132ac980ef421b7181171b66bb305f28fe01cee26d229c74758a5bbe2790bc257e1f973e7491fdd5f8f6a29eb4b32e478c00f5ca1a14322251dbde6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
486a4a42a0f80c71da4f9272e902365b

SHA1
3724c10d3a63a4df3ab3ca0eae13d39ffdd09a45

SHA256
3de4188a7bc132678347e25fb45dd9be40fb40990fd42fd289a50a622c80d9bd

SHA512
0bcd0ab7106e12bbffbefe593dfc5700b76184ce9b47e24a02a1bd4b9b61ee8cd066cb6a9b0abdf424951df9c8bd6e197ffe3ed1a437e584bf7fe8c93cc0da45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
320c5118a2cc607b06178ce7eca4613c

SHA1
fc23e74217173135f8d874b4d502b6e85741b4f4

SHA256
4aebdf396c6f4fa43c8b2912ee2acdef3c5996e286446880a5dea54100d9a24e

SHA512
2f6a2186b3c994ddfbbb9d9f7a59d20a07d27395aa40e6ab72a31b9f09ec2d088a674a8afecf4c2907b8d08df7d035135a7e7c26d214361017ea7b0427fb95d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c783722fecea26d26a4623b18dad6021

SHA1
9f7db2f6a3872c3c60092ccebe7195e5ebd0f910

SHA256
ad8eaf0bdb4119c45e98d9f0cf36a653cc4048c40a5f0c5985b3df8808b26484

SHA512
5fb525291aea8491ae848e4b48b82868a5a45e9fd38a183d3138717f27173febaea9bb167951f880ca6f22833bd8f2cc3a23b35faaa5480fb44bb7d2825eb0b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c773a4a4e754928cdfb202728f45ebe

SHA1
6a2174ceeffc3884c0da8272e5a600d2a867742d

SHA256
f1ba3b16daaeaa01213dee1ad6b5f87f026b7f0120a3011c4887af9999223b96

SHA512
8fcfb9b69c8df4d32d8fb3836fd1a1e0bc5442c11bdd430517ebe9791d1c731a688fc2cf4d9967c1d8b4c88e2b078a570e61b007e6200c1b8fb691a6435195ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
583becbf1330790987dd518b9c3ba0d1

SHA1
3fafdcf335cd8638ef43c79b901ced81ac0de698

SHA256
420723d573a20827681143566e8db99ecdd0dca3c88b61e4d7316be572b0847d

SHA512
e903bcc4130c94da7e49d49eb8cc3f4a777a669eff825ba26a062b13cac84feb711719652d4a4d04f6bc14a051863f416e1dd88b1182f129e90493563cbb2c13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
616f5d3c7c066454698781611946378b

SHA1
c7959e514ff6294411973a83a0c0f6de6e0b2ce8

SHA256
b312ff67cc4a1b5773be3c95c6df25c8af1d0d8b19d6b7a0c884b3bcc719f881

SHA512
b9ca533ef61238940c87b55ba5506dd646ffd41ebd70ab633847e609a8aaf14b820279f26f093ade71907484ed483a1aec99ee0dd63b57dc18a0d9a9d54d2e20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf0fd0895ca67e06d3aaa6557afb1b65

SHA1
1dd431e99055ddca283ccc6744f4a2ad13d44976

SHA256
704a0895e5e0096d415dffe7eea25eb20b23ed76d2cfeea446046ae9e8470795

SHA512
949414a694776ece76a11fafb1a6b9d8e0c0f2d4731120c1a78539d288177b397a7637ae7beb68d5030464b6515e3891e2181f9a21f5a28d86d221a59bf696ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
100277af1114ee914d9257a039e5e884

SHA1
b5a8f2c4432a9acd542d95e0ea8d359c0a641a9a

SHA256
a360a87b5e217892a11c02ad4b361df058ced493a00523d5c94aa59e05d67d11

SHA512
1b5a8c480b6a368635cb53c7e798a7010714344ed5c2cb19464f631ced70ac32b8bbbf1d22d5a722dd5e902aa0612e6d12cd8412b95fb5341898848e3768492b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c9fdbe6660f91bc29b26ee9153636af

SHA1
e4dcb74d26f136cf67e0acdf08e77742edfe6925

SHA256
3099843f995d9381d6d65c9e4a0560bae862c8e0ca1b6d9897ec511595f6c893

SHA512
99bf6d78103d33d31432ccacf08c69eb1b0b92b478cd25e5377318d7fc9b90cef6553c6d99b15ed947bd31808fdef9852c6ae6429aa095c515d2615e9b6dc24c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0867a44514604b0b1361f378df06fe9c

SHA1
666f3adf468f2072023d99c49b0b213efad2df1e

SHA256
65fece3675ee7013f686a5dd4441378fa58e7f69aaee553a10554d0563272e23

SHA512
839d468074d652e4f71c1bc8d28e7f8d3a5f534e4733ee0feabda2b8b700fc7fd9154eba32ea93652316bc71e8b4b0360275223b95b6375da1a71cffd6409b4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e420a422f9499fd045ffd3e89c13b3dd

SHA1
c3a19ce649987a6d66e1f3a5307b828b71e98aac

SHA256
1bcd7f39e2c4c0ce7f424e57ffa3a19258fc1a1be2c9e94c458cbd2131670693

SHA512
fd7f1e5bf27d4dc6573607b6c33a9a6888ca89d29380b6a743f8ecbcf8ff00cc60ad47a375f167c721697638420db75b1f129bc05170cb73c42458cacd393a10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98b7f4a75c49710a24f41efbaed9eac6

SHA1
10f32f5ade064306be07821fa5b74bc02ae2d22a

SHA256
1630d1a6ab2f2e69efe693bc881fcb93fe9b0163d3e8091a0fdcdc2267d376d1

SHA512
0b564d54dcd860d6cd07555c3bb41a52193be6eeb201ca0201bbb17a9606f1c8c64c1ad843121be027cd9120ec82f83e1fb361c2940ba1ba8edcf24ae2f833f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c2d94a90589ca4c55a0e1c14a6bee6c

SHA1
1ee57bc357169f96af3ce80fc6f8a1763f3df19a

SHA256
2b319dcd18a4c88d10b583a7667d236bc00a122aabd936d6a8e1dd716db5c3a2

SHA512
8bb24dda4ba1699e2e692fadfec758a5ff26c5e6360a8a9b573d35b913cedc656a8952da0b11ebe3b852a6347c0844a08501cf09126d131222cd9eb8baa39d21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aedd8e3cc6858f48988786c5b7dc6c5d

SHA1
aa8f32a0bebeb800c9fe26f92924bce1bbfd13d7

SHA256
d08e03dc3cb54a0026576fd3dec7dcd11e8e375d6a60d582edc59b47ee2c34af

SHA512
a3ab9192da29cfe9e8795d409f2dcc0cba9082fce06eab9d00af8cc3accf4f97a98026de0f7a14014ee6614a242c48a0e535ee73bb79f332236a3e72bd5e2e7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bdab9956b644cc1567721a5249e8110

SHA1
a13457032fdafaeadd50109957ae6980acba735b

SHA256
515afcf57a8bb7e6c2a1fe74ff4f0c5d9e3fcc58ed8e6d0ddebc524d3c3ddf2b

SHA512
3ccb2bec5c674b6aa1c03b0a71d9de2f991af734ef5e8e6c85c404f527c501f71efe3780a399b3a8d2f98159e8c533ff44fc163d9cc8578032cf2d458d5b6038

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ad30518835f9a2f58f238edeae44dea

SHA1
fb016c4787da85787327d97a580b71eb5695b4b7

SHA256
b641116e2aaddf7800a3259c1625e09b6045562907cc92987a1e71abd561b43a

SHA512
7be77e0d63429c558236205e7a338e1b2ccaf43e91b772243ca8f5ca6c5183ffdc2da2b2af0aeb4d67c4d2bd853bd7020176357e0ccf8e7f3a1cc2e3da08f269

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC64D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC70C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit