2321ea0c2cad23b663307bc06db077458763bbd04002f9bcc9eeeb852e24b532

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efe99af6424c4bae3a31e74b1910e104_JaffaCakes118.html
Size

119KB
MD5

efe99af6424c4bae3a31e74b1910e104
SHA1

31f7263364f0322660bf3e4d0e96e46d2eeaf5a6
SHA256

2321ea0c2cad23b663307bc06db077458763bbd04002f9bcc9eeeb852e24b532
SHA512

5829bf2b9d65eff0f02deeb8fed8c85025c90b3aa2f6eb7db68bdc985ed06a90f7138393adcbd9e91579e9e9650ca980a1401ea685d6235d1b4c61abf1219c5e
SSDEEP

1536:S7M3CZyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:S7tyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FDBC3A11-781E-11EF-8F55-D60C98DC526F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433087865"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2636	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2636	iexplore.exe
2636	iexplore.exe
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 2808	2636	iexplore.exe	31
PID 2636 wrote to memory of 2808	2636	iexplore.exe	31
PID 2636 wrote to memory of 2808	2636	iexplore.exe	31
PID 2636 wrote to memory of 2808	2636	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\efe99af6424c4bae3a31e74b1910e104_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
742b741a9743141f371e00b172202264

SHA1
39b8afa565e9fa5c9d066951b033058abd52a8ea

SHA256
8210e426013e5ecaefa1df1f7585fe52ddb0568fd05309b165559a75ec9a85ed

SHA512
908412d7b9b18140fdf7d863350211607072a131afbdb1709a8d8d0c7caeb3506b79940bb1b9f5fe44b9cf9440eb25463d8c4d2a8d7446d6a4a0d096b29d3913

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fdd7abd586813e4797da0d64c1faa66

SHA1
d9bfcf036055af84b988a0262c46ccafaf2187fb

SHA256
04aeb714b5a9027deb4a526e1df2c27a1009ce6ebbaa7044dbc887d266dd861d

SHA512
e4a4bfbf31143ecef532399e14e83e422f7d341bcbe2a4480b73df5ad29e55f19d9c91b3ca2c0f392a4fb3dad3eb0aa33ececf9ad989ee6d02dd4840ad4eaa6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1715ca5335d4893802358531ea6ce79

SHA1
c4d77fa66b91508a6f2c04c9680b4fb7870811ae

SHA256
5119dd49f23bd919909fd78c5f3997296317a9dd3474eaec52957fb886657fd8

SHA512
d5ab8ec54b4819b26979b7150d52a5d25c2778dddcc2f4be635c19d5d25af2a553011496ca37bd30085fd066fca2ddd4302e5710620cfa2f6e3d47fa7f4ddf79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cabd3b06bc2378646221781f4e7de1b

SHA1
728dd0196987f67dd73554ae9ce1d57477335177

SHA256
dabb2792efdac184ca0f1443839999ef7a06a2d8838f0855caf887bbe1f699c3

SHA512
19f073d9f29f0c7e5b6396ee45a539b918812e9666e604d7970f958b90ef1f76d5fb848ef68a1422d64af45b107b86ee4a3e99420736d3fd0a7cb46cf719f8cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91671fd8910ed6a6212ad4b6d6039d25

SHA1
f9e56ef5ee97a162377d31d7cee59ca2d24c4397

SHA256
07d87bda603e6a326dafa7799ff41e0d045c83392179b5b347b89ca3866e153a

SHA512
3dfc1dc4e8cd44b1cd511ecb7a0dc8d3a9c2a3d435c4518d2c391ec0a6bd9e46155dbcb45e5ac29932c6089ae78f940b2cb6f2f798d59b2097fdb8eb062c6e85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abc0607843134da0974e18668afd5232

SHA1
d85d0b23982cb7491926f2df7a54222b291252d6

SHA256
c9091e55b2c65eaab0c9ef62a419bb787f750d897843c0dd9876d31e3c33ac28

SHA512
3e538168fd44f8a8b818150f4994d82dc33b17aee78fbcb4e18fe17762d2a99894c0de7a495dc445351cc4917cad08b0e7259f211ea10a1f5aaeb1774350fc5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0ba37466f52d1593f7274f88bbe497c

SHA1
ec5bcba6c8176f7ce3cfef16efc99fb788ed0279

SHA256
23329bb3d697c261697fc6c457a15200e58ed97df4eeb3a2c67645f52f0634a2

SHA512
c7b41c1c6ce4f38398caf0ab9f41285f96203568378f4391f294e6a0c1f172151e806d2c40ccbf32becbf3e2dee116cb11f897089255e346bfb89c2e1d59e650

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d5832c2f1cfae3fc42a09f0aed88c05

SHA1
5dbbaa30e7da0e98175750c288053ee848fa7f54

SHA256
347979dd73db4dc661bd7db155331d5727c86aa3b9e4fee3ac5131be1cb02ebf

SHA512
938171e1bf037dd88dbf4e21da9a89a2f6e5150cc27b379f68ece95c17a02d3000665e3d8511c3c2bad430d3febc14b430b94979a18d9ea928e23db0d984d85d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
806a5286b0cf3728ce5edfa2932998ac

SHA1
cf8cfbc2feaa0a9207320557591f4c7d2a05fd1b

SHA256
1efe201b8edca4711e26e4d2e00c0ec53b83ec961f9b5700a9fad3a1652bb17d

SHA512
9786cdbc434716c20250cf2ec4bf5db62d7a0cd947332a076da34b72a70b939fd37d750b3a75abdb912649fe7d9303c7b9380eb89d153050f6cf2aae6a3d8b9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1445363142a2013e1d672dcc5535eb79

SHA1
c11668506c96c9e081cceab0b0f855e48c2cb276

SHA256
d71a56ce5d159da51b4b60b5bb44a4b5274d22aeb36b54fb1d18be0d9ff463d6

SHA512
51f8c429b7401253f650a9a07c49e615a8d9776b5657e53fc347cef77637bc14d087060af9bc0b8ef3423d26050ee6594f0f43855c23151b9d0a20c0cd60b162

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d345786e142978be1984304c10c96f4

SHA1
44e45b8b5361fa46cb5eb446db738a583696e89d

SHA256
6fed861f009ff014a9cbeb73c59359e8a31974e3f9e4581f938bae465a10d2dd

SHA512
41c995778b33bb340826f9f6a121d66a9838fefb380e8aca845d15393191df7aa521a289b5009c31f82ca53b34b50ca9b20a89b290af22f0c2aa0192e188ed0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE8DB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE95B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit