4218970c339d02adb75a013b9804cad4cf6fdf7e01615f17fb0f51914a012d21

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21-09-2024 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eff8379d4e7b9cc4e706d498fef54de0_JaffaCakes118.html
Size

25KB
MD5

eff8379d4e7b9cc4e706d498fef54de0
SHA1

0dbca9002769bb0dd27370845fd08d7b87a8d92a
SHA256

4218970c339d02adb75a013b9804cad4cf6fdf7e01615f17fb0f51914a012d21
SHA512

ed874aa8b8eaa3ed780779c8222d89e10c42d64104cfb2320e83e36142a88741fe1b13ab3c38a6655de467c5ef5c0f8e35cb3d9f84a2aceaf8a2c4c9955384df
SSDEEP

768:+wmYLWK715XaSGqqTClVNQw/20Qt8l9kAEFO2OqIp:DuK715XaruVNQw/20Qt8l9kAEFO2OqIp

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BD0AF0B1-7823-11EF-A4F8-F6F033B50202} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433089903"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1488	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1488	iexplore.exe
1488	iexplore.exe
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE
2732	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 2732	1488	iexplore.exe	29
PID 1488 wrote to memory of 2732	1488	iexplore.exe	29
PID 1488 wrote to memory of 2732	1488	iexplore.exe	29
PID 1488 wrote to memory of 2732	1488	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eff8379d4e7b9cc4e706d498fef54de0_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1488 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
935c74abc7696fecadffa03c022788bd

SHA1
da618eedd3a6610dc9c0a070662f1c5b9e5a9e98

SHA256
64c93810c5c1929eb3873ce24b0724d2de588a705265ce76dee1148e10be4c78

SHA512
f48da81cff913786813fa063636893004c53e6d4fb143e55fab4891192db4607b02c0042af27b26cac1c0e5ba0f4fab42588b6fc00aac2cbf2ace538a63de4d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4271c72c3a97d92501cddd83651c69b6

SHA1
f351d7aa47d05b832e4dbea617389f62d6603baf

SHA256
8c7abdd0103ba4dfa3450a9a5f0975e048abdf6da1247db97f69dea48c4b6e15

SHA512
5f85548591cbe26e132abaf5f4e7f32c3858a7846fe2a7cca760cc364f258b98e476971a0d127392446d4131fd9ed5b1b154332cfc21cf417a3af60ae4ba358f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a963cc0816879308f7a09acd58cf8a9a

SHA1
cb35173a2f876e06756a0a63757e9360bf61d0ff

SHA256
ae39bdb59defa1b7f1917ac84cb04099b8be0b49ef6b884cea931a03140775b9

SHA512
baef1cc5f220f7a06a81c11c91b49406640239628f6d2cec96351e63a1c5083eb203fc70e54c2f2f8823819c169880ac009e71dd79d9fc227469d8df01d6d2ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73e73111358a79313198cf135bcca5a8

SHA1
331a421e348abdba7cd6c2db5859b399efdbb024

SHA256
104b0d2c2fc7f666e2a3855c692f80275cbb31ad6204bda3b29decb96089d597

SHA512
2d1f94430be2e2cbbfe05dbb967c911f5bff20f96f73efca00ea5cc891d44f453e95f80b04e64227ba04c0f984c90c0695054019514adca2106784f08a4e25f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07d54c6588c8beda11ce131f97a6de04

SHA1
4fdd9fdd15a46bf59b3cd204c9e5affd79b1ec9e

SHA256
95544e137788b74cfd4a66415057fad96913e3816a98b582e6c6b7e6c2db8ff9

SHA512
20e06f64dd804942d5f6810db4e3ef507839a5cfe7fa0a81a4a2b31d0ff13da9436551f06fe756c0eb221fa7129bddbd7ac9c60c28fd12b9300c0084929d4ddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8ba9ee45c2ab6cecbbaa19351660ec0

SHA1
30581633afde76fcdbede46cb40c93d0dcebc228

SHA256
d481e16471ad27e50f6d87d07ccaa7ce77a750f4351c61c8ce0a63bb7daf62b5

SHA512
a253a9cb273aa1f0040465cf9726964e3fcd45b0f2ae987c7c0696608cb02ea54c66f2adc6d6009922d2e980b883bac216ee4138801109551b55029dfdf61726

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4cace6a4e0f7b8b797172efbf78a5b46

SHA1
9a5a807df03af74585ed65187e49a84cd7228b91

SHA256
9c306cfbd9af10f3af296faaaba3a3f77ef1183074d0c00fd74e0c4ec71c23e6

SHA512
85e2723f0f19bf3d733a07602ab90453e49f8be469ba4b3c0e509f96df75dc78844166c043b99a116ee456e14c7417cfa87e461cd55dba70f901620a12f473ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2f65dbe02d88acb4271dd86a9fb6d69

SHA1
95492af874b87f8518dd948d5b43f85061c9175a

SHA256
cbfda24691522f180ee5527350c68ce4326d2950e5c990cb426c62926155ad9e

SHA512
3210e7a38d2d71c4e4b653083096cf25dd94c4bb13cb34acfb26841bb38b21aeadc942b26152d71b6f3d34d1069f98611c9c148d5addba8b2e89f7bbed4e7bf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bc02aa46bbdd59f0b9d295b53ec6e1f

SHA1
7f0dc7fbc1cb9f68b36064f6cd155f22440edf27

SHA256
14a90809d59fb52150679a2d2649ff28d9e2ac4113b97c2a77b7e5da1b181c0f

SHA512
35a1109bc92c1278e471336ff2876ed5f423882f8d051eb58d82c56755cbb0827425ec6509ee801240c951bcfb0012e74bdb1d7e32390261af3bdd16c195aac9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc2361c43c15c3932f34fc0549ce65dd

SHA1
8d564fe70ff533bde1c6582261528a88b9d523b5

SHA256
7b57c13150e3038ac2731c860032bd8c14660f90f04e1c28e696c12bffeb394b

SHA512
e0524ca89ce8096e1c84ecab8dd414910cef43f8715de8d9c4c19e1f65e8aeb8a515f1421f723c66c17c7a89d96f55a69e16c647faf7cde3bd0193dd2dbe4c3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8fd1266f9aca86000fcf6592f83df3d

SHA1
09660904e0c81782ce51271f7efda0ea7ceeefc7

SHA256
06e0d13987c86ec209e9aa1733f0a2ad9c737b48c5c9029555d79ca74c9a4fa7

SHA512
afbc8ade83176604c5951be4e11c1b95a244efeb42c91e1c0c126c4ab0b637f114ad8859a09a4110270c882cd3371f47f4bd591e7f84cf0b53ee902cd2227f6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a9e72f10bf8aaf6b817d3cd8de2229cc

SHA1
c8873e36f009a422fb9c3ff272b6c4fe1447426c

SHA256
cd620344cbfdb08c3b46c02bd234f519ef2467a100e64a0f03bd23ec25f1bd2d

SHA512
96108adcc93b0bc846eee2e27f258545996e8ca48ca392ac2e01b1b59502d3443f2013ff7720c0f6050d53e3abdd6d49f9aefbe21665ae4d6fdb159cfae9ca13

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE012.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE015.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit