a104ded4f464ff813a0946a5dce215e4c26bb8a82587bc79f565ea7584ed9d8e

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

effad8086643928590a3e72c3e2df2a8_JaffaCakes118.html
Size

34KB
MD5

effad8086643928590a3e72c3e2df2a8
SHA1

f0eb85fb76fad880704f55bd8733c84754de9a8b
SHA256

a104ded4f464ff813a0946a5dce215e4c26bb8a82587bc79f565ea7584ed9d8e
SHA512

b826c6edf7e16f64352ecd563e8faf5792542522ee327bd630cd207641d2cf1e6f10653ae63b54ffbe422b90d9fa96d8dea712fbe9592a77e498cc8e0eac9545
SSDEEP

768:SSD5xgW8Ak1W4UqV6Zb4CGD1aDNwCTKFHdMlKczh:SSD5xgW8AkDUqWb4CmYNwCTKFHdMlKcF

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433090262"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{91E192D1-7824-11EF-8B50-EA829B7A1C2A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2388	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2388	iexplore.exe
2388	iexplore.exe
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE
1276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 1276	2388	iexplore.exe	30
PID 2388 wrote to memory of 1276	2388	iexplore.exe	30
PID 2388 wrote to memory of 1276	2388	iexplore.exe	30
PID 2388 wrote to memory of 1276	2388	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\effad8086643928590a3e72c3e2df2a8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
7fb5fa1534dcf77f2125b2403b30a0ee

SHA1
365d96812a69ac0a4611ea4b70a3f306576cc3ea

SHA256
33a39e9ec2133230533a686ec43760026e014a3828c703707acbc150fe40fd6f

SHA512
a9279fd60505a1bfeef6fb07834cad0fd5be02fd405573fc1a5f59b991e9f88f5e81c32fe910f69bdc6585e71f02559895149eaf49c25b8ff955459fd60c0d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
663392bde54726adfb5474d0d4fc5ed9

SHA1
af4c0dbb7109dcc216646ec2e9bbe8d4fb20ff35

SHA256
b4786f54d67a6d8410d068f0d5e15c70930e2030eeaeb78d8be800fd75e48784

SHA512
44ae513b68297f2e6fe8040f49ae3181d1ad76e1a657e22003021546306eb625134a5526f02bad345b35c73bd85cbd5ff4f9b7cf7447207a5a628f9cd84fcebe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
f45efdfc2adbbf8f320988d35684d3e0

SHA1
d455a99f50cff1060a0746e750cdc980b2997152

SHA256
d5ba4872d078ac4f066e005d682ed5c1e22d4bcf3051a149c964249405e4d546

SHA512
741f7bd7f3ced138c3a5ec769c1dc7cdc2ed5c1b5f2435b544bd7d8c3957fefd6a6d9310fec4fc9e49ab085aa1e2a5fb6254398611d3ffcf40b9b088d88ebc55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f14cf97036d4c7461337b8141c3c787

SHA1
afc1ae3dc97e6164e3323df39a10a626ae10b60a

SHA256
a1cdfdc253d19cd6f2654af265e91992d5ba089c6829bc97aac499c7d8f32e08

SHA512
1102c4695170020ff03b33923acea11e31237bacf2267c2be338e1bdd3fe9ecd33236b7b9da88a4f8b927ab48a1602ba048a33483d20b171b09a8a8cb619f09b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a99e98a21d72de1b4c4dfd1090be7cb

SHA1
5d43ff3cefc71855260cff3fe5a57bd31e8339a4

SHA256
b19bcf041eed56477afd8025c9f72617291df91615559b3262d800aac196107f

SHA512
2a5890e6e8a670f6db7924437dc23f4f848a5a5d5ef8772d835462b6e12fa6f49d084902a87cc196c71d98f553fb5d55e3e7c9c00d12c8f7cc54bb05e5e8d7bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06b0cc0ffcf9d18d3ce83dc995a05903

SHA1
5c479e66e3b7805c7b19fd0696f475fc0c24d97a

SHA256
76b29cd0947e8d1419da62e46b0c3318900d9520f569c88280fcec7a94a528d2

SHA512
b1eb352c1fe28b1bc6307a8939a9164e7c9abacb426f1837ebf49559a23dbfbc63aa499a465f68e863e2faf78599d926d2f5dbbb89c6efd39d15ae85256622c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bca5aa352a559c1196c4caaf60855fe

SHA1
af58bc42d249a96024e3315ee361f052961fb2dc

SHA256
d5ef880348c4581bec0d51dd0073152d18735868798c8af0fdaf0bcd5dece7ec

SHA512
cc9f3efac292db39a8092e75f4fe673cae1c432aa94a40f1b94d25ab347294d3b9ac70c1e1a73ad1cd6995e2986b6319add99d64b4027f2fda6e15c0e712241c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13b788466da3c154f12ae8dba2c8d560

SHA1
d75c3a938369794fb2dda455abdb7babb8f4eaee

SHA256
619ae4298a08b31a3467ff6bbd08bb931279d5044082a7f94718862e209d827c

SHA512
e0aa9a95498f888b57752095f7fadf0ff076282f493fa68fa916588c403a2881bcda1f624d27c144678c6621f0f67a77fe50af83a4e7e56e619891915eafc1f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc6304b4b4f89d72a0a42a549dbea73b

SHA1
2818b91212052db85fb7ffc97ef41af63753609e

SHA256
5e726eeb647dfde57e437ef6d13fbee162f28b85123854e85cc014e8d1d4326c

SHA512
90d4e71de290c567fb23a536d19bb9497aee33c091efcb1bf64069c34272c0bccb5ba8ff292483e08177be9e155b4af591b4ce011d18deaa0d6eecb685480ad2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
690c126b7f1c75744ca61e4c804d5f89

SHA1
04382b90f9d2e432528b50526ff7e297858294bf

SHA256
15d5a7ee7a232917cdcec4e9eefad27fc7a1a1e5408c44cd797c0e1f36caac82

SHA512
1b273dc35025d24c177904affb0a04c32bc5beb83eb431d623a044c08f21ae992aa88908be3e12a03bf374cdcb3e173facf486f98a06e5b9ec5b4daa9e004ba1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f73e97ccb0dd55be998ff0f030b8fd8b

SHA1
d11bf3b52d6f153a1697617838107761eb3eb9a6

SHA256
e0941f29bef52ac94065401b12ac2b96065017f3a7e29f25ec531ba8f5ef105b

SHA512
ecc45b2fd7d07c6ae3e76091a538b74e8e517217e493d37446902615785d523355d399deb4167ff43c2c42d59241d09503e15e142190fcd23faf974e3d4118a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3cb03bcfd0d0f67c4cf22b6032188408

SHA1
f6b5ff55a4785e86f520bdc6598bf4ffe9ef5e73

SHA256
b7eda1ad5a36324c53cd4c8a6c71e1cc1c0527d0a3abeb2918be3e1372e168d8

SHA512
2e71d82495aaa044ce6cf68e9ca8affe7084e2dfba00a0aeece2d2e05d6c42cbb1cb233990dd68729ef1c130d299ad3b1e220596c5139a434d00d3263d7c1821

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
fab286af1098cb4cbe06290fc44be712

SHA1
785940a0eff0e844a207902bc8500ef843d1b0fb

SHA256
f87c3167151e10e6441a4f2c3bd09c25acb63c272ce15ce0ebeaf1ab2ce34dc3

SHA512
05eb6802ce394c864ed45ecc28293b8325d0004a4555052fba4f5b49ee395164fcdeb4c1697f6b13238a0899de60acbf22c43999eccbc27d27ebcba5ccbf632a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7FHNNOW\jquery-migrate.min[1].htm

Filesize
167B

MD5
0104c301c5e02bd6148b8703d19b3a73

SHA1
7436e0b4b1f8c222c38069890b75fa2baf9ca620

SHA256
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

SHA512
84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB253.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB259.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit