c3352dda36f0bd3d5ffca27f4b08899818c147b772d14943b07036afae3ac283

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 17:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f040df7801f8debe1b6403c5f4e7858c_JaffaCakes118.html
Size

20KB
MD5

f040df7801f8debe1b6403c5f4e7858c
SHA1

79342043ed4c5a4f41486610586a161b70011d69
SHA256

c3352dda36f0bd3d5ffca27f4b08899818c147b772d14943b07036afae3ac283
SHA512

e4731d07ac8444c60711e9db6bdffbeaf59329e318c5a742ead275d5d40d5ac96c64eb572cf7e8183256b0fb9df41142dfd616a44e3f50bbb50092359de42dea
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIx45zUnjBhXJ82qDB8:SIMd0I5nvH5svXixDB8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{71600B11-783B-11EF-A2BE-5E235017FF15} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433100085"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2908	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2908	iexplore.exe
2908	iexplore.exe
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE
2548	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2548	2908	iexplore.exe	30
PID 2908 wrote to memory of 2548	2908	iexplore.exe	30
PID 2908 wrote to memory of 2548	2908	iexplore.exe	30
PID 2908 wrote to memory of 2548	2908	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f040df7801f8debe1b6403c5f4e7858c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2908 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f78c44654698969c419ed08fef5c2fb

SHA1
65b484ed0cd5f9e11b09b1b3449d8b1142f3f8fa

SHA256
31d1cbe77323034625f7da6441a7af54cac0e23890f3fce7ce18ac9fb32834f1

SHA512
8e09235aa476206b095b81ac78728d42d7b1eda1b1fb62cb852417854e0b94634c1c53b148b48a016bc562331eed22a62a026e7f6ec006c1c9fc3304f339a0d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f18193ee2f6d0c6b087130e22bf240e6

SHA1
aebd392139827d67a458ea13d095e497dbaa0ade

SHA256
cc2c628130172ec85f78ac0fe67da709f870e5b85d9ab70d1df3430754f92448

SHA512
ae92423f7b45a5736275ddf9f4e56f47d094a47f6eda78448d855c7f90e3a2142515acf0d87c954b8f98c53450b4dc806d8711ce032a44d19eb45faf6677e032

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2182a86c298c9ae91ff537b807ecd519

SHA1
d4daec717fa92bea41a4013558c64aeda6f1324b

SHA256
68e8629cba4bf1c9adb943bbe3d7675a400b4b705f3113c4851c8aad9405ff3a

SHA512
14ba343209e1a59699835d703cd5d8ed8561395e7d99192ac1b6080cbb63a497108a9c7e88a122f033079ec2f21d9c15fa5105bfa81cd4b4c0b5835214699f98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c472223d04569c188708bcaa1c318a1f

SHA1
75b12485d8fc203ede5dcf1190435e6b486d8b03

SHA256
6963fbe0b22134411831425387eb0d75e0db20ad56f9db11a583f75a0b4b34b1

SHA512
0edacf6e25d4a1a2ed4589210f63336bab7891c7b3b011755edc9f5bd20da7285cee5c392d6687c3928d0dbcc9dbe94d3e2e345ed1b1115fd32cf67545aa0972

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
556cb28268542c6c1b8b5ae890679069

SHA1
73c76df1c1bca5edb7c84cf1fab26e60286fa8bb

SHA256
67453a37003ae0c34d57f6daf5b8a180e3cc15abc7216601915956b3a9b1f2a0

SHA512
81e4e186e4d6a331e3b8418ba8d252cf5d11e9c6909f8b8c882458f35810ff573fabfe0e7608a613091db40dca4a4b369fb2b5564659312c9e49c436edca444e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
282042729f7f0c73425d04792dd1de46

SHA1
f49877b7728977607ae6975cd9f9b1ccadd149b7

SHA256
dcf34b7ead77eead68bf4cef48fdfa257b9f28a1e6b3a02e94e2087bb55278dd

SHA512
8216e8776f76010c649c27198fc2fcb006c680525f936a7088d265a883c97d586887e8543e22784be0dddf142f1adca4eeb139e56dace9b4b56491a1134c249c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ed412e4b79f3e2958428b06ee346d66

SHA1
656784691d33ac2438e4f9c79ef6004d906555f5

SHA256
df5616299c712addd349008333df11d5509fab1e45a954d7d2ef0b3c32e12d73

SHA512
b892b9ce75190f708b0ee880e89851482731949e98f165b641c79c216b0ac8d6ed6cfe76d5c653289e18bef69f50fed378e298781fad39e7e1ddc0649337c91e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
831a56635047e52183240841ca28228f

SHA1
e9b47566979ba4d2ae20f81667c4328baa8f32c7

SHA256
f8c05977cdae5cb801d05dc30c6045814183f20534cce0b718cc2816f2605cba

SHA512
f70f754a15924840f24c8f90cc4be39fad4525020ec1f8129dc93cca7634dfcbd7106530239f8e5e794f82a056aa573cfc2e2c62156b79a5f5faa8d21379f85d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0dfbc904f269ad8de797591d70b802c9

SHA1
a8ca485b0c8706bc604e478b1705ef6592fd7491

SHA256
33f28cc266507e39e22ab9aa70a0524808f0b72dce3a0eaa8409fef8aa327f70

SHA512
9bd1759cf6c8efb3eb6b085b161a832689260de8dcbec0d8cb3bad3d48afcc79cfcdd24b0be89c0548abaee333adda4bc7190963a4d6151145e8e366eb9fb1ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4652f609afc69f3ac6cad47df729fc90

SHA1
5c389f474428e63c28f76fc9f7454e5cf5eb4ce8

SHA256
263aba33107bbf92d019d2be4c1988796b0d4075c7eb6a4e06102e649c1957b1

SHA512
cc276ce87324c12d354319eb304f17e831c71c5cd55e540c321f5703750c440869127909f69d1dc0495a34b5d0edf50add1f7e2bd1f855ac4c3f0c32e98d852c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7de7e250d4d862d778328d7fe4c1226c

SHA1
b444d77672ea37b1ab7bdfb9f2afc37eb67564c3

SHA256
ecf296d870a3e41ce92bc4f4b7047b02ebe1ac57395f25e92bd57f8cc336b26e

SHA512
a9e45a4e3d277168c16edca3492fa0d5816f74970751a222a0bc5e98a78f35d231f76e0a5ef553e44272aa51ad7ab6ce5186ae3995773c5feed3b7e29dee5d82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c30f53076490cc5b4ef6adaa28041bf6

SHA1
987513b5209d0bf45174d45f553d1249f98825f4

SHA256
1d24818bcbede5493c6518b5d1fa0f112f2f6fc23b2a719103bff2ea3a0117dc

SHA512
f3124f4a79ea3e50f121ec2c9873d55314d8d906b13ad13ace43ed5d84ec35528e6d2e0d9fe668ebb3ea7b8438c66ff59753b59a160a6b7165f7326cd0350bee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d1bacc7624b6a37d7f540d94b70db68

SHA1
fe11c98cf40cf7c4940b861ef4dbebacc6579ed3

SHA256
3b319966cb4f0022bb828befe9dc01b3fa2308e1fe6733472ab2560f4bfe8659

SHA512
e60c4845091eb2d037a8fce98cb398671d881cfa913eda686ec9b9b93197d36f0ddb2ebccf3e92de06bf5bc514d5fd06549b904f4b3d12470e2a89eefb4463af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d03eb6febbb176737045854e73f1d08e

SHA1
ca54bbfbc16f0aea3d0e094cc465e53213153c1e

SHA256
8474d62f2b3a4becf54c31a86ee7bae3ce35e597e1d1e6aee202d5514c836c7f

SHA512
0355f4ac74b7d63acc7052d15e915a622c236e261522f70c0376dc80e80c725da30ba4554fadf7d625355d08f1dc98d474cbb5c698e19f341b385361221d35b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b2760f7a9a26095a62096a4a3689e58

SHA1
f49ddda7c385f444dd329fb817c0a2cdef651ae4

SHA256
ce77e4c9974ad974496cb5d5e2d3cd6faa07c1510cd9cd62a8580078958760bc

SHA512
a10d7850960a2e244b1ed78e521bb97eb619e248064a9370875d3f49edb971518ffebf8683b0f5819e6b8a6d0b6dda570cafe582fa918050ce6063257513f01d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d71956c1064ebf84c3826bf6e3114b09

SHA1
7635a66b3ba47c0ec1293c5d51ee7bae0d162652

SHA256
c38cb528c387e381e332d6eb82955615729698861e27fe46f76ffd4b3e97d131

SHA512
74e271fc68b43dc6db52adebfc7ade34077512c72b34ecc510bbd85c6e23d37220569eadd0ad437eb0bbf871b74c6f07cb16e490174b15a83ab20a5f33feef7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d0f99f1edeaf39c4fa9a8d48942a4da

SHA1
b39248bbad52b07ac0c3a1ebe4b50a1f75822b41

SHA256
7b66d8bf00c3e2a34132e82f6372acd0f9cb1c4996d274885f0affa667eb6f46

SHA512
c53949d12a6aacf2951af3249c76b7f59a824ab742fceafe9ea917e3a4c42e277d7d7cab51bec0397872cc96a4aca8c4e3ef9d7b02ce5c27545888a09b82923b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
792d256645dfceb92cec93e7892a0e4b

SHA1
930d86be1e3263259c1e69ef3902d0df55b2c3d7

SHA256
ca3b1fb528d61bc75d8f5d4da6213811a301655d5df93a7b55fcbafe405fb17d

SHA512
a1c982baac3d7d8fe3f9135da96cc453776abe6bd3fe27b3c05697b149f3594e8bbc14f1ae3a2eb29ef3a19aa21060ea28222d160619ed8d64d38380b566cd58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff48ef1b9e994e940f889267b3ceb8c6

SHA1
d85c34fd453f3f8495bbca91b844e8b015c0eb10

SHA256
a1152136b62ddcefc583a9bd0333a8a8b4c0604de44f1dac91bfff47d7f84e96

SHA512
7b40b09c08186697a0b0b9857cbd6ad5f5c3d7e672cf61288a47079ca68bc121c1cb4b91d34d631d830d7cb21f083dc1141dad437ced1a947c030f3bde9ea0c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA121.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA1D0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit