bf8d38ca36e7dafa3c44c7921c805eadc6ea4162df6c5bb7c6d9c48cb6f01291

Analysis

max time kernel
136s
max time network
138s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 21:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f0a1b0b2c0989a8d87f520418f30613a_JaffaCakes118.html
Size

24KB
MD5

f0a1b0b2c0989a8d87f520418f30613a
SHA1

4445782ab41b15467d303be3f76d4df16b6c3ad5
SHA256

bf8d38ca36e7dafa3c44c7921c805eadc6ea4162df6c5bb7c6d9c48cb6f01291
SHA512

126f155507e30ff14ba59e9e285fef51057aa10d4d2a85e66fb3e996292f7a1f2c0b75c0cebe679b788cb445da96e080838370685935ea1758bba94fd232fd80
SSDEEP

768:f1uiSGG1CZFWCxgqM7iuENVfUsOZqny1bhGHmBnpKM0RyJcqwwW:f1uZ1CZFWCxgqM7iuENVfUsOUny1FGHd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FF048541-785E-11EF-A641-FE6EB537C9A6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433115355"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1920	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1920	iexplore.exe
1920	iexplore.exe
356	IEXPLORE.EXE
356	IEXPLORE.EXE
356	IEXPLORE.EXE
356	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1920 wrote to memory of 356	1920	iexplore.exe	30
PID 1920 wrote to memory of 356	1920	iexplore.exe	30
PID 1920 wrote to memory of 356	1920	iexplore.exe	30
PID 1920 wrote to memory of 356	1920	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f0a1b0b2c0989a8d87f520418f30613a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1920
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4c1d727aac3fe37ac0b046cb2dc783b

SHA1
7b3169fc347f76ad51a93bf45f7c5dbff5d67a56

SHA256
905697726811eb8d9361caac04f157e72e5e47e8071ed7045afcf285f8a38ffa

SHA512
4985f73e2d264641bb182886b203e8c809ad7b9b085179cb29a1831a295fb7acbf00db1699675fc87e6c9ed2b644b6cfa7a6d08403bd6bad06f040d82843e1b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c995f256f57abb878eeea86fa3f08bd5

SHA1
938eef57224f02bff73e499cc031d54675b6af8b

SHA256
802c74b1eb48230f9edfb615c9eae436ac8d56b6347133cd2e0ca9bb4ec9e4fb

SHA512
87e6e8c1ede0f5faa66e8806a1c80d5648d49ebfb63627fa832a3be3d83beeae65a50abe4ecb25696bcf50ed9838ea4f5d8c64fc4efbfafedcf25162a1a93496

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3536a9a1788aaba2c687d5b3d710f5b

SHA1
87cb4bf5469294c0fe2327134d14ce568e51e4b1

SHA256
ca5e0d1c843b13c3adca9481200fe2444099b7248774d8461afa2b4ae2a08e23

SHA512
413e9962a1b0ba49e654f6b9f03c7029777850a196fc12f10d7ef523b5abe52d8ad3735f71343767c72a54ffc1f85e01c3389b9426cb9d429d5f4779efb4c27b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4306bdbeaacb771798d6f67f7ceae98

SHA1
9c15abe4d866ada435390d3f588438f4909417fa

SHA256
73f29092d75583ac365e10229c794e881a15ed22d58d577d256f83015b21251f

SHA512
3add3e0c858a5ffdc4bed72ffadb9351df58cb95c08d27355d8fb4fdd3ddcfca8aec99380346beb32f8e39dd2f7323237c30cc970b822625070bd1eeba81d52d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a553ccb3042f0e3f587cd9c08e8fb67

SHA1
f1409acd2ba86e305f7d18d13cca118e35e079c3

SHA256
6488364649969d0b27610fae33e41933f1bd13eef112e385ad741427662741ec

SHA512
c443f0124c0a5121a177633eef2fda06d1ccf021b3af50a611927538757d0d8dc9aa07726bba5ce7d67aa788676b3271006537312a68e90108f3e9fb07fd1702

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d4eff9c15024f140198fb15c8529ea5

SHA1
ac09c11528d1620920003ab8e5b6d4e58625c863

SHA256
ef78d2ddb2d8f9a993c46c71cc12e70a85943b41b0dc90ac0ff60eae51ff830d

SHA512
37fe50d08f80458e6c18e5675db62a254b535f6d71698b268e68cb8ac66ca92030bf66684c31b960367f0189702a32abaa1261503e991c8595375130c07b3b66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07f13ef4107e02ee8f1064e213a775c5

SHA1
057182ae8710702a526956aa8a5956bcdf742bc6

SHA256
0e944521d27fc8ac5d13891cddd14ad2ddcd548a26737567c2c7868d79d56275

SHA512
c442774dca686c2da04d72ac64630910b054d664f541e7a37f9c4cbda6508b87979a32180b93339d18edc916b719c74ac8753db7647e7ba47ca99942bb8a6fba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
445cace2091a8a45a03eea7f7631753e

SHA1
bd65234e5b9beb15e0b282a5c2d0e8c1f0ceb962

SHA256
aa8894ce92c0581a434fe16e0850a2ea4a8bf9d898fab2ebebfc9e540404c903

SHA512
72ac9f96ee0025462fb1274971e24e68f6238abb199819992f58597f6e08bc816e2f21e7761d9d5a3c6430cde4a84a45e9d631db4a965794d91cd7cd400349ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4558e3b6fc09e5f467b5f255ea6d3238

SHA1
24b2995ce745f9efb99cb931850df420f4a80790

SHA256
74c24813f8a869fcfe4c77e0ef5ad80753c848148b5bc5abdf2ab847530b1d0e

SHA512
a4243ece18845ad16f6273696b824b493612971d10dcd6f578b5b7fdad431713d8e07f9a7ac2b8198749f1dfda34aea37378488b7bf82d76a3723276b4a340c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ff168f9bd837ba66127989d8e9db27c

SHA1
3ad238ac739e891bdcfa175dbac9dd88cddc887d

SHA256
1731d19b99df25ccbea8cfc9849067d7d94b75dbecf4f874ac0917110def9ac6

SHA512
6b92aeaa5af62e71e5a6af0e3fbb6f1fd11454dff0191dfd11eac9b81aae562e9c3c1b01ab84e0c1cbcc87d3cb2ac0dd252656236f2f474c135272f46e7cff6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9d72e6bd1359f3bb833633022ce1110

SHA1
e1487c4b5ecada65c08ee348c50ebea2ebc49de0

SHA256
2a03204f520053356fc561d9d4d54d123d659eea8a92ad9696f3570bef1b0152

SHA512
94a8b43012bfc6d6357401b7712487deeff4b0cbd75dae838765617a190da8bc2b861ee8f8ab6b4c46bffdae2efb2d296f6d1b812cea46af4d233a4e6e375e19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b51827f37ff684da8c33aec764da3dd

SHA1
4bcde64fd3fdd6bc644d4b27a99e6ff070acbea7

SHA256
4ead4649fd7e6d2ac9c93462a34498a72d5bcc15c3957491cd2a6994a55bcf1c

SHA512
d2e46c59836060178a2905cf64d6fdea8c7fec9cbbe60eea0d071d5684440422b10f773e354c120e1bbad8e08af848cc4ed6077a76a7dbc43d236707f10c6e1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca9ace9e8fb1a5060241bbe6d9fe43c6

SHA1
655651da23c0515893d41b561e1d442c2942f632

SHA256
61c50f3209620379ff27572fbeae721a5b66ef54a94e8c2dc8ec1c5ac3993d7e

SHA512
7a4e8f6071e16347f360981906071b55bebf3d47965d871a3e8a2d7ea11e18216e19ea45d2d13eeb7acf56a9803f61e98d82f8262b96cbfc70516dd331f3a9ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b66f1b598a3e408ce25146a86d9c429

SHA1
1f3c28d7d1900277f2d69ac45de16631021fb609

SHA256
19525ef80b2fb092b161153714ebf32437ad3b3c0ba77248a25122d3ed50bcc8

SHA512
38b63a3fe45be8184816b68446b5eca7c1e7447fc5919277bccd014133aa3ac69bba67228f367e437a046e2fb9ca06c0295a4bdcfbd5bdf0a0116247113f9911

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e51fb7633fed29dbbc31ae3cbd9a26f

SHA1
6963517d17c668fe99f8f65eadbb965dcb0370eb

SHA256
72b414524346aa1b48c6ce6a982832ed56df2512e3e6da34584223adc06b6039

SHA512
ff9ec96f1629c800cae88ec28800c1ca134e73ea8f61216e5814ff74eedb4970cea075ab56a9942b6c53739f815f63edd91121099d1d66eb2e1fbeef8c8c4dda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fefe56ec1d86bbbddb300eb1b1f1c576

SHA1
c832db05b4d114a67e1ecec1ae3459c907573f2a

SHA256
c313a4d0422f956d1cb77e7b6ab62931853ebd67bd7b4c27137f1c36ed13240a

SHA512
4cdd24badb83866076621a290c4eb0c2c6c69bfa768c533b0f44e0cdf6996ce4e46fd3ad4255eabfd5491d6b48940bcd4a8991badc1b6cd77e1b01ba6a07eb2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1491b38a68e91f88c137691d7f140360

SHA1
c73d1b15998b442fc483a14ca855bac0a12134f7

SHA256
40326edbf34a6532b64f73863d2a82581c8b94414fe2cf10011dd54b4471edd7

SHA512
2faa661d46989d0c2bd90ec8cf75df093d5b0da5bfbdebfa7db59f05966b35eb14c1a7bbea1d16d8fdba99f2e0f7e5a5fb844203a3fd7d657e005f929e8585e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75228a3e4f2d43574064909299b7f41c

SHA1
9c49757dea0197a5050b6fc1513027c04298225d

SHA256
d95e6385235e454effc956b644d985f8c41c609e0b82f6eead4d739fdef8f021

SHA512
89266e98e22eb54eb81e6d1b8330d2aefc627661916ca86f942b22fc5697b8e31017e3f3efb291f26106c8934581a0446878667f61dc7da8d9a06502453616d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f82bfc044f9b62ea82b24512b458516b

SHA1
5c188cc0d918b90e44d2119e457dddc93090ae42

SHA256
294156f5eade230ee4a8b9407db97f0eef56c6cab061fd16ee27a47aa7e3f3be

SHA512
66e33480562e33e906004d40c4972933d57d2e37f55d292d66609010492cef868460849d8e2271dc9710295cbd6f698d88820d43410c9e0c83fdb0edc6de7771

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC055.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC077.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit