a7a5dd33d9c4ff69e62bcd3ec699860560b8f806b219208265e4530fb8ec0d35

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5a9f45508ee874cb65924a30c69fcc9_JaffaCakes118.html
Size

32KB
MD5

f5a9f45508ee874cb65924a30c69fcc9
SHA1

d9632134f8092f64b5f56db721c747c7ff59308a
SHA256

a7a5dd33d9c4ff69e62bcd3ec699860560b8f806b219208265e4530fb8ec0d35
SHA512

571c4e93855833df99cc03eb0784e3379a68a6c9d9da7bae814287fcddd536af9e08eae9ace5bdbd57559683dd3aaffb286eceee60ff2c16b8ba97e2e961037a
SSDEEP

768:0Lj8knXc/iDVO469MhbNBVVwmWO090xsoJ2MAEy:0LwknXc/iDVO4694XVlWO090xsoJvAEy

Score

6^/10

discovery

Malware Config

Signatures

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433417005"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{547A9351-7B1D-11EF-853E-4605CC5911A3} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2416	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2416	iexplore.exe
2416	iexplore.exe
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2412	2416	iexplore.exe	30
PID 2416 wrote to memory of 2412	2416	iexplore.exe	30
PID 2416 wrote to memory of 2412	2416	iexplore.exe	30
PID 2416 wrote to memory of 2412	2416	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f5a9f45508ee874cb65924a30c69fcc9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Network Service Discovery

T1046

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
597ea7fe1cf0e6b520cc8c14e1a21922

SHA1
73a54bf09bd6db24a78580c88963ef2c96c50710

SHA256
1f25d9c92c65372106b5ac5b8e59737bf6110b83cd5938a75c3733c05ef31650

SHA512
b77d615120dcedc0244637e84b4dd12468d44af6f5d2331ba268155263d5f1449e9c11b604f3f0854a44bae13b566b0792fb1c546d368aadc0dd9d94104ef959

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e2b2d00bd9133f625fc8a76b4841bf0

SHA1
0742652443486c271f85d7f886c77bebf55b1eb9

SHA256
21f855cbae687c1f46ed4b36b5214dde97d94f7bdbb74d66d84ae58c75caf29b

SHA512
fc4415d83e98465dcac9230d2743f20ef7312d09c603ff357ac39fa863b4db33b54e239e433b8b8af0c0dd3a243c2dfde66a7632f359463a7ab495c4f3e4290f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de6f1f609a5ab6b605a3a5f2a6b97197

SHA1
c99a88934a87e47950f16cff795c641f4002c9c0

SHA256
1319141f478c746546eab41f7e98752018b2bd6ade3c5df137cba9da048f3daf

SHA512
59c15508a48e53b474e5e8f9d2e68b1c330fa16abf1211b2a6540dae00deec70e9af464d2c2b2eca2ebaa3c200fcbc882701714cd4d3a9b83cc678787670585e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
124743df54ab81cc27b9082bca896189

SHA1
c864291aca63cb0db92944d648764fd6ce76f154

SHA256
4c7167a2601f897fb48777da811758a227ed1e51d1f10b1b4f551e2971d1f494

SHA512
d9e4eda206e2ed4e3de9e54da135b81840abe161acbc58dde26f0a04197a407f2591638ff07a8226e362b3e56d9544816c3db5f2f1ab8af8999fe2a969a41837

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f344c2e1dabd3a3922a8dc556e87957a

SHA1
1e29439197ef86fd4712cebedd34d43a73b02ce1

SHA256
ef89e86d4330322078d0f30bfc895242d3e4c3ed2587f916a548b39bfd4a9626

SHA512
2bc1485ab5490ce98424802cfb4d99e6d928cdec1b764653c0b9c2e0e07f8f116d363896189d8328b6687202cc7a2c8113b8fdd621e2cec3ac934cf020c42e94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52b0af6278f5ae70cff69b8aeafcb8de

SHA1
00cda0d758ed87af53df6eae3f36b6082e636085

SHA256
0469a5d02ec8d76670095dbcbec7771af41c253959677d9da7a5e81f8f0bdff2

SHA512
6f5d53b52eba17c5311415a0d9a7a0d81511e4ecef1d7e760b308775a6f6a01b9c28364586e22a5c37f595662f9806fc65e2f7f21acb5af3ac3f99f847755128

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d848fc0727369b7bf81d81b1cecc021

SHA1
cef08cd535453f78ea8c82095b67567a132bc214

SHA256
d8330a07f53b5bd4731d8085be49d96036e26c517f4f6459acf1cc754dd842f6

SHA512
b924ea241f55a0affa668fd6cc6b59cce42ce89bc760f0302cedb8a58017f5e6cfc219c44adbc1d89b8eb7e0c763f86b46fbb4906c9437d7c7a5ecdb44f9e300

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80ff025ece2ce548189417e1bf978d19

SHA1
980f50e521c59b4e188cda3b32b6c2ef5bfe15c4

SHA256
89f4a974cd07f5cf9fbaab02d9010900032e131805462c7dcc43b55acd2c3a33

SHA512
8ecd813668f97658c267e7615365786e12e033ff2374338f57d7e1cb0d6df2bd73d59aed7c3cc9d695f2d54953c2c30af4fa23d734bb21e125f4866fa8929c5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ed61c8ac178cea5336d8a13fc3f1d0d

SHA1
b981ad7b6b72adb76e3db2be677848bb68a60fd7

SHA256
9c97607925198b155868c13f2457f1f26bb70aa3b61c062fcbc9cb90fdf64da2

SHA512
1bfa3bc893fedbdc8a977d1e49ded8e19f45522abf230ac27d70cae135e3f4062d95729b971b42bfbd55da55fecd9a6cf9b10768b80f56432f759a26ef7cd12f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30d972ba181c8af84571dc08be1682f3

SHA1
89323853fe5de89b344a9128882195e738107ac3

SHA256
dd13b26dc8be5b429bdaf159ed241217b41c5ee4aa19b1888c7731c6cd0349f3

SHA512
a2e8280d687edfdefdf1aa51f8d6cb547f22ef0571d0e408fa04a33ab53d3403670c0a3de5270faa9a1ac80858ec4cf138ef0721e33541d7d4ecfe158b38d960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbae2c78b2e8237b0e1ec7b491c63b06

SHA1
d7a745f5d18880f299ba9687efbe61032fcd253a

SHA256
4649e1b533448fdefa04db87c3b52bf234a0c0648702125b27dbdfff56fa8548

SHA512
54c8fdf45111d4898341bf0ffa7120f76e3b30ff0429f1fc40ab8f296af8d4af39a60fc6c826876b2b874b13ff73a089bd0c09f0febd5b4f4e13349af2152494

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8e046f456ff1470aa57450737175722

SHA1
abe8349b169f656c1c96eaf9014213321865d320

SHA256
3136181fef79de50e854be237270955cb5cb012dc9c4f14546a7da656a4fd94e

SHA512
3cbb48a74c8e7d358007899be4af1118ddf9116aadce925b7c5553862e94be065793808005b4c1b24fbe5e2c183b2f251c3e07b6d8f0998671039745f5080bd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
e8c510c6196b1575e1074867af53cc9d

SHA1
5226f92978b115d74471c62bfa204576b2fc246f

SHA256
258b6bdee0a98f2eaebd3e2b7c7b9ec37894bab52eb9cb9e34239ab5c50d4d32

SHA512
e84192bfe4e242cba145e9fc54201483b52f7b9b551030414535b8429c9a9d98e7bf2188fe176ace468f02cf3a1ba9c9f20ac16d747e92a09e995d581bc0d342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84EXSCRK\api[1].js

Filesize
904B

MD5
8e2cd6557df2501f7420388868833a8c

SHA1
f377191a8999c9a5fd0f41f66ec5178a590184e7

SHA256
43ee90d4bc26fe60c1c5d3415290ec32a311407c10386803667c0628da03d706

SHA512
fe652114e2184ec62ede8c5bd436140df5513fd24c21a4009d5f2fae554e1fde7c853899e2e8a8b6232ba53196741dbc58f582a8437c5fff8b315db1e7cf0d18

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB673.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB724.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit