98010e964f8840c9ecddc6bce6519c4a432f91ebc1a7a794e3a874cc29b2fd91

Analysis

max time kernel
129s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 09:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5c070a4bddf71870bb339cef94cf90e_JaffaCakes118.html
Size

11KB
MD5

f5c070a4bddf71870bb339cef94cf90e
SHA1

3ed4ca4856c23ba5c321f111d1268f1ff9c8866d
SHA256

98010e964f8840c9ecddc6bce6519c4a432f91ebc1a7a794e3a874cc29b2fd91
SHA512

8f2ffb6116bb9a9d4005af82f9f79be966d67f7c480384eab24d3c0c1e904ce3b427b5f23ae875f7c0fdae5212ee339cec1806f75f31147dc2e6f4503ebc27f3
SSDEEP

192:2VulIsr03Dg8k/w1wvqygBc3n6vwWda018LOXuBuLbdU8d:sulIcuDg/gcgBc3n6vwWda08LOXguLZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9C4AA741-7B24-11EF-9D09-F245C6AC432F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433420132"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2776	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2776	iexplore.exe
2776	iexplore.exe
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE
2676	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 2676	2776	iexplore.exe	30
PID 2776 wrote to memory of 2676	2776	iexplore.exe	30
PID 2776 wrote to memory of 2676	2776	iexplore.exe	30
PID 2776 wrote to memory of 2676	2776	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f5c070a4bddf71870bb339cef94cf90e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c9d01ec17f868c1c1571b1b6015cf99

SHA1
fa615cc74590ce9f3723041e9b6dfafccfbe3d31

SHA256
edbab7563cd916a1f91fe63f9c5d79197aff6e9b18794c8af729f1ea1057f7db

SHA512
dfc4de376b3fc2da7cacb11a661041b1e7d276ce76f7430ede8888854d33f5205f165e65572dff974af188bba69da1e58f95a23c93b6978b07aba40afeb6c42c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc7fe3e7b6d523f2260c12f70fa6bdce

SHA1
de0c843b0e344e51f703b93e5610b021512a23db

SHA256
cec602af7d800290ef30d6f81d00768ffeba6b410d144af525f436e5a0820057

SHA512
245dc3b9c2d1c4821c96fd75a938f227f7b30cdda95815339805abee2f740f8662a1d3615b17a364137abbef39c4e278a432394bc0abf252c348fdb14a377909

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77e7d25917c46d733330799c2078bf79

SHA1
36a18a1af9dc186ac5ee95d78dfea626337a0241

SHA256
c99bd6d1bcab324a001e40c2de2a08a1167e4d6114e88b63968c10b5fa825ee2

SHA512
d6334cd43244a467df00b59aeb17192f1d1b6de313a509a10b8137495800b1e2fc3d35162096e915d82454a2e833b8936b5fe2a5e9d52eed3d1be67d7e20537f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7c714c5d4f3e4ee3798c62fe748be5c

SHA1
23ef5716b54545b95d1f8486ab468e689c8284a7

SHA256
0839610bbb07727ace7a09bebeb3ee6e4d216a555fbf8238c256fc9f4fd4d457

SHA512
0d72221027a4d6c002510589f64da92ee0859efcc86fc5f51a1ee311c9055e7c9f30a33bbc047fb6225aab8df26365084287f02259eec754a965e93757067b83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
becd08215335c7399277293e37fd8243

SHA1
33d2e26dc1a29d5fccbb5e0cc44f37cbac260f3b

SHA256
115a0a0440c15a23c0a3118908d40dad6c4ba02035113df9f23da36551281b42

SHA512
ae2df1c7f380e0d8c49688a968f067a9451c97dc57fa6ed1ad7da8890c5206640dfdfe5bd84ca821a95b6263af7887086df60f6d12c5b80f15d948a244b1c132

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
571deff54990a87a9e1282e55c3c2510

SHA1
a6171a93db4eb007601fac760c1e2de845b3053a

SHA256
dd66d9b3ee71849f5307c445abc2b02ea5fccf1229a5d64fd69c7dfcde3d7ddd

SHA512
fc3366cff2942b2a198e933651a7b70ade3203ed5c3182fe889b61cc759daa54099d609281a91d0200c19d25676a87b6ed281e7ff0b9e42f7baa40e979290cae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5f5d85efdb6b245f7c55878cdb3d230

SHA1
c352470e1f6464fae59117fa874e628209027b69

SHA256
4a374d8d6fbd19883b11ce3614e4d31e0da31ecad8d82481462840c89bcf5c06

SHA512
bc15acb9e9a6940d9d4f0c1ddc651cec3594dc3e0d7058f7ee186c3c4d9c8145fce1a9a84f2a447f7075b570f8dea3ff7579cc1ed45828d66b6839ac278873dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
688869fb5321978c62857493fb4b5be0

SHA1
12b45483e984efc131bf59953232741537ac3e42

SHA256
068008f2a3fd79de4e99b2032dbddd50e004fba986f50ec5c9f867985946c592

SHA512
3a5480bd0e31e05ab7fd669a89f915b3bd889a69c0a7ffcefdfa2c44215d367575e9d4e9cf65acbbdb32eabd2b6241b0e1f249e572427077f0f3934f516f386a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95bceca8e51c502890d1b03634253486

SHA1
cae822b047f7b7c8e22adcbee51c81faccbab3e4

SHA256
022564835004e99bf39688031caffff3845f516a883419206b6655a80b854ed7

SHA512
3142568e381ad5cb76498a239be1c2da881a8fc62eee69b297318ca9bca9b0a928389d54d2c19ea8a740319033ba77fed465cba0776d79a7f6e0869ff176c78c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4dd9891dd8303206d34144b342a185e5

SHA1
55bc3326f874566d7610d10deb8aedf6545f016c

SHA256
5f64c5e137be56fad5989f49b501827f45e6328aa37648a0506a161548616c92

SHA512
16e4e9f8ea6bd4863a8e1f6f37a103331d75f40ec07d9fbed4034eeec6c5065f75b25298925953e686e9bad7cfd354367d60d56a31423d0c5a7ab73bab27519e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e881afff5ea12b54495938a907bc09ae

SHA1
2256edab4e87cde243901b7071e88e65616c835b

SHA256
b7b745b1407da1b0bd6198681d02960d1408ed228223ffb020a83b494d697522

SHA512
0306efd1606f5ed951b489f51085bd9c39dac2d36b7cf6e1116f684366eed2d76174e19e0309bf2a8a8ec6ec7e86b3e996cc889890dba6ff1b9a9999de064970

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f534696c1168aff0247e69e525611dd8

SHA1
5a3395262f021447b3c442adf529d31babee8b9f

SHA256
9565569ff36d1c697582085cb2c4e3bb6f810090dae4fbddeef16e9b3328d231

SHA512
d40e31d93fb257d89f267fd971c2ee44066143e131d8d7364be89ada3ef76dbf59caaaa33dd53e8dafcacd156a9c5a8a12687404198c00969293a5b492d9ef78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04bdd6f051d69499ff3f86a418bc5409

SHA1
7b72a0f903d44f1c36a6d3db0b82e5ef41adf58f

SHA256
3911535167360807bde96567616614037ded41d18f7e9c3cb103dfa3a68e2e3b

SHA512
819a1c937cc88fb61a47aa5be9f695f44cc8e5d59860f3e3468949fe0228a22e1422859950c62ad1e97e4fcd05f6067b31fdeed9219c4a27c7d3ae3f42791d04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3e5db8f5d601aa15a2654d7ca208399

SHA1
9a26843e3889923270e77d8decb08735da690b3a

SHA256
822e08a37302827c0ff4eb08a85df4e3060a8e1d19045373a8835b172913e914

SHA512
d0295abbfcf8fc515c75be33868d7b2aede8b444183b1bf741a3c3aee81da9e84a56042ef07dfdb32a2d95559173c44766f798358b205988a18fc805d0b795a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c9d383f4d737baf59a5e1d7670bb2ec

SHA1
e0015a967061329c5794099f767bccdb12a1d4b8

SHA256
03235f13d8d32ecf2a1bf0dc3cf114d14073203779c1e5c71b71739f48639c5a

SHA512
aeec4f492c26cf877d05e269e49757bf1ad91851831c9e59a64f8e4281b0fdf549d0f7f4c57d451743c2874acc599febc76eaeabdf06f6447ba3b0ab3e7fa7e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f42019247a1825dbe1905e248a5f077a

SHA1
ff808458a2ddafad45f30114a103fe935cbea26f

SHA256
4361c7fac30f5a9caa2f4f64f082c55feb3eaedc54177cd7b9bde3c39ddf0302

SHA512
217ff0eab51a5635ea5ccf35e4105f7bd1233cfac1025c363746311e8410e98bd14f6d796d343b3b6f026eca294265d8578423d0e6b96d28e6007dd43e0a84bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF180.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF231.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit