37bffa27e40212db405bf86824b638097e9d1b6e2dbdbe3bfa1a3352037294fa

Analysis

max time kernel
148s
max time network
137s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa17d45de12cef3251a7dd4cb8a3c32e_JaffaCakes118.html
Size

11KB
MD5

fa17d45de12cef3251a7dd4cb8a3c32e
SHA1

157c7d4195a6bfc47ac092d31b20a99ef33d03da
SHA256

37bffa27e40212db405bf86824b638097e9d1b6e2dbdbe3bfa1a3352037294fa
SHA512

0cd93dfa3a895b3dd2893fba59d305478e98903698076170eb2d8fe5c92504648bedab583d799f375ed26ecac2351a4edbe4d017882fe20f878b2af72723dcb8
SSDEEP

192:CgjeCrLzQPlAlXlvXxVdQEQ5DOYGVJObz8LiQzQ7QyEUT9tJZYAQRQlUOqLosWXe:dje/+95dVqqYGnnLiyKf9DZ7H+ksMviR

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8C18D9C1-7CAD-11EF-838F-D692ACB8436A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433588897"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2056	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2056	iexplore.exe
2056	iexplore.exe
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2716	2056	iexplore.exe	30
PID 2056 wrote to memory of 2716	2056	iexplore.exe	30
PID 2056 wrote to memory of 2716	2056	iexplore.exe	30
PID 2056 wrote to memory of 2716	2056	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fa17d45de12cef3251a7dd4cb8a3c32e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
97820cc65e64cc3adeacd7d9a4b45d8e

SHA1
ed9af7189d425b61515960e25e7117a3af1734f3

SHA256
fcf8ca7eaa44b7e2e6674edb96f24bdc8724b6e02287dda8cef11f95e06d825e

SHA512
4780e4cad9d1111dd58e9cda15aba9a6c196ceaef516fe3cf1cee31efb4f82ad0cab86e1fa252bbafa41145f122bcee92a603a2a9fb5eb900b0fc2e8e6b7ba7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c2980053dc13f4c9194a670f891085c

SHA1
4061faf6c0f3e2108b5441144e2487c286147842

SHA256
09a3b5dbfdfc8144e454f493d53e4c90f9ddab311383306f8b2589e0d8e423fc

SHA512
30e337fa24eba43462697f27e368460f0c70ae06dad3c516535efdd05fc6800fbbd1513f1f83ed8a87f186ce5cba070256354a14bfa27fe0f61c29a41d7f8bb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfd73a04f339b502dcf543e0fe427ad0

SHA1
dd8366896898fce4315ee441316a0edc69e5905e

SHA256
9f4330b781571b33d7ad6ac05a62cd55fcfb071e73f6933e7fec653965a4171d

SHA512
19911b65c7c68ba7319fa48b9a0e0b5b957ea8ba8cc29ce4b1cfd49ca16d69e7a977103e99b118f3a585d16ed09b574fb8d98f86dc52d96cfb00e4ec21de0819

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7c5998c14d95817d6aa8bd686de35a6

SHA1
09c1cc16d571bd3a47cf3545a89ea3d1ce9c433a

SHA256
1944d83d7ed9d474d03b52d28cd4ccad1d49011377b83f35a41894e69e0dbd6d

SHA512
49cfe8886a6afa9c24de30991e307612bb7365c555ca1d64d92df79df302f255ced7218583425b50cb5689544b6a696e245a853df66bd5008838a8539e6a393f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc638eb1149f34d05944333748db6bc3

SHA1
a99cac0997e39b356bec17704872e0cef20a80cf

SHA256
f7d167485b7ae23ccb4e549014c9574983cd6d55c6990104e09d503d8eef48a2

SHA512
e435491a72186afae210fe80c44347f249c89ce52ce2717f9987fafade584d9476b6442c9990ea00b1c96354d64aeffa89cf14a60cec3abcd5cac2e83c671dba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70e4a9c0d3027466f75ef3fd40d3a05c

SHA1
56c5c332ae633af02b8d7b7499fca0a10a9bce31

SHA256
b7dba69907de514bacb6e61cbd9a4c42775db4f42e8e3cf16778b3c52cc5317d

SHA512
37e6a04b24b121ebab121bca71ffc8dca1473da587029905c931502cf03de80d9359c52d4990439a9ce1c65deb98724a61eef630fda92afb27577782461426c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b91708ca9201f65e5262584ec705565a

SHA1
7456b8baf1a47c34c467139efb8d7729261ebae8

SHA256
69df06bcfb31dfad8f210bb13e2572957e4b8bf70f213f6d18750d0d0c2fe845

SHA512
5e5c0289d57513422ce8224f4578115847e607ba71fbf7b8c65cc5ae24866c3f53b622165825c63684a909aae890f5dfc5a215deb0a1f71a82a47fb9f5b31184

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0c8a0b6000c3f9cdea75108216ec3c6

SHA1
47992f49bc9503d1e7f46cf00941ae7d52112e5f

SHA256
e97f83f25d854462c1af44e23fc1ef0bc0fa0d01c926f98556b455d2a9df368a

SHA512
53af7416a034321875dfeda901c810d9e87c7103d24387802aa244377a0867518f179d89eaf32c42048bcd97f526f9600bc175b3ebfba87d8d226f30bf8645ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
192111949ac490eca9b44c3326a7b204

SHA1
74bb821f5e17052a1d7bae1e88cb7030d5fe1b2d

SHA256
9545bc0a0efebcb1e86be4e2eec831b7c022e733656d358b2ff8568c8ff79416

SHA512
531f42f64f3d1a02139a4c34134c1081635c2b34fed5aa0e442525f73f777ba60e37c6029daebd2c5a5d3fdacd99e1f0864d436b59fbbff6dcc6c779038f61bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d7136e9d833e2ecc4805dc8f8c9c57f

SHA1
db06baf4efe4d6598f52938ea3c6f76f0c33178a

SHA256
f54d3634f4ff4b75e2389419e9a4809cfe3b450d942819e727be325c66bb6be6

SHA512
0a6ce706ccff123aeb6d958d939c95977c7a60ed0ffa1daf6676c46e133f66f541845007ac51918d8c9726bc0297783f84aeb44eb903665ddb4d0ba0f5918d54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bd24759cd2576a1dee367d8b425167d

SHA1
2978e296b6761dc81c3f1d640334a6582bfc6904

SHA256
4b9d55d0f47dfc99e50b5ba0245409c9849c5afbd57d0065ff89b6e441dbac22

SHA512
a45682dde22dbdc451280aec9e4918f0ddf82397a6bddaa30399ba3d2238753ced2fc082389d30b32f0578118af62adab7e31d7c1a7e6cc214f38f9237ebc7cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2817cb2adf65c97285c5c360bc3b7e8

SHA1
a7d9a5a9bd5c61c9c34e4fc0f6853fd27609d200

SHA256
c672b530ffca484cfce488d866b9282834957cae79258581cb4b49e755ee0bd5

SHA512
3ad1005606289239bce838a2818a1921d6992d77178ce8e45abe79a00e8fde2d1aba3a85f725cf1211ba5fe5e1491a44fcdbda7ea99f4ca2e6c7532289dd9eee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
305152602c8146250fa2e2c00fc81396

SHA1
22c885a1096f09e003a9991a269c3d4820613bb6

SHA256
833331e686bb6dd4be4adc131800d9081a87e43c9bc5c03f568f648f3c155042

SHA512
6d0cb3bb262ab7c3d0852720a2d86a4f692641b6364b4ecd4d220f6fe79977817df0986cf8b2b3afad3cb422048b4fa96db5ee59eb019368afd0a936d3c752f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
e168463f71df29611a8995432f151692

SHA1
8e1c8fdd500578512442ef38abfca07c56e695bb

SHA256
b4cbdcf777091932c6077f027dbb80bba45acbac0cea796d515408b1a499435d

SHA512
c9cef00a443542d9947b813c145c82809d1661d403dbb2ea9b14f18ec4f32fe7fcc72b1c707fd1828a511e6ed50aa291e271fd4637949f5a8c2173589a03bd1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab737D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar743B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit