ee55b551de59a3809a6b2af88ec3927b523d43b1ae5fa3f30e9564f57d925bcd

Analysis

max time kernel
149s
max time network
156s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-09-2024 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

faee5fa701a8650910e95a9ae7dec15f_JaffaCakes118.html
Size

20KB
MD5

faee5fa701a8650910e95a9ae7dec15f
SHA1

4f3d0899be9d19a5d8433eb70228a41d7bc012b1
SHA256

ee55b551de59a3809a6b2af88ec3927b523d43b1ae5fa3f30e9564f57d925bcd
SHA512

35db6694c079c029c51c600d53280d4eb0eeabde0e39eeda57b1256fed2b5f696c6a6a6a3a305edf379d1246ee07e49e97000b0dce0b7426dd3465cd96b8cbdc
SSDEEP

192:u60KEVIG+UEJz7qAqyUp+/Ir+6yKQIP/yMCoV3oqPtYbNBkPvKaNAnK+wPZmyLlh:jU+UMzE4/4h3NPvYlWoN8Cya21Yq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F9B1CB91-7D16-11EF-8BB8-FA59FB4FA467} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433634177"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2540	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2540	iexplore.exe
2540	iexplore.exe
1180	IEXPLORE.EXE
1180	IEXPLORE.EXE
1180	IEXPLORE.EXE
1180	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 1180	2540	iexplore.exe	30
PID 2540 wrote to memory of 1180	2540	iexplore.exe	30
PID 2540 wrote to memory of 1180	2540	iexplore.exe	30
PID 2540 wrote to memory of 1180	2540	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\faee5fa701a8650910e95a9ae7dec15f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e37758beedaf361da5346e6bb9bdedd

SHA1
0f764f0171dc5ac04bf2ecdf7e9bd429b56e8c78

SHA256
e6564da57d83ec74b9660062ceb9ca1570b71384d00ee9bc7c8b1c3fc5412241

SHA512
053499ac8871b4b88f137a6192aae1fe8b05049f49e3c87000a5fa399db9f5796c171eb699fec64dc10e71abafb61002d657f536ce5a197a42da23d2ed6d30e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b0a0e28be56ee16b68974633e551d60

SHA1
89b30560c1e58be6fde8986930ec5477be8f6f3c

SHA256
fbebb360195f15b7e57a65201d575e7be6dc6bc3c2d826904635a8c95b514b62

SHA512
e638146503c35e591d0ca43921b159fa98ec78ed99a7ca26958afbff730f50dae3f89e89bab97e1d656e58e48c3a4933bda4bf0b0851b4c96a81277f60261094

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
577f6634b63c53dad49cb5d2341c3c2d

SHA1
4e429892a7f0d8ae7b335fcf2ae98b69353d1afc

SHA256
9481aa81ba6899bae39a9540fdca588e9f0d80314579ee02815bfb3607abddcd

SHA512
43d37952b063eec85a4a6221fb93317bedc015acebd61357ee43d77cfd0e1493ee70e29f7386637be5698ce6d4a0239cf5057fe88884015eb9d18be96a741af0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe20fcb3f4d6b92b647a58d4952ce386

SHA1
0abd0a203de18af2a468a44558fb01231c1f542e

SHA256
180dabff039cc3978c0bbc7b92f3f7010c572f543fe4e1c45219720338b437df

SHA512
16c9001b99ce78711a30ba7c61237335983b30c2ebfd7c2770876d009c17e1a53a92601990221a789b56c59d36392cd502141933fb3a865efb6df1c1e87196e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d003288ef0c9a1c1573ecc0e78386273

SHA1
6825b41908fd784daea85037aec495706f573770

SHA256
ea5ad5ca4d6a3b06cf88056fb5010f0568986da247cac083b4c8ce6702503b63

SHA512
4a6e00e3f4d45f13eaa02def7a01866c5c9919dbdea4e037b332a6b0841b0106a1a4134b890822f792aa3c1ae2bc09d198c35ac52ac81eaad4edf79a96d6a28e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad25680d6a9ca8672f135a4cec96bbfb

SHA1
13c4f070ef6b9598ba73e78f76eadd59207bb60c

SHA256
85260c8613214b826403a27d0cbbb4acbb022c3fb496a9125da6456d915b3a1f

SHA512
37eb1df9b42e3e2c2b966276f6e068c6d10023171be74999d169271b049f7b3b0064e236b3f91a0f4f75463d59c16322ac8f570537b5efc5c9f7365440b3b766

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46d2dab26515da51d90a2425995794c3

SHA1
888eb1e960f0c70ee94a852a13925e30cf62ddf6

SHA256
03cf76adc1cd52381f7ae5452e4eb5f681895a67c7d1332344df2f3b6efaa4c1

SHA512
31c0a3bf4abe705e3c8fab5175b5c42f7a3ec8ca5a8bd5f593f7f32c86ff612b8b7141840ac6310f4cd0481fb8c51ddb011ab3d33c2e6a2e2a87132cf577bcd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
563530e81305aa00c5fb53496dc0b9a3

SHA1
0f668f4af55772f4f0a9266e8420af88e97386b3

SHA256
b53010649b37990184b11da1bd2eaa0dc4c6335a4079014cab4c7ce48aa95150

SHA512
76b42fe02e694bf96838f16346b6d4317d285cbfa55b062c0f0ff4ab784c307e8aa4740a15c0fcd4fee4e81fa632bd273832347d96a1666c9d9a4e946bb4fe23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b6f01e5c324e713b3dd596414c59b6a

SHA1
6b810bb837452bd87b51f89896498f2d493dcc53

SHA256
bc4e77ed758eecce26282b1a4e1b1c77b99a5fd9c1eb3ecd42128e2918467cff

SHA512
32e9a6c15ed917e413c0450c33136d3527c70d25b1c31c136799858cbeac2dc20cfa43e413ad1c0512c662a739e960619811629faa18146ae2d2dcab86576e88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86a585d20233819c7cbbd52866c41ead

SHA1
b8a17026a498758ba6c8939e43fa3cb7d40010f0

SHA256
7d104b95cda1cf1acc1126e7c76a0773c7d3077dc93bcdc9a5759bac942d4967

SHA512
4e8320b99084d3b640a24481d4ae606fc86a463c838897a03224c6b4c7e9b27fa5c4c5678889e2cec3220e13c71e90a9d047996928bfaf40fd307563cd4f24e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3deb21836253799040e2df7888b47b9f

SHA1
1cb432bcdc3591be7c750f9bb647796fa9d23076

SHA256
85e8e8f8a20dba4ec0e776c46329a4983f426b34d0e58bfbd5421ae19e930b3d

SHA512
0c5bc6935927d517e5fdd40b18c29ae842b2ac8560089e21d1e32520c551fb5bc70cad1a8007865a634267726093372d06ae463efedae9fc72e7caea05b11c51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc542f821f4c6c8ff79fe64caa220e31

SHA1
c1393f5442a5d555aeff80e68ce481a9b32a7761

SHA256
53cfdd10dd79a9c448606a1ccbfc4c117414a3acdef0e3275f6e8f8671f293bb

SHA512
f5b22b7d9f9d5f5b2f7926f8ec84d636497c208297974a0399d86adbdf71112696e3bee912f5df5dd93c1ae79cfe6ca0f4491f5b1a635a3235f659152cc5cd45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
723c3d38a9fb78a87df1e9e50d1aee61

SHA1
4d9aedc32845d0478e0afda23ae737573cf25bd7

SHA256
ec09db3428c4753fbe31a086e48a15ebc7610af145309d14e3c320c762a43715

SHA512
7d575d22fd3899741dad78ec66ec69617bfc97428a3a51c087cb94977196047c3dd92fa24b39d09d53d38690f1f46b22b8c2a3c9fcffc2fd580593ca1d9f9cbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6bfbf4da80bbcdeb3d0e65411243062

SHA1
b1b07c80fbc2ee12eae1b00c2693bb2b5c686ee0

SHA256
7ac08914b4654100bcd984e57f4592c8293742c4a3ee165ac4a49e09a274ee36

SHA512
1d9217b01227a32818b1e2ebe5fe139fb7221b333b5720b6b5799f15fae34c7d92d4ad7c249453a9749b48448bfdd9faee2bb93163a364049aeb99c40faa53fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ebe819419d825e5ecc0992cb159f2b0

SHA1
804607a3ebb09cf0a1c5ec541b8ce16c4819dfbd

SHA256
6a10950d6eb26fb2b6fd9e26a8bf8c5534c3129aa22beeb9301f16b1cdc1453e

SHA512
c0aabf2cf6daba937c3095bf494fd62832c36637af178be133722f0e7ef4920bb48e690d3f2ee0cc9773f0fbeebde7d625e714a0f1dd2851e3736bdd8d63f284

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2811b9b5b2364857a4af74ddb5396714

SHA1
0d86aed2f938fc5449fc3d0e7b288ea26d342e46

SHA256
77d5ab827e2b68f8daaccb0c5da3f2252792dfe3ee7e667b82ae6201770d273e

SHA512
19892b8db5a71d3e7eeb257d55dd1fdf5ba09a11fed71fba3da6920a5d5382e0c4022bb142d7bc0087dd43a709089f3272f2dde4b4a0cc44d25363661efda798

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9759074adaf5f6246cea6cb1c6ad9f1

SHA1
0fe4b22539cd9019c91f70730c49e7e82a1aff78

SHA256
fc174d226e110271ec5835cb95bd63639bb6f8fb283649c5129565f3d24d9cb0

SHA512
aa55060da1e0a3658ded68a5f8bc08808c42da1841390eab8e02574e568d9d052171a0f44b6d4ec66aa2f4ba58759b0ae4d4cceae8708a2c9c6edc44f3344892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86c8b863a6e84d8fba6513cb89e4bd77

SHA1
f1d41daf134296b9167e2bc88bc021eb337ac9bd

SHA256
84e2c44bef5b09526c8273718bf0ea6ca89674f80513acda1daf805623744346

SHA512
c410e5f3b860516b039125740c382714f39558aa134b876d2a6cf5ce3a9cfb55bcad56f23cfd7c5d65a0d18b79c6794438e4207a84dc36a422a00e2b059951c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab982B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar98AC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit