2e7a028d9173a9b0fc5e64cde1b8d8095473e346d5836464e1a6ed1549093a8a

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 02:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb53f92f1202eaa09ad0b8d11f883a6a_JaffaCakes118.html
Size

92KB
MD5

fb53f92f1202eaa09ad0b8d11f883a6a
SHA1

b3893ab71eafa08e79bcb41b174a69f06e2e75ab
SHA256

2e7a028d9173a9b0fc5e64cde1b8d8095473e346d5836464e1a6ed1549093a8a
SHA512

07d0cc634368be63a316844cccc657366b69cda2077807d21ec1f69613034b0e58470bc24fc8c5389e8d3facda808a5bb79955155f60798aa2d7d80d8e87bd30
SSDEEP

1536:lkcl0aNe8/zwyk4QNhAhIOZfjnOh5uKf95t6ETw47to9rCX7CesAKsQC7INYAKM3:lkclLNsSIOBOh5uKt6uw47G9rCX7CesH

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6897BE01-7D41-11EF-8778-C60424AAF5E1} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433652404"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3020	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3020	iexplore.exe
3020	iexplore.exe
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE
2812	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2812	3020	iexplore.exe	30
PID 3020 wrote to memory of 2812	3020	iexplore.exe	30
PID 3020 wrote to memory of 2812	3020	iexplore.exe	30
PID 3020 wrote to memory of 2812	3020	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fb53f92f1202eaa09ad0b8d11f883a6a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
2f928fc5c32963e85c8dbcfdf48455b5

SHA1
f73663ee5a9a9ecb0406ce33fc459563649f288b

SHA256
718d8aa4c4fe1e11ea28794d463e7a1f1a7e7a27208bbc8c3a143dcab90663fe

SHA512
468de5e3eba9777c69cdbfb70878c5d597b5464f714968ba847c51796e5eef1d618f8105325a13718a6f0b89f6d1b818e521d6958336d87de644d7fc6b6ee627

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_0BE30C8E6128C0BC8455FF6A9904D7CF

Filesize
471B

MD5
29d9d2336e72779e0e11c40e02aba9f0

SHA1
0deab76218eed4108fb9ed2f5cb66d0b94028e6d

SHA256
ad9a43c1a8ec628e2f03ded9f10ebb971f3816d164df1391b3419fa27966b242

SHA512
2fd640ca3a6abe0d46e8956cc4d20d203c2a81d930f9568defb1b0ebb6525b624330d28a7af4154b286377ccb68f7aadb85a8c4798e780df78ceaeffee00fc1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
25fc6095174935d283a30777981afaae

SHA1
df1a85f97ccaae429a704a1a79d43dee4fe02eb3

SHA256
b001ccbdedb06c9289d571e239ccfa98e088b9f8fb98e22a0ae6ed2e3690f16b

SHA512
8c57aac2b74658071637ac489d7dc5302293d772bac6706470aa3cf42339eecfa2dd921002078562c05b5eead9c4562221d4996ba1e418869a32acc24aa47194

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
9015997ba6b74d6daedc70ebc7ced203

SHA1
a1c4c08765892eac751178675a8b759e4e747766

SHA256
b1e8e3300bfa30aa4805dc6fd1d66ab1bb376e6fc3f2072bd0303d0d235da244

SHA512
d033759da7001b2c43d88109d02ece67bd13af0ea80decf83480018f3c1a2f7179f7652a1f69bcdc946b1a3412d3f9f7b4b672ea60e87ab1af59f2beaa62cfc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
135c301aa60b3992fb4fa03155bd8c18

SHA1
f7d4e92f58d098217b84176fcb9aac8c4b4d3d47

SHA256
d6652aaf91cc4307bf622a841ec4f127bb92548c2cb7bb635213b1bc278d6359

SHA512
41af1a475e4c8a29aa3fe86d3f772e1c5865965d098de4302ccf274123508d1400f9520de0bb5eb8b5a9fac86433183a41a219cbca7aeddf94e1a8b82013aeaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e46c3c40e7c1b04bd3436303c073cad2

SHA1
16ca8b7b511607172757b17aae56c73911b7b9e9

SHA256
0fa6236e64aa1cce1394bcb6f88cb2855c857e47cee177cd5080a15b13e04446

SHA512
50b6b361318ef5a08650460d795fd47aad610eecd6cbf9b279caf932dbbeff8fdf12cc6413d3288d96558f11ca37a59e5b3d332f1fc61f900fbca5406f295f4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b397b7a564ffd47a19ac50bf2c705cdc

SHA1
85991484c39333bf9f629cf43ff204da09d3d013

SHA256
53462c04b68dd58be9a2dab45002c2ea1ae899401093dc53a52d232896ce29d1

SHA512
7bf98188f1086c407dab98cf734b7d29c86f4638920692a4973f652488c3e55c19981be4eb726cac580c4f1f6e75084a20cd84ef60e8edcf3ee7ac39ac1888c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25be7e3d46f2942606e5a6b243560f86

SHA1
b9986563f96a5d423bd33a05bb7f7486660c3fb1

SHA256
0548d66d5f4d9c428282d73c03efb24e9f126ead506b258dc8a7a669f554a3d1

SHA512
284ad182b5d77b41b73a3ea6138d638436e8753cbd62c309e508bf530ab2bc2ab04e063127652a5c90357caefdefb3d1d9f746aa08154db161ae81f5fe3b2ddc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8a71ad7654e46374003a78c76f74fa8

SHA1
dfd52fcd5c525924515ee0800809c07bb0cc7e3b

SHA256
0182dac238ce39dda662a0beec0dcb527a09f144926fbbeaec20b9771ac322a2

SHA512
653d8a4f92e5f4a9cb1918a0375ffd68664ed20495a272397d2df224db2f3046a253a5919ab67bd63e895486ba0668609e62591118049514bda7348f3a466a21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49b39e4c6a81aeb27622682148c6d7e5

SHA1
efc67a65734cc2dab4fdd4292fc2a922e6d3af8d

SHA256
51f2bcd6e3b39893ecf2d72871ff5a06794a1f162944c2eaf5cdbef501badac1

SHA512
373c6df85b8394b374ce7e8c347a01b49a42bd90126876c68cc570c95a71d41ad9017b9ce768cec5419db3c20db8096c85a33bb24961268aa06b255b8c8b66ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5919382323b88311cf56c5235d8976b

SHA1
2d528899276e909d21255d697d927d9b80ff7518

SHA256
8ab0ee38864f17c44d62fab9d67664d2560d21279e4b771a23df4847760b4ec4

SHA512
fdbeaf63267b19cfec09fcf137a7d8ae5000ccc86dfd6a7e517d8b8624e41cd91fec0f92af937bf2c37585f18d8664ecbf41a468fb5f05ac63e30a302160fff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6653013893ff27f9059f72c78183814c

SHA1
448686b7119c6731870de7f522ec31bf25988176

SHA256
85ac7b3ca3b8745df7b09dea0455f87861a5b918ac7bede1da0f94af6a0860cb

SHA512
302527fc4acb02b773b052374fb10f079dd2dc020c23b9853ac03c73df44fb999bb370715c79d43990b9f3b54c5c401f0d7332fc0f1d05c5a9993a6fec2bf081

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
057854e5c875dd70e0c8ab095412087c

SHA1
4709e740719a0acaffb664cd8b36ba068f217393

SHA256
e9c848a99bbc05501a20b12d945704e75a4debf1c6f84c220254a5612f6f3383

SHA512
003a2e9cd417fd1a2491f55b01c933f9bbc14fa6f244e35ce31724edf31073f97542272de3a15e1a9f054a090a412d6831c8b613896c07416ff305f676bea9c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5af1079c443b4491367d816756e9f05

SHA1
f0863b457cf12bfd4d2c6fb1412fb6c51353e99a

SHA256
bc7833cdd241d5edffd1bbe1d27bfe9eb57cd45f397cad0cfddac52f589a5993

SHA512
a050f42c474e514167b25daf9bc1a3d7c4dd327999f113f48bdf3eb1d77536b9f1fdf423d322b047c2e24393559675ff503ba3c56ec160873b756917e0c6d166

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8151bf3f84ef96437a3c5897968aee46

SHA1
8307fb8610eebe09c1ecfa4f2f517fcf3f1be548

SHA256
a585220b8be100f91a11c879f10449efb58bafe83ef3f0277ebecfab3aeb82aa

SHA512
68aa89563835b22de5a948a457ac807b0a7058af37b125403089aa1968ca0e1fb98789c8fe932937d0a0b68e7118de45e2812100a147b3e754a1e20375195bfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7f9d8ecdcd08fb6112bfa80a65509c8

SHA1
b989acb8fd3816e3e29651608b4822d4eacf3f15

SHA256
b3435b5b17cdf6284e6bfdeaa6a9d902a811ee7b17233ff07c2d2fcb97e0301e

SHA512
02776567079a8bec2341ba78b5c612cc833d6dae625f072ff2311df9e552797bf3870ed218af459f7e1b7dd8c10e4e9170c7ecd229c471d836afb044c8a63125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_0BE30C8E6128C0BC8455FF6A9904D7CF

Filesize
406B

MD5
4793cd06d728c8aa4cb1af20bc76e4a6

SHA1
5c1f7b0a42f41b7106478540390782c4b0f63141

SHA256
c622ff75a68f9801014f1f320fa794f127ee031d9b5613248445216ad2a36e0b

SHA512
89c6c932a7d3bd06ab1a219cfca2b3706f808e94226348d407dc3974eb5f074396087a89ab02eb03194784c03023712e42a00ec23db28773d66c0fd1bd3497f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_E7AFBAB1045CF53D322BC26D3E9BEB05

Filesize
396B

MD5
320e37318fd047379cd356114c9a42c5

SHA1
4c22dd7bf11bd1bb956d42eee46895bbd3750119

SHA256
5bc42756e7f0b5708e6133a9e7576ba98fabc3e6d23aedbd03d04759ce7c0f70

SHA512
cc4bd9b67b6f2e406d43adacf115270e2d0878b7b09d1b4b886d501afdfe754da444dcea17550df897554f48a9d6da618af779874cac0229cd6c3d3e08073788

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC71.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC84.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit