cd7a6f67e7ac23ea2461a40caf0e6fdc09552abe2cf933b859f6110f5830ce12

Analysis

max time kernel
130s
max time network
144s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 13:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fc5ee08341693c046337248557a6bf4b_JaffaCakes118.html
Size

30KB
MD5

fc5ee08341693c046337248557a6bf4b
SHA1

a416bdd0b0f46978f495f82e70cf4291b2f34628
SHA256

cd7a6f67e7ac23ea2461a40caf0e6fdc09552abe2cf933b859f6110f5830ce12
SHA512

61d9b6527846d5d8c59aafcdf195bd2e2ef82908f934f8e35db69a8e8e973e266fa8b930734cfe535f75b8b8f6b28dccd6fa8ea4c2a546cc837278229293580a
SSDEEP

768:gCCIa3G03FdC3AsiCuuzlgvA2IOVrJGlm1U:gCCIa3G03fC3U0oAA1U

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{60628941-7D9B-11EF-8967-F2DF7204BD4F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433691044"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1748	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1748	iexplore.exe
1748	iexplore.exe
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE
2504	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 2504	1748	iexplore.exe	30
PID 1748 wrote to memory of 2504	1748	iexplore.exe	30
PID 1748 wrote to memory of 2504	1748	iexplore.exe	30
PID 1748 wrote to memory of 2504	1748	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fc5ee08341693c046337248557a6bf4b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_2908F682DFC81A793BD240CF29711C77

Filesize
490B

MD5
0b5cf05a8e5c06ff90e59fded4117f1d

SHA1
626148b707442079f43f73784dd8155f84332a5c

SHA256
91007b1566bf7fea4d8256e00733a6e8f0872cf50ca9609ea872ea94686a444b

SHA512
fd8ca95d19a4bba56b44b4417b867ff279c1e82e21e7d67ca95118f4158effefb7e57b5d0b64768298e84c4cbf8f6a126ac468b946d0f062463f02f86cac3f06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72158857185f324d93bc8f7c14d4164a

SHA1
a4abff55d6e4c47e86289031d0da3a6e60eeff7e

SHA256
4d249b997f43bb756dcd781568bb90984dfaf2277e8d3c9f55998612ec7a4204

SHA512
6b23e8391a56a14cc8bd20ffd1d2d8554c8ab66d264bd0e6859476fcef236ddafa436aea9b0d23c95801b9dc08db664e4dd446537532388e2963f908bf70b396

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd4cd8eaeb642d27956e1ee357e5d82a

SHA1
b307a12fa2df0465338a3c14c03fd0a8f804680b

SHA256
f0dd1b95a02857ee48ccb24885d80d7374d43cc002e66bd378dc530b8f3def42

SHA512
99acb44c041b7a23cc92cb6cfab28ff6b4a71708988b08a72d3cb6807920b129a4f8df10c3b40427c57bf39837633a10eb0b62537227b6a38a6b8a215cdf43f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
898b79a8d9ee1153ce063979c06d6b52

SHA1
2af0c4e0088c9bfc62ab2fab2ebf1b95ce1e88b7

SHA256
84252b1c9d278b7614b225c0f402d5728170e5d747c1adb3145b804d5f9560ae

SHA512
11df64cd89423e4019e3a6fda43cda3a1e05e24a140ae3b32c327e6a8061710b3f0946e648404f2650972b8d76c54ee758093cb9fb33719fd914cee6f71218b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa859179e101c15f7f6fe6682502afbe

SHA1
bb94d36096e2e5e6ae94f266536e7200076104c2

SHA256
fbb5313097ebc65e107649170de37c9e4323ee6aaed4a57b0150b50df52d12bc

SHA512
0f8d0e128a0f6fb611a970d3b8976a7c0259c912cfda3293f325dc63c259d7e61fed9e91ffed7652859cd9fa916cda5b766c5d1ed1ee522fc6a789c3489acc22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e11ea3b76843b81e1f0fe9965418257d

SHA1
5cbcd5a452b9ea1f84f327e9b7b387545c8be355

SHA256
0ef287855c6ad31435408bfe6ed6e68db9de21bf797ed2f6c064fd604038af0a

SHA512
5acba698d2149f342875382ebe9e54981ad49de18fda95628b9dec5cb143476805849601800c8ac07b1463ba5d8e08644dd7b98648a494490e334253a9a188d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7d6f32a16cf6624e03064719c2267ed

SHA1
933b91e474029f28208811127b5f7e01c960bc34

SHA256
0689cb1cc86d091e8309bb2f48ae249b447c9c8f75cf0d985e23a5110a8c7df7

SHA512
a3e47d6e8b155472e9c06a150d94ab587a2f8b767b1fdb720b1833f256c99234626ca61c9c8b9e6c15bcffb69a8c73f52a4bd3ddb0936ae649cc90b1f2ea75ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b0483dbdd54d16a421f425f08334aa7

SHA1
2257351db5a984043e0ffbe81709f5ed8204f6ef

SHA256
e340f56dbd7e09deecbec286d65c10ef6e1fd6e1e5f3d488a58797e7943cf131

SHA512
60e44e4bfd373091c9354bb4bb2fc171a342541c2b55d34f0a9f1f334f93aa48d0e8082478a7d7b17fa79ca51702251e31048acf7eba6f04fdddaef8f2d6677a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7effac09b77de115a9337476dff5c4ca

SHA1
bd7f2716135ebcda4fc60e2ee1e3ce963beafaef

SHA256
d5b322a9283e2937f95dea651a13e8311d441e96eb83ae7fe9943edd814a2eca

SHA512
e018bcf141d54158b62df5c2dc1eb3c58943029ea52ccf4d8336b2a6042b4827d6b91a6804a6643dd564e635837ec94fe50dbcd23f209e1121e8f6d943e77bc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3cd7e54c31fa6cf13c4f8ced563a3a2b

SHA1
9f6e999e50e2af18c918f3d296373de445f9e45c

SHA256
6d5c92b15cd8f3887527167ec02c19329556f93c85195bd505765146d1afd545

SHA512
f7a0ecffb8084fe9fd6eadb7b022527bbf89bac5909fb717d0dcb1776fcdf3e85ab3b955c9792efea9bdf7f232d586c6a517229c9bb0e83bbfd7f690f82be6e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6682ceb4096e0cfd8a156ccfc73199c8

SHA1
7f702091b8d2e0bd06488517a255749f885e32a1

SHA256
eaf9262a731ac41ad82cc5c92b948d5c12019b01f2e09a97402d79aa7d41a91c

SHA512
cb6daa5d925bb22fb79effab076001871f671058c813571cf2e035bc5644c20051ecf640f6d1e9e00de4d81e43020c074fb869d57d6ad16f7931b8ba44b77c42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b9dc55525190e771a318e1fd01a6f39

SHA1
d4521a25648beb5cde1ecf176081600e1c6400d3

SHA256
5d282cd4b07198fe302ff29d20b7dff4a6615c72c8b9a8bdbc235cc36f8e4702

SHA512
871196755e50ffd201363d66e060f1110f95e61ca5b37a8a49d1b58bf5fcefca13c5ad44b6243ba8447dd22d299dd8b06aeece5c7f1a4f9141688b570de50e66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0eaea26001fa8dac977e6ffa866e19f4

SHA1
0cc26e2935b6d50e6f621632ddb4ad4005c24704

SHA256
598dff11fb976e3fbedb3402cfb5d4717d74f398b1577b0f67d76e225ba4e62b

SHA512
77f29e894a820404a9bbe25c1134169a1d156649ae1c919fe8fce9d553457383dcb4fb473639172be7d774a7c737024af7601677570e0bc95b147b18bd28c2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F91VN88R\cb=gapi[1].js

Filesize
66KB

MD5
aa012028297a26c039c37ab25a4bd17a

SHA1
25f23d01b5f580c00778e1c010225e5b8c73b66c

SHA256
55cd2316edf7159b623e4ec2c9e3a334027c01e2d1cc386f833ebcd35ed87b38

SHA512
d346eb082674fc26d562da9a12f36ad2cc7db1f1b35c891a8734284cf1bd052a967137c1281982070688b2bb2e06c7f4967d1c9397311a31a11a8560b9c45fd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8A94.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8A95.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit