5a5a65cbdb39b4dd613134d105c75286c92f2df8733b77a71469814d2b9e59bf

Analysis

max time kernel
144s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd0c438091c28a162f79b2d297b1db77_JaffaCakes118.html
Size

57KB
MD5

fd0c438091c28a162f79b2d297b1db77
SHA1

6bbd66077e11ddcbb2c5aa5011cd4b7e9da84364
SHA256

5a5a65cbdb39b4dd613134d105c75286c92f2df8733b77a71469814d2b9e59bf
SHA512

042f20c346ff97cb3387ffba723195f73ea1c23712160e8c94793f76c31b120fb894e455fb996f006d0c167d45f27bb770fab8c19c34f4a03fd64b3a35833e6b
SSDEEP

1536:gQZBCCOdL0IxCKVtGAf15RAUYRQ1Gz6z67prH71iPXC4UgF+VHaBOE9tRtrQ9en1:gk2t0Ix3GAf15RAUYRQ1Gz6z67prHhiz

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f000000000200000000001066000000010000200000004cdf01c86999676e149cc42b689cca7181b36d526d9a873ceb2fade247ac0182000000000e800000000200002000000048c04c29ec1e28edcd5c745202949e8260bcc2921c79b2c92b91058d2085571120000000ed66a2c0b77eac3e10a5cebb603ee3a80cfd87ef5c2ffbc7b1dc3a28c69c7a46400000005d1ad68253a83cd7ff2361ee2c5e89aa2405bf27458b1e011f659fabb5d0753bb92ce16ffd1d3710a6c601c827319f2ea31815319e2c6362c42864721691c1b3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4BA6BC1-7DD4-11EF-82CE-E62D5E492327} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0f4d2bbe111db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000b4535fb5e56a12d1bd8e79caeefedaf124d3e94ee2908268330b40fcfc3e6457000000000e8000000002000020000000f234b5896fb8f745cacf21425d80df8b20c1237c016bc27e7b8802e013f2b39d9000000053ec49b5bf1ba7cebc6bc8c0eb22d0972fef9d47364a66b29a8656f2a23853b752b868e1d787f7e55e8dbd9cd7e5ccccc1c9a68e37a63b2983a82ac0ee4fa0417ff4dbbc7d764c04386e320a2eaf17c9b47e895fde6efa70c84007ad0720b790ca835e1306e5e977b2364ca3cd2acf8554f66150465e701d5950d5b5327f30a0681b26e2025e75a53d0ccf77e98f067c400000006ef797163b2314d2b0d474aececdc9abd1887790aa0d6d20d743f3b3e64c1477eb41b88432d3fb708e80fd1cc77e0ef7c75789a3e7b7da18194f92e828e1b40a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433715750"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2980	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2980	iexplore.exe
2980	iexplore.exe
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE
2492	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2492	2980	iexplore.exe	30
PID 2980 wrote to memory of 2492	2980	iexplore.exe	30
PID 2980 wrote to memory of 2492	2980	iexplore.exe	30
PID 2980 wrote to memory of 2492	2980	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fd0c438091c28a162f79b2d297b1db77_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c1759b8afef3540b28b5892ea5fb706

SHA1
385b5be77981c2954b2d1c9a51f07bb28dbfe58e

SHA256
1301aef38f873912f68194b81af51a9ffa582e2c8d146c0ec02dc17fc2029543

SHA512
5000048db09e1b55ebf6500f71d518c076b260f8a10a18af1b6517419a2f0fb695d7130b95a4a44ea9696be53269c8c85abc16028e5ead7fbc099664d0ef123f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
815c1468089f72195beb5bbf55ef9873

SHA1
42a9b5736b913ed53e59f619cff9b50d0d8fedca

SHA256
362ba0bd274cb190d9fbc2bd0311bf41374650b982348a9be20f0fb3670d2fbc

SHA512
08305c98b3794f0c7a317400f8bf4e86f20f382c2f9727916a1c87867f78a56f63fca44b7ffec031545ba5b07b24e0921739a0ae69b797004a4d152ac04788df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aac934b95ec941d141eab89dea41d02e

SHA1
445d81881361ee6d21cb6ce968eb66c426180d5e

SHA256
41bbbce3a49238b7c38e27709f9cc6e4e4fdc413e0d4d1cc13a30dded5e5ee92

SHA512
3e47ed60dce8cf4de864af2341bf2dac2e8e48eb538883146cff35c85da16da8b1e1b715c9856d0a3396e0619f5f72ee43db52b637b6ed3c764295ca5ba92d01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
579063faa29a1947055d5b443abf5f39

SHA1
9ff3ed2b9bfc120dbca100d35759ccda297c6ae5

SHA256
2ee3786c5c9e3b5661e9a3346c95b8a1c4e56dff0ad87834f25e3da88fd63b27

SHA512
3a87ac904df2757e61fd943e4b56236689f4a8fda5c482ec8fa1330b3f4f0c86fcab8d5817ee84c8eddab13fc834475b7354477a285fbcd0a3d9291b0c0ea814

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bda48f5292b52b2dea1a15d713c3e0dd

SHA1
232a8e6ed0a138f54775030a708256c39aa9add7

SHA256
bb5d198e23feca2489c67ad5f4fe505efc981abcbe36c00aee1779e8ef0965b2

SHA512
8d83c80cbf25b8485dd42ab98494c39d7be0c857edc6925a63882fbf452563c51a0f668bc73ba93c4ad9709eeecfbd94ce97159504a90817f776cccf64a9beaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a396f58c8fd03af71cce1b357ceee445

SHA1
5f65835008766a17e433f7956f7d8a07e8c61518

SHA256
138b3f17d7ce49e5f0057711aa02ae0cda931f8329d25b28bf194baf8cf6d3a6

SHA512
cb57db84c3873868e4f423ce7b09fdfabe6581f0b76aee226b68701ffacab677f9f11a726a75ce9eecc26982ba7c23d5d3de2420c476aefd0d5aa31221b4e07e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1631ef50c034dbc38bf9c2f20dc6217b

SHA1
9655aa6720ec57c884d5573bafdba3a4de40dac4

SHA256
94502ad7c546b8c8588f6792994019bb0edad0aa16d2c07e4969891fad1b2502

SHA512
2739418432ccc99c8ee0d7f995126ffc6dc3e6ace8983771cf83b9da146a4ef341445370c4a6a588c1873376c92a8ab7484b81b6ca1a762656b271e8e5189e82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a90b7a35c950862e372bb7b14b0594b7

SHA1
8c3ee3e459be4bf8b691c740c9320405b282d00a

SHA256
5742dd14da6677ae849dab90660f008bf6436bbc70ee6b3403baf4917a0948a3

SHA512
2fdecb759f9767f55e9172513aae9db156fb5658260e0a3b56dba1209bd62418a2148c4c144e4dc84c95788a1cf243b6f966148e062421c407f3917e7b97316f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fc29b4ca28f9b0b5b8379afdf871fef

SHA1
d3c48a5031f5796277d03b3faba5d06fe780c1b9

SHA256
9ad1f9a2a91a83b2f123da79a9e594eee22f24b9ecba8b8f247992033fe67684

SHA512
67b39ec74a8b188ed7c40d018778aa98f88134c8df01b64d7dcee6305d5dc60b46be7361806cd417b4faad52e7514a4b323135235548a03014dc56e4f6eb42ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0c7c366753124af0cd3f9c02efd943c

SHA1
e8753f1a57e604cc67968a7470ea0add0be6f321

SHA256
dc7cf70bdcce415e71f1d347d289abe3f561bcb6f5bd4ac207c0a6bf4f75694f

SHA512
db91a18e454c3ccc27fc220dcf3e6e0a7062e6f54ec87211f1526aef3963ae08631cabd19ddfd1ae2ed63eca0017df4d536f74cf10409aa8257ae0e5fc705c92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c24ca8d9850865457e8bbf4f82ed134

SHA1
03d987457b7e89240246137277cdf6085b5c8834

SHA256
c38d24c5881b2721fd3a565ad22587a3b688a160447fb43f064e9a1491d2f9ca

SHA512
76dd21542a3084f370e7a21021d0e8221df4cc9575a7aff7ea92194e5ed155d5684ea74a800de317c5199af01e1946d9bc0c83b9a48bd3b75d526c98e94b4d0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9065c306bfd8316a862dbba93e187e3

SHA1
d999a09940f6ce820cdd2a85488687ba8baaef88

SHA256
7f97b84af77752e18dddf8cb13e56f85259f04849619b0739dcf3d1de762be48

SHA512
bff93090c2b823781938e3ba9acced1d01fef28f61497cd188e6aff2f8fb58e394fcc3a23f3f0c9ed0251de4e60ef491819f26ffb079d5dfd3e9e363871d785e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2bc3e7ef955635c921b93c0214dec6b

SHA1
f272ef313a4badf185bd1e2115dcad2dac567607

SHA256
bcaaadee1f47a457bc7388fb21b68dfd4bf24f79d881ce507d0acbe0b4b8aa88

SHA512
b11aba42ad578f241439d86fda3ab581dc66aa3087b864b0fef437bd5124edf7900e1c4cd0388ca484ad26cb8865fb77e251b10b86e68f9429460bbb38c5079f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6d2a1a74506d63acad3e5a75716179b

SHA1
2d47d1230358cade67d18a26b60539ca5f45e666

SHA256
316a64aa86b05d62bb74a18d8587cf7bf950ef08cbaaf95277194b9632b93836

SHA512
f21cbc47690829b50f94e296dfafe3de90c5aa09f87c3750ba799aaf83450e3963fb13968e10a35dbed966d0177acbc157ec3391a0a4be3aef6e2cdc4beb8910

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD868.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD869.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit