747b65d882dc1e1486316b0bdbecc5ca82dc1b0b2ff5a612c1a4bd38d09f144e

Analysis

max time kernel
142s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 21:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ff61604766ffb14cbebcccd8e8b3be4d_JaffaCakes118.html
Size

160KB
MD5

ff61604766ffb14cbebcccd8e8b3be4d
SHA1

bfd3ee381c83eb37e49b999dfde756bd151a623e
SHA256

747b65d882dc1e1486316b0bdbecc5ca82dc1b0b2ff5a612c1a4bd38d09f144e
SHA512

52e92e17f285b7de624dc63bd9e1338070159e864414d93cfb0a90e1a1dd5696c3d0847a98cb94c66fcc1ea6cee8f8936682a6962e6cd54d5cd8703d596d93b5
SSDEEP

3072:wF6Se3N2UP13G4k5QhLpOatVSqwvl/fNbYaaLStR6xWUu/v66sbsGon4G59t9VcC:w9s3G4k5QhL8atVKfNbYaaLStR6xWUuD

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433808836"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A154CD11-7EAD-11EF-B0B8-7A9F8CACAEA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2132	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2132	iexplore.exe
2132	iexplore.exe
1900	IEXPLORE.EXE
1900	IEXPLORE.EXE
1900	IEXPLORE.EXE
1900	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 1900	2132	iexplore.exe	30
PID 2132 wrote to memory of 1900	2132	iexplore.exe	30
PID 2132 wrote to memory of 1900	2132	iexplore.exe	30
PID 2132 wrote to memory of 1900	2132	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ff61604766ffb14cbebcccd8e8b3be4d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2132 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
5e17ccab1e9829dacfac7c4892f9fde5

SHA1
79526193f43a543e8bccf45f89d30673d539145d

SHA256
66712363a914aaa48c34571cf8b47bef7c95d9cb66d8866c3535d9d521fc56ab

SHA512
eee5f44bc69327c3648bfb83b8c6acc7a1b296054e36613695fa9d5fced704523e9b44df70e4a2cb11dcf026cf326da8521b648092d974f5cf73d1abd0c5410d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
f5e0466468f314b75073909db6e8b03b

SHA1
3535349a30bf893c2ef9084be092bbe56bd70e06

SHA256
860950f34ecaf56324890a74b74a082bbf55129dfac3de719d508591df7a52b8

SHA512
f429b390139ad28676a4f7d60572d998b3277ffc0ccb56c8c3ce949390d743fa56892db30cc803476d5ac3616bf580aaa296bb5d7d90522cbd469f7c1419f19c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
435f13d217f9ee4c8cf306f78571da41

SHA1
4679576471495990b02b5e1452d382d371844056

SHA256
c44e18a3d89b72e87abe7fe463f805d9a0928344a5a0e56ec9bea388be8a63f7

SHA512
28c8c9ded8b35d1437ceeeef891c56057e3c22c1e44ece350eac4b23cff064432acfeb7c299b0dacdaf970f4fdf080942f6c5aafd278bf70075d40417dc9ba54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88539578192e106bb05dca3f76f32779

SHA1
1efc993dc39d27bfb59632c158c54470aab5f89e

SHA256
93906bb7a8092b204c4b23daebc3e09738ae7199f6ab4a07b0783c333a78eed7

SHA512
8899bdc9338c08d6e80b521a8f1d1e37d3d31a751f5f04b871de18fdbca46c302fa2225377a6538dd1d5e2c0c9fc09bc3d6ae28f42c39f91dd1ca18426bb7428

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
229fd4acc387341498d69a96c1144909

SHA1
58d9294f25d4f6407dcd595f2a4f4c5682b42ec7

SHA256
13e970f914f2fca4b195b59cf8735179a2edf2690a576f777e07268a474a8afe

SHA512
4a5ecfeeb1154326b66c38ceb246974801e0a3feb2326ae0f2ccf731fcdb276cc46254615dfbabddd203dbc694064f96a92bb57e355e172716144bba63e06485

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c1b3854bc6a2aacda57cbddca050cca

SHA1
0dff137262bdb7e69cceac139284f5eaa319f248

SHA256
c201db25cdd5498fab71b573a3f9e5d0495504ecf7737f03667db3071fb68c3a

SHA512
1c302da0631de3e3dfe6bdfbb2d1c575c5879643e5f79b26e30975d9df9c4883ae961c84d213cbd3d49ac6110957fedf6d1c8975f2486e908920da6e1e78d8ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
926fbe293702355b093375ba57db66a8

SHA1
db4562a2a72ce675a896729e189ae83897b83ccb

SHA256
53c25168bdbe32fa012a15280fc734ffbfa0494351c60098dad9d24b70f8e525

SHA512
f1c66d423e5da8a5533d559e8fe439af28c80d3b2467aaa205068aa7adf4d19c4a79cf168f4ab62b08b84b988f452b42c86578fd2bc190a3cbd12c9275314787

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e57403429316d205ae9db490cfa5c7b5

SHA1
b24317fbbbb557e956cc56c713c872ce80c0fe01

SHA256
6823651da6a80819da787a7208d6d57a60ecd8a8a3df5e1dbcc94db6ef19058d

SHA512
0911cd33fb74914ef38ff04c630666137567e81cf35f30d240239d042b76958f0ee8a4aa148b5144a305fd5e971cb2ccf3a09cc338aaec56dd3ecc1babd81515

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e15dcbc200cfcff4bcf2843ed8787cce

SHA1
beef7185bf520b03553d9a87001a8cd47dbf14b7

SHA256
e57cab1a48f57baf04874f415bac7c01456ecb7fb12c11b399277296984e3862

SHA512
0c63d72447fd9f34c54e8379abd86c17e2aea0e153c4a69818b5a68c61b80ba7ffdc440041d641e98822f5ba38c66daf563c1890a586dea8a4e3c4ae68fb4613

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c223229f00463b599e0d510a430b35f

SHA1
233719aa1a5578a0488c927bca895b044ab257e6

SHA256
c397d7ced0edec7b7e3229126d4c2ccf9eaf0491543884ce02c344210b0c7a30

SHA512
1df08e41e64846ff7753e6779d51e7304d9fa58f5eaf4b315ca2851d68b7a4400a88dc6e57c6c07070ec99b42affdfaef04e9617d20aa0cb2350f17eee903b14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7df290618084eae1145b24d5fe787c2b

SHA1
730ee7390554028e0ec03faef5d09d89ba8e0006

SHA256
8ba1d1e605ddeab72f5fa0796bc73176c7c9d1c60ac570fdfb8f700939c6fe00

SHA512
a45db31f18f59608423b551d8ccde0c00446e3a7db0fa5ea90d30d0d1b6ba10a9a9f7d5ed5dc1cb88fbe17bf0ba8efe50f66c5e2555140362c8a6da8ee129895

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85bb4100b43ad9e79c362b16ab81a924

SHA1
774af56ba36202b0c5ff997a8f0b54e1e09e54dd

SHA256
5a19c9e7a1bdf6cb842a81a277b9654b96b8cc8ab25e04fc9beb937c7c494217

SHA512
d2cd215f463cd4c89d893dae73ee4bd9317f38a09ba4c34f84af862733517b1be8a5964401c1b97b31c3ba7ecfc63383c2817682fea138956364fc960d19406e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\H383A1LE.js

Filesize
157B

MD5
67e216a27dda24bdcb086c2385b0cb99

SHA1
17141c80f5d32bec3691c5ab24741d8b7dd5f0c6

SHA256
9dc433b2142d3ba0803fcffa53f19d34da26996d20c829df6d694bc887325dd7

SHA512
802319543dc64cb011bc2684004e878a842b73aa55e4da1141ccb8650cbf42fabbf2b46c730760bbfcc7a140e11700244b9f5da78bafe9fca7ec7825c12b4255

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA18F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA190.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit