b5d4087eda59581e737bbe4b6b5058a88ba22c8fbc9ab0204ea0a51ce2c8abb8

Analysis

max time kernel
140s
max time network
148s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29-09-2024 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fdfa00363e2439fb45d01bf0225749ec_JaffaCakes118.html
Size

60KB
MD5

fdfa00363e2439fb45d01bf0225749ec
SHA1

3778170e6806473bbde231078bd77470fe013e12
SHA256

b5d4087eda59581e737bbe4b6b5058a88ba22c8fbc9ab0204ea0a51ce2c8abb8
SHA512

c9a9aded5589153f0d6261ba5c659865250b073e7765e07d7c545a1d4037d0e5bad62f2d8df132eebedbc4121e9c47751a473d5a86f8ee2bc441a440625233bf
SSDEEP

1536:mDzr6g/YBSrtDIxSvG3/xLCIt2lp6ZDqKiNW/c7KLeFGIl0:ar6g/YBSrtDI9ZWKiNW/c7KLeFGIl0

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2649EDB1-7E2D-11EF-81CE-7667FF076EE4} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433753654"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1952	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1952	iexplore.exe
1952	iexplore.exe
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE
2088	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 2088	1952	iexplore.exe	30
PID 1952 wrote to memory of 2088	1952	iexplore.exe	30
PID 1952 wrote to memory of 2088	1952	iexplore.exe	30
PID 1952 wrote to memory of 2088	1952	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fdfa00363e2439fb45d01bf0225749ec_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1952 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
3d83be0ecfe40b0d1bf9b38f28115c46

SHA1
cbd07d7e4d1585304083ce822b0bae117ee91928

SHA256
c355103ac077f71a7ea52f2c97e711e6904148ed928d5cacd10b18cb7934f32a

SHA512
07529a94c1dae9084b529491f9fc1a9fa2bee2cc2cf627fd7e79f07482407f7e979c02331bbbb4c97682bb0a9eaed02c48b316030d1c8d27d2ff467098f986ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
68efb54894d2b39421bbd82c2e3ccb95

SHA1
de66a8f8fd42ccc63a6143ced969f9b6b2bd888d

SHA256
a602341034fa9ef429e4c8f16c11f8f1a7632bb03e3fdd3a26cd037427cf45cf

SHA512
5de64125d8d89f21731409d326c89e127ae4ac83d6a41c09421e00200b886e527b08d9e93132b1cdcb1807c91b7274b613e1d91c7b26bd66bfa542dcc01a1600

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
84401df10220a214e3240644faff8ec5

SHA1
7553024935ce82145dffa8890b533183f68e633d

SHA256
f6a0e6cb4dd8310987ff99653640d2bd868816d51474189d93e01cd34fac4c1e

SHA512
6d1a397742cebf3cdf23a33aad4106d8b24db1159a138bb5797eb2db3f7ee77d792e44bc2f207b3d7281e19053961029d10f5a7e2ca0d647bf6b711a9947772f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6DA548C7E5915679F87E910D6581DEF1_64D0E789CB701290BBA99483C478F9FE

Filesize
406B

MD5
4b2b0241ccaec976fd1cc74560d270cf

SHA1
111a9c9ea40b6eac57980fdec07879bc0a2e85d0

SHA256
02eb31e1436593be38ef71aaace9422ff31d86dc24e08d8cd95e582e0fb32bc1

SHA512
2a99f56d0a08bed78c625b7581ae75a8f131d74fe737843dbddfa5cde89a4fabde0256e9d538941bc6465349774d405c08bd57d83cd8f0f1a85d2e48ba7c6951

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be1b476b7dbc8e51e9b3ac82c7f0c5f9

SHA1
c56fd5dfd2b76c9d63d25c7a0f34e60c172bc2ee

SHA256
7e0cdf96c465bd334877b9c79c973bb270c9ac5334d49c18eafc7f3fc7ed5634

SHA512
7e4b0493bcde84eb5762378435f48b90e3c6210b50bd77e648a66ab10692c254baa33ff579fc66119c6be123c15f32d73437a0e9e05c18b0d4d2456bb89788ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
242bec734eabea894e8a4ac1f8f8c8d1

SHA1
ef877ca3747755d5f4dfa959e897bd69d6ecbddf

SHA256
1e8abd81ddb9749abc94b73ecf2941f1d23f73e0054768878b9d3c1b572f30d7

SHA512
a43a2feda7a3b2e7367262c0b68e0dd68754215f74cccb15cc2bbeaf4472afc0298a99cdfb951aeba460936e6e7220c87b7dca95cb697256dc6b0d422379c5e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c23cc377c889e20a689520c6fff5665

SHA1
35536dcbb32ed9923d8a21b9dc405ce49fd86a62

SHA256
b7f876709762b8809ca8d1b5f7a05459c2e4f75bc97a8f626f8e3cd777670bf4

SHA512
d0c9b1a52b688ea31dff21c8fade4a5201aade99d73fda531c0fccb38bac0a7d2f281472fd7cb576e0c37fb60dbdd0c14171053f7528112d4a10e6183a653ace

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f0612c1e4dba0849b4e7bbe007e3d26

SHA1
e459df5f8779f4801d60fa30f11af0c2fd62cbbc

SHA256
6dc37f5372e7d90c9ac4e9b52df40fb24850d65f1fa8b5a0328e04043281c937

SHA512
0d2d9bcb947ca0a27ea93bac190fc0d7567b61cf6c350a0275657fa598592aece6315b40ae081de628237d97f643f9edd5b8ba2249694f5646b2c545b9c39813

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bab37d5aed7b292bacb0dbfadbbc8647

SHA1
de852dfaa68f451f4a5b9669394e72e2fa8d67cd

SHA256
540b662f66c65eab8e7503d278913c6e6e90aab2eefca5dbc1e4ff2a8033f7e4

SHA512
a4fc7b60d84d1266a8983143ebbe03fc46ae44b5fc5587acdc3ac1b561f672ab69c9edaf3a64705c4bd884789cff4288e414fa8fc15c5b422621f047256b8cde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2888a09e24bb0ca91a4efdea97215983

SHA1
b02abdd1cb2c90c7bd1e563299ab5b693dbdaad3

SHA256
364d623dc3fc479bf719ba6a57ba9e7df522372f920241e35d3947b889c75f53

SHA512
df274e5ce752305db2e8b551fd64043401ea78dbb1a6c9521fcc2fcc6a3a4aa658daee634e4b64938428ce07315a0184a10d0bd249631c4c7030cee2dd67df26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5dc7665cc538f4a2fda54e323488a46b

SHA1
efdff029894e0b517e37fff2c308186f36b4a699

SHA256
8eeda231e1367bad0029ff053b345da576df2de2bfdd460500d888821c4d1ffa

SHA512
a2989939a86ae48297afe8f347c81eecd2e75b7aabff783356bb80568e612b9e8061e50307c335ab11a4de716ba78e6e4837dfc9fd9dbbcccde433bd42b37a43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f13997270194cef2a9e421ea99dc0146

SHA1
bdc7ed0d4575554dc0039b395be7d1cda3327760

SHA256
7f58c6560d3917160abac40152e46bae57ad84844767711f9bc420fd4f0d70f4

SHA512
67094df4d2348da7be28e71b94a7f0293621e9bc16824620a16f4eb36c0bef72e71b85c9a9a0bda42460082278707436d7115c94b208c59ffb80702b131ba610

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b02a83fce3de3b3327a8b4317840465

SHA1
806d07e69442e299a2129b5a8904f5e8ca65f18a

SHA256
7d8d17ffb1db91c1388fee85186d7a4f5e4150febb6eff3c6d0090d8f4d2f2f2

SHA512
ed693b694fcbaa4e2463b489f6360ebe88f7aebbe22e0dc5dae1b1e757e6da9b22618bee74fc95376e283002cca7f91800f9f6cf277c8719853eb1b418a46b72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
472ad89248ee6a07c6377036c30457c8

SHA1
2b98886034dc1db8ccc38bb2556d9093a6d36957

SHA256
f03260c9c2e25b4a0644fc994142ebed82a0f47b520e825c7829b4ef15bfed5e

SHA512
f30882647e2a12ae720c4af3ee8441b3c391fba0c0a9105014d9fe41e4801e6d0db2d752a531c7781bc0af03889af42989198d06d31049bf5beacaca80930b35

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC552.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC564.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit