4158b0c3c9c6ae81e2bca1b41f7f9397e40650128199a965370528cf4a1c6685

Analysis

max time kernel
138s
max time network
138s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-09-2024 19:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff32ee96f6327d4bb57f46f87c6f85a6_JaffaCakes118.html
Size

151KB
MD5

ff32ee96f6327d4bb57f46f87c6f85a6
SHA1

522e65b91eaea9d89fe9e8ece6dd377072cc8f66
SHA256

4158b0c3c9c6ae81e2bca1b41f7f9397e40650128199a965370528cf4a1c6685
SHA512

f43aa53aa48850f9b296cf836fbe205d4497d9a788c5eaad2934e2fc68a5b4777ebc95c91216f5122a671eb7f52cbfb51a39ad6ec603c0337800e1946304694d
SSDEEP

3072:XIQHWiCDEWAzt8aNI7k+K9G0KdQlKKdFbrrouIaBavh2c8/PwJ64zGGh+S3AKF8g:XIQHWiCEt8aNI7k+K9G0KdQlKKdFbrre

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E61F7C41-7E96-11EF-A059-6E295C7D81A3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433799130"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2232	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2232	iexplore.exe
2232	iexplore.exe
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2652	2232	iexplore.exe	31
PID 2232 wrote to memory of 2652	2232	iexplore.exe	31
PID 2232 wrote to memory of 2652	2232	iexplore.exe	31
PID 2232 wrote to memory of 2652	2232	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ff32ee96f6327d4bb57f46f87c6f85a6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
5e17ccab1e9829dacfac7c4892f9fde5

SHA1
79526193f43a543e8bccf45f89d30673d539145d

SHA256
66712363a914aaa48c34571cf8b47bef7c95d9cb66d8866c3535d9d521fc56ab

SHA512
eee5f44bc69327c3648bfb83b8c6acc7a1b296054e36613695fa9d5fced704523e9b44df70e4a2cb11dcf026cf326da8521b648092d974f5cf73d1abd0c5410d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_0BE30C8E6128C0BC8455FF6A9904D7CF

Filesize
471B

MD5
835bbdcfd058e2378954d164488fc9d7

SHA1
bc148bbfbd08d5057e0827c9c494720941e802da

SHA256
df5651707a7e06e686d87b36c094efc73c9c0d4ce8f8691355bbdb2a60bc7610

SHA512
0c14fce23244b8555986dcf6de797b05d9ed7a7fa6b0028cf36f43b1193a0217701f2ed33225db4d642672c64000469edbc6ff2cdd385cd2383aea27af0daed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
be5c1cb23071d53be8dadf9937a9424d

SHA1
338976a0466496b20bdbfe46d2ff4640ccdb00c4

SHA256
01a4ab188ab7f6f26273828c54e603201782c4e81e3efc50e932efea8f00d106

SHA512
62af4cc501cc77d763c3a7223a89d3dd33403ec1e037fd7a2fc9b6c6b38903522e797883a67f2f0e38ca0accf0fe9032fe234fb60235d98bb00178fbb7f1d8c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
16bd020ff2fcb8370d582f5092f6aaeb

SHA1
381f884af60ab3b4ca8b5bdfd328ee03113e2fbf

SHA256
bf58100755822c701a221e0e50ff5a37aad5d8e6b8fba4e6ccde3c5dae0ff08c

SHA512
f1bc5285398fc8a771544e20ea2576f717f4ef10b281a96c355f37d4f3668ecc7c44514a647391db4be68ddf8d37d9c385434c181d1e05fec0be5d16a07c5318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
069871e53cf2d95b359fac2557b9c330

SHA1
08e2020dad91e3945e57d22b6090de1845dd196f

SHA256
6f0a54215c3b47fb2646bc4401d906644bd88d1e58c6861d2d814e4d42a43729

SHA512
01c0fd6ffcc7352c3907bd0a35f2aeeaf3bb71739e4b12d56b8b256b4a20ef1bfe2440f35b73fa0a90d58eabf48a92dff62afb849192074c771d3039f22b0b43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
adfa1634f4cbcb22ee70f588f4b90927

SHA1
bf02c90568e7156987d538461fe6f2aef490bfc0

SHA256
8845fa5f439c75b4e4a9ce51bf7b01a7b37abe4a9be7c05b5cfda895345a0f7e

SHA512
84db64aa078918a4b245fbb3b0ba0c6f015dcd13b8ef345b1f4e489d011757050d811c3a089240343e1f6ba130e4b682e2b48cae07c75b64c59501ea9bda0730

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
e3283b9d13fdc40e35041c97b0fdf8e0

SHA1
747ffe688a71b7c0b4cc2f4b94a831e0c811d6a2

SHA256
f7da7d71b83d9c0e11dfcd31d4805cbf72698ea5b47c18fb3b17af01b2cabd4b

SHA512
779e4b9f9c9ab40eb202305659768c24962fe3cfa7389c86829a289a1ab44105ac2dd7ac8308e7840a0897af14b698f2887e95b70735e1408d66d193a69638fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67ee9a8e8144b1edee9cafc3335faf94

SHA1
37d246fa266a4d449df36582f6db80e9bb577a6e

SHA256
adaa305cd09d07216b6399ab5a58181aba70bb9aad2291e41414dd53be54c527

SHA512
1a14c5250239ecc9f2106981f0b488084d6fc788e33101040c008de0c0733c479516121cdba492619a2767356d0254734ee9f0982573f8666b3cf293d35271a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17233e711eca06a6966052fb340e3ae9

SHA1
dc96077e59e8a1caef5b70572e879a85fe64932a

SHA256
6ec585b744b1a34a498dd81d4a275e8862c19104397347583ec3bcbc4d4eb2e9

SHA512
d4acc93736564990c76785e4c7273758bf9f7614d8252736e04af0b8ee7b42a9b3dbe98bf8ffe6ffe0cd9dbb310b1e69e7eea6006f52e9ebae438d24d2d6ba53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3a9ea72f49573b184bf0c32287b1d01

SHA1
5030696279f5ffaeb3bbb6e1601b858ec3a1108b

SHA256
484abb85723ce1ce2f6f2992691aad9863bc4df3868ad1cae67ed5d652118f14

SHA512
79d663ece0c5cfd381febe520bca42c6056d0067251d26b999859022516a6c5aa54b18ca5159e937775761b94a4b76b076712343993eaa5682d7205fc1c12896

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f69110505c3d780a36b09703ad10565

SHA1
4c7af0c0d2294951494ad4cdfd9df65c8abff40b

SHA256
ae9aa9b26786cd5ff04a90988cffe84f666320caf7ff5160f833bad71511ab7d

SHA512
e31e1461900df8038a3ea077ae8e37d84c8ae0c99cf6f72c93452338f2c1983329c7390d9c17ace49e1c81b8f0087c7b909b94b90ce99e04146e5c945d648726

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99d799126d175c612b2b1cec5a6b9306

SHA1
dd5b036c9f67715fa33bbf75617fb660de92b48a

SHA256
68dfba5f160eeeef7866616762e5a2a0ea35f15e811bdf3166153cec37985dd4

SHA512
942e640b83de388149db6e903d82a3e4b1d0ead2f26d58f34c67076667b3ee23f8266216521b8bb3138a4407568ee3dbdc7d12f3d30d12a803cd552bd5c707ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb0b516811f49d7f7d34d1ac87f4f5fc

SHA1
33fb4e12d6d3ec01ef0096e5b0b25fecda4daeb8

SHA256
50eb81115b4d7c6decdc092265e27a98111b4126f4500156738c0cc71426fe61

SHA512
ccf0617f02e0ebf7b8a15975ae9dbbcbcd4919a180cefd2c295ad5bbfaab218d6a0e4648984279aafe0572d20505631ebaa6daadab865a0ed83968d63b870c00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
152f0a3bdf82266e50f87bbc95b46baa

SHA1
af56b8f297dde2f548467fce2148502d9bd5864d

SHA256
bb82d7233aa439c54cad2628f9e1ed264ffab09e198a239ad10c2ee781c69ce1

SHA512
e3c136898a4db8250978e1bec95e5dea7cd45106191f8a4d992dd8bae2dea28c6b4d7cb5e74fc16681d296995ce1f05391125537a6dc202de498faa59aa881a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1da65ec3bd4570645f3e0d63d4bcc3b

SHA1
729025068512232bbb7e663e0d2749e8f047de08

SHA256
746d3ff66c4ec0b66aadf7b33af9ce6d5e76e6f8e6829668b9772c9c586266a8

SHA512
5444cc7744261e6ffcb582e748abd638a9a17d577ad0178aacc69c4ec5f227448a6f79ba9d218940199895ee21eb05494d87c10249483ebdb60fa563a44599a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6afe592b81502b61dbf88c9d1bf88c5

SHA1
c104277dd3565ffbc0d080327ced6e1d4e0d53a0

SHA256
19f56f19bf88bd1f3ae27a2eda472b420bbb874c6df5c899e53f4468a417b41a

SHA512
4df814dbc1c01eefc4547d16618d59c5f6133a6ac7d0802d6df499f6c2a55f6843af9207e47fc163c458dc1ad5822cd03005121c5ed3e4984c1fb53d756e2387

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
baa6cc8fd27655c0e4a7d53480cc4699

SHA1
21ed0f6b9079d619ec6cde5cc739b2af7e1cd613

SHA256
a3845f882f7346856375a832b301f1e3c37f8aec995d8f060c6f54821548f613

SHA512
020a3b53fd4f5d20b42b8010cd4cf1dd1ca3c5a6840654c3d1884e337fb52839db39be01092c6b5adb2fa1f3a71d721e5f98d65671a98bc8a44123f75c2a87e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4398831e699af26775755ba41d23f792

SHA1
beb3453da53d202b1360773f2e0a040607e3e32c

SHA256
e67f620216e509da99a66305d912544e3b1886830886101ef02b5c6f9fd09f70

SHA512
4f0d14097d265790813ab17fafc4961a2598690624991f8819a1c5033e5640858f9eea8d65d364408e5ddb441a479ce5e1076df290b8061813a7a8dad4eb90d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_0BE30C8E6128C0BC8455FF6A9904D7CF

Filesize
406B

MD5
e017a3d560af55605b32af894f3fade6

SHA1
3672b90d8a2fe857b4eafbe2e4cdff776009e666

SHA256
cc1ea553acb304637035ba2bca7d4ec85e1fd2aea7a13b02883535171adc5d90

SHA512
3bb4a0707ffca5439f926b034e76dc6980d0de0be1146487157572a60ee7c2b172db7294d3cf9a9712ed864c5cc1819090156f6060ffe1533453ce33e69d286e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF27B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF2CC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit