b98d3520c446560bfab1f000d0d668a727adeacffeef8137fc9d97ca364d772c

Analysis

max time kernel
132s
max time network
144s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

084ae9f66c9ec9ba46f4d74352272d82_JaffaCakes118.html
Size

31KB
MD5

084ae9f66c9ec9ba46f4d74352272d82
SHA1

5eaeb84e5744ace12a0abedb8139b574f1289909
SHA256

b98d3520c446560bfab1f000d0d668a727adeacffeef8137fc9d97ca364d772c
SHA512

5a584f12c1e4590e0786076a5d3c9f6a77546a5ad9a4479742232fa406497f82fc26907d00107e8e9702a043f5eb07db99327cf1bfc2f8aaa48fdcd1b71cd745
SSDEEP

768:niyJWdUBZW/Yj35aFR6kHVSdRwXSevcafCpVexo5WUvv8cKmGeqVWLXfogzy11gP:niyJWdoU/Yj35aFR6kHVSdRwXSevcafm

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433995082"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{453A1EA1-805F-11EF-BD1D-D238DC34531D} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2944	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2944	iexplore.exe
2944	iexplore.exe
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 2764	2944	iexplore.exe	30
PID 2944 wrote to memory of 2764	2944	iexplore.exe	30
PID 2944 wrote to memory of 2764	2944	iexplore.exe	30
PID 2944 wrote to memory of 2764	2944	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\084ae9f66c9ec9ba46f4d74352272d82_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
69f1480f6ae8a8fade86f348990b4dda

SHA1
c664e95fd07915cf5f0c987461cfacfaccf57ff2

SHA256
6157709ed761b0a6d1cdb10456861d460c1770171fd45a2652c110e184a15dee

SHA512
3bbd848aee8530e178691da113763d5fee7ca5eca7a6a12449728c08e6e7d89daef8c83fa18a927aa29dbdbc16f1bcea3b217167f0513002f9875fb4daaa9d32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4128eb7f9226383966dc1803a3d6dda6

SHA1
015dfb8a7207354f844a77cc81347fb2de9c8fed

SHA256
840d6e9e590bbeb749d143c5c371a8b5880b100d0388394283ccf683174e247f

SHA512
b7ee1630a5a8d4d4e38dfd35dee955e82ee17cb549de8fc30ad49703526d66bb3b4ad0d0f117c9f4673ee06e1617eab513a470496f762063a0a0c77be2181307

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
260e1a54eb218955efda78a37613c3a8

SHA1
85bcce8de5d46d2a2eb2b4275547055a10dc6a28

SHA256
0e2816fdbeb7966953d1869d9c3eecaf0e206c633879ab75c233187121495cf9

SHA512
f1aabf4bc907ecb24e7ffd8e26433faaaaa7a2e66fca32a9d72a74c6a0495b8bf0ad2b235322be23e063cfac32adc8906902855ba035ca7706b5aea5b7469cf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da0f57d5a17875857420f77dc1f311e6

SHA1
d1b4151cbd12b3c926e85a593c68897a8e044ab2

SHA256
43b90e04d2aa050ae3c940aa9408dfc6c414649590f4cf1adec3f56f2dcb307b

SHA512
02b9206cdefa3068daa79ffe6b5898b4cdc8efd6dc2e0f9a87cb11a0451ff683251c8d72ee109b5625f8c18fd0a6354239d6d400a077caa5d51e338e6e482414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0791a39bba7cf0e264db37dd89888f7d

SHA1
b8ca85721328f86d546bed76e99aac97dd0da3dd

SHA256
c224ae11667dda888642ce7d95421a28c424ff826f623ca9f149bd6ed61e1ec0

SHA512
c8063ef8e2299f239853d8068ec789a5c3f9b3ea455e496a84147f1868a38b7f2cc3747428f7a8e198e6bf19e4e4364ebc4e1be1fa3f319f51c5e0072b6fa9e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
737bfd04287eec78932ee7d35c8d2c82

SHA1
16ccd15e3ad5db27f6797b6969f37f02111e3e90

SHA256
a826767ace7f8ac376c76fd3cf76ad6d6a62a125274b474cfe7d278de9d84e3b

SHA512
c63a95e794a6501ce9f9c3819867d7e277806cade57c6b12c32c985ae417cf5a79a75e90e32b19f47b9b4ec6b31e43fadb1cae86c541572102763b193b437c3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43b1ca3e4230895b08d7d36af976b34e

SHA1
0a432b83964742bfe99328f2b209221bb14962fb

SHA256
3538f2a9cdd85afbe68cf8b733f7ce4bc65698595ffd695fd8b3913640255608

SHA512
37226602ec68864906609544252970083cdc110c8ea6b1688b28865042f858f7e3748d87f747c097dc5040498a87320adf005bd01285b8530d933e2bc2d816d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
133c8e906ccd970c7c72855412d60525

SHA1
e9f0c54c57272b357bb92833e9b9be3c63435c05

SHA256
897334e89d660d48fda15ab48ff5c45227336a08158b107bc83f53541831c418

SHA512
cc8b526de0a8257cd52b4a315a84e3f4e59ac29eda5f7a57181966300bc124ac32ee355cba3ebe1367dd38b90f6d4b893af4da82f88c5eda750b6d78cf6692f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b54bf3406f11b96945124da578d2a649

SHA1
6801bffb9290eda857f870957349818ab7d8e7a0

SHA256
033e0f1188514b1b1f52fde238b3653c752db1fbef1052003e2fe507b3cea9df

SHA512
638a3b7c3708f5a83183b4d5decf87020b3fc1aa85513d7f8643ac30a40423d33a692287cff7a8afb385858a46bfcbb991937b5930096b8650d4397fd85cca21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a47c1334d8e8743ba85b0e0d7b5fb1d1

SHA1
beff850e6bff50b39038a9f7d9c6cf328278370f

SHA256
e3d52b74ee0f51ce85b98c2f3d6db78266c07506e94a6f75aa27d29fc3763b64

SHA512
d00b5647cf238f3b3519d2a0a749c86a32057d9af04d4bb6b33680a81e6c1d262e88095ccfa029f4a2b795764b9ca3f28d22472f3d118e5e0348cac125a9f9dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb20f2d039da6d9b7f4e9225e431f701

SHA1
858116aa247a39ffd3e7a4403700e0e120bda9f2

SHA256
a9b9d73ad3de7ffeb32b80ba3eb1833c4558cc9aa292cf6e8f6c67142258a760

SHA512
63d097547743a1b0f47f4a8b4de9872b675c5e879037a742276a821ad14cc8e975cfafcf92b73c1ed80bbbeb103218ea948774938d98c6a070104d1774eb5f3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
b1b25da0bd82c83961478174983edd44

SHA1
3957f0078a4f7884b8b81e791039801d804238c1

SHA256
63b32b9575c843567a593bbe8849d94dada74741d0fb6fa7d0fc4b0a95ec88be

SHA512
99580fbe7a7ca24306d9e5bc0e9641137c6478839185d0af7dc7dd5295032acb7737914e03543ca5d1297af43ab29622ae73593a499bf6f6b9761209f5081df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\static.8-d[1].htm

Filesize
22KB

MD5
9175f323210fa8e92d68994c3219fabd

SHA1
fb6268b3512ce43b440b890ade8e75b6754a4da6

SHA256
bfa9c33734b263437a25b10c9dd1445c28e8a301a6e654f461db2473fe8100a4

SHA512
288f92a5b5112f17bd233e0fc0e461547752bfd45a54907f900339af3a302abf965ca65125d83f2f5573539e1ff2c8ceb9bd7510507358084410ab7929e863bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8077.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6BEE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit