b2b7cdd116aa27961745fc84f9b8a951d3eb064e0dba0debb885fe0c262eff4e

Analysis

max time kernel
132s
max time network
133s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 18:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

102807bede1f0d5b6ea64f4921b7aeb4_JaffaCakes118.html
Size

39KB
MD5

102807bede1f0d5b6ea64f4921b7aeb4
SHA1

41c9763c3d11f3c08f7b89d42e86829f857eff54
SHA256

b2b7cdd116aa27961745fc84f9b8a951d3eb064e0dba0debb885fe0c262eff4e
SHA512

88138aaccd6e37f2ef964e4d37ac3f4c2d9def1b16ec24f4ca79a77a920a42c4871bc607dba264c7c938ee04719f6c4b83ab4f5aec6bc1c50afe548a3848cbed
SSDEEP

384:lrcu6RMK+DhPZo0lN2g/dahTKyUNUeYvITH4GHnFyHKVbqTHmxkxtg3KbV10QmHa:FlR/Wrvdx08Ux6L

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434143766"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73BA1AE1-81B9-11EF-8B78-465533733A50} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2360	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2360	iexplore.exe
2360	iexplore.exe
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2488	2360	iexplore.exe	32
PID 2360 wrote to memory of 2488	2360	iexplore.exe	32
PID 2360 wrote to memory of 2488	2360	iexplore.exe	32
PID 2360 wrote to memory of 2488	2360	iexplore.exe	32

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\102807bede1f0d5b6ea64f4921b7aeb4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
35b83474398f2c774bc2aaaa8ca2c736

SHA1
cef7e587c994e1824136a022c8ccc9a75a9a4982

SHA256
478e1587fa6d92b6a1a09e3960eec7d25844a434db1787f87a3404278ed9853b

SHA512
be5de3b06abf8597bbe82c1d21b2c0cf93b9c78c3ff35431330cacb9b7a076020a4e0b0844c6afa355e867e8ad75a9ba788946c4676d8e2e01d96c4968f2f34e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc36bfdf90b1a694519a12dad6aecd9d

SHA1
c73f5a4eac0ae35efd1865e271520d7ad06b9b6d

SHA256
aa7e798cf026a455fecde13d720498cbaf16ede06cdc205291827bbfbb48ac6c

SHA512
7d372c6d5ec7fe7e6b75ade03f0c37df74815765469a059db370c4cf6b60fd8858968ff51b426bbf6e5df24316fc5a61c55ea7acd10aa11d7e4ef78e77bc0a57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84ef8ac5d49f598a61b60e7df99883f0

SHA1
b045263ec79c932af9f22d0b7edd63366f3cdc61

SHA256
4f821ebc9cb6f6b3540e4eca299a5b78dec21786a1f47d03caaf0aae703510dd

SHA512
6d31bc26bd6d22bbc3ad7a88eacb13fb4a518fb716e18b89df87ba26f1369a74f2f146ac8ea9f00e5c49916716ca575e1eae58e6b70be791851216c4c5fddb25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8d6c5ffc3dbb648183eca4cb64fbfc8

SHA1
df161f5d3687cdbfcd5daae5c8b166d2c2dbe5ff

SHA256
fce3a55516bdd0dcd1a60f6400b3dc51d6173ba9896bdea104f811eec1cad802

SHA512
297bfb65adfeaf3371e63b9f8634498a8199cdce08bdb71e6a147b5b899451dd29ba1773d82817e0148ef642176c61a5ea47b3471a566120ff0ea5947445baa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe3c7cdbd012c8bab04004e4385f34b2

SHA1
be33a446242cc589bde79eca3ffae4d16ca43fc6

SHA256
2d2386681ce8f77f5eae55b08ed0c8211c39821f4f7a73729dac220d03d45959

SHA512
22692aa948abd59be26f2745affa16057dd13647fcb79c7e3c7577e47fd6ed7174e52170299ed3063e4c9a65c1241295f75aefe5c14ae437c5a6fc0000c78b6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce1a68839018312fec8ff9f95cbbf0eb

SHA1
30b8324bcd60a05c79a029d476affe02ddc819aa

SHA256
a4e80106d0fdd054fd005c52271225256459a5e54ad95bd908d2cfd5fb49ee43

SHA512
de0062c02cb593bd2c7f43f87e1f12be562bdf1d7914a28c1a34e14f1e08bf64741d461eccee6b63ca92c99b8fb028fe088edbed8a746e04cc85fe7941dbb258

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
499fdf6f4bf99353956e8bbd164b0773

SHA1
2d99ad3bf84c87fabea72bf3fa83b321b93be443

SHA256
014ea4b8d20e7ee711ab3cf1fb8edbd71ec381562e9b17cf291c46bf6027be78

SHA512
a697ac450c35056f12e6081a2769d5e382fd2062c34b56cdca30f09e38a42c95825bfe3d4abbab633ab1ee34e0d5fa8d202aee1c3c78ae8ad03be1d0beb54b81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e7c1d22646830fc9d0cb17b40e5b49e

SHA1
52c4fb285cc8fb833d5c80fcb8db215491783adf

SHA256
e22e9d2b98e2fe7dc37d76dbb8f3a5ba7551770f963e1b2410c6b10ebf1aecf4

SHA512
ad3121f539c810fa1048b14bc3eb632177dbdded72827bf54cff2e7f29d3dbb730a30d663973433ce52c559194a4d446d6f241b7e85c165e4850ebf98d182afb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
208487f1ab32c40cc0086cf7cc16ca27

SHA1
2aef7f23741ccff109a205a53ca13b313ef60a08

SHA256
c367d0fa377626960481e9d1ed2c309c6be5c8deefcbd977272d2c5adcdf5fae

SHA512
80149c0ae8129245a962b2a0f9402b865d8b8a75cf84b0addeb8ea329f0534adc8d5733117c593f8cbb8934e86e7b9cfed2ef54ede465a80d5860e3a692c49f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1475086d4168862057d09ff090bea2a

SHA1
8fe4a573338a5c371b2f0760623ebb82c86497a4

SHA256
1ac55c77b3b4016765d703632abbd7cefdafbe8b233274e1dbdedbe1059e38e6

SHA512
fb2d0e1e169f94b4947d256a00e0c4b3c233c5ec3d9fcf8f2bda61925ab4381a754fe9611e257637570a60b26ff10b76db2668e6152992c9200ec715fc3c7700

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c1e2da1f49978d959efd494a4b0bc974

SHA1
e06d10bf863a38236b974474b8c542fd271904b1

SHA256
def5d4a3b8c782f0ab78f9b560815823d280210ab0203e98b42385a386f2fd3f

SHA512
ce79ffd6508d8b65c4a3f736933488bd8e2fbc42900109745ac92832437eaae4ba350005fc40915545a53a56961251b2dc19c05d284e6f7894530d7ad49f3c2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD2EA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD2EB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit