a96ea1c03cba345beaea29e83824ba25079eb2f2fa43cd7f077ebf0de861c3c4

Analysis

max time kernel
135s
max time network
136s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

145588ffe37bf7752d3384beb85644ea_JaffaCakes118.html
Size

26KB
MD5

145588ffe37bf7752d3384beb85644ea
SHA1

e98574fcbf23b693ed6a5d8b950e6383529ae6b6
SHA256

a96ea1c03cba345beaea29e83824ba25079eb2f2fa43cd7f077ebf0de861c3c4
SHA512

36879b4f7c258859bd4c9c08fc5063ebcc5db5870c166cf970bf02e451e0ed1ee4de183f3b8420d10ea598bc2806cec51c65b8758b6a86895428170f92913342
SSDEEP

384:DyKlIcctG4EgGTHq/xpIqta9sYTGXYegAh77sq/gRPsw8guLZ:7wPYegug5kxLZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{59952E11-8278-11EF-AD2E-6E295C7D81A3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434225756"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2424	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2424	iexplore.exe
2424	iexplore.exe
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE
2412	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 2412	2424	iexplore.exe	30
PID 2424 wrote to memory of 2412	2424	iexplore.exe	30
PID 2424 wrote to memory of 2412	2424	iexplore.exe	30
PID 2424 wrote to memory of 2412	2424	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\145588ffe37bf7752d3384beb85644ea_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae805653703965e00aea78dd75d27107

SHA1
92d6ca1fa559b7b1689097882940ec6413239bda

SHA256
58d312ef996b331d68be92e769f1152cc5aa62d9374e32228ce8a304e675fc7f

SHA512
67884c5d6416d9c88a17c1ae736a15ee9ddc1dc26f025a1526a9cf62d7d005cd3ec8fd9c511641efb892f1d1b737819c8d14961056646e2636d4ab2cc4d03107

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ceae3b20092ab8408df77be525c2e206

SHA1
bdf804ffa4d258cf3577e195e2fd5a627474377a

SHA256
2bca7b7bdfe105b8ff7bff5fbfa811443876895fbf95be13f8b02e18aa928a65

SHA512
85b17b47e177181ee5d13f85f144fd5b0f1bef3d35fed148ca9aa43b2eb1238ff1fee9813d896d2aa7d49887027e41e38eb4de5afd97c2c4b1f6146bf55fdd4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffce708f3540d7471e484656de2b6c18

SHA1
6b16832f98a8173a240305c56e8907a9b77838d6

SHA256
219cfa5eac43a96c0b3e42798fdc830875a9604c0fea047cf47705ff6ee922b9

SHA512
669e52b496b07b39c1fceaac9c89ee41975bcb31f0a85b62255c29b1f121812cd96656c3780703c2d8c8c1bdabbf699343984030c419368fe81ac5fdbaa6c78e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
945dcc627d4d173e6f2474da0fc10637

SHA1
083341784284a3a00573d10f6d4f431d7d05901b

SHA256
7e0ff7ac253c6cdecc04bca0711f20c51cd67bc4cf86f5268480aacf66cec6e6

SHA512
e24cd23299f9c08a553e33b658ef11abe66380fa2f73a111f6a3cbc3ddd2ec25eb760e6b2b80cc31e8dad10a88758c49e11b672ebb954d96ab64f91d7935c9ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1796a70bcffbede0a3eae20d97b18824

SHA1
b143b28a389ce2e992ee69b5bd8623ce2f7ad6c2

SHA256
79bab561678a6990420a0266f6dec650e05539b887953bc135ce74a761d8fd06

SHA512
36affe5e28f95394aa4f4d3f05c8469e1faaa4c2ab881b7630554cab95ec56dc5af2aac736a8e5a878abe0345e37ccb90d8c3879496a830bc923372a642af159

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67f08feab048c427dadb3846b96a2ffb

SHA1
fda68a34a38acce38d8761c1f514122811b841ac

SHA256
d99b7f895791c2a80514e7fc9cdfc1eca924c47c5276fb052967f1ab5dbae0be

SHA512
4fb80fe9b2ce607a7cc030a0b9b51efd226b816329f21cd9ae7cabaaff8f5b9dac511990ad682e020cebc588ff6525aaad17717c0dff1dc42dc326cb49cc6220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14d930c05f96cdcf67d75df608b4d675

SHA1
7ad72455f0af9eda2987192f866a1e3f9a1a21c2

SHA256
505fcff4be38a51a612dcb3116ed5fbfe42050dc37b68390bde8d8329b5945e3

SHA512
9af4abd994f8d0bb4c4e1eb9e59fd547c330877601349263d86385501a4ec7247394a1a21ebca4b678c8af220866e691733cdb13d51f1b0c20b69312824c61c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
081ab7315b738e3ce12bf7ebd6ebcef3

SHA1
f52c4016d576e616fa530e9e9d4b9a12cd13da97

SHA256
65077e5b86ab90ac7a7a72893eb56f98b4a04f1a87b77d24fc85ceef19a3f0a3

SHA512
769671bd80479e9327360d265b441c66f67fb9a45a7461e143cd14b68612451531172a020f6881157125b422b4fd9ec37b3dba82c73701fbd6cb76e77454c3be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6dbf3d76c82bf380f9f8ad22e35828a2

SHA1
38ff6d3e188ce378aee6965100b4a7e90b70a3aa

SHA256
cee3e001cf381d1c7fc2dc0a17aa054cf4fbaf00a285d66f7050fa1c8653c5ec

SHA512
7ebd90e63af6532a2e5a611d797269ae09f7da1f103f123a0cbfcbb76c4a5c8eabb973e85efc16d0fba5202a09e41c1a5e2b76ab115bad6e0160adbe4c7c9e86

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC3FC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC48C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit