e001b1f47c1376efa1e253803c1998dec98b3077547ff82d2f6b0e85f6e0e3e1

Analysis

max time kernel
137s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1695671e4c2cfdf4b3570fb30759ce0f_JaffaCakes118.html
Size

214KB
MD5

1695671e4c2cfdf4b3570fb30759ce0f
SHA1

326ef9b41d76526931634af6dc36aedfd74b4f2b
SHA256

e001b1f47c1376efa1e253803c1998dec98b3077547ff82d2f6b0e85f6e0e3e1
SHA512

26771eec3d4c060ed15a1efd40b95e74766e4c89d468721fd4b34e5336258ff4f47ec606a22850c491865ff6182ce9e5264bc1952390003ae8e55088389a51d9
SSDEEP

3072:jrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJl:nz9VxLY7iAVLTBQJll

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{73BA46A1-82E5-11EF-94CC-EE9D5ADBD8E3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434272614"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1848	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1848	iexplore.exe
1848	iexplore.exe
1872	IEXPLORE.EXE
1872	IEXPLORE.EXE
1872	IEXPLORE.EXE
1872	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 1872	1848	iexplore.exe	30
PID 1848 wrote to memory of 1872	1848	iexplore.exe	30
PID 1848 wrote to memory of 1872	1848	iexplore.exe	30
PID 1848 wrote to memory of 1872	1848	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1695671e4c2cfdf4b3570fb30759ce0f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1848 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83fe2300e5c81a0b895bf97a26450506

SHA1
dc869ba9c352e45a3794788ca258004e41528997

SHA256
fba65eadbeb7249e3c118043412a0ae349f8986680cb7f6fc5f1c77229d5e432

SHA512
37abee3696fa9257b685903b115862726d57add011aea1721c14be0bf18b3f3bb9ce1abe0e63bde0a3e5ec7a2403856c405a4f8a8d7705d4697045e9c7a6ea3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9d50c92ba9641e84d43cfb0e1db9f6f

SHA1
baa2c4cf43a40054ef8eff63df8535fe6529d7b0

SHA256
44fa87e74a020825c439f589fc8c16e2adce6872bb291bc2c245c45109eaa64c

SHA512
afb4daef32defb3fa4a683b8e90766b6684034da3fdf2f404016e0aff6acd388dc84c081f9bb8dd32330484675713af200b727b588a8aeaf2bb23b84f5e2a982

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d370df2ed9e55796bad61753bca3ef54

SHA1
09a489a0f578334bbec6ea7593f8bcc92f1e0dec

SHA256
71ebf5843d5fa1f86ef4e61cc2853ce697201b4f0e63eae580900d485cc2b09b

SHA512
49e928075898d63967e81f34e5d7d18092ad782ab334c3dcc60093114b89c64c36b3e41a81966eb58a105e134d9811c126049d41caf18ec3696d17e499205c24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d85db30d18d6edcd1511c476370aa29f

SHA1
8de4485872894b9901c4e4091bb3ef79e249a94c

SHA256
9bf2f8be987fee623e9ac61aeae613de92dbd3f034bd1f033cf47f7425800ba5

SHA512
fa5a906e77dabb31f36dc7f21dca47735a98bb4e867677c721930b18cf877f591031695ff3fe12f5cf4fdbf8f4c2992e3416147b9bc9fb948f3833b734bfcc75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cabb56a776b7351842abe7521a3fc5d

SHA1
53c261f1bf95d0cf54f030317781fea31bdf997b

SHA256
d129ac66f7d35a02e85aac16bb85542b9504dcd974ce1a213799faff5d624894

SHA512
ca2aac8b3bbc9e0e6ac2d6a65c4f372fa4d559b91787ab53002b1f07bfe333f25448f01ce4a589b5aa65c1d1352ec7a86302d960d6bd55de9ac2f2b4fe014408

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b3aced32aaff95f53736b1181fa2df1

SHA1
99ed82fc9d30ff9f11218a2008592c30df30925e

SHA256
87ea302808f11b1fd21736d36123a7371beb918b23f4939997592ec34d18f4a5

SHA512
7e1f3f7e5820475e42f8008fe2a72e6c43c83a1b7d241c1107c75d6927e3a361638caeba5d3c371e1991a42730c4984ff88d46d0477204c81b9430a5eeb4c964

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
938d14b69d87dd6cbe0e99243baea60d

SHA1
96161541b55d26faa7cd99ecd0660628b2c17114

SHA256
07abfa498ab3032fb1fea3b89efca7e1e8a261dd8760b9bb48d7af375073f539

SHA512
09dcfb606b57196e0339dfb9cde836822e68955ecefa95c7ce24a8289c5324fa06212fe933081dc74c9778d4853cca5e22483e4fcced5deeebe99218d8fbfdba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c93fffb380e12c01b91ade9f740b0817

SHA1
54cb49d50c17d6feb3ba64f89ddd6a1829f8b71a

SHA256
e72a87de4add674c9ca45e299a647d1a227474f2dd58ed0271b2610b129002e9

SHA512
667ee8c3f8f0e1bef84cdce0ed7af58b385fda279ca8f0ed39c6084a99146564bdfc72e9197ede63636686c8877b54e21d00cc75c96c73e94bd7825253e932c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5053e53f2da032d2e55b21bd5883e3f

SHA1
15be2ee1f25775e5cdfec03534ca8e7290c180d0

SHA256
4c82aa0c49151c719ee6346550f4b6b35bb5d6d6641c34a7c9594d6ba25107be

SHA512
6ca9b08197b95f21314d271e6ca9220ccda1d2ac92c19929d73198ba4d21cb8f5c28c43fe59831874c9bb287c8599f3ff62c6679e99a44d8a48c6230bbf2cab8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6402c2d9ee2cd2dbd9a7a1370c0d0903

SHA1
d95b28535153ace1244efc22f7ab5dfffa082f0f

SHA256
3e98436a10aac3905f2ae8a9d2324eced1bc8a1c08f8ed1b60af407b444189bf

SHA512
38de41f48410be6959ae65441cc8a7ee6035e77d124dfac1a5a5e201babaa9405e3a8f54fb11679f13bea30d619d9bb89378b919dcc0c3d817386fd9a699246f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01d6f86714b66d9e2d9bf74948e7b13c

SHA1
e0c439cae74c768ee583c6d02262093145e146d4

SHA256
c645756d892de162307221e8c3f50b4cd43a9401ee35e197000fab16bc345732

SHA512
dfcd05edd8ae98e35e6c7a01568267ed78880d72bc8beefe99ed8bf141d40275146c8d4f387d9ea49870db8747976fa7672bdca072a43b0530579a58a05f95f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d075b5b9436c408bfeb7dc61490ea4cd

SHA1
2eedf726eb665bd48a8193a3df3670553c86be07

SHA256
8338baa95ffc5e78b03a58a5e795caea7ee7be4111f7bf3e9b25014ade470a04

SHA512
558580c3073e7dfcfa7f6fae40ad799e1ecde40fb3973ec3bfada908235e542a07b890adcc51bf9e3e2b48cba40134eccf68931390bac296d6b9ee122bcea1fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
142249c710a32a657325672c2ca5b1ca

SHA1
f327bfbcd22b7e47467d67f651dfd06f32a2ca33

SHA256
0c05cf55b5478c769a08bab5b86e9aa739cb5a00b8e1aaa7c36cbd2bc6981117

SHA512
62438f8cb52c1a8911948ef5cbd764a1e8a71bd4bbdf5845101dfe9ecc2a4d35d8484feffe28c5c2e52fdd25dc8530debff0f3d63be5664d5c9f08693fe28870

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7fd68978300887f11a0a17ed3d7e3cf

SHA1
f9688705b74e7bffe98e9d286272d156a9b0d1d0

SHA256
9c8b0ee60a12dba998cef99788c908699fb9a850942b2987788f4e900295f17f

SHA512
0521ffd93d4cf011a0867ad8342e4d350d448b23c93de9e4cf9b3a486eb3baeed83a0d02e0bde3048d8ea8d88c80e461fcf3bee760c7e2f284f6ebab9231eb85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2907dcd23b98113959dc61d36e36034a

SHA1
06b771b3950c3b425b4f33d78c2beb014535fe1e

SHA256
e435c608d4204727cedf33a3962df4393b0f9606615717c7ccba79c95b7d649d

SHA512
dbd9bf911c2d4cb57b6162be5443019e1cf744a90a88b9974c2bf68ad072019776eb35d7d7efe0e524f984997fbeefded6ee38f27bcc3400366016055f877690

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12df9b64bbf319979354ed602cf26853

SHA1
c00456eb912f2a6dc6573974ee567e848f610001

SHA256
c8a22cefa543b919bad307ba0477597f74fc0ffc24db0bfd898bb7538f19aad8

SHA512
0cc29bec2245ea2d1ddb2634d39a7929959759ff9736c5c5bbe31a0ac0cba625ef99731acb824dd4867d29d91a94d8d25277b317394d1c952ead70e8fc2cce88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84b3c04be976a3b314de2200b77b2559

SHA1
d9760dc2f13aa04d64ce24b26270ebfd2bdbc2e4

SHA256
51003ef94cddb25863109774c354a0a62e7c801b7970a0ee4896e8e438df2b24

SHA512
7605f600c26432fc8f1c603d5070287922b7d39508b034ea6041b271697d8c96361276b361b77d57e9848448188124dc2d803f9225a2183659f8457d35af3060

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22061c053ed1a960fc0d185084d14de3

SHA1
e72b4587fcde125da2e702ccbc0d9b4175f1de1f

SHA256
ed91adb268fb74be3d8429ec86d6663a1ad23f4fc1efa278c230a443c2e70603

SHA512
87d25308e19ea32840e8ff01b31363c3d7d808df4e1575b01e4e7fd9d2402cd0f0ac88c62486a345ce404e75f06ee01b6aba7bff96b231144da754a822c60d52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f60b613bb649a814b2060e35aee5fa2f

SHA1
a86fe23ea78c043aa0341e95827a7ea9410b38e6

SHA256
5fe51cdecb3e373139228417701deda5947193e502ad6dbe2c99f8d72fe369f7

SHA512
ad06800fdffede5ce2936bb37f90962d1cdeb75a47792addac48014fdbac10cdcc579d1f4bde2c073b4da704920f24f2d8087f536496b1eaad3b933359edd183

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCE87.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCF07.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit