6eb589b4c555a55007798caa61a1d48e3e7710007c975d39f5b78c8b12b61eeb

Analysis

max time kernel
138s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-10-2024 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

254046380d8360253fc364a6feb7d84f_JaffaCakes118.html
Size

27KB
MD5

254046380d8360253fc364a6feb7d84f
SHA1

27bbb608abaa8a066a21c79f7743824c9f41baf9
SHA256

6eb589b4c555a55007798caa61a1d48e3e7710007c975d39f5b78c8b12b61eeb
SHA512

713d52c3f5165d260ea4e35aa54f8557123b672d097f6a107c51f22d1ef81a42075b665cb0d13a21363e1ffc3ddaaa763665772bc2f6d7d8c7cb4600f057ac8f
SSDEEP

384:rg6Cy9c3zykgxoMkiSTgQe1Ov7Ng4D5nxbpHxDpLJvJzZvJb9hN/Lwar9Xlbd97P:rg6Cy9c3zykgxo5FgQe1iBwPvYlrwENx

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{08984581-85E6-11EF-9DE0-EE9D5ADBD8E3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434602718"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3020	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3020	iexplore.exe
3020	iexplore.exe
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE
3036	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 3036	3020	iexplore.exe	30
PID 3020 wrote to memory of 3036	3020	iexplore.exe	30
PID 3020 wrote to memory of 3036	3020	iexplore.exe	30
PID 3020 wrote to memory of 3036	3020	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\254046380d8360253fc364a6feb7d84f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5a0b434d26318719210403d38c6d9ca6

SHA1
c32f656ff0ad97fed1c3458efd1286ccd4efd6c1

SHA256
a54cae17e60bb9ff1a7f48fa84de6e35a8bc995126e764984d408acc00432909

SHA512
6c7f2039397cd6adb1294c935e325cbcd48653d3c1e8e889676e06f02d0b3be94c58ead691de09fbfd7ed9a36f895c18f29cb8c31c6697bbab07a6bf8c18192d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bad018b6797f534c963b095fcc778aa8

SHA1
78189425cbc06fb99f38b5f0c292fcb359c6230c

SHA256
bbe0871ceb03b0b9ad186739c942689c8251c2ee38b676bba6836f0aa3a74739

SHA512
87afef3b074a563664cd1705a01be5b258a4c79b8366afec649ab09455c0b66467d46b003c3fe1d504dbfa962d1303fb52a7a462d2a73d036279a3a026ffa30f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0916b45b6b55eddd0489df45f95604e2

SHA1
dd2181128771bbc1e5d8bc2becd7abda5b0c071a

SHA256
e67a5f327574e3df210384c0a7cf9b3421b779a93dcf9e5cc56752d7a65817b2

SHA512
610c003ae2a2a9b041c4441c66371d51db3bf1af1d963e581ba815b7d3adae8bb229e266f6a8d016f623f63471a8e9eb60587de05fd59512599055e50f770a35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
584f6eaf5c35caba34b8ab88f316d841

SHA1
df3b1d5088e4a44e48d6a66bd8e56ccd492af19b

SHA256
936000488abfd2aaa427352d536d59c8a4550cb37ad662fe536ef94c61e3c1e2

SHA512
2d3dca9a237e72cb90400b2f602025722f2e3aa51131de827f61e67dd1f1d09109c10e85479e69ba1b5cc9b11d7611df12464e1c51200ab6be780eed79efbb23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c96a812839b42433dccf769fb44a3f85

SHA1
864d3b44e449023edc495f819f8801ef0be93ec8

SHA256
f58d00a40d374519048bc9ec1163c8bf347abfe6066c630a4a9b911a949057ad

SHA512
4fe93103f27be08fe13f7989aff14571d8cfa4309c82828c036e97b686713c8a2b5bd6b98f774923011f5efbe9e003605c065f833d64757b324963855fbc2c95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a46cef484d7f2aa6cb61998dcdf1c5ce

SHA1
e91987bc405b95cd379037942a89fdfc11ce6c3e

SHA256
8c61db97e5b5a578fbbcabf08bdf4357c98b1cf805cbe126593ab2b80c384b5e

SHA512
ce420f53c094d2e9ff3cf89e22365e1aae5e7463d1226f11b13a8eb3680097d647fe759fb55f24e2cc36d996d3a64bd6777afa7b17294e0e4ad260fa6b7f4153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f20b2709b047a85bd915954cac8837b

SHA1
113faaf91e03738aa6408945d96fb94d49513998

SHA256
fc4f032a44c221442f703ef75c9f28fde71fcc1df72da5b473696be647d5492a

SHA512
dd2a80f11b133a8625e67c672050621a58b994d5f4de09d4b468b2267db1628b3f918c97dcc54d85e242b456ad3a361d3d5fa5c4d9b674e589f1d1f471902c1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db304f1cc3673a47bdeea3ab51fd6818

SHA1
e4d9b72a8cc7448182bb88a0a7fe51a6fd8e4498

SHA256
da6806fae830d4a320ee1c374d60d2265dc008ef263b39a09e4d98c60f63187e

SHA512
2b62ee61bb23a5bf507173c7992c313b63221379d86394b9f67329b7d362041f75db98af2f9bdec83f9e1e2ba0f4d4da31bed4232ad64b8151fb4154664adbfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5e914c85fb19d7eb8bfb1948c1c6a6a

SHA1
4e20536e905f5811f71903877b549e2a3b3c8a3b

SHA256
d1913c8ff4743bc0ce49a3073af1a9c82a47ad2eb1c10145e89fa64e97380bff

SHA512
d6af6bfb695a6a44a2082fd377b6ed0b4da34a57bc32db729876ffb4a47e253d621f95795246fd4fc96a8ece37cf10b3c6a59fb03af393752b25bc90a77d9081

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11b08393db065cfb7730b4bceb8c06f8

SHA1
7ac617e36333983dbfae00c8d9c93096897d4044

SHA256
d72a88e47f720fda93be3c9572af3d1ed204322c9fd64aa8a146f4dbb534bef7

SHA512
a3e86cec937ca7f84e2c4f374174140149d93c607bbdb58498726bbc38b6be071103e80588f2b554cbc3ec681c0bc322ca2bcbda05c9d70c52f5635e6e26aca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0a0236f9be5258a0ca91bd70fd0a333

SHA1
3d37e60d43c108bd157e33ef0079063450533f12

SHA256
94c1d53e51b2ad86f260a0179333942652d8a9195268338334c86ce9dcf8101a

SHA512
92e032f95bf3d6b5bfc8cb9011a88957bb7f2cbbc024446ceadcdf1a59b1f07fe3dc25660661bb06c60ec26a14e94cce14291bcf3a15d430796597e612c6ccf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2529014fbcd5f9dddbd2169343db33cc

SHA1
0505ddec82dd32f55fa732a6b54b5c0ade6ed7e6

SHA256
f7ff589de2e1284811672737a59571a57fd4ff938dd6cef4cde97a5e86e1a8dc

SHA512
196ffc88c6a350f2cc74dbd1aec79eedbf377a11f7f6bb15cc8095c27edf896fb044b866fee920b9b2ce8d8374f5391de1b0bf1eaeb0b41ace9e87fc297f1527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
fbf73c35cd6a8c05e65f2285f5071355

SHA1
8c23333ff12af5eb2549a3193b855852be44de62

SHA256
3e82f292f911dc33f2925c45d6da36238e98d2fc9eab13d1035f6a0176cc1f95

SHA512
4c4e8663a7940e2539a2b9f30ef7872b717e59205eaccd9dbbef30e3ed7bb80fedc6c19c2b730d51efe740cb00d8f16f1889e40295e24fb9c8897fdb91bda77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\cb=gapi[1].js

Filesize
66KB

MD5
aa012028297a26c039c37ab25a4bd17a

SHA1
25f23d01b5f580c00778e1c010225e5b8c73b66c

SHA256
55cd2316edf7159b623e4ec2c9e3a334027c01e2d1cc386f833ebcd35ed87b38

SHA512
d346eb082674fc26d562da9a12f36ad2cc7db1f1b35c891a8734284cf1bd052a967137c1281982070688b2bb2e06c7f4967d1c9397311a31a11a8560b9c45fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AS91FDNI\rpc_shindig_random[1].js

Filesize
14KB

MD5
ec0bde1b421dbb2f9de32fdb220daff2

SHA1
aa4273e506ed0a091e4b8177aaf75d9b2332f240

SHA256
e55ea0525dd518ad7afd157a24687cf658a9c2a4c627a7e2bf89830e23c39a1d

SHA512
84f1d9de515f7cacd66dade5e2fe49ca3fdf63501515e5cf0caf82e34afe07bf45351d2920e8bc2010ba52fcbb9ea96609fbed57079c4bd2406cfd527ee57e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKZ95V4R\2254111616-postmessagerelay[1].js

Filesize
10KB

MD5
c264799bac4a96a4cd63eb09f0476a74

SHA1
d8a1077bf625dac9611a37bfb4e6c0cd07978f4c

SHA256
17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d

SHA512
6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB695.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB6E6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit