2421ecc1319acefe4c741dd1d75d58f7aabe590d5de145f1fa9c03a0a33c2277

Analysis

max time kernel
132s
max time network
142s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d80383cf10226b586249ff4367a1e9e_JaffaCakes118.html
Size

69KB
MD5

2d80383cf10226b586249ff4367a1e9e
SHA1

7afe93c395ffe4afd2b63508468c521bca399e5b
SHA256

2421ecc1319acefe4c741dd1d75d58f7aabe590d5de145f1fa9c03a0a33c2277
SHA512

77710aba7c6447957b50355fa34fb589c272d9ddbc691b3caa85a59ee0344f9be7e25224b03948b2e379acb6b6e71e93f501d898881e3d6f8c8af5c1234093d8
SSDEEP

1536:S50Mck1ydhFXq/1HkNq/NRpZwiuSV/PkzYSrtj4h/d46JMdHGxJgTLUOQt1jr50W:SLcicHGxJgTLUOQt1jr50pef8nx0LaFY

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93F2DF71-8675-11EF-8B50-EA829B7A1C2A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434664370"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2548	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2548	iexplore.exe
2548	iexplore.exe
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2540	2548	iexplore.exe	30
PID 2548 wrote to memory of 2540	2548	iexplore.exe	30
PID 2548 wrote to memory of 2540	2548	iexplore.exe	30
PID 2548 wrote to memory of 2540	2548	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2d80383cf10226b586249ff4367a1e9e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
8e764c83c5b26e07ca68c02bb5f0b949

SHA1
de91ea19c8bb02e3af62cb1d54fa034f603da887

SHA256
69968d8eb9e83bcb2bb64dc07ba388441d86c5ea1e41bdf523d40f4045337175

SHA512
3814e145c5098c4bde5f3301de6cf9ee4427c8d544a0c64c0a08ffe5db65e817223c08e8ad2b9f94cbc424c54cc2b95f26c09fd8167999eb612e8306c49dd226

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0038b8ac6cae3f0971b5023b93fdc924

SHA1
fdedcadd98644d2b703e47eb3e3c1dacd17fbd84

SHA256
bb23242b718153a403fc92a32ab0c0e4ad97705baa16d2f7e63dfac839a1ff18

SHA512
545e37a2d81bb66741714ed2a172090833eb9e45adfb86f5fca24801befa09a1630191e2af13f2e6a0858a3008546453582235cfb18be91d62c921181fde86f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ac7a0260b2a939ec698e23822d6aac9

SHA1
e9eb39dfdfeae355c902914e6a3985ce04289074

SHA256
af0859d7a090a87d1e540d99c7d1756253410788dc9f16ad334a068c69752ede

SHA512
07a3df5d7855969d413f42504dfcf44d1e2e2a7dfd5ec6f770d9a1ac36cd6be9551c916c2935393b6eab6c50eefbf7129634bf8b0f8328de35c824926ac7d67b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fc9e967fcc8e624249cde21696b021b

SHA1
245d321d483fc88457c6fb2055bd96491afba8bd

SHA256
314584b41c36714edc069333330e81a4e3755390f2fe9edd85af9509755ac9cb

SHA512
c39f5fa2986e9e59770a2edd55b1d2a996e9c718e2b18ff29b21f2a7c13ae935af3aa4ac9dec91f5c9f171ce11fb8127245c4d4b2d6159a145cc2a0fe4dd4ee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67d29f6783bf7176fea6c8a02732056b

SHA1
66bbf6a818bed5a754d31a59f096e39e0384370d

SHA256
ea51e608832b23215f4ea061e61ba0a32fbe0eae3f2b11371f9df0bdec4e8110

SHA512
67e16360e0c0b6067499831043bc9dffbafe61a340b77f581b6481d48c2425c9328ef992130f999f29aa39134c302fd30d0712da3249840686b635a2d16dc5b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4d258dcec9a0e3b4619644b5bf25303

SHA1
964fb8fb08dddf76de32b8c203ced211528c92ec

SHA256
1265ee310d2b8af3ef7ff7af5933b0c02151ed79cf1119b0411a567c995ad036

SHA512
84fa03fcf424a8046e91f2807ec8b60276ce8dc9d83677634cc571904bc1747f6626e50c388bfb66f8f6917a08be25bc75730eff480236703a512e8852fd8630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d102d9dbbc38b224d5218338c68de860

SHA1
9f145119e67f009bb853c17d4ef5396c682e5d9f

SHA256
e555936a1dfb8ab5bfc6be11fe4c1f9853ab0d8e91cfd053af403ae06e8880e0

SHA512
8fe7cf51152c15a7dd6ef226c5f44dd7b93f6c71c4b6e461526428fd46d844b303d4ac8f07b56ff7f3cd345525e503542cdad31beeb248723df110544fad2066

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c242e5f0c7f0d0aeb2ec133aba0842d

SHA1
ccf097870387a52825f9d4a40465c1ec73c8bba7

SHA256
57f9f23508d862ea0a3ffdb62da4ee204c9ad0893c6037ff8d11351bf750caa4

SHA512
f64652ff2c85e3c0c52db8d0f742b3dfc57bca1c74ec9449820fcaec17862aec5d4cda14bc5f71f28a853b73f16a7f035309bb32d9a8df30cd8e0bf1f8fcb60d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72c536d060c41a9fab61d0f17ed49714

SHA1
cda10bd37700d7b07a77aefeec3a31456133ad20

SHA256
fed3cb213e8ced252de30d95ed42892abc82cd80736f35ba3a491f5674e44cce

SHA512
4faf0161ab84ffb7bb23d0f9ec0496612c086b5154cbf72b3457350caa5cfce0372ced60c4300c5950feacc28bfcfab3f3fa2941e6c8b2a121c86ffd5c02262b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50373ce4acbe378de1dfd53b4082ce77

SHA1
d6ae80017dd51070420b56620bcb85e48ff7f7b6

SHA256
a18b8748d149d67482df6f5a5fe8eda1bbd1105ad4597ad2acdca15c4b05b06a

SHA512
b3ee5d368386905a3c455d929fbb8eea08e3bdf9aba15017b82144c9cc7836ab58cdd4f040e3b8a8fd982e9ced16096fc0cb1c066bee16c3f23dcef6c559c43e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d697adcdce46eedecec12795b85c5035

SHA1
3a5008905234946244aee66bb57e85d07feb5630

SHA256
ab41bea5793d62f3147ffe71565bbd80e956f248ae193286d808cb5cab20b402

SHA512
f64567c7f5c279e29fa3267cb4bf7acf87768032e803a3a45bcf1c38650a1fb2af517d11602341b8085ad9e314bb7b6a6bad6ae3e6cc8f388537a8a1609688b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ee6a0a0a78e9203d5a2d08559a2ab19

SHA1
ddccb35562e83981b716f2241882ce7c0060342a

SHA256
8195e7f519c5ebdb7199c6eb7d1a4391dc2811e6b61b05e4c737e397766ad518

SHA512
fe27a3dd3d56b9a87830131e83fbff72f79a11bff322eec4227037e17fc38398b1537c22f2f7241fd2bb6a42b5cf46e85d50061db81914b1b393a87809e26478

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
43137e0090a9a20487db89fb3ba0976f

SHA1
3d0bac4952b6c6db61a767f9c7ed23d2d4782f60

SHA256
d0899f39af1fd613facc4538948e66724b755d4d73a98bbe9b8ada6db2fbd8a9

SHA512
938fa4394bc302f50a06f04893cde723fdaa794d900c56bd528e95e2178efc3379a05ce97a307d619063c2f6648fe5b90c93f5a8cb4f0e6a00f6bbb0b1c3abdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB32B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB35D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit