9072a3fab066c7f77d89c1228ad01b79b83e6ae9400e6645cb1d6d9163bcbb31

Analysis

max time kernel
133s
max time network
142s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/10/2024, 20:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

36b55ec501266c2e05588374dfdc8f97_JaffaCakes118.html
Size

162KB
MD5

36b55ec501266c2e05588374dfdc8f97
SHA1

2ca37a2117ff92cc1c7c4d004082f32b04db7852
SHA256

9072a3fab066c7f77d89c1228ad01b79b83e6ae9400e6645cb1d6d9163bcbb31
SHA512

ef3fcecd5f49128e3bcf1f81932324c19bd98cbf966d13ce5150b16c6486a24fa48884f6a169e31b6bd8dc9b0b3597f745c5eacd9f6207ba5653d6cc65693eb4
SSDEEP

1536:DLpTBpGqxrSchb1PpbYfS19FPOZ76Jtsie95aS5wqP3UxPE6NmyXZLy66SRBx2BB:5TxjOC9FWQeUqPYTmyJLUT

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{47D56661-8811-11EF-85C5-7E918DD97D05} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434841195"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2364	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2364	iexplore.exe
2364	iexplore.exe
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2984	2364	iexplore.exe	31
PID 2364 wrote to memory of 2984	2364	iexplore.exe	31
PID 2364 wrote to memory of 2984	2364	iexplore.exe	31
PID 2364 wrote to memory of 2984	2364	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\36b55ec501266c2e05588374dfdc8f97_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ccd4a02d298f6d96e857f1c00df3d33a

SHA1
1ee22bc766ca0e62ee639db346db5e474d929c51

SHA256
b2431a461801dc29e11d6aebb9f36b94b03e525100f6fca0d546335301f10617

SHA512
9b355d0c44800c2d20f5ba06fe1c5e3d16da4882a3854dd982fdd4141814b7f3cbdd75fa1bc060bec86186a689a403c3ceb161d3a2ecef822e181d5608c8a382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fbf01016b3176fd583dfc42cfbfce7a

SHA1
531c5612f06bf36d3448d1c3e1e6eb17bb05831a

SHA256
0e8722ce0c6d59ab3524de43987abb9a6238be95410d1aa95ec78322cc0a4ee4

SHA512
de76e4272a9beb5abf26c97c28a1c0939065ddea08bece75a44aed0e68e966991817c9188d5d022b09ea7bb0065f41d7db1c16eb6c2387da775bb7bbfc1c0ab6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ad01e7befa90f0fe16319b58dd05c05

SHA1
d9bcde4d8690a34f399cc04c14008f9563003923

SHA256
ed650ed82e0122b1164e87ce2c2bcd298ebfc52d77352a2cc8fe2453020f47d9

SHA512
1f209d5f71ca1e016a3ad9f128c78d05ced0d16983c98abb2af801c4bee4496345740f1c148901c30c1a8cd83eb9f2a6e0c66431f01754906ced6621b3fdeee2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd0abc526a917e733740fa38988d9f12

SHA1
aaad4f822b3595d151615b60aa57f30c5e0f35cf

SHA256
44a59ab8b4f2813e4c0301c6eb3b5903a3cccd5af6e2e885c9f645887282032a

SHA512
2ad92e796aeb2f6d00debf6ccabaf4887e9ba010424f302e4ade2db7e0ef4458989551554c39a50c00e085dea050d0746329eb27a23a96621057614086abf5eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83a0ed05fa4034a7b911722f55813279

SHA1
9bffb70dce170062d2e0ae48f7434457c68aed2d

SHA256
71d6129acc4f430d6877295e62ea12ad78f678f15b518614258188164bf42336

SHA512
9e8fec72c90bb378a992dd3cd5df8ccb042226924337b7b790c6cea9d2223ef2aa784287a6e00290a4af40c9b075c38b0c86b19168fad0dc8285989e0416524f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfa71f0f97e6676cae1a30019d78bdc7

SHA1
57ffa24cc316aefe9baf7f8692363c27af7cd9eb

SHA256
c61fcfb52cc041a857ec1f7e5ddfedfb8d3cbef6aff66ccc933a8e0b5150f69d

SHA512
268bc07f45bbfa2b8b9bf8702e01c72b46bc2a1a2f48a126e22792d8062c614b47f538e00e8974b54ca1d5927a0452e5a87d1fa1e7b4b3616ece9b209fbc1ad8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6a0fbe1fc3780c8d811b99eac836b9b

SHA1
0b672cd35bf61363e89bd069b27ca9bc6b8b54b0

SHA256
c3536d47d2428210da1ff3aeb582c53ba359e8e21b429941dd98c144c629e7bb

SHA512
b52eb7d9a7bbb5482215cd6d57c60ee3a1e4fdbb0359cc41176bb4574725cbf627dc09ad82cb920e40ba10f37588c0e0a9ef9fe287753f6a81af18ce803a757b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65da1ed28e6e5a9742c7eb4a67a331dd

SHA1
ec5aebfc09f195f53ef24ec5a12394a38d4b9cae

SHA256
ae7c26397ec37ecccb94e809c26eaec5fe611df51f1f8beb956df7c7507b9fd6

SHA512
85d3ee3327adba2bb6437241414ed23f54cb3d04b8c198db06a503354c96e2b9639f53f3b60c49ed7b46ebe7a63b33b8b6c91eb1b21241d5500422e855b5f9b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6906f3043f384235af2443f37c4ad22c

SHA1
0a9810099b8418004d359d3104c3fb876d537728

SHA256
66906eeb0f215c0fd2b49255fa04e054df2aec6d9aee141a3fc004c794d68bd1

SHA512
4218557c0d4a540f51d14ba0800969a2032e6d9c08656322df1b937174a170c66ab4c1641bc8b9d25f2ca1bdcf7f20acb87fe1022651e1dbe77ad527c642a758

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
891168696a91aa479baeae87ec3ce892

SHA1
cbec11f2ae0351132c8c48c650f15ced32669525

SHA256
28a8c676baaa1d55f52ce98eccea4929fd586836b06384b6ae370aaa79229cbf

SHA512
bf1bdc11d6bf905b062db1305255ce2b86b0460fcd9dc1b13628ea70d67d7d52ec74b3c59f1d662b7e78ce873cd8fab06c7269939d60030cce7587159ed0d4db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7a786e55cbd6c7445d6f0338ea1ad0b

SHA1
cb93bbdd06020c256f99c408936fe5fdd4a00fde

SHA256
bf820595072471c0640ec2d6bb6ca91b1017433be0e63f25680652e9fee4899d

SHA512
03d175dc7eb166c82a380c252db0485b146ffb27e1f65f036b7efbcaf2da704edb36f09e4430d548c8209ec17ddac2d27059b467a20057ca0439f1523412fa15

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9adbc06b03c2b336046d8f6c6c952979

SHA1
b7cb59fda430e0ce478f8ac046759bda66ed6584

SHA256
24544af40a0dfe11b155b1130df2f09e0fa68e32055ad937f31da04f1b46fbc3

SHA512
46e68de18e1015f7e1531c47f7fbde541c6ac464d8f8c4fd798e8fe41db6cd091d502785e643cebf1248b521b670725ddda88adec9134b4ee1968a08959c4483

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C31B2498754E340573F1336DE607D619

Filesize
400B

MD5
94629747771e1f953a00437d6fea792e

SHA1
bb2a2e15be0dda4d6dfac0d157bb2aa6d70b5107

SHA256
0e8a275bbe024894827f0a2a2e237dec25883fb1954d044c73d9eed40ad78796

SHA512
6459e2a15914f5bcf489f24aa79a8c1925526bc6bb85c12553abd9f67d312f5a9ea31d4a0615785580fd808b9a37a9e220b7684fc0006ae382098c5d4e41b07c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
90fc6ea028108a5a90b984b8c5413a3d

SHA1
8a4264646f3dcc51d55c70c9e787f800faace3a3

SHA256
3cf753abfc3a818d9eae5d60a4e417cf0d707d425118401c3529a46e67d9e51d

SHA512
5cbfb16fde359a2075430b14735d7d234060f5c155745144e46e67915f654a2de5065536bd2fbe4d610f7ac4be8b52661eb77f98b2406fbb88e6164a9c18915e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDB82.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDB85.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit