7d930d9d1c4f04c69702e166e3178c91d218b2fd464a1066dcf0da00994c14ec

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 08:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3ee16ea7c736eda2eeeb29cc8c875d93_JaffaCakes118.html
Size

20KB
MD5

3ee16ea7c736eda2eeeb29cc8c875d93
SHA1

0205826806102b4af4b2639ebfe3db27ad12670b
SHA256

7d930d9d1c4f04c69702e166e3178c91d218b2fd464a1066dcf0da00994c14ec
SHA512

29c7ccf598014088c909d4bfe75905d11eee158f78e680aaf9a37f862fe05c3f8af918b1c387cd4ea88dc0e20ea4fd684a9b5e0cc7041e54ec40fae889529518
SSDEEP

384:Ou6CKJVo0lNW3g9e+KNRr9DE2EiITHyxhgSRsI8L:SlPIZhML

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434970940"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5E7EA5F1-893F-11EF-BFD6-6E295C7D81A3} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2652	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2652	iexplore.exe
2652	iexplore.exe
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2760	2652	iexplore.exe	30
PID 2652 wrote to memory of 2760	2652	iexplore.exe	30
PID 2652 wrote to memory of 2760	2652	iexplore.exe	30
PID 2652 wrote to memory of 2760	2652	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3ee16ea7c736eda2eeeb29cc8c875d93_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
badeca0896c59031b4e8f2feed3faa83

SHA1
edab496f9907f60a68d3a33eefeddeb28e1d0cd3

SHA256
bcb522b60d31f5b7d19f4083d38ec5c16e2ec165a9d6f0257ac241dd223d2761

SHA512
fa31b02323e03784443577757183efe24b59b16fa30370396df5a545ade16f901b78d23ea6f93042006821b592df740bdc23ce8d79d124057f0b3a3f67099c5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86886a4969b0b7b859bb1d66e91cc294

SHA1
e5f22ebedcba29856206698f4461f1d7d5b44209

SHA256
ac34398c2d67735229830aa0eb441b1bc1ae3b7ac40750b186af02bb3aa6853a

SHA512
3f941ca416b5eff37835e13792cb52eddd0264dfd0578e7c8107c2b790820b73618f4a8d0fc7d648871efdb0000a720ab71ddb30e26b6608505b6d30a81ba1af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
914b96f98ad85f5e70b9c595b1d85130

SHA1
7a7465a0839b0224fb1402355d783d1efa79ae1f

SHA256
1af5c10a7aac83c3a6eab4f30dcd73722f10087151714a127e87716cc9d5adce

SHA512
7c3d054a958e28b41d89137175d31ee91f8016acb3b842bb60a945e73043fc45d944b616485e34d3453ba9975e5d79cfc029ac250a55bbd04741fdb12ed5ca09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50151009309755473870264b3c7d9e29

SHA1
705ae772f7d1e690a39fa73b1c1697900d763790

SHA256
700b20b821b51cc003649bab86f217b4bc62e0977cdd1e6072a151718f0e0088

SHA512
f88c2bd8ded2e546f3f51f1e9a81f70e02db01e052cfaa40102500aa177751c96140be2fe2eb662c9537d9f2edb060811fabe8e0ee82357fbd779858defece2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
958b94d1b8023bc3a07e3f5f82fc6ce7

SHA1
2f0749300aeeb45ea32708f50f9b94de569b2fbe

SHA256
171e353a677d4bba7d86a0a71cc60d866ac16838bf591c4e00699a33ed3f46c6

SHA512
fab8a1fd8e0dd0de93c214b4b3d76b0e0351d0787efb61f43013bfc60227dce2f2e2c3b7f1b3c9cd407b4d209df72e0d292fae38973f40c7dd4ba8c7f1ca4c17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d5b496aa03e0c783114ed8200a7302c

SHA1
df20ba7e088b32a887e9c52dc4c0240e8cbb095f

SHA256
3912777dc5e1e72464bfcbe1b6001fdc497d88b49cedbf98e19b791322de53f4

SHA512
cd6ffd5fcd674a517fc35883004eddedd18f69c1babd59b60b4c934a21c48ea0161a50c441425fc58b8ac82c2ca6c887d5ec3b2f5df4e63d67ca474189f65a90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf92546b9c3d45ef8a88c834587f619c

SHA1
30881c41c9146a24f1ac45352b4eb29646e63381

SHA256
aa9c65a5aaac15fd54b2afd67c0ed8fb50ec968c7e016ca88bbbf89b4c7027fd

SHA512
8efc92255f9ed54e618bd6bc19e3dadfee462ea30d77a716bd65b53a7acd184f57ca4490b97315850b523921eef58c398e80f1fbe5c985e44594895c403b2034

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef4ffd397412dee1ac0d8f66a8dae979

SHA1
691ac62a1731c25e512344c752d0256b9b022392

SHA256
ed0b3faeac41b18d946dee43d8023ef7174867da8f0d1b28bb81c73ba258a70e

SHA512
d5ee50c5ff1172b299f67242d18df6cf12e2069d60677b360aa4c56f5c678e76edead6b20580d55077d6a4fd5a0dcb60102f82782205a2a319b2dcf35c24bf53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06e87a36a1cb2685a9f0a5cf08acea99

SHA1
cc36815b9ca17918d9ce9b31684964d6b0d6227d

SHA256
5b8ac08e90b8671f75362fcfaf15e268f35d137850d14c7eaf0b2a1b98e533fe

SHA512
f82e5118eff8401cdc34c174575f2f98d056fc26f00ee61c61a4bb7d9138c55390047a1875eb6e00a2346741467108de96a97bb0bb3c8ca391ce0d1c69f4dd3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32ac277b2a7bc6ab82cc5cca3a15bb20

SHA1
858266c6a7ce0efc76f688879ed626271cb0bb6d

SHA256
36d578eaf725e3dde375d9db5ce3e32f48f5d0f9b2cf78f8956a3ad419e49bc3

SHA512
dd4e1dfb5c24c80a8e664192620c4cd2d6e8ad400134473395ed9ca4f29041bc1cdfa385de38ebfe7f944a899dd8e35c6cd0cf2afc6b9590016f1a7464ed4f53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ea3981f3052c24b06c8c89cf21efa48

SHA1
57f82ce5fd87610f6d471fa78a896cf84963e397

SHA256
cb2d16ecdd81525b66b86cfa42feea4457a64a77f8392c8266236e00a9506b54

SHA512
44dad26e1d603ec7727a1577fac8de34b2f8775ab7b5f0e3c86e734edd0708b6dc18b238994af4d30210722eb2f753baaf8b76b78c6acef10e7a7dee0bae573e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
efe6d54c107b02dc1b4b9517748ba54b

SHA1
994df6564576a9543be51f939357dd1b5acf3f6a

SHA256
fb786adcd2e57ffa1216337ae87a7400d06b95def244fcbf36f006277c3d54aa

SHA512
7a71ce431530fc2bf36d9a5d6bee1287ff0cb8bedd2bbef989b25e855d95213131e46832788d0d2b7149ecb4c92320da2761c6f6c328ce1af76d769b220697cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1DCD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1DD0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit