64b1fd13b554dc8f76d110ce1764c76aea24399d5204ac677f293d46e2343368

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-10-2024 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46234d89d4b471fa90cc89c4c56a4514_JaffaCakes118.html
Size

143KB
MD5

46234d89d4b471fa90cc89c4c56a4514
SHA1

ca89510674b840c56cf7aad658a3f3f637cbeb41
SHA256

64b1fd13b554dc8f76d110ce1764c76aea24399d5204ac677f293d46e2343368
SHA512

06f5a2c817d7841f2667b6409181d5d2bb2c157ddb8cbf5ed5975ecba23a023d8b9f96f60281babe989ccc701253d6d86446cf291b7c70627dbf214ff209095a
SSDEEP

3072:SBXsHbc3Q1GWVkxnBWXjhVzS2yPGhD3K4ZdEGbhrqm29IzX5HOQEBHo+p2DpTVEb:SBXsHbc3Q1GWVkxnBWXjhVzS2yPGhD3c

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435133165"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1383EAD1-8AB9-11EF-B8EC-E699F793024F} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2628	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2628	iexplore.exe
2628	iexplore.exe
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE
2652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 2652	2628	iexplore.exe	31
PID 2628 wrote to memory of 2652	2628	iexplore.exe	31
PID 2628 wrote to memory of 2652	2628	iexplore.exe	31
PID 2628 wrote to memory of 2652	2628	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\46234d89d4b471fa90cc89c4c56a4514_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffcaa58fc48c74be30483631fc23c3a6

SHA1
cc2a3202b010a5bc06ddb1d98720b29fb9a4504c

SHA256
17b095a9c449354a160c0323b77b87b0c3a6d07a887eec026bc89c5fad3c13f4

SHA512
31f8559c4f8f1fc74b3ea7d4c48eb00f6c4854988cd22261252dbab5335e080e4ef6bccce85e0c05802f26dd99b815930e8625247c7d99e3dfea98fa447468e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecf07f19facc14ef531fa70a1ab9a938

SHA1
c1be39af2f6cfe9d7e7a00eaf13c4e598ff9b4c9

SHA256
637993a17c07ce16064af820d8891196b0bb1a1efd625a62b3de4890df6e8edc

SHA512
acdd7c143bfaaab370d79f194882a887e96fd6750ab9a0f955c122c6677d356bd4c4c42758dc402e16a213d177cf0f87172355f88a0ea920f5d8205929f594ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c66aaec53978b697a35a57e2185b23e6

SHA1
c79b56198f19d513ce264f70413fd7dbb7643f38

SHA256
494362b1250e4d4d46646b66194b4b21fabd4b971e965a6dee6af1a7769dd76c

SHA512
a3346534b3ada5e121b2872de1aad9c2a059ddbbff2fbe11f75804debb66d4dda3baffda03804b3a69bb084cbc6d728e41305226c19bd422c2c4e071f688c361

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdee905b432e7d9979b72aae96374502

SHA1
8e75968d674fd4bd5ff5a6dad571c1823a25ac27

SHA256
cba7319e95c4c25f647dd228aea5f4ca88102bded61d5bb7677bd65b6cc7d820

SHA512
1bc3766d5aa2bcbf86a31a99f9c3438c3a705634d4f27868507c913ece82a98f814c505ff1012abb7b392dfe27eaf9cffcb30d102fa46004fa9f25f973825083

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8979db54354881b2bbb02eca0353a00

SHA1
1f10e202b85f4e7ba1529018eefb57e6f5572596

SHA256
cbd9fe446e1438ee34f95938a05159e62ec693fb40a4a09aef046241d50a8603

SHA512
4a11b03dd0703751685f9dedceec39202c70c4281f109bf66cf64604fdd20d66b3e169d7de66597035e1b13b342a974b7f3fffaaa20b89a4d954fb1f45021284

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
372a3e14c3db04b855220cb3d246f0f2

SHA1
25faabbb289cd80f95cc03ae09d33dc48286ab2e

SHA256
290c1e2492ec8bf139b2c1d258246b1989d3f85984e555f104da9ac3c0b0e949

SHA512
766734c4396a861018a7adedec6b795ec7f043347a8cd0d7fe5b6080e0fcb81bc8707e0f0b2721f61c19fde324336f46a3ec05f0a3907eafe1f282d34d18395d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0797c52ac1c17ddbe00ca2b036730f39

SHA1
497390cfc0b1e670926b368717ffad19087f8e20

SHA256
5a0eff7eb94349d6f13374460750f5b60d92e36b6055dcef2a0bf2f16b9b89fb

SHA512
28548ae1e7f946f9ebfbc49f90b81123cd1369d32359f951edeed30ff0f2d881cda51c9d48df6787ae5a55e54bf0c484ed4422a6c4b0eb58d7c24588b5cc332e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbc738abdc30cb52fc1b3b3f80e6576f

SHA1
e44aa03ee3589d773607580e5ddfea5a8c5a4671

SHA256
8c194be3afa64c9911ce761199b1637ba4592a59d67630c1e1c51260c966510c

SHA512
46b2409899761beb9865db2b76059a1a45ebe6b6d8e0be61436255a14916827720bd35268afb2aacebde3b61f7f05ae5fcc1d776b7b8d3b5987cfe2ee36068e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf3bd607188ebeca123ccaf4b070d015

SHA1
fbdf631c3a15e8a447cb27eb075f1f3dae30dbdc

SHA256
537d16368579fc8c170b9e26bbe2ff140afd10f13469c0fb9009426cc1164751

SHA512
1bfb5aa75d585c76f0a94714a3756dc7212a03b0051212245aed97defa878d3aa364ee6c8234fc40aae81d63e0d1388a33a9053cc44d016fbccd804f2ea8150a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
973215985e943d6efdd4eff5ce2ca546

SHA1
72a9a5163432bf1aa98b0fcb586f8e28feb53e1e

SHA256
202990895c54366b19e125dbb645f0418fe9b7ada0ab3a87ec003c1b953c275f

SHA512
1c7affcb04f2d5bc620c71ec02f53fc93ae1cc27ff668463d38bc8b2c28646f672ab50edc654f18ad92f263cf083324cb1e5b108568526bc53eabe00658e961d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce71874b0cdcd0a08ecfffd7670be7fe

SHA1
b28b4709fda602fa5bda3c92c262ab4ccd638115

SHA256
df55c724f8ac9df20af8541107a671f5b34ac8cd2479244eb833e98733f529da

SHA512
2888bfd0158a79fbf2a63a33e1f05b649c58f8619e23bfcee23ace30cbbfebfde671779b236d3316e650b1bdc6e9987892d5c3dbcfa6455d179f16f82d59e8f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ffde4233a00272151384ce30aa3ab36

SHA1
882e3b78b47d203270860ccdabd1e1f50bc81fe9

SHA256
aaa90c733cce1f603e1f8d9b01f1a48e5f455a2ee9d6b63f6c9ef1516b2264d6

SHA512
d4a3bd09aaf36a05ced456032aac56430724f5a25b9ee086dd37f01a0659ccbd6ae671cc676969edea0dae3b581c8da462771deaf0b3006617cf97227aa0f898

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f93c4f6e584016396e17baa969a11525

SHA1
337ebfd96daa70dbf56ac4ef0e7109328ea54ac0

SHA256
1bf48fa14ed42418d45f73edf415fe1731747b9cd38d01cf9271558e89ac481c

SHA512
191005c7f0127231bbc2ab3016f7665df7ba6f0722315d7ab5c6a6b9017cb4e220781b1335b6287d7e606125ab3616f30e4dbf0af9f72edfc821aa7747bf06bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
934ab18ba4e5c829a43ffa7b96d5303e

SHA1
aeb938fc1d45bc8e4c4cbf22074dec490d211320

SHA256
53aac30efdc7a8a1785be49aafb0d63978f0c9f4714b4aa897d397f8965da27c

SHA512
17f5ed362676a936650457b59ee370b1290d92342727108a70045cf0c5bb6e0dc9cbf9ea128abab9689d3b22322ec67e5244739a3a5a0220fbad461c2c37fa6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a45155c1adec3ce9e7c8f08b1f34e86e

SHA1
a6525deebee678aa412500d16be2f91b1354b69c

SHA256
0686181323f2726c54d2278e55d735d7e5eb23a723a71bd1d2802e610d6b36f2

SHA512
503f2e48d4c245679f696a35a52a133ac4f8892ac6cebd0b96782f0e43bafffbb417548eeb57558e6b5df46f2260b38b500d56695a7286931ef88c3a13d83cb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b887de5f1b7142d0c08c9e64202678bc

SHA1
d213ce0d37cf9ecd03ead99bb8533ac6b442dd1e

SHA256
c0fbd1f37c952b566fc8c6270e877a4a8bd3e710598903b65b889285902de7eb

SHA512
8a7090f5d0933975a726139fb6a1feb273305963caee223e495b8a72feb660e19928a0ec07163b6d8666a18414b39f2bfb063ccde6fed146a28c233a55bc3be2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f079145937a5c935a0136f010d1cb598

SHA1
004c57f697428f84f9aa6b97157bb2d39cce12a3

SHA256
6e26c27f60131e53f1432185f569dc3746e0d2ea7326bc548b38e881d8e3e09b

SHA512
ab84f594c7a085c8cce2fa7f10b205e94e0460f88842202026aded96fd6ba022bbcb6258d3b8ee3287369bb2e01036bb582be145c1dd9473704aba2d7707bfd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
adf9de9ffe45eab03c4092d177723d15

SHA1
7244772c264c4126c006fe7b690f87590a8c8a4e

SHA256
6b1f535de05be71ddba27fb8cfa192dd6851706440cd7e04925e903629bc37e4

SHA512
02ec8db4e3b5f93b732da54aa9e4eb58bf62a31a82b99042a190cd3483f518e277317b46832a0e67909e1eb9af799cb070210720440a1425b0791c9acadaeb31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
879e4145489f7788c02bf82bf18e8e58

SHA1
73f87c12928bb651bcb51780a5a00157b0560564

SHA256
dc48a052cd291dcf25e72168b3a185b15a6ec385615301924bfa290fca39a534

SHA512
1c0840f608e5155b4c79d1dad6ed63baf156bc8e4a34828c6a71e0f2afbd3dc184685ad11d6399775fa150aa2126e0abfb75bd848feabdd16ce1d648880d58ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7D0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar840.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit