0b0ed0affc4c12405b10c19c5a8f3c5b06d8d31e475d511329b76fad9a9813e2

Analysis

max time kernel
142s
max time network
143s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 11:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

573b874f3ca743a76ae5bfd53b67acf6_JaffaCakes118.html
Size

141KB
MD5

573b874f3ca743a76ae5bfd53b67acf6
SHA1

c727945ef174c32f3e7e06082791fede5f98cd05
SHA256

0b0ed0affc4c12405b10c19c5a8f3c5b06d8d31e475d511329b76fad9a9813e2
SHA512

ee2e7a2a1c4b13c2fd7e164550047b627b4c7f6be1c8f1d8f2b0e435e276b4476bde57a686c6870a0995bffc81d3b4c56712e870e293a7f7ab67b7b194b18280
SSDEEP

1536:S1jTj+Wjhx76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:SMWtx7dyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435413343"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{64B41CC1-8D45-11EF-95F7-72BC2935A1B8} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1664	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1664	iexplore.exe
1664	iexplore.exe
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2336	1664	iexplore.exe	30
PID 1664 wrote to memory of 2336	1664	iexplore.exe	30
PID 1664 wrote to memory of 2336	1664	iexplore.exe	30
PID 1664 wrote to memory of 2336	1664	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\573b874f3ca743a76ae5bfd53b67acf6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00878fcba064ecb17b13c4c2d7a5d2ff

SHA1
9894c0fd1b57b37786f64e3fb9ad51b03890ca33

SHA256
2426a6ce4b54db6599a2d64ee70fb77e0d482f6daef47328d7eebb73bf61f1af

SHA512
a25a0c5ea455c4afc5d683341088c2e957298bd95df4e41c9add8195f0ec23c90fe12c5eae7590bb1268a8d685e2ba51906d1b759e15653535d0782ae509720d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c72d5623429513be498a8a66f31dcdf7

SHA1
53e0a116003fec4566b88b0d01a79c5d1f8c02e9

SHA256
1bfe3cf43ac7cdb344f1d5a29d756d2c9da768ea616953e130ee859865728a8f

SHA512
8ecf4e36cbe08f8bfc62160e03de047bfb28b992a5cbce16589c21c3c8409cd41bb78b06a4361b2deee192193af5539c166de2b8c53b037ea46b9edad4e2eb41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47ed8989e39f3402d78c4e50348e65c7

SHA1
8a5acebe0f757912875c5ff48827a27bac73fea6

SHA256
41111c371085ca412b17a33b7cc6349e535381ece061fcb22f8f36ef2c55f15f

SHA512
ec5d6c7a704c3b6ac7a8b220e998d49d45c28a7cf73e2347e494ccea2e2e43cd5544ed6649b32e4c921b85bc153ac77d81ba28706edf9f23010270e2de74eec0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a214e07ab10e3f7698aa5ec28438d100

SHA1
143fff743da6e129a0c240eb34c412e814c3352f

SHA256
5fbc8a49d194b6f175957930fc190e4d67b5f122805ee4390ec9e8db28471e3c

SHA512
667de8d597f21f93f7de0a5ac3c9901ba293d91b6aefdcd953b703ef1d88d87f546f374c49dd9d22313a76d58e706c183c4623a3bc8130a3892ee1d5d8c6acdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b5259e1ac20d17252c090973a452e1d

SHA1
5c15282e58daa5568d652cb7a2b657699f5d9765

SHA256
6c975e7aa6c466f406b6b34d558170340e916d36b2b51566d97177db80701b9c

SHA512
ea52bb49b12a232a104e38e6eb500d9534919557a996dad17d0efb706f8162cdc0d0d3edbacbaddecb496346cb968e1879b456b1a643901e07f9cbfa0b13d974

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0230a6cdafeb1b41cbb90a0f2fc3bc2b

SHA1
287084a6db7624d90fac6c679a71af2004b01c3e

SHA256
90c0813f4124054f493d1d9deb46e37e1fafac43379c93ba5f3a4cf0de9789ae

SHA512
93121ee69c20033f0e49617f2410b6bf2bb1b491e35a4638589eef50ced43e726ceecfcb0d18a37d66893f951c23331ec363c2d1e01cc417456150500b582871

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fad174ced05e5b2cf186e6bfe1e9948

SHA1
a8147adbe4c6817ed8ca923a1f72e165fe1f1380

SHA256
ed76adbdd1c525641260241d545d0df755ab515c65d80573e7171fce61b04418

SHA512
9553429fb6a0cf39d980eae73da11893c416efa1ddc77de472ac8d998aef57fafd33c823349a9759f2bfb036f240c60501a8967c2ee4f2f2e69bff43d9c18a6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
041d79d27613944fbd1df5833d87dc09

SHA1
448aeb2a1fe1dd757f3e05b6e28d84aa6d688abc

SHA256
be109296b0c3e06101900ae48c82931afe2163b7bae6823d9da8c8d806c4c9a1

SHA512
93d80e4d6baab2f904695fb74860ef2ca1d96e6a4c76bd9012305b5d2998e5388c87b4ef092438a9cf3416f5a4764c8c58be05b1f9f5ea518332298daf171ff6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fd7bebaa442822fe9c1c1c8f02445de

SHA1
b4202c102d00fd268bb827f71759b8b4332e5b2c

SHA256
0dbec28fb883c62c06d72f3ebc00c3c9e9036e3326165cd692b9e151125fc320

SHA512
958d2f30b2bd545626082c77b113045266cf526d430717317560c871e8056ec6f9f4a4be7f297860f81b02c2a8d7a70db7d3df0ed76ed1266f55ac72abbeae1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e964503eb4cb1762e4557b4a1c2334e5

SHA1
6c4cd7ba1d83c774899c35a44fd58b68449f52cd

SHA256
8de231a96f03c73a87658a189b67fa859c23daf6683649c7ee8b806ae7c8a560

SHA512
880a8e3ea8ab65d58ecb1882e3ceab9853a9421b97a9ab598af36af8c359e76ffd42852ba5e35fb5e31895f67d4b742ffa1f1f030f21c3bebae3fc4f46970823

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9abcc318c1d73f0a640b1cc1bf0e657c

SHA1
5d0f6297c31e9d1996104d5cc8d5ddb3d021086e

SHA256
1e235577429a37cb752bb724b3d60206590a1650d8eed320e6c59a1848be8f4a

SHA512
19bb09d308f8b09c6e0e64348725e3b42d30d8a3ee47c47c2f7c0c875f01dd629f6942ba0c3d1ef5d2b9c464eec3873213c1f5034d6c44242d7afaa0957b59d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bb92683cbc4b8b4db2c4f584e0e220d

SHA1
678df691a5462554fa5a81f5274e91d9ec97bf37

SHA256
1294a6d66e4c1a9b9319d4f86c3ba4c8be9280c0d5902fed07093417643d8129

SHA512
83b7d48c6542cc03a6f195978d60fb7bb71fa4a35eee1431afe4a941b0c77fa6f665df094ac626d8b957407dc1086de98ecf779b7a550db16b07d148cc4ecd9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4295bc7bb9f22290690ae06f84bcee56

SHA1
b755b16a06400d593b3264d017d485c3d87af31a

SHA256
f1cbd964c1f2afb35686881b003c7e2059dd4668bfcc623b6283b61bef9089ac

SHA512
ce5b5eb932e33e28a0a9d23502644c4ef4b998f033d94787d70adde91a812996895b52b606539e16335060c90925752ab8b2153abd7ec193f307f841fb677938

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a14b4018ab5cc4b8a3bb245ea930f8f6

SHA1
960bc4558088c484c845cb703e9d09193343e741

SHA256
6b7bb40a7017113799fb597c2659b54186a199a30b74f3b662d4a4e7bfdb91f3

SHA512
61cf00dbfd2fe4793097de72633d2f29a0920c307f375c2d8bc3d840a3ced71871dde7b96ecfca7d4f638009a1b9e83aa5256ffa076b624dfb21f5827f209b63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ff4c70515ad9ed0ec622010ef4c67ca

SHA1
896fdde7058ebf609d84bbcbd12c72ce3f023462

SHA256
45f62134f791bd1c3d540a19aa01d825106d3d1b3e0a47348a1e608efc9ef2bc

SHA512
5ff267a7ac5cc94d7bbc381919759257ca0259bafe0535942973bb0a60fb1d0c8438e8353ccb8e700e4ab89ef24ea062558e709b2eb847ccfbdbf9dcc3df3964

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2f6ea84a4222c7a9a1837424c222052

SHA1
6fb20d16dfe6ddeba45ba1a11dcdc6c73a48ec6f

SHA256
adfbf002f98c776b34a33db9f4f3a5aef057a620f44be0e8a4991ef461a76b6a

SHA512
79322c7f67a9f5a45aad40299981c7252aa2e4e34598c42aed5f66d66770c8001c44c4009da77926df6ba4290a0abd18902d2b4b816a858b5264e77adcd864c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8551ce012d030bf7a47c000e0d3d3c6b

SHA1
9363e1b84c8a0ea04a5e7cfbb2f55db39011564e

SHA256
a98b62fa6a7e31d3b4ae1294195a5732cb3fa6def2dfc62ae3ff28a579ceada6

SHA512
ca96dbe654f7d01d8a27680b616d3ef78627bd99d212b8ce5a1553dffa2c9f42a5397ab4968d52c41ce785a09ca8b88246106c52794f6b8acd448ab2f057adf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bbd04382963a496f2a33eb8f7209e48

SHA1
bc7f8cf5749af42357eb76c541894bdb7e097f88

SHA256
20f2704e355dab065779f450bd5c99d415f61b586ca9b47bd6c21ccbbe84ad45

SHA512
fc2d67b6777656cea39dedb65c37d5b5b903789e2b05ff379adc54e9937cd70128b021f048c08733c1cc02ede78af782c5ab37f538181a2fac259c931c580961

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b7a04a037e71e1a7b6ae2633b0846e0

SHA1
02db920c2a14011546a40c094cd8c10d4dd54d58

SHA256
1dd84934bfb096254397293be9b88d47f5131d4f98414342a3a3b27d114a4e31

SHA512
4e0f0b1e9be1e1264e48abbe56a49fd28bdc0523f518895eb4243ca9b8dbb7b15ebf91b4654a5cb871f85696e233197716ee0490d07f5657d6de485dcbbd92dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB4AF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB956.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit