981ef6b67b0d3a8215d180e45089648788ba02044c851e6a3077cf99e93ae029

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-11-2024 13:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85af0534b500910d858984e4dc6f5d3e_JaffaCakes118.html
Size

77KB
MD5

85af0534b500910d858984e4dc6f5d3e
SHA1

aceff6ab5029d71f66d96a2495a7f25511c49930
SHA256

981ef6b67b0d3a8215d180e45089648788ba02044c851e6a3077cf99e93ae029
SHA512

d4449423ab29dd192dca1bd26e31f1c2c95c222d927c829dca685dd912c2c3eb1295e3c69ccf88fe6626a44122e69129031b21d4ba0b0dc4e9bb8bbecf3a992e
SSDEEP

1536:zLtwFxc4GLvGT9gPVeUIcPyzj1CWUHtogvZn6I/HRhDpzSypKO3NZEd5ZU0/pxAO:HtIxc4GLvSgPVeUIcCQHqAn6I/HRhDpG

Score

10^/10

google discovery phishing

Malware Config

Signatures

Detected google phishing page
phishing google
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

9 sites.google.com
31 sites.google.com
38 sites.google.com
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

IEXPLORE.EXE

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE

flow	ioc
9	sites.google.com
31	sites.google.com
38	sites.google.com

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436716115"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB4FB921-991E-11EF-9E32-4A174794FC88} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1404 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1404 iexplore.exe
1404 iexplore.exe
748 IEXPLORE.EXE
748 IEXPLORE.EXE
748 IEXPLORE.EXE
748 IEXPLORE.EXE

pid	process
1404	iexplore.exe

pid	process
1404	iexplore.exe
1404	iexplore.exe
748	IEXPLORE.EXE
748	IEXPLORE.EXE
748	IEXPLORE.EXE
748	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1404 wrote to memory of 748	1404	iexplore.exe	IEXPLORE.EXE
PID 1404 wrote to memory of 748	1404	iexplore.exe	IEXPLORE.EXE
PID 1404 wrote to memory of 748	1404	iexplore.exe	IEXPLORE.EXE
PID 1404 wrote to memory of 748	1404	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\85af0534b500910d858984e4dc6f5d3e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1404 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
869a2b7221c89e60c1c0d331eb613b5d

SHA1
ae586db98bc8d9ffaad649caebc18f8164f92db4

SHA256
893e0bc766544fe40325ca635309ee62de819291d6f78459a5887bf60e9fb26f

SHA512
245b1b6669f690301a67ed61371dc26d9907e89eb3d90dc45502011ab19822c3a271f32b1e5dc41ed7f58b261ff4b4012120daf264ee72c647cadcfb18d99ea0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
6f315d19875e6161218584a75cc708f3

SHA1
f4be79ba62712264fed7a258227dc62b41097993

SHA256
ebe7b1ba84ff85a835e76f74207c37f3e8f77b46b0f973beb540bd1c83f0a700

SHA512
599c89c6018eb7e1b2718134840e41d3bf5f9bba6dedda834cabd72d94ba18ce7ec6fcd2a3403bb49650b664048fd487fa9ce770203b95bb979dea75050dd67b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
452d635095a1510874c86d35845a2ccd

SHA1
423a23c5c86a10365994135751f75b3dff81c2c5

SHA256
ac4a0e4cfe08b3128aa1c66d1064ff1d5849b72456484e670b362359f7c86a15

SHA512
6df0c234c8a5e372bd0989df9ce8af568f0e1ca812855e3e65e7dc87adf7987464d13faa9fbfd4f185de389c9793124d8c1226e56eda3989e337431caf05e018

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e07eab87aa35a9e82f28895766bbfe46

SHA1
0646cd50ee1b42ce7cd84dd233af5d493dffa906

SHA256
54f56755b2df70ef06b5df1f3cb17c92a730cf151c5be578a127f640fe866fc3

SHA512
9e06a169da1a20d1aa740786eb82eadb6f26c6aab81e9b350834f3a0ecf03f25ab09270789eae1902ebc474605f3706a31f8dbeae335d51e2ac281d70af0018a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05a8c8002033a7aaed1e8405b31b88a7

SHA1
66a9ec913485bfb8daf14ccc66655e1377082e2e

SHA256
9ba31c94fb1dd9ca8f4a92a8868cb7e0994bcc5b556384fff00c049247d9618e

SHA512
49a3e9fe32ee0a17b385a3f8fc9ff992f8fe827f31c954c7a418d3021648c11ebd330e3d4b33aaefec6b00b3aa1b16f22dfc24d1b517f0c5049fd656f6f9156d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08d6cf8e9c53f1084bd357ab799fa8b0

SHA1
aa5499fd82486d82b46857abd2de45c519d0f166

SHA256
9e8f71d57f666c37e3b7eb53d4ab955f3ad6ad35ff6732a07ee3ca273ad27575

SHA512
c2b7dd41a3b1023e3beabd456ad28a2526c1efcd29cc9a79ba38630a27ee05999f76b08e7ceb20c2ce7444a52c8c356203f3f1affd6fe62d23509baef5ce1356

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78421cf6e36ce76238cd68f9987b5bf0

SHA1
92c90ff0c636ce40f9912096d5218f6932c2782c

SHA256
ec9961d9e8bba210e054f489d3b6bf2b517d88acb22d154e081c257328b493fc

SHA512
7bae9c9fcc4e49142171987980dda7cca06a3e23609194fa5107aa507ffec52b92778941deded402e2a2a9ca827fdf59b99227a6ee2dbfb86f10ce00e6451c55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efbde50b2efd9b0b9ada61b1e6b045db

SHA1
a478165c54cd0185dddab7d189da409eef51ee14

SHA256
236ba6ad7c2ee2a9178df991ec7d685009d617441d35239f2ddbc40c3976127b

SHA512
827c0658aec3af474839e6580458477973e34495d0915f7a52e99940d6d2947673904630903c3363c82c5bc42ec5f03c9f85f26283401896b7135a31eb7a9d45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03ece7111fa0f0e4012abdcb03554316

SHA1
97072e8b9b20f015a3a360bdb5d7ace8e9dbd43a

SHA256
a9e14c1335fb626f7e571bae545dec8c4bcde071429a8459bd39e3e8bfe6d43c

SHA512
48135fc9f461a29fcd26f788614f36d0c8637f0266591ca7ec5c36ebfe56a3aa0475089403a52be82483394907515825cc6f19b1d63ecdbdfb6156dc4c27f8e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b31b926886392195b86343fd4bcc6a1

SHA1
a6c3a2eb1b7b8763a6cb2311996e963aaa019f34

SHA256
e32472e324a370dbac0ff76b2e5c282298df88fb79c69744b448cded169db1c3

SHA512
c548f4b88dde6cc8032d22de707d3170f3fc6469d5161e4bdaf2b8be9dd029b1d99caa1450cf94f8830f8def2977b8e7e7dfe90b93a3d0b019af77da7fb11e1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c95530bcd6cb02ef28f6ef312090e1d

SHA1
2e455392e5972b4027214fca26843b8721718355

SHA256
c84c2f75b551167ff320cb08b59e68b672ad55659f5d9936d015211fc41a8932

SHA512
26e7a80662130c9c204de4cad34b2322a1fcfda22ac9d86335a35addd7467e895f41b7bcd4cdb567832b3ccebcba8ffd276e36fe6196aa148579f6657daf0bc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db78b2e4fb774c6c89a7856b529a3522

SHA1
16777a8b8a9325d03af1ce1dccfa7f634276ffc0

SHA256
c6ea8bbf7f73ee8fe1fbba4f4219a6f17041961384a7d276f72d9eccc57d9b00

SHA512
754dd8ff7780a74ad9014fc1c6de48d8f5f2a62d8e4e37ade9b42dc0132a490d67975b27c20cfe9780f494791f4ccb22a835404c1486cc0dfabbaf896cb24778

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1565a8f7c83af7c54c49ca17eab70252

SHA1
894e0fcf1f6888cf41c2f92dbfed427d6b7a8984

SHA256
b8d082c5b6dd17d45bcfd5d3813c18a9656302c9ae4f09ef0d38dea4a40b13bc

SHA512
10547ccb51769e5c25b19591862cc6d9f5bbfee02404e003735737acc04c47686829ecfb213786f287397e38a4d6a13fb1fd6f0c431492923ea0a8f10565b3e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
cb6fef5cea2d3d19208cad8a88999b7b

SHA1
cd1574d671785d597e6386f2893795e3e1f03abb

SHA256
6ea5a1df353085b24557089872321cd381ef00fe86a0e4f35f6d1fa6306920b7

SHA512
c8f59cbce115c4eb2221a63c17e169e39b9e01ba4db17a93c49b9c4b891d09ef002e24fcedc32c75a720f900c71bd3cbd6d6d8cf9ce8f58bdf318b2ab6ddecc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
3802a96627c9274cfdc9facf9a91531a

SHA1
c47821d8e6c79b0d33bb3cd4ae1085a4455a5d25

SHA256
ff1d0dd522fefa8ad06b0b2d25bd53b13c16d01be0864217b521a39a157d7b4e

SHA512
8b049768235f7d356daa0305a6a4f9f337e1783327d6d87637a0e3d570577721ea875cda7acd29666c0097dcef9e8aab18ea584630770a3b3a9dc26cef68bb90

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEA9F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF9AF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit