bcc203bd3d70e4200d098b93505a0eb5f57c3e51d2e0114c046d2bc862413025

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 05:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4f5a462777e30cfa4515cb16a63390f_JaffaCakes118.html
Size

57KB
MD5

b4f5a462777e30cfa4515cb16a63390f
SHA1

16a4aa2fef29b4ffbd9d93822d5f708234f9e3d5
SHA256

bcc203bd3d70e4200d098b93505a0eb5f57c3e51d2e0114c046d2bc862413025
SHA512

cf897a02788567e1de1b8c557808db4ef544a8eff51fdf247df04ab672b089ccb9e905955e46a6678904f401c876b35c8cd3fbf973406fc78b79b7f5c58a5487
SSDEEP

1536:ijEQvK8OPHdsA1o2vgyHJv0owbd6zKD6CDK2RVro7ewpDK2RVy:ijnOPHdsR2vgyHJutDK2RVro7ewpDK2m

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E53BB631-AEDA-11EF-BE3F-EA7747D117E6} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439105933"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1728	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1728	iexplore.exe
1728	iexplore.exe
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE
2956	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2956	1728	iexplore.exe	30
PID 1728 wrote to memory of 2956	1728	iexplore.exe	30
PID 1728 wrote to memory of 2956	1728	iexplore.exe	30
PID 1728 wrote to memory of 2956	1728	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b4f5a462777e30cfa4515cb16a63390f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
07e1930457c6ab3eb17bcf07c7477f92

SHA1
90d2a1840e23a1f3dc9052e80b5125752f336b30

SHA256
a6e55d97fc060dc40e12f2f1396cf99aae837df38ebfa490ab40a359564d07ca

SHA512
848ed38469a8b7eb431e9505257b80669009f2e0ecc2b1f1791c3826b458719256055a15d228f358de4a398aab2c03e0c71a13b9f277c0ef416a535288d803e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
626af6773b207f0a7e0bf3331f3dc64b

SHA1
020090c5f75d5ce6d7f9b52d41a0d7d85898dc20

SHA256
7c204e8a1a3ebddd37a9d56c47f12158bdb0017f0b506bac78592ad3e148d4ed

SHA512
eddc18bf55c2a268464af7bfd201f0a7c233503745fbcfbf7109864831426eb21b1cfb586d998d672d1a23cd3eb3ced6e31dc62c615c1dce2d16954a80a403cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b96eaba1028182b69c8d3354fd597a7

SHA1
b8c90363ee9f772136300741bc233d8f7270a5a3

SHA256
554e8d6e1d59bbe86afdbe2540c740e869a99f16ca606d59461dc57ba2fde29e

SHA512
fc5d790bf62a5717c4c6a5fe7741c7f0ec319578ce0fbe09b25aae032a33644c8b4c3e14b1ca33679c3cbba6873f3f15a95daef558a346433776563bd08ddceb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9542f9fd457bb89d57caec2a727e181

SHA1
5607bd3331c53096e495f33a44604fc75d579544

SHA256
fa4c8b2a9fe21360f17bbae1f38c649a7bc6c611dae8cdfe3830ebb37fe2685a

SHA512
685b0e492af34421fcca755220e301fde2caeec99c6737d77091f40da1a95eb1fa711f0ca5b898e29704a0f19d7dab69dea559e1d586457bad12be325830cc16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68d53e0c2960c71d86d93ce1073304bf

SHA1
6b5b5eefafd164af97be92dc11be5ab59aebbd6b

SHA256
ca4196ef1ec80b6a1cf19df1ec9a822031daffae4c206c75d9ce4ef5001cb5f7

SHA512
4facd348ad3eadfbb6930538be1cf092b4c32eac57b080f07cc58693b5e98a38516020372f6614fca3d895af3ff5902de7b59932b5fa5ed022f7b12952bd97f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94d73ef071307df02975b5a60b7b25b1

SHA1
0825ae120e69de88c89dfbe8c6542babde1abc98

SHA256
6b1125c3bda3ad7676f4de814caab067a91f06e8710ed96ffe14c98c8903dbea

SHA512
3b423a050e6b00376515a9594727a2b0cc7e8da5fc721434fc2ed6272db05f86fa9fa6a43f05cba8366448b4900639c46a0f43a0f0fd11ac58d885f48ee55240

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27e4213ddc5906aff1d8c60e52f50710

SHA1
b4a50dd1ae1024c6897da0cd3c6e75962b1010d1

SHA256
2ce480a239a2698a1a345d42230f13bb80ef25bdf304540d2cb5e31099252551

SHA512
b25b83d850d9383a827b000c0f74b2fac637935ef35b2f500a82ba02543598dbc5e8e6e0a3f6298360373b858354a6c2ce854c0a937f6eb1a9d915ae9b167340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5031c81f43d59cad6bac9332908e4f81

SHA1
7efd2146309f0dfd4291945d2c537acc31e7dcd8

SHA256
809417617d24658d21fe3a87a6e3a1f58d3bbefc4beebfbaa4899fb04dba1be2

SHA512
e49b1e85e6ec25750ad47222c08a572a975f06ab87e11abf44b82128c38479fbfc743b4f0d66a6c7e9e67b8e0a85c2ba7b5bae46c010667824a3dba762c1ef31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed41a71c552fb819564536079c65e57f

SHA1
913b986cf69d46832370a337ac86e28f585393d0

SHA256
aa68564b892ddb4ea35161622ed27dc126b7d907a69cbab697f113622cc3262b

SHA512
ca15ef5cbebbbb69095fdc695eb3a2b0d0b3617efb350bb9f2d6b44260267f8c4c1249f59b74dc7ecfc98bc571d7476a763eea908072eaacbfbdca69179795c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
785b5630e08759fbde92ccef5c825bc3

SHA1
b36aea1890a9b62d2b7b99f818e2eb41f54b85eb

SHA256
dd709644f305967461176ddaa8755613cc5a11147847eb8438c0b3eaaf33e714

SHA512
8278a62f41dddb8ce5f2e74d8dd95825b77dc23e0355a22a41820c9a2fcd16db4f7a7d783f61e5a4bc5ed4028440bf57f8814dc9980c586e997b85aa58d5516e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55b41215b15c6cdec7a53ed82015cdaf

SHA1
a3f4fc90a8c0beb63d4cf7caf33c505271267edb

SHA256
83234f057a2ae87eea9b4fef751857a5c99b9fb92fb635ae7566791fdbd358ff

SHA512
997509ec98ca82e8e3865755205eac6d2e79c62444f23742e55b4e8f790ba21f310dd1014fed15d553778164528d546295af3ee892500c97b6468b996b77b5ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d9acd81e77108f638df6d8340e3e587

SHA1
7d5cabe5cd2f157bf4358c549454c9e5d8a16e69

SHA256
6956327bd8b46ace47aef690eae8017c338826c001abeb49fc4f6cd4a05f0602

SHA512
915cada10ab94ec0a0d20a611707238f146a0e5b4c03d3f5698105a49c52b611c8efd7ab9e784800a6471e9dbe01cc5eabb266ad078a396ace676d7e3c3df10c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff0f6742d4d050003f13bf990a323ba6

SHA1
fe8b33a3989a117cdac631245b2eff4743cdd392

SHA256
108101244e1353c38487a6429c7a7234dbec60c6bf5c80a878a4074757a1acc6

SHA512
325dee4b0f29fb0fa7ebb9d141e8f55b632bdf76be1a433b5f8624ed58e1f47d2dec17eca98966fd588d0d82bff5522f0a30d70e26eacdd9ac9b877139f0f127

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b31304d257cdbc92cd8ade97739fbc36

SHA1
5200b501a3a4efcac4af8da9210b3e6efa580f79

SHA256
de26dfb1d6de5e2a47a93489c672eb9b3ea1df2a1fa0b074de94f498696105c7

SHA512
6c059ee2f9f5d6ae7a1a4e8f148735d57bcef38601668f298e8e05ef386a930c6c6dd0ed0ad98a5026c5818bad069ac3fe3ed77a7c625096b643fb7deab44cb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
db20d9cb360815490e35987ffff2d108

SHA1
3eadb1a01af1803a9c004ddf452bd0f39aaae28a

SHA256
c96d2c99cfff57fe68cbc50de3feae84d9aaf55674d0f55957281fabca8581ea

SHA512
97bef35f853dd93d55bb24a78de086645de8320c7faef120d0a0dafa3a14d45f2fe8764f83930dd559204fa4a526c02fc0a9b231141e338f4378c5981b9149a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K3VL8XEP\f[1].txt

Filesize
40KB

MD5
bd11aa218cd33d50102506b0633107f2

SHA1
0ba6fae9a2464cb8d057ab2f28052bcb2d651595

SHA256
ebd748eed7f77fc7a05a2fa8666d5f07a10c562468300c73382723f87959082e

SHA512
112d5ec3216e91cbbc7fcccc0088e8d202f918b7b3878828320d7db6618cb2648dc3054fbf12b61f77a13ac3e431cb86b0d71340d5f261d9e5e6378f13443e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4B16.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4B19.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit