bb071af1cbd86c30d4617a7e634ec2a7c89773492b2058942dc999877632da7e

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4ed52a4c50f244eb1ab4e546546befe_JaffaCakes118.html
Size

57KB
MD5

b4ed52a4c50f244eb1ab4e546546befe
SHA1

0198f64fb85a99f823aed5c0a94f399a765fac10
SHA256

bb071af1cbd86c30d4617a7e634ec2a7c89773492b2058942dc999877632da7e
SHA512

6128481c520fa61433ab1f3fa0b516b3f1ea8f53979fe4b6dda7d81aa7600e535a55f679da2bc181c225e759ad3fa7aeb9a982ff6f2a3fcc2c487f65879ff1a9
SSDEEP

1536:ijEQvK8OPHdsA1o2vgyHJv0owbd6zKD6CDK2RVroBQwpDK2RVy:ijnOPHdsR2vgyHJutDK2RVroBQwpDK2m

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6DAEC811-AED9-11EF-B120-F245C6AC432F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439105303"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2164	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2164	iexplore.exe
2164	iexplore.exe
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE
2740	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2740	2164	iexplore.exe	31
PID 2164 wrote to memory of 2740	2164	iexplore.exe	31
PID 2164 wrote to memory of 2740	2164	iexplore.exe	31
PID 2164 wrote to memory of 2740	2164	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b4ed52a4c50f244eb1ab4e546546befe_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2164 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
caf1a1f011d4cba3b8618de8eefb6793

SHA1
12c2676d6ed508c3e65e7bacf6d505b42cedd635

SHA256
bd31e3e7681d0fe3c5bbecf70edb0083902c85aa0bf38030750917279d8d48eb

SHA512
f319018458b6a301180ac5097e5a4d2f3a2a287b372432394e364fa661ad4e753ad230445b13690cba7efec0912450c55ae4d9ea13b4f45c184d5b808a22c5c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1931cef3cd39e233dc1e20389a9a3b0e

SHA1
c65fa980364f7435aa6c2fb875d37a4e2859eba4

SHA256
5681db3c4dee98f74255a4897dfa37d9da673f1b68544deee9b142d3bd5418f0

SHA512
27b4e792f9b0ea47cfcbdc66d5b8cd718bb8c9fa9e700f085b893970e6a82d9de20a5063813318d2dc8b3fef61447f35e430c5073b456267dda13c4ff4934bc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
881c5ca2ac25ec47f68d85d617e39e30

SHA1
e587c285a320fc2930ae21705b41c49a1e3f1792

SHA256
84f038cf8b57c4b3f336a615948d59aa81a480982ef961c2a86c9a2d2772914a

SHA512
396e3520928d6e4a695a90b0d9fba22aa24af09509c1bc5fe874c32bd25cf0268b6882f21c5f759b06e81ae01558a75853dc1e5205dcc42b6fd4f3d13e3d5afa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36bbb528ecf51fa5d75a73057255f6c4

SHA1
65d13546243512587a5518829a954266efbda2c7

SHA256
d34ccda8eafabafcd789fe8391c87d5f478a7d3289668f2c5e03821e0eee3154

SHA512
e02ec4a86509d656c73b8a11cd63e05cf48009991458eebf4c53be77d1075676542f3234af1f9a03f462d378cda11a69a0a66a3f61ddc5053fe84d4eb0c8e3ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
727473359bce77a323345d53b6b9e728

SHA1
25e37673776769d7c3a2c6a005e32c1abee4c1d8

SHA256
fcdef381ba2635801b320130abb9b8ed06908fffa4203e331d1ca145eb193b8f

SHA512
1540f7e5e9150ad969161cc61a704b1fdaf0cb0775f7bcc2fd4335ce7dc83c0aed4c85cf7518bc4b1f2fc7ce304c6eb2ffab7d8390ac039249e477fc977ad9c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c07cd813ee5c824ebf065f8d76dfc4c0

SHA1
a710f670c8bcda9b5c8db229dbf7de1f5266b020

SHA256
5d6b9a3a521ad19d405be34a843ab79575736c5209d62c85b178826857d0d085

SHA512
67fa67bb306c810e9526261a6f348f2baccb83ef7733f3cb033f11bbcad06ae8ab1a3ca1099d03ba38ddbe8dae26f25976ce6ad8c7d3c19484bddaf563833ae6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64798c098caf2662ae4b67a83cc68411

SHA1
f2f954818ecdaab5cd777776e03074051c9b9571

SHA256
f3dc0dadcdf6e1d34deae57f73d991d19233b025a52548bdc84a53eba98ecc93

SHA512
35937089dc980089177a59cb8339ed273be86ba075fe8b6d1d04a3beef0ae86b8ca6378d78ca435f5b2720adaa6072ff231a33338d704cee40cbb0fe214def16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa9712a22a89f451dc14e35bfe5ce708

SHA1
0cab9e6fb623abb32a957a3c8fb94455e7716cae

SHA256
316afe84ff23b94f02b1a6542cfc7fe83523949e0abff56424e76638c8eadeee

SHA512
cb2b9daf096d521db9fe07d6d60e1c8a4573b3c35bc7d881de15004530817f8cfc13e2003f1d4e8a946e47c93db5a882b2aafe59a94f68263d22f2443b5d1fe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ede5219f335b450da4953a8d22bdc6d

SHA1
d0feaa64ad8c8725cc5d612c2f45f955d0800510

SHA256
e89fcc5f95442103cd1deed9e31c2659be4ca3e4cc2588cb17844c23d8c0465d

SHA512
700797bd580083070b9ad5786cb810983c50bd2688875e8e8e3192a8af2faa0a8403a0e73bc2cc14b7417fcbd329a0a0751b7f1845f6c019d890b89d4d0be721

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3156c2915d4acc665a81e6b0548885bf

SHA1
2b798316b0e909b523678323613537744031c512

SHA256
6dcae4ed1fc531f967a85c65cfa4e492f890a8b32713afda03a934e5593404fb

SHA512
9a3ecc728fda6bc75ee5caa11a675f123f43887beb5a54ec999d380be4a17625dd210d865a11d1fdf50bcfdf9f6e961a6b57b9ec2c8d6a9e94b3db84f3bcb3e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
236ec5bd3b1defa6b04ede39066a5691

SHA1
11da3193b86588c358329bca24e0c30a3a5cf9aa

SHA256
f276a43d2c76e871180f9a3dd2c3a23b5fd404bbe64ed7fde0d35cd6d1763d4a

SHA512
316ac8b10d9ec5272be69fcc0209cdffd3f291543a95f75ddde0813db9532cda43a5cd6ae5666065b5dda027b04b4a2a2e294fd68a9dc403b678b9f8fd0d02d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b9e6c80028db0ac41882137f74d2964

SHA1
526e0cad81ea033f5f68ae89c1a366b12dea12c3

SHA256
cb8829566274adf9f99727b0d88c4120890bb322b864cab59811068381bd22e4

SHA512
dd272b69f597ac3120b8045473a1c0e7214732b27e99c7e05f82bc88797182495e42cea652e750f12e261a0767be6ec15787b8b3b4bd5a8204d3449c60eb6619

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
be3481eda9a5ef40646a77aa52e8f3e0

SHA1
f05120c5f125715b73bcc98aa6b6b6936ebc59af

SHA256
4e36b961e69b4372d327a6386cfaf61cdd07422be50742337a85f2bfc4fe9a22

SHA512
eca91081130e58334f23e48f1b2f80e55fb56f3318c7ac78b887627e4606c2d4345f6c1e4373e3da2f1b8c2af42edf4efe6effc1b308a3134539db4a786bd9e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\f[1].txt

Filesize
40KB

MD5
bd11aa218cd33d50102506b0633107f2

SHA1
0ba6fae9a2464cb8d057ab2f28052bcb2d651595

SHA256
ebd748eed7f77fc7a05a2fa8666d5f07a10c562468300c73382723f87959082e

SHA512
112d5ec3216e91cbbc7fcccc0088e8d202f918b7b3878828320d7db6618cb2648dc3054fbf12b61f77a13ac3e431cb86b0d71340d5f261d9e5e6378f13443e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEE57.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEE69.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit