bb6c6329bfe8ae6beeeaf6d9c21e8f89547067718f6f1775c9bb4cf39aef1fa4

Analysis

max time kernel
145s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-11-2024 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4ed8b2779696e3730296c47ed40dd02_JaffaCakes118.html
Size

57KB
MD5

b4ed8b2779696e3730296c47ed40dd02
SHA1

b9238fb55a43b1ece445b73f7acd9565a441d8c6
SHA256

bb6c6329bfe8ae6beeeaf6d9c21e8f89547067718f6f1775c9bb4cf39aef1fa4
SHA512

9ee0287e13b6f509ab55bd5ce3de04c0fe1d485e63292b855e41c7e24f0e48a1fc5301c969ce7610e75e9aa86c19aca81883f426128b6180611a939ed7079dc6
SSDEEP

1536:ijEQvK8OPHdFAeo2vgyHJv0owbd6zKD6CDK2RVroFpwpDK2RVy:ijnOPHdFa2vgyHJutDK2RVroFpwpDK2m

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "439105340"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{83C4B651-AED9-11EF-98BD-527E38F5B48B} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2216	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2216	iexplore.exe
2216	iexplore.exe
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2680	2216	iexplore.exe	30
PID 2216 wrote to memory of 2680	2216	iexplore.exe	30
PID 2216 wrote to memory of 2680	2216	iexplore.exe	30
PID 2216 wrote to memory of 2680	2216	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b4ed8b2779696e3730296c47ed40dd02_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
5497e53b8b6b86346c076577854377d5

SHA1
b9e05933e51253bd27952149100a3ff9d7fed996

SHA256
466099bd5f9b24638988ee9abd337f34be188c5d791d951661c79c1c43adf27c

SHA512
96b5442bd1e76ba756bfeefea8092e3191a9bfbc9ebe72e131b46a01c0e1b844e29a18cbbb49444cf1b18d8757a619415fb1b5963bda0253fba145346c9dd42e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e67cdba7fed18307b8dcd55b554bb804

SHA1
0c8316bcabd11b72a7e0a11aa7e25697765e21d4

SHA256
88217c5b227a87847a9f24b058e82c0e8cd5e2c1b5df0deb93fdccd4b6403153

SHA512
37a0c1a04331fd86c915e6398abb057d10079f5085d1d060974056cc5004698fd2d8772bd2c2616a315ca24ddfc8ceb28e68b5c4da9e9feecfaa922d0004ddb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce4cfe78252960c9437e0015d3481572

SHA1
ca95e1633dc1dc2ed769bec822ac05361c0f0eb6

SHA256
8617df4a9b6482b91da2e3039ad049d4ba63a15373d0019f0b76b6141051c9e2

SHA512
205706862d9189d8c9f77df3fb858ccdef1e9da7b1e87cce2cb6e56def8b342d2abb8fa9abdf0406f21d688b62b89164623d4dcefcb8a6a76681b2350f5f2ebf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c6f08c44f234f56312528dd3df7e436

SHA1
b91195c459eddc7dfe5947846a852b6ef51de734

SHA256
fc9940f2af385ca931873beed7693e2877bf211be426b804e9caddcef823e0cb

SHA512
cb3401cb68d437ad9dbf528101fe7e2cc5302a01c98980b3af4f3c71c487be55f02bdadb35360905289bda90ac37540c5d3b23d2bef45ee5f09ad32fe7e10fe3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f3b40f5c0722bfc32824699f77d9405

SHA1
a527a9cf91b136949b389903ecd391bf5e63b516

SHA256
b37d17c850d6adaa1c1854420b97a639140268065404e555b03346f3e26dc43b

SHA512
c9e0ca88c46fa7b4210f485165111035d2cc4cb3487f8779912021e841c2ee87bbc8a2e5047c4a2dcb136a8b167ad94d4cf138250cf3235f4de4547461e98874

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65e1c90c40156b0397f39ca6f74c8b2d

SHA1
4464ec574c846cdfd77e2d52eca9bd6b67998e6a

SHA256
944fa533c38d8a6e710cebeb017c41d270aecdd3fb4e054ea3661fa62baa9ec3

SHA512
df02360be91833bdeeb75ecb2aba63d441023927f57b770eb49191c562577e5d8634559385637e1b9fff327925fc65e53ca53dd9139edfeaacf59ce34ef73c4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99e1d8385b56c7a4d8e12e72b35357dd

SHA1
b63345e65843813ba2df632738a4479c7015f78f

SHA256
e2c661f16efed2b255cca84ca5d59c6d1e4ff26aeb574c0babb175ece7082a38

SHA512
36dcc883d5bbceac75ddfc477ba107e4689a73dea5ecbfb8cd2a5f622830a19777e364818d1bcccd8a65e00ed5523e4f833e22f048e0766ba1b2f980cb3c741e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6996e6da85ff3ddf85af56b7f775dd0d

SHA1
ac19c709a28f0b4c239cf7552f0409d8fbe88f48

SHA256
59c335d810af7938bc31a3f7071bfcd5cf81806cf86a30f5e54d49ccaea64e8f

SHA512
775a47c5a11f584657b1760164435b7917a0982d5238a31f1d32701758211ee30e8c8565840ad34d847eb234f798d2fb4ab6e9ab9fbe352468049213a033313f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d11a82d6b8aa56744aaa4f0c3c954b3b

SHA1
2887d55152b0abd8f569deebb2e60551691bd655

SHA256
2457e052a7ca00816cc590a953132593bdd4fd5b5c9406dcb5276a48c9551925

SHA512
054331559f0a5dc64ededac031328f60dbb570f20ae4c089883a17f8f9b75c2bf082a65db14dcbbacb640b0a831016023867bc0dad9f91abc2ab84cbba58f537

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06a02e1aa3fc4bd6ac97236f0cc11d40

SHA1
f8b7cb9a7ada13d0d1317aa48d623bca87dd9ab9

SHA256
03a01f64bfe20d244f86362623b6378968f44fe0d58d53c22d513d4f88fe536f

SHA512
6f48ebf78689a2d74d8503ddf4721cd869c92504156c0b819d8d8f976db538aa054e0da9133ffdcbc60f954ce3517cfaacb929ac0f3960e0cb30453fbb1ca80b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc97bbae8aa37dc8cef62358982084a6

SHA1
73c9fdf489aba283877fa62d1bfd66b4add16f03

SHA256
8e2081881cdfdf4924b62239ab90f5a241007a8b6fd29a5bf5534de15afbf808

SHA512
a87f5412926fb736313cfb0dd89a54ebac1128a55ed5d42dfe692a7fa8222d420cbba271751663d22b6579ebce9ba6d1c09ab00b41509aa2a5b536d44f28fdf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e00e995210743976a023353cc7367ea

SHA1
a30138c116439a354fc42006a08a8585fa8650fa

SHA256
a49d5015e68b0c3ef753d7c268f3f8d5c88056deb8f12bcdf20eb12867561f5a

SHA512
ce0034fbb12853d644d07c9db5c16c22259e6500ee3c6517b7b2efffddcb86ca36125c6cd01ae81a83c768b570cfe8d499ee6742a759b6154f01fd1a27ce5201

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a848fc8adf3c7e4713cf7aee36742102

SHA1
d161732db38242e07c811ff5877f5808844d53c5

SHA256
7d8911a5b535a7131430e76dcdee5c7ca9bef1a47ed9b98cf5ea884fff1aa8be

SHA512
acfdd934521304a1e4c159c3dd27a4af66c2a41f22fcc988f0f36741e7b2eb203a4faedb68ee970d893af2898a94beadb100727ef75eededf56366adbf0e7ff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24bb58187d2e6e45dc0268426e49c439

SHA1
24be7649c9d09c5c85059c4b40d5dff1456ad4f8

SHA256
2a2dbec47882210e74ebe0613d8294f0ac8ed9adedc03e6d86d9e3fff933b1bd

SHA512
22782b2c6089d27c72020fa22904bdf284b4eae6fe482f5d753a19280463e34d29376c9391e8c403440548f37c762d3c4c216d504ab6edd9dfb248bb51470897

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3707b9c48ffe5a0a38271959a8099cb

SHA1
d655ef138296b3be58147a541dc66d4bf294f744

SHA256
ba80440dd747e053aaac1d521928dab66dedba50014f5a68eb04fb49fbba410d

SHA512
17e8aad462ed54e412e13646d555395d49fee437d09813ea3c2f3f04b64ed8c6f19b36ad7fa6315377018fb9586ee85d3613332154b6730b6f5afb2acb5f01a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45f816d2381a33ed88764d8fb801b4fb

SHA1
67c58d7268f22b5dd1ba7aa6209bd761dc21783d

SHA256
8e2fac87546831df17bba4ca9184ffa8a6b3f7feba91e0cb36d3771943e7b24e

SHA512
636d4faec40e3766eeabbd930d5579099c3b3a6145e507ba78a72b8a18022022ea0335d27a7f9dad70bd84b8c57fadc50df0d35b5196dc8b1297ab8f3e8e8382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c373b2ce64da2a7378faec156931ae65

SHA1
c7d123e19fae6a2f47a8b58a3c5caa5ccc908c59

SHA256
cb4b547d89023ac9bb9368510ea1accd7edaa679956f28a321fb0e46249f1c38

SHA512
84f218c17c8066d66be90e943dd3e3817c9867fd90741a2514210824339d8d0f5376efad5af8f6ae64d00999fc81d7a1309d8f72578eef463f646015a66eb75f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
7031be52a1fb60edf11ea1f7bf0b5f1c

SHA1
78c9ed592a21e8ab87704009cdb5ba22e2cfa467

SHA256
0852eaaf9e020acfccf1d807124463e00e52e3bef54f8419869c3835bc78b3d8

SHA512
2963d3b30c90db42e2b3eaf13e69a8e90bfc9c6f80f3e870c6b0d76852eabc6ee053be22d320dd320bcf1950d0a2f1d6eae9f86f9d81c5db5d01bae83d0cacde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\f[1].txt

Filesize
40KB

MD5
bd11aa218cd33d50102506b0633107f2

SHA1
0ba6fae9a2464cb8d057ab2f28052bcb2d651595

SHA256
ebd748eed7f77fc7a05a2fa8666d5f07a10c562468300c73382723f87959082e

SHA512
112d5ec3216e91cbbc7fcccc0088e8d202f918b7b3878828320d7db6618cb2648dc3054fbf12b61f77a13ac3e431cb86b0d71340d5f261d9e5e6378f13443e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab16EC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar16EF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit