aaa6727239c90738b3339e3f9b0fb420100d60fa3889c92db13f281d1a572f5b

Analysis

max time kernel
142s
max time network
142s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 02:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

69e624170642ce5954857edb3cc2dd34_JaffaCakes118.html
Size

10KB
MD5

69e624170642ce5954857edb3cc2dd34
SHA1

f3717637fe63d53e3cb1b5a9c963c62e3fe03319
SHA256

aaa6727239c90738b3339e3f9b0fb420100d60fa3889c92db13f281d1a572f5b
SHA512

dcddf1191fd7fd6021cf3c8b0cb85c7ef3ef32e93e2c72e34f71e948cd588280db899b382691a5c4520ae22229cff19f3652fe02129a08a176c43cceb4382ed6
SSDEEP

192:CpJSEosEYIA0/eqbGQiRvCDWuKGheJeBImE3mtMMqVrXSmGjLDZL8PfqBq/SXuD2:E0/e4CDNBMIR5anNLB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A70B6B1-4963-11EF-BA5F-F62146527E3B} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "427949468"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000ddea5cb1edffaa1592d318b8d0260a6d95008b131ff94e789a8d85e7ba70f390000000000e800000000200002000000054f9edf84afc52303a53b042e61be086572cef5e55c810159021b78f820293c7900000004a9ada6f46d4fd51f538c0f2cbca5ee3a476b4b92a20323c7769593aedb9d6d260a7eb9a364cdb4fe9362ccc7ccce2b6d94e50a6aad46ac125cfba4910e1dfe0eea336d8bfc0be5df2d6622500f1e28197511c43207381fa5910338ef58b5f83ed6ba2cc09694d7c92c0aaa5c18f50c5a0264382f56f485d21c9d88750f174bb971a456e0f02256afd3c89f23c68b33140000000ccb61e26c5ec754fdc4dba4f36e3d650b5caa0425bf219e8f31cea4a2d2acb5d1638b59e56abe7f9ff8414b8d9390e3ac0bb6f45043d2c099db02c4f0ce74ddb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000751f55ffee95d3b16b6c6fc895c2a4c37104753cd1de27746bd350c05b7f122f000000000e8000000002000020000000e547932d41a9a0a7086e623398d73552311982612a3bbd3a4146e716c8e551d520000000dd129c17317ec5f79c23dec95022961248f2429645ce952b8e3b9a6f5780c47d40000000d59f8f3f74254ba9d9124dc83a0974e321afc9a1acc79439b25c9283ca81bb14e50edb22848f1eab2886fe24e330e66e14501e1bdff2f82913eb1143860fc580	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40fd091670ddda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1316	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1316	iexplore.exe
1316	iexplore.exe
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 3068	1316	iexplore.exe	30
PID 1316 wrote to memory of 3068	1316	iexplore.exe	30
PID 1316 wrote to memory of 3068	1316	iexplore.exe	30
PID 1316 wrote to memory of 3068	1316	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\69e624170642ce5954857edb3cc2dd34_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1316 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
876d965063a2ea4a7b520e1dd67d89c8

SHA1
815f9c8ffa210c4bc3874dea175607642c76a84f

SHA256
2d9f918db8b5b2d731ddf4e2ad62dd3e516cd0456faf3523919e769a7dcb9d97

SHA512
3053d90289933214f9370abbcfa7af5d61ee862f9ac659d74d56359d750782154bc81d875c5f62e2aeafb152ee42f3bdf888af43ceab00f4bf263654f2bbce49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba7fbc60096c8bc053253471f641b93c

SHA1
1a0052a75faf1420235820c149632e034d0e47cb

SHA256
f2403def6f93fe67246e490c1bfbe844f35363d557f8b06fd16b82e0d82a22b2

SHA512
669f08da78304362e8afdcbb35bffe563f6e7ea5de078615e3c96300c56f695da1c8156ba619fd8ada5ee296b80cd61871258b6168785385879d3bc73f47ba29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c306facc0ea40113c96fc01c88a03f16

SHA1
fa2b05ada90778f11325fd170b1d033b1f33e9fe

SHA256
41f64c2712ae34c6cf6dfb21790abb6ef30544f8cbedb6db0a21315d251a29ca

SHA512
3423b7ec970d2d000ac1b9dbae48ec7768f4c759d7a49c3391c3b99d2cef9897c07aa867ef141a3ef4900acda14d0119cb543477c3e26191fe9980a7a42ab067

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9355d54f5c6666202671dc96bd6f25bb

SHA1
13e38dc71c2eb4df34da4be1f578aec5e9e6b0a3

SHA256
5fef75001a1f849655ec1be52664814b4b2d2eed3aca184206f155b7f6e36a25

SHA512
348e70c518eadc64b5b68156e13a64a817ebcb234c2791a70da7b279b827789c65b8d963b3797c7d0aca5725dda70f0c3ce4d810a89101320520d645e53f02e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2f1aa40b3e064ce09a395b4385108bb

SHA1
01345cb2916efa79afd93880e3d6d15c4ba70fe0

SHA256
44d9e1decc0a98831c42a131017c3921f87240128d59d31da3ae0b15955c8661

SHA512
469fd8bece9630b7b185489747f4c4f1ac987f367d62a5a5d9039de65a28007332409feffcccebe9898c7d8b84c6f2292859855b3965659baff3c1a30590bfb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01fd7e2b548322c0f0641bcf668c1958

SHA1
e5b17aafaca1000b12e4c37913b4ede737cd7ce4

SHA256
ce35d11bd9965021ac7b025813be2160fce48eee78d3faf5be46f31388f6e0da

SHA512
43e918b7d4105cd3f21e181d5affba3308ff534c68057d6cd8fc768ec575c08873b448f5e4f7f37cf34bb1750ac056fa3caa7ad60ca7c79ad6574c73fa9cf108

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c385ae51e265417d98169282fb329fed

SHA1
610f54068fd1d18e4091b8def9428a409794670d

SHA256
abce19625c0e85d8a1f77a4ec9be61c83c7b8f6a5f12d406d62caee8092e82a5

SHA512
160357cbf67cd2bf87699464e1b1aa0ccef4ecffaad1bfd0cede388564d2572498f50b0d02ce654e19af4abcb8f46011589fdd0ae6ca7f9b926bdf69baac514b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0958b9e52311d39c656954645f996291

SHA1
365928e0e734a157b907eccfe1fb1beb8a5e318a

SHA256
2ffdc570341906de7b02eb1103cf2798189e9d7d67f2838778a3ab0fedbdadc7

SHA512
6a532606a1009bb6c5ed4e1db87aa83e961f8df80de8a0042881710e1714279192d5fa53fe2c831b45da3e0fd864e5ea8d18ae018dc98b1a637991e7998f3cb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bf7b2ffe980c13c193672f2531b2206

SHA1
a9d7986f8ce6b7e584ff284ce9aaa8d920d42ed8

SHA256
fd1570770068ca64dbcbee9a5125190fd498e55fe2548d41924a11aef3515f4f

SHA512
5da189f9a27a23e0b4cedf5855d87e4fab2f94d851a6f4a31289b16c1ba1b40c795df93d95cbe19dd33d6cd1a44f7a575d41d3f9a1fe2b3d91b0c5cfda7a2f7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65c27fd6c3f966be0a4fe42a0de7c7ce

SHA1
5c4db60edcee2138cdf2ec5fdcc0749f97234a94

SHA256
105b6a51114a60df514c736f1a23be55133d809916ff538bbc1d19de991ea98f

SHA512
e3b10598933b6243a42a93d703204148ebe6177590c64602b2c48b501f76259ec581a4dd053c75cd0893435bd2eca5a01733cabbb03ace9fdd9fe65a9fa28c74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afc3f9f891238a98efded7a0f52daf7f

SHA1
b81ef65ece55f2e0e7c29fd49804e51cfd112130

SHA256
8b7bdae5e164fa14256a438b51d0906341b4ea465e718f7829b179e8a1a66983

SHA512
418a56687f9a06eda09bc712307a2c80c86d1bf2d4559390b2d122272ac8e32efd0854bb5542aa36d1726dd3294cad8338c4c1f42d0364bef0d7f7a080f6316b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44e835d6c5d6ee758b7abf3da71cb4b1

SHA1
f326f9e21a8a15aba80d063b186094175ac18114

SHA256
27ea63ec2494070a5142e1b37b53d89e18240278833d5e6a315fb8cfe8443d41

SHA512
ebd79d293261e1f3423181d47a8cce752a68648157081c425244ee46fe76113fa52591d9397dde5b55d628840e3a8ea49fa0a109358700186f071585c66843e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccfc1824524e5ddf2cfacf0df2adbeaf

SHA1
3e605655b75f744e40993a211995ad8f26275d85

SHA256
00648d4ee441d3e54d9d059c546b27a00b34b0620163b6a77539090b203f7c9e

SHA512
64f7a4819cb21f8ae578c588de1e831ba2cb61aa6f95d90f26b806cac8cab99de54ada12015cd17f3d6afb90007dce9b0741017f28510a60cfe402c5d026d331

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11268b6a8d98f60b4a8e7fd5b9f421a2

SHA1
7a4b371323b3686c5c4f49d1bd0c1fad569e8a65

SHA256
9f8408163726e35e6ace4c5d82c59d3df6a8dbdf60d050bf20d83539be8eec0b

SHA512
a4b6f92671af70ab797b5d7baa0d9523e54b84c023dda636c8f1cf50760455e9c5383604dd4134ef856febf6c833a53230a1f8f5f6c66928b8e4712a02c5a0fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19f91af8c715cf3167760eb768c46c9c

SHA1
d346e4305d363866fbe40f228895a2697cec7c7b

SHA256
e01f5f1d756be917340b89ed710ddcb6d1887386cdfe78605cf87176ea13354a

SHA512
85d6c655a21cfbf99996ba2eec8a08151c3141efd9d83da74beb1229f16d0ffec9c5f0aab72642e21a40c76ac6a3071f24fe24a10a68e1eec4d7d1c1b710db37

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF1A2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF1A1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit