2a83933d7ac6500e15c98480f6b1b8c7242e068d692d3c63949b0d270f4454c1

Analysis

max time kernel
118s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 15:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

703e1a7de1481d5d64eaa6fe56a1da50_JaffaCakes118.html
Size

1KB
MD5

703e1a7de1481d5d64eaa6fe56a1da50
SHA1

ca81d18acda42a7fd8e2a46c4cf9bda0ee2e148b
SHA256

2a83933d7ac6500e15c98480f6b1b8c7242e068d692d3c63949b0d270f4454c1
SHA512

862508a6c143ed69c10a8441129ae66eba9b3a0035410c0fb47339e6bba320622bad6542eee34953412f7597c38693613b98874895c355d29438561f66533483

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428084913"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000e2bcb460fea6e6778d8153ab4d1d61c45b8ae3a9c679f6e88f2cab1b7bbfaa2e000000000e8000000002000020000000ad6088250fbc2b9ae43772a1adecda70d288a9b87e3a6e658dbb4789cd52ee5f20000000830cad00d0520be5c9d46eb208b29e4569a36b7014aee4dad830e4263ce82b764000000010fd46c8181e980fb10e3d69725838f866f7bbfa1e900811f7ac96e755dd9cee8007e551c6b96b5d1a5087147b085aad3bb6bf3ea91a2714e47d5a8bc03c24ab	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{95FF85B1-4A9E-11EF-BA79-7699BFC84B14} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000147026945f1f55f7f7456eb1f32aeb6003a006d568aa0549b8e987a746a095fd000000000e8000000002000020000000cc805b17df205fec25054328100a263ec7f7304b11cdc6b427b83b11933c6ee590000000bfcb1597c74d382d1cff866a15d31cf2fb4e4586ba38c26de1d382de9656ee549facdc2b0d273bf1e5b1fbc7f4223b464c97e14b91a282a5a74bf5be494a56ff2b20518bbb7f7f9ee441b84eee9e7291ea8413fa122335f7aef7cfebbf5dc5832801fda2bc57139f04c20d9f69af7a84f97acff5500338016e5ca22eb28adfb28e57aa157fb3ef557867a8a001704e95400000004568752ae6566b0fc19d01935ed0702c3ef1bb71801556e896cab27b089374665b6b337dcfc0e65db70d4f19ee5252272074653582c7c29a91119aac6124fab6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0258d6aabdeda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1316	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1316	iexplore.exe
1316	iexplore.exe
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE
2960	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 2960	1316	iexplore.exe	31
PID 1316 wrote to memory of 2960	1316	iexplore.exe	31
PID 1316 wrote to memory of 2960	1316	iexplore.exe	31
PID 1316 wrote to memory of 2960	1316	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\703e1a7de1481d5d64eaa6fe56a1da50_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1316 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
1f710fe623adf463e2c7217711bc6b7c

SHA1
7dff3c350bf4cfeb92bc7189d5c8a8cc3cfdae4d

SHA256
a63be257cf0c9c851c2956f26ef0ea8e833b2d424f46eeedffb1ea705e905fd6

SHA512
0a16617a568947314407de4c64959b0917facb279ddb126773c98e2364ce57475475cdbc064daf2606e0dd3bb28577eaa24b715eebf83d53ca8a914d741cd8e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f9bc7d2b6404a620aad5bf16af9495ff

SHA1
ac3e838b165e78f5ab3772a45de9bd1142192f1e

SHA256
299e1ff494adcf2094c6e099fbed4870716948f04f38825f7cd3cc9fcdc41ff4

SHA512
a7ea9c838742c6e27c280e2a899edbd34295c5be79f535a67eda0f263bcebf05772eba0b8a5d18c5ea36676b691bc59691577bb49c00741c59ed104a1879046f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
80131f074215495c68af8f74a7b79d46

SHA1
2432facd5e824e0202975815f28e1942fc588692

SHA256
cbd90f1829395c7575fb4c49c9274856827bb0bd80d4b3d2435abe2d0157b770

SHA512
05c7ab894d59c035e49ed7bad2e3257c4fcfc8776ae5e407510ae174636cb6dcbde1f9fa3fc0c88f95c72139631df284ae149837ee980775359c9d40cad7dae8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
80014ca185c017dc16dcb2a3e9d21a4d

SHA1
7ebab99ac1502adf9f9490bed3edc911ee7ddaaf

SHA256
0fe3604fdea2b586ef7796159f914751b656004278d57480f32b1ea959fab6dc

SHA512
94fe214efa52b9066ba2de9677dbe5184638421947b4311cb4cb493802c7c9b1e1385760e660b22456067cbd1db1f250cd0c163052c46910e19dc9b318eb66e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e6dd0e1b0b7a0c41fb097c863515be36

SHA1
1c8abd00b2fdaadf296b8565e402f5be66bafc17

SHA256
e14e5ef135f7c2b018b10203a3fcaaeb1ce8d27924c37c0637c1aac700e073ae

SHA512
16c23e93d6858b0248d8da2c1ee6209b88c51093d17da82f8e32acb0b2c99643c83570b5e465ce8df4de284189d6a4f3fa73013ee8882e686a4faf496862fb53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9aa8bf936e24d1af96a3075fc79ee6d9

SHA1
0be29250aeb16b8afe2aeab523a298b1e5689e64

SHA256
059dd6718f68daf9a15dc6d8890157338bee1368f5d2ed1467ebe6df92382fc5

SHA512
5e4a066361db37c60df2624844661f05c02f80dd8886fb90b0ad7d044c0a96b101da12674d5dc2bc8a80ca509d8f44108ab34cbc4fc45993b0d3aad9a137d9fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
74618385483a7ea4debf73dcb5d514a7

SHA1
a365f7c7a3f41ebb9f92f10754e60ca583e007d8

SHA256
69a6928661ce83d1d5a5c8a6872457da6e96744f5c80cd15c4d7e4d7dd4c5127

SHA512
909bace5d839bc0bfdfccdf81a40e4cba9aa794a5e1532430495ff38f57d9139a296553b1b77ae82b9e7d4ee0daccb4dd68f270e36931f6dde1bb65187a3dc71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7ab6fdcc9dd2f23b40e0bf41dafd77e0

SHA1
cbd551a3239c5e00477805997e724eeb27206469

SHA256
9b099f5346a4f52217bed0c7283c61bcba5e2b665042bc118c33275a1efef04c

SHA512
2d4f7328133c28e9b78ff33c5c20612831e7f742e893f96f0fadf1ad0d0220ab7de50a105a035a3b79c0f09ebd6cbcce5a5035635dbe2e59d441b60ba6bc0aa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
bc907404d6397ee1a968951f50f86eae

SHA1
04fd7a62d3ec27a5447cd950924dfbe3b38fb476

SHA256
4760749796d1e99454bc4092e3f2bf68b224d360568ac8fe759005b9fc4d9465

SHA512
238631027b7af47d51af3b1544de85cd6cf1cf78e417cb2a41d09ac67ab54e9f80d65ad62814ffbd241406ea841df1d01181c3554cc9f8e5bb11ee9e3b6af325

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6ffe5400547c391aef3509964bc59e6b

SHA1
343e50fa83002501817c791dac44dc0dcbaf9297

SHA256
f90010fc029998cb87db5bbf240bd138fce108ff818ee6c41a28df555b41b132

SHA512
4326c8fa2e57bdf6d22b033b2c05408ae80a581fb5872e0d887b77529711cdf322f1fbc7513c7bda827974caf043f1beeb9fbaf0bc077bcbe8370dc2d16aec90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
255f21bc6c1ec1894d64988783fe5d03

SHA1
a0f4b3dae6c4806d5b6bc2ad11ee21e167489f0b

SHA256
09c675785bae32ade7e475d6249bd5873fac16248ae08be88d8041fd6573fb75

SHA512
c8feac6e65d6bceb5311026b738aa4687616f72cfe722da90c978a9730f94640879413ce2931f6e2926058770cdb478247008648cc2e38595d56589175294666

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b5424a1d7e0fe1acc9e517ab7fce425c

SHA1
21d2e5fc6d224d514e93910f6f99c112a4dcc736

SHA256
d91cc476df14f0909c55f2ac6d015b0a93ab0b17011fa2cc71ee41b5adfc6fbf

SHA512
627cf00d2c6194faf0df08ac9706ed21e42e4537a63ff58a4bbb8d67bf9bf5b243a26e50a5675500ad6bc15dbf8fe418cf66a707f590662d61293918d939261b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ef0dbbf3ac4a21b1ebce2224c244932f

SHA1
4f523a88ef4336a49edf3fc87560fb5697e61fda

SHA256
fe79492caa69ff30c56484ea4c36fd72893a7d45e0c13318fe9c38ca11cc1e03

SHA512
5e52be06a66e6abbe124bb6028b02b1f7fbb42f3a02acfe648b7e2266fabe0680ef3e16eee8725371e6747c160fd372e46972a3be5bf04875c78d83ad24d55c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7aedc10aa31b71a98b2e568ae9d81b05

SHA1
dc336cfebc7dc678350a6d2b6636ba43e1eb0234

SHA256
262b9eb0f70f5e66a0cc979ae5ebbe710c856ee619ed347666832844c9923d6f

SHA512
99d59b04da4cc335d2cca9f336c1eac9ad8ece0baae74a4140fff0d8d2c97ef7bc0748f7adceef0b17787ac09c2f3f872b5f4c8f75a76e46dea4b54197eb1680

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
8357fa2c973229b72bbf0ccb5f7f3983

SHA1
e517d6efca00fe6e6651eca1a35076b95b327f6f

SHA256
2fca5c883f2051678a621c83f72f69bc2a19fb94fd3d22499ac342e1f1330559

SHA512
a3a53495ae8108cb6ffc813a3f3fb5ae0e8fa95dedd9eee34c2fee9450d98a923dc563f39569ece89ea82b9a1c6cbf047523cfa60efa95fdf7e35904d9cbac10

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFEDB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFFA9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit