87afd564c8e5cdbc07fe7814b1aec728adc10cd112236eac502fba33b5cb60d8

Analysis

max time kernel
141s
max time network
143s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 16:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7054a2c6976f1351ef98d8bbeb929142_JaffaCakes118.html
Size

135KB
MD5

7054a2c6976f1351ef98d8bbeb929142
SHA1

18ffbc88a4e78150c39a1c78900e9c3598eb53be
SHA256

87afd564c8e5cdbc07fe7814b1aec728adc10cd112236eac502fba33b5cb60d8
SHA512

ba447141f71f602c5a7ca0609335c0c27636245ad77feae42280cabd38b87abc0f21b844ba102c3da565db802b71075570a819f4133e56d2f0f9029854383182
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcnRV2t8MSHAyWnIkLa60cGXeBcZ98EqUp:sCWVLfGGk

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000000f49bc504157445a843c29a7ce3cd3825f7fba65d7edad6a1e5a1ea4cde8f4d6000000000e8000000002000020000000e686ced08d4a3e93a9a7e626e9ac1015b157ed5eeb86c823e44b6b5c381105332000000012dacb883db12c31127c197ec01c72480cf657ff9b84eb3fe12c881f29268d7740000000b0797f6c842e87dbbe5174724151726683415317fe4aac3bbdbb20e1848f184f88745a15fcbde8aa8387ddcacad73b316712c7268e3cb843593ce0f3cd976bae	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428086762"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000cdc41889239ad010fb3e322af8cd5f7194f42db32ca3c4fc04a201ec49c6e866000000000e80000000020000200000007a4c0c3f0fe5d89427b50f7d646c9aa3d88c8a05df8570a5c7aa0c369c3fb94290000000554cd72dbb0ecf7231b549a0954ac8a0f614e988cbdd7b1c763163cf60fc4668c344d28286ae3df42a69937e4f15342eb59d8ed28e51b3f710df09b478a3157fad5ff12a76e95c13388ea81c5231f5841d33bed240f9168e79be2e88adbf5ebda00e1436026baa67cff1460fa2261561277b577083ca6238a9d38169cff36473af232a368a678922b36fe3b823d29212400000006febb12c73c9c811a3563918d5b29e124496e019a38d837e871bbb5f648361e672ee3778fcff22e0036d7b7486595c19aaaaef2bf4685144fc881ec3102e3ab2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E2555031-4AA2-11EF-B5D6-4625F4E6DDF6} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d01d67d1afdeda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2292	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2292	iexplore.exe
2292	iexplore.exe
2392	IEXPLORE.EXE
2392	IEXPLORE.EXE
2392	IEXPLORE.EXE
2392	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2392	2292	iexplore.exe	28
PID 2292 wrote to memory of 2392	2292	iexplore.exe	28
PID 2292 wrote to memory of 2392	2292	iexplore.exe	28
PID 2292 wrote to memory of 2392	2292	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7054a2c6976f1351ef98d8bbeb929142_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2292 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00d1e69dc01e12abad3af9c2bec1251e

SHA1
bd6e24b801e814bb627ad8ecce179da6ee14c230

SHA256
03eaab619d01812226300b88f6e5eb596a1fdf03b0eaf9dfdc8413a73c6d7e8c

SHA512
906d832e06a34c22c1e49106f3a59cb65968ea536cb2702aa076e73b83665adf7c34afd5ced4f44ab244078dcc01e28db13b080fed7b125df806c0747755ee99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1103894674309f39f0d00bb2ee0a45a

SHA1
74f98e9efe306cd1db33e9f52d4735164d303f62

SHA256
3d8953e51d5991c9735fbff7a09805e71b10690f8e41f09f7243b62081dc7f28

SHA512
e1c033508bf5c3281e0a8ced509834603ae89a5cf2f507154481ea7ebd2cdd51da2a23041a76f36e339bef76b4a79326782c3401f49683562c9d7f2d98961024

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5c96cdf9833d7ec4401e54e1bf5daf7

SHA1
955d13462a07845b6e25884ea81cb7ab8d75061a

SHA256
cd86ef9f63ae23a8673eb390bf9715d47bdaa66f7c80dd581302495b2f231032

SHA512
358417a8de943066ece749ae6248a613e6e6bfadb4176762ad6b30a3f020d2f96c2c4c3a4aef25a855ee00cd9ffd2429f2311bd0f93c89eedf804957c8a888c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2c8a31446c7d1388ace4bdd6166e6c6

SHA1
291a0e23f8280cd9d8a4d78a0f777211b822e724

SHA256
46fac63654cd53533c21e30c65d4ed52be8ecc23df555d29a72002acc3236d03

SHA512
2dfb7297582902f3ab1658df8e97330b3c5e4663dee78c57b1fc9e954f6ec27ab343e49b9f85cfa8d291b01d7927231bcfb886179bc12d4d15831e8dca753701

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7fb2bb2a41c77742110ed85d3734503

SHA1
2e5b4ddd52b28638b651a8de23bcf91dc0d8362f

SHA256
f1a625f1acfb776fdf73949bc740d1f4a694d0dadd6aa0bda82b6f3e55028675

SHA512
ed3190c708b692a9dc856dba8cc0eb1b633b79101dc706620be2154f2847f20c16d677e70a15472b62b8d5813c3dfa33061e025dce1e8c1690697d6357ca8703

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c22bf5220d15181e59474634e1162a56

SHA1
50834a5631c4cf06b172167abd3ecb352a0c16cb

SHA256
fdeeea9bd9389018caf5c9621382cb2abe63b4ef822f684f9af4e8cceddf615e

SHA512
d0af45a5697385f93e2c25bf683768d6b1c2fbd11d5b5a1d1de3db023e4cf4de146d5c8496d7a7523364ac97be8da1e2e4cd53b19d191650cabf933226890bc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a5b830593f202c4f8c55b445671c61d

SHA1
506693048f89f5964e8400bcbdd0dd69a8addbfe

SHA256
21800326a72816923697c1fb1b340f30930b85de783cf6d825101eb862e277a8

SHA512
c16f842644e7dce28bf79932f4b5b919e909e9e86c0dcc09b0b451c16a33ffa40e451be1e15cc52be0d43e03b67f9849308ea88dc8fbbb18bc3bf7da6d4b389d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f557062f737e19de8afa85c35f78f98

SHA1
22d91086ca6b1480d70cba34904b3203f9e04516

SHA256
40ede53a2f21fd7b8fb2449fbaff4636c39eba42c4eb5e0ee33927084a5b80a8

SHA512
4f2b2a5c231e1e48ce668ae8d7c1a732c61f25f8e5658cafe31cd467423ca4f4013f95236afef2c942ffd108dd50b242ca6c6b28cda486301d83e07fa43abc40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7c4a75a2807f7af698eba3e834fb2e6

SHA1
78632cee67a82323a88d39618d36c7308632fdcc

SHA256
770139ec349397456669f90d497fa07dbe4f19fe061afe78e28aee15ab7e9acd

SHA512
ed736ed8b3a0aebeb5d685a5f149ae858b38ca260b8c12a0beb28226a8ec5dfb8997a00316e166a7f4e91987d3c709d90981a8f80ab2b20e6c098edc412d98bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3de250cf97009fcb51665af5ae9ddb59

SHA1
e6979cce15d1f91c664c475b6fff2d4f96c31371

SHA256
acfa2d4834d3b01f40b9c72afe3a04d2f0a4a5df1061b3a563562372749648c2

SHA512
6797c8dc7153b61f9532069bd1f508b986154c4de6d2e031861bf29f055370620a8dede26b4acb8a817bec9dc2817b932c7bc05335a19ac2318080f71aa70ff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f5ddbc857e2f1821be52d4ce1e18a61

SHA1
c542c7277a44625315321b5f7f27cf9549d9f074

SHA256
1b0768635faac66de2706297bd1481e0befabe80db02c51d790028405fa197a8

SHA512
9160baa9f33a6f85d987c59f31f675ced66ccc0ae13c54a2260db3ca2d4dcd9f50ef6328484c4430660a7c823749fde61dc3588bddfac4285fa17665d4709d53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3eb96a8f5f977b76818c79c9d67c2f83

SHA1
e75620be1c2c8d80c98e6d2fd097b027ed555be1

SHA256
d5a07355f819b8163707c4a5e2efc7f7cf4f24a9683cce74c1d00fd5fd5c5619

SHA512
2a5cc05b1a32a3a03ad8e01dde8e42fd5403264beb94cefc86401c36540575995f0cb8e7d575555e22df8f5e0ac75e554fee92cc75efb1cd6955ffabade3b127

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ded8771a52f17e83ba549550a83e9de

SHA1
1903e6e02cc465a02e1516f8efebb59434b694c7

SHA256
a8996c36b8cbfbbb6cf79ea59a6ca67e42897bb2010117f61f839cc65b04c275

SHA512
fd4f8def7439af92f28fe2179aed11e022b1bc74d5a858cbb36459b468d53c28d4a9a7c5d5e3e48eacecbb56298e5b16de8577a523385732bda2e8b581179bb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9227b0231f16c1d4e1b6d51cadf1220a

SHA1
07704c51a945fd6480c87f70e3da18ce51a70956

SHA256
f7d561b8623d0564b0db747d922353281842f9425be5dfff1fbbec7fd89ec002

SHA512
286c6ca69ce38758a8a115f5c51e11492617cf8f2984552da64631582e00d09718942143573c124fdb24cd85511b209507cbc84fd23008787d790b0d8b722989

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7456ef51a99f63355bbaedd8948f036

SHA1
c479e59c56af9128b56ae6553ea9728fb79b3d42

SHA256
ff969eec8f9b038d24a147bfff434331fb0ae633e9d22993641fc70f6954a5e3

SHA512
eba362f04cb77a98d3614d90ce85e054fa5d01884299fc6b6f16134df61373b0803ee8c8bb8f1d07a450142e3128913d034f7f28c2079ebff7d0037a6cfbfa55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab48C6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar48C7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit