498adf267ab9ad814341c17efcff1c08a72b021ef9d0d83bdb1f7f7e2dca88d4

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/07/2024, 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70787bd2e08c11e6240905f9fcd3074b_JaffaCakes118.html
Size

7KB
MD5

70787bd2e08c11e6240905f9fcd3074b
SHA1

18eaeda2321c3971461389c05aceb2281f502334
SHA256

498adf267ab9ad814341c17efcff1c08a72b021ef9d0d83bdb1f7f7e2dca88d4
SHA512

6db9c3ddf1a2cac0356a9d4c956d3d9ad2ebe09b0ddf8ea82fb266f82de1ac6db4c262c3e78b4d463f779b10502f4ebe606999ca970adae02299138c117dc6f9
SSDEEP

192:QG8BFw/0AVoFLnzAFdfbThYpU4bMS1sALO8+qLAyKlf4bkOLbhNS:QG8BFw/lWFLnzAFdfXhYpUxSXLOTqLAF

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0336dfeb4deda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1677CD71-4AA8-11EF-91EE-7699BFC84B14} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000be4b9e10184cdcc15e0349df30e08ea80b8e50fbab29e2ee3d123ac0d3f68355000000000e80000000020000200000002cf3b230237cdc84b88cfe60ec79c30dd31c62669a4e111846d86fc44c39296490000000b2b54561673a2154fa0afb7767519f202917f9ab0f5516b6d63a2cde92eec7ccef47df4b51461bfa8be2dfdd9a0342a5e604029deb8e21af6eb9473718d0647cda91009d2c71af72e4b68454b91a625a6f5106a09a962a6bf7566f858d8ee6de683a50b630909ce28c0b5e228652ceca3f8a668065ec85e4ae0b25e02b45acbaf4ead293dd69345177d7d9f30e16a7e1400000003b184e4310fe9f28098ad5c2b54f2c99fe62aa70f436ad77900a3d6e251903d9b269011ff627b00901cd2a2adb4c1e4aacb3a6f2e16c0260271419136a8ca118	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000d087fb04a0dfd4c41063660892c7125abed656ac83f0c0b5f53d1c515b36f0cc000000000e8000000002000020000000f011e49dfd1aa52a9e3b582ea1a784bb48407b700577f234a4ba331ef61ff07720000000b1cd9db85ff918596a9fecbc33cd90459277913b61afe537f61782bf298a7fb1400000009dc8ba8583b2cf7f496f1d703ccb1b7d7953ec0962e73a268d8c9c4bb018597215043d876762c827b44cc87cd8f9902b712f693ecea7f25fc076f4dccb23250d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428088994"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2140	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2140	iexplore.exe
2140	iexplore.exe
2312	IEXPLORE.EXE
2312	IEXPLORE.EXE
2312	IEXPLORE.EXE
2312	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2312	2140	iexplore.exe	30
PID 2140 wrote to memory of 2312	2140	iexplore.exe	30
PID 2140 wrote to memory of 2312	2140	iexplore.exe	30
PID 2140 wrote to memory of 2312	2140	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\70787bd2e08c11e6240905f9fcd3074b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38d2bf42be93ac4d3d61a1a2f61cf030

SHA1
c343d11c5650b140889f58c3e370efb6b1fa2adc

SHA256
5e6544c594a31f7bf9d1842aba6af06aacaed2d135e1b32915b2a4dd359cc6ca

SHA512
644745a25625def32b05c907777bbb3aef54fc6a5b45bdcb6552499ed2f025b7ff93d4f1bc3c24a92565e9e43df3a314c89206c2baeba3eb02765f2dfb55a2ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
851d63e3f2d1d8d5f327be449e6e2249

SHA1
7b655b3acfaa7a61fcf30c22234454855924846f

SHA256
4ba2af2a6eb60d751fb0dcf685eb4ec7a4c5a575b64bc759e789a800cadc4e41

SHA512
ddf44f2f62816a31bf28664a196e2628943dacf2b7bc56a6c0c51aa52fc832d0e06ef5567809ff898409760ac11de6d0e37597f0058bf8db328466928322eaea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
627a474e08fad5c00f09edcda6a6e487

SHA1
712b123464f361a8f5eeacc25e1a1344b1f8a0ab

SHA256
d7f93d9d56b307f8b513c45c2b13676c9e3c262bf230e36742788d5f2b02eb20

SHA512
3cd1dbd4e3075436772e4e3df459a188ca00eda6ac6332d0ff63cc137b0e16c9fd85fa1645700e3de96c5c018e06dd3d1f49a4285b1e4a5ad3cef6c7cff51f35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
586f59e3161c5c0998d96df3c2437be3

SHA1
9ca650e329ed9ff174ebf378e6d6e9b0cf2e4d36

SHA256
3b9f19e060d7297929034a2b05b5e33b0899fb612ec4038eb4c234dbc9111bbe

SHA512
00764a6ea270b8ed33bacc97faa48fbf4ca9dc50153e7031aa81a19597dc2314f8441cdd30ea92e04ff8e21fcef7a8f21cddf1f8014a0ba8ad9f4b940e7368b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08f4a707f751db4da99bdcd9dd1f6961

SHA1
60516ae065b2b6e5654a28c20f8136a53acf60b2

SHA256
444209117a02ea34c09f35d279bf2ab9d638d154d1df60f44972b2314aba9987

SHA512
3af9ee5a24e7939ced52b89aca3cfff6a90567f9eb7e3d7066280c429e17ec7fc76cf4b597687379219e0d6ab559d9ad9b65e01402cbf6c33d6bb0da01b843aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fe5c0329bdebb81b6daff9e5c3d531f

SHA1
4edd1aa6af29460b2189e56c85dcb398c2260a94

SHA256
e6da23a301f9e1ae21ed6ec3de14008e448c1b8670575bc1a6f04537853f8a3b

SHA512
a29e07a97c10eec0510aac8d98119a2bb39f9829a927dfeec47150c78181f6dc75b76a0cce75a190aa207e856a652f899f1659277c34736150d74726322856de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17326d5a2e7dfa2768a84ac9e5046587

SHA1
651da17a9a61bba8989a0df14537cb8b904f3720

SHA256
437249769b729502b9aabe0fdbd510fcb1566e58e00121a6834cac740549bda3

SHA512
9b4749618d5379cc9a629f75a1b944453c3a4ae412d7683faa459cc5e7a8ff6d1a69a0a44ede44ca88b080f2d18fd6a41bc16558513707c825e4f1647b7347da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e99e14766dd570d5e5eb2308fb8ee08a

SHA1
3abfe3f12a6f86cb094197cb0a20d5021e0224c0

SHA256
b99799a56b797c322c32b8068068a4487e448de05060eec2ecf5a869489fb2b5

SHA512
d1e3bc1aa79f6af8136bc914626a0d29c65e926296cdbf0a207a3b25b69f710e4d97693c82d39da7d6ca5e3426c4070664e850e7a8b82ed43f614998d9b86de7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db0c5eafc549d1ed86624169c8bc495d

SHA1
3de66084ac709da28e94b8865c01936dad726561

SHA256
7b74497a41c563ad38e1dc917693c4efe613f141bed027515b681e2859a86382

SHA512
61e894302cfe14d5b42ff59f95fae7ed25afae3b4d4a12b6c1c27c03feab6e799b19d764430a8a02fb3668ba997461d113439889a77576f0b303d540fe8efbb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a78011effddfd1865a310a164d81a1aa

SHA1
d1cd0ad5b59d46e7c466ce17fee4d4d926078763

SHA256
08b4803a57223d61e3d253b9b34f18678c5eee7aaaceea9f21ded0483c45a4d4

SHA512
79fa66f95a6cd6c7cf07d66c48734ae81793a886c430222d1cea02e325f912dd19943e04f34bc1c06041f807ad1bf1bddfd4908573ed6d3799e7ca6403b46527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
191dd34d625ea95430d60cb87938d045

SHA1
b1e333676e8b0c0cf83553f4ce28212fbd7f3e15

SHA256
f326dca53ef5d6916acc2dda5d8aae7f4c9d56e8fb8eec87aac0d8e258a12b02

SHA512
20b20a843e8e0ff4ccf5985d05ec3fd717d0087c559a5c2cff628c3c5a95a20afed2116a9572df3c83072f6e46ba88571729dfe5b4aedddd2cf1e73fe22b4a14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
457bd8d7b43d456d8cb1e8196e170656

SHA1
45411d2308fb4c91086619fd99a74c51c4bf9682

SHA256
9b68f480442cfae8d63b7a9f27820be52042bfed988de2640ad038eb5824d241

SHA512
c8fa9e159ef8cc2325b9a6b933304757402c5e51aaf61410c4b3c65dde62ad10039b0ba77f0d0298428ded422a3b320fd9d37b8f8515985b24fb95c37dfa6b50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1293de939077513fcfbabfae0235dc32

SHA1
fcfe6ca01cc04bc24f4ee04196c7f6765c1e605b

SHA256
58ea2089dfb6670c6e1d806bd787853023c9a42007223baf9026cd1432c6b0a9

SHA512
f3074e20a9c88c0f9686988e87e077f623de80eddd4325d99f7db301c95c4cce1272ea0f5b1e9c7b1034c1e6a1ebe0983febc8839695e1dbdf0ca4858f6ca9ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebe64fcb576ea6137081ee9a65813066

SHA1
40a0717e450512b76d64ec24ad136ac5caa495c9

SHA256
e386c5e25119c543fd53755911dd8b1d361632abd817492c3ef6b5ae565bea4e

SHA512
224e70a3510f3913a38c8d82dac7c0a56f77e66ce1937011700243d2dfccdeba1b3b657fb321cc1898e43070338615995114731ae73fd273b9cef3e0b0262ffb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab49CF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4A4F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit