66273fdb62418b5ab731d628ade7aa045998071b6da2bd420072f9fe11fc92f3

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/07/2024, 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

722651616883c180ec0da12af7f3d343_JaffaCakes118.html
Size

3KB
MD5

722651616883c180ec0da12af7f3d343
SHA1

e66163c14f274c82b31d918f8a3186a5b30f8e8e
SHA256

66273fdb62418b5ab731d628ade7aa045998071b6da2bd420072f9fe11fc92f3
SHA512

0794d122eb3813e585467fd83c4e756634b024983c739afcfb60d14bb0a50ed11440c5ef77f598193c33db006645acf5080da8d7e8ce50f009d6a2ad094d2824

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000008a6d5a94c1b141217531d07ea430c08893d57cc950f8b9db7486dfd25c2a9e7f000000000e800000000200002000000020fc115a325d1dec5870a4c6c158fd24d27291dab71bc24293ab40934d07435b90000000fb7dbf885b9ccfc4fbfaff8d03ae1ebafb36ff26943d5f430bc14f7656282fbf2ebf7c4472c7a318ca3d1a1ff436ea8a50889e9cab65abe7447230bcd151c474344815e576bf7926447daa9ae711741774cf663687f183bbd9d36fd66604beede76d6c1792f112a465737f4f8ddc6787a783331fcf4d5d0fe77c9645c3a6bfbb2678941e9b94f0ee1f71d160b526ae134000000072a3fd73ee95b0d1527ae7731c3795b82d7dd6452813d694085e54dd494e00f8d943df058e35eb711d320accc041e4b45b81bc7c4e0961fd6238ac91dcacac2d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AFD404B1-4AF4-11EF-B3C0-E6140BA5C80C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000a0f8249a3107c1096f214a061903db5e6d695102ac95222f80dc2f0e144b6e63000000000e800000000200002000000009cec4e257b9248fc3f8130aa71ba113255effc089bc522d785053af3fd06cf92000000029306ee47c0acc6df8c98f56a5b66a6c83fac1a92de8067ebf39914d0bad196e400000006f2ff582ee8b4f0618f3ac7368abf83809c6a7daafafca9594e6f2b827e8c3a738f43632573a3b8d100c50dbc23db7221f4dd2d7c40c037d772b26d49c029d18	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428121893"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b07a938401dfda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1928	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1928	iexplore.exe
1928	iexplore.exe
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 2596	1928	iexplore.exe	28
PID 1928 wrote to memory of 2596	1928	iexplore.exe	28
PID 1928 wrote to memory of 2596	1928	iexplore.exe	28
PID 1928 wrote to memory of 2596	1928	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\722651616883c180ec0da12af7f3d343_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
feb624a6031ed00521d9209a95a02de2

SHA1
2c7ac81718009d15f5622b0f9117fe4875c7cc29

SHA256
12f911f4688642da30b9ff2929a5b882fdbbd1abd52b943b3fecb47699137b2f

SHA512
8b269e3afb65a6e2232ebcdd78439445f745d9f588d59855e63bd9824247785252e7dc45445d828c7a909c158b9169300f6bb28037bb19b9ade5ca2d3c702d4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c709fe353b4e1045da96237367aa5189

SHA1
f23e6ace3badb5a323fd80cd37708221c0e78c5e

SHA256
3849b646bc98aaad1719da63b585ee4d742ab8bdbcbd8ba6bd04ba4761cc44cc

SHA512
3a40ba9c32a39a3a2e068f646e65f3f287e3c98d33b431313ef6fbb4e9d9646eb062954d22ca6451dcb5c6d2d9313473d10a30972c5e1214c7fa9f6ea90cb19f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
501ee1086ee8ff2c4ece014fecdb5ef2

SHA1
2c2d9bd937d681e2baa98bc59d13ff99d6947bb5

SHA256
ea1920fad3cc8c7cb0d939460d262472821d9951612a728fa45199c34307c990

SHA512
add9f6857e29380151849933ce8bfdbbe282e84efb175cb5d0c95b8b6fe5d266b459b3341de67e35c3375b3ad8e94cd3f4d42252784b911c8ef9341dcddadec2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2106ec1cbd357b096e1ac15c8f6c06d9

SHA1
bc144aa7c671db67aa0a7047688e252d84796ff6

SHA256
494c793acf0b7f4bc713e1711ac468395e8b66e464239dd096cb6a01485e4993

SHA512
5ebaa3936e55b4364c2ff7c11f60411399def72e12537e40d4645f3fe64d84df913d4cd62c9bc712dcfe24a606ab14a90d4aa472df3ae3f77ea606a576a0c1de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d43b217a0b9cc809540833d52bd6a03c

SHA1
05ea663a753a985b9c1bd32ced847a68fcafe278

SHA256
0244262016474cdbf49fbc62e8820800db01686d24a102a14339d85c6780e9ae

SHA512
d5da2533f1fd5c9c59fcb3a783a5d1179e8b98c3d6bb4c3eb75b05dfdec9ef4a2a8d45ee3bea32ae39881f4c37804c06b73e4a69d76b970126499bea1d41a2b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
959248ddd91870fa6ffaf4cde258ddd7

SHA1
d8daaa4be533c7033ba41db0341076b8cf95e154

SHA256
7af33b5a41aa6394a41f668a4dec64ece2f561209fd84a495f8dd3561d0cd615

SHA512
271bf4d291dc898df27bb1755ffdf35bedc0301815d27f285125d321cb381b47cc5078db6365a753cca5abdbbb87b9bacc155f3d3beaf30df435c56e965e3f30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5cd21f258d1b30afd73842258d625d32

SHA1
b9c64385bf0181da205937540004a2eabdeb55ca

SHA256
2562529c05febfe3a86b33f6fe3a52ed6c5241750851cf6086127c908de1102e

SHA512
4692929819564437dac62f823e56242ab765083c2c26dd3c3a050bebd312747980c1f591f441246318d38824b4ec0fb66851d493f74ae9b4cdf5fbb5f28d6a41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b846cde7d6811e4b2a53ea521270bffd

SHA1
d080589afc676536a63a3d770eb9f93b80b85ecf

SHA256
36f780bb979447499118eb8e39c728058ba2a24073cfed6f17f58e54c86af987

SHA512
c6369043a81212ed756df585826f9e65f9b212c18bf178ea0bc1e6cd45333254ab0ffa4646d6b3ad9692b204122d4913e83694185a74ffa8caef04e7908f4612

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9a909317462351303c618e4b347a7965

SHA1
e3a711d955891289f57d0e3fb40b904f82f6f56f

SHA256
9f9e9b615f29391b097faffced6a0e0aae0f0b2cb34f65df987d51d537b04839

SHA512
50af456bee02c64dff4a1c84bc32d7afa54a075df759e9516e4a481fbdf1982ce798eeccfc45326c43c2ae14e521a1f70e8563857425eeec40b0627363248a0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c4ba67e3c916308a4eb882b031ae9e67

SHA1
4cd61917a2d6f2909f7dce7cd87e4adc59d98ade

SHA256
5a4f7f8893c89b18908b313af74317cadd746dadb298977b38e46a9ff5450a0f

SHA512
e313f76c5f06ce090033024d7fa66b1d23e58e0b664a1e9b21c5e717ef5d905bd660e3487a6c287ce8cbecc15af1782e3fc7cf5ad58fd66a31d164456591fa31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
97aa40c2c5279892922bdc80f49e72ab

SHA1
17306a3e5a7f96205071e724bed154936e80dcfa

SHA256
c2fdc8818da35eaf4366589d85a24dad203442504340ac7f1bce8230625abbab

SHA512
a70733869ad7c02037dc05b0bde559c2de7e5c84b5878125db104bb7a68fd304f28f60126c474cb85507d4d01698233d7ff786e2a10c8b6eb5ad24da454e5623

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c58dd57a93aa1d432a562a93e8682eae

SHA1
bf372e27f5d3a2159b27999876cdf354d92a3352

SHA256
67fb5f8cd964d7d73ed65ed546fbaf9fa90d435d3cfc8ab3d1cee284e56b708a

SHA512
d1f7ed20f8bc782c56e5faf15e17a496c8622eaf56f6cef096a4f2f30f6fbb87b77879311caed28bda9894e9336b4e39e6adc2494ce2a2e7b16b5296b317664c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a6910fa06e6b8a5f77b65b84899bfd01

SHA1
78d5f2e4ef8afad945689ed3dffae1209af7eb7b

SHA256
4a66681358a797bec127e8192486f80b2852f9fb9aa3c4062954b1712b1f2138

SHA512
905c58a5726720fb5a545a84ecf4fd34d8c6098359c7b3de13b69219b2745f83af90c36ac4081300f797a31c28fa0c910bfe7c98e8bfa0a163651ffd27771138

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9c0f023f9cfaea4dbe1d0fbd0b1c6bfc

SHA1
721025dbc39d4e3d6313dc2a14a180822452a709

SHA256
658244308a7f9fd064e2852eef3d8ad3e44e04318cc9d996095bdd14dd7d7935

SHA512
c86301f5b79bc8e153d1960991629da35ecd61f415e50787f5c71d3be5685c11c30f7586d0b84deb7e443ad03d8b147ecea28653faa2ccee5be4a15400317587

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4a23597a6fae964f66946e599b0fbdb5

SHA1
e1f547e14646c1e462d3fa369193e6e7de6d2ea5

SHA256
bb3e0a45a06091f725d6095b44b49d8272f96fb86bde81d3ed99bbb79fa2ec12

SHA512
8e87514fd5a9a6d461d001ca66aab21507ee2a9f805a4351d0acf2e404fda505e67f339003cd00f56850babf40bbf6a018a47a39b0a1e5b08307ba322bfe8c18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6710.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar67AF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit