5c03a2575d188fd8477e675a286aafb9b5ece95541a4a58f5a0c85820775beff

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
27-07-2024 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

767ae79bca46440016ece1f17f60dc79_JaffaCakes118.html
Size

7KB
MD5

767ae79bca46440016ece1f17f60dc79
SHA1

488fbf39e6a6219b49599fb1b94fc3674fefd33a
SHA256

5c03a2575d188fd8477e675a286aafb9b5ece95541a4a58f5a0c85820775beff
SHA512

525a30f348ec71c50c6b987ce3d250ce0cf4934f717a480dda61f97aeb632994fb8deb25f706707a87a207a5d7f926c1cbe3691168188eb9da50e6b1c41ab734
SSDEEP

96:uzVs+ux7WvLLY1k9o84d12ef7CSTUkzf7CcEZ7ru7f:csz7WvAYS/kb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10867b173be2da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4287B1D1-4E2E-11EF-B9CC-DE81EF03C4D2} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000d2537ccb7e621b822ba8abae8f43990f58487c807833b773b0b77442e7df6bb1000000000e8000000002000020000000c1024fca43aeeeb73a055bb1fba51c98ce19f071dea22296d840c7798ad1267b200000003b30328b81978c0d6790cfff6bbd018965f5b3c3864e67e76ceb5ddf56bfcc7e40000000c42abceb372927e5c1b09bd817896baf838a42410c1b58b572884545b3327d490517d37bf84ec4efbba164aa3a531899e4ee8eca4d6981234f38a4c57e8f2b87	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000a752ee848e79c5866ac194794ce32ce32bf103d1feea96e74d82e46fb94d3957000000000e8000000002000020000000af8106144e1e2b4dda8288e7e8952ee9f28d7ea400a5e886f728b7b4b33c9d82900000009e8554feebea7aef902f395b355792c958491fb7fc21ce8ce532ec787ac17a4d5b51ce3b514d2902473f1e1eacf4a7ac9a0abd68b17cd4b299454fa5f73a94e3501bd8e42795102677529ce2b4e4c06d2db9b579b75dfc97ee3e89cf3ed29b545cd91cd67bcf14341b009afe95e106ca14c29a36b76563322f926e551c1d2ed5e8b91c03833e9b57fd0e63eceeec9e9c40000000b786c9c82b3a9616deec674fdb2584a59d55714fa59475703fe4ca81335b3f36e6a4c0a45df1a3b04c56696c8e20179577a7fa73613f051109bf7bb56269acde	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428476474"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3064	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3064	iexplore.exe
3064	iexplore.exe
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE
2708	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2708	3064	iexplore.exe	30
PID 3064 wrote to memory of 2708	3064	iexplore.exe	30
PID 3064 wrote to memory of 2708	3064	iexplore.exe	30
PID 3064 wrote to memory of 2708	3064	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\767ae79bca46440016ece1f17f60dc79_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8969ce797a235847292901d41c66cc10

SHA1
7d4dcb147b2245595a1850739587c2643660f97c

SHA256
809a42ea4e3d3494c090a57a22f65f965de230db54abb5be8c973719aac08c81

SHA512
e0cec486782824dc496ef279154d7b59422767e578652802073d86d0b0b5abcdec0bdf633ed6547fb36c7f9a1bc825005b49ed7941d2f940d84af6c28373a5a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0072d4430b0ffc16af31624d5679b3f3

SHA1
be10ec6e67bb6034d84bf2d5c8be67890447454a

SHA256
b302b299dca9b0dfede3de85c6c954b590908d91a01091fdc268cf6a63476c27

SHA512
8fa8fa42e98a0fec08c67e4e58730f5cac4c5619e779c5b827b0ae8f8ed308f86e66c9ee4a2286ee40c317af622ce0fffa8d01115c98e0fa9367f0508be6e857

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5d7b7d0d98cdf7711811ef8a6cc65a7

SHA1
b4e3b465db78d4acfb0955a2ae85db0470ef6dfc

SHA256
4d12b55e14eae36e3268445d81fbdae26e09338d30d80e8fe0d41e8b8d275e7c

SHA512
1aa27c8cc6dfb7d6e27e040df40f9c565e702f9eae0ec0c914374267d272133b127b5aa6a047f7d146131bfa19c2409d96ea9752cf46b8c4f5943d2ad4c85ccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c9ba78fd40ac68db41c4af70ab83f0e

SHA1
e2593ab69501252c0d6e7404b928676bf9645fd0

SHA256
70c44c6e04fee96939c1a309ae4a31f87acff46e5bc95526f7915f32f62fe8e7

SHA512
eabd1d75180e9d2468a25d021c4bc0bfc871d114c17b10075c40041d4880501d17c47a61c48598f1af7792526af81e5998b6a1709a6beb8935554c2595adff46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3431d274fa872c135c520dc3cf4b1c6d

SHA1
e8ef736d480a598a7060ee881354534691200ef3

SHA256
fca8e6df06deffe1d0d52ae700614348e410aae238cb6112f2f1f5e958965d97

SHA512
c2d5f0869dac2314d3a94843419a07a845679a47ff7babc04f017d7e1eef9fddeae4252f5e89ca57913e913b5f7da0854f88b3cab2b23fda5297f51a4fa47cf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f6185b2f91735765fad541decf46fbf

SHA1
ece532440b7678be366db89306ec32b8d69c40e7

SHA256
b658966327025244ecfff1727bd0979425ad79845101c37908ab9367819aea06

SHA512
96a1d37f7a3f4553c443f510a2f7846e4bb6a0fb13eed126a90ead2b310985f7a06d3a571601d975fd68f7cd924b85ce9350644fb9a6ab6a0afa49b79c0d4c96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29204c8048d4bc65247c973b24387bde

SHA1
d5da8b414ec1b142a42125d8733c0f4c70ff697f

SHA256
141cf7239366f2c30b611fd64ef9c5e41c018a147b210d1ce28bee1c0070eab7

SHA512
0114abddb90d512215725eed78758194f7f1ea4f14eab35c11d51761983e4c3db6cefec7f4f3b8a8979f41e5343329f3200c261334c1dfaa542e7cf190cc8cc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea26961f198ce2c66d50560d3f56f174

SHA1
f79f326e11893911db1c4b0e15e454a6ccbf6b67

SHA256
4bd8b1b9cf19e27e2bf51e07ea7125d1d4339f39846f14c629f069d17202a9ad

SHA512
c32bce0784a68219f854e4bad2ee5368e61bdae448b09b65bb1e8af471538845c36c018167a4a57f9638249dbc9e4d5afb0cff278673ac865bde6f02ef4c3de6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16aac2d1df5ed91adcbbf2f171213b6b

SHA1
0e14f312f2c8b1987e0c43702b41fc55571e6878

SHA256
96ebbc301b23a4b4d2ec11a12f9fe4a6b925247799a47cd28424fa917a6c1560

SHA512
40dfbd8ef751cc67a9f6e6d195378573d250220979a2977ecf11bca0ce32853ba8990ad6ebe47fe78b0aa4837e1a20394d45f8a514ef190d620d515269a35549

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb59b805d310bd3cdd4b2320d553bc4c

SHA1
39e957c7c016135214c6ae75e49dc2e06c8882fd

SHA256
cb54df2b3c634df9d42a336889d9536582c13e453f4116ee634d84c1ddd0f660

SHA512
4cbc56b750956405ec9fafb6945f4b8871f121ccab5512eb741b1d43745271c2fe6d953fe28fb824b83dfb7658fa10fb03ba8f030fb865f496100e32e121e8be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20497634225accf9a7f5ee8b373f5acb

SHA1
c343c98ecef0974d78846d40014fea9dd39e9285

SHA256
a2e243b4e5e1852139b8aefcdddb47963e9a79955cdcd478cf44626dd39efc4b

SHA512
f95463602652c3a684fee95960ea852b5055b88e14d3e0fdce972a9f6fa06f6e81689858a38846ae026950511cb6cd7593ec52c777783546884ee120d196e852

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c64940c1047b0157ab8a47cf6828cea

SHA1
de4074714c3439b03c7212e5a69112dcf7374a20

SHA256
fdc5e41ea92c12e634f93061e0ef9b0a80e930caf7dda72563ed1cced4c37116

SHA512
cb02716ed70bf8a4259547080488f8161cedf678531f5a3110466cdeb64c9fd443df2e544c43af69417c6b2abdae976a28a3385d5373945dda3e7af850d143b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1277bfd40c41a1b3fe9ba5c3467b536

SHA1
c16b23342ba4dfdc2b0600c31ccc361e8e9efee5

SHA256
d9e73cf94325b9b80ab1b4b8e52bfee5b592ef3a81b36c19e0b8b0877719810e

SHA512
fd434a296893a4a2bda71129e702f17c33d585456d5d45bb1a91ce3cf5a54691308b7c8d27566e96f22e96cc01daa0454df1ae2a2da86e4483101cf7142d6ae8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d1a4a63c5201c9362004b272ecd912a

SHA1
4120a09e1475722e1e77f10718d9f923846ded6a

SHA256
10257e79178442379bd5597a001a3233ac99fc1787748909dd10ecf96f96285e

SHA512
14caf5dac188f9c338c511d76ef867187e774a158e224cf23b1a35a8f10486c77048a3f9370d5b4f74c4019ccdc8e225f1be33a9a47ae003f3a21c16bdd76574

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab57A5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5805.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit