d7f9af02948ba6bbafef2cd7a03d8f7a602915316aee042dcc2751234406fff9

Analysis

max time kernel
122s
max time network
139s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
28-07-2024 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0591805a24af7e83ed44735778fd8449_JaffaCakes118.html
Size

2KB
MD5

0591805a24af7e83ed44735778fd8449
SHA1

c02ab32a130035170f81be3d24d1312ca366441a
SHA256

d7f9af02948ba6bbafef2cd7a03d8f7a602915316aee042dcc2751234406fff9
SHA512

9c4643e68a21170d24607bb4c5877fde80d047b1953a02263720c46043d981f07dfee890c87b3a4624b041c769e99cdfdb7d23d8082c2d17c9c9cc8d2fc232ed

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c92000000000200000000001066000000010000200000003bbe8117bf4b66bbd6f719db656b69fdc90d39e5e527ede2052448d974dd04c1000000000e8000000002000020000000877c20c5e46a059997ae4f89f1b0afaf473fa5cc367af35d699397e8237c0f00200000001d71b002bda1431eae72f232eba747ed72f307459870e7da88cab200644ece454000000042f6c946eb68e3eb9db8b2b8fd8ae261505b6ae50def4bd1cf2f28c2c5313f01f9559d26486704b0e512db224db75fd3887bad37b4eed6c03b3c9154f6529685	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80c6762590e2da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428512941"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000b409ada3c3eb0d6d716358d2c4aadd60e2bb16c80e93677da237598fdb531ec5000000000e8000000002000020000000bdc9a7c316f9ecce97e3743414b18f996470f30a6c41f588ae5884e39c770fe2900000001ceaf4b69d9ef99779b359f4e027ffbb7293037602f647c81474799c722e7a8d09c6f052926b275123e3eeb488c3a79c6cb03427886e762f0514c5d92cf01a557de9dd8376b15821fb69bde4bb35c66a00dc5323baf37ab61d38473235938a0038a38b2f29b14b5447cf89ff422a060d56fbbd5b266513abf06ad3fcdc744eec64805ae6348a62be00a327e24a14eaf54000000031f773df3c8313189c5706efc7f882c2696452102daf0c252640c4e25966012d2e53a01066973250295739990fd59415ebc6fe22adfe074e91ebdacc3cd6537e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{295BF771-4E83-11EF-AFBF-72B582744574} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2184	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2184	iexplore.exe
2184	iexplore.exe
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE
2148	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2148	2184	iexplore.exe	31
PID 2184 wrote to memory of 2148	2184	iexplore.exe	31
PID 2184 wrote to memory of 2148	2184	iexplore.exe	31
PID 2184 wrote to memory of 2148	2184	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0591805a24af7e83ed44735778fd8449_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2184 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09980615a830c0ad7f519de0e157c96c

SHA1
6954ecf5e0b72d9da622df5da4ad21474e0794b0

SHA256
9a5f23297ecb738c1f7999f61ef8e2b775c85d3feebcae27d217cb0ec2777c6f

SHA512
5d52fb21dd350913242768c97376f32c88384d6618dd29c78cec9629b2195bb6c26d246d6c5ebf152b7b7451f36e7fa2a7a18feae76a9d80c795a1d775cc9573

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
894e2e3739d6c722b1e07186723ea9db

SHA1
710ba8f5bdad1dba790edcfa502324de781a18da

SHA256
f28808da9e168f3ef15d41fdbc82cb4fc7c4df37a37d5cdebab3c87377a1517d

SHA512
a0524fef1eb23ae650c5683a5953a25b060bf5f1d70b919d7c4a86ff80e8ae368089864faf7de2162a77711817796b1c94bd161422df30bcc5f2ffc7d1599960

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c5ad3842a670bb5f1706e6fc222a57c

SHA1
eeae649d6c491141d197d390296d6d74e121bb44

SHA256
7030884a12d8d7a99c35cd6ded50b31d56486503fb13e1b513ef4bf25b6dc149

SHA512
b62b8bc5f415df43c2e0d35f124ed3bab5ee795709d7a517a81f953a42174a1244e179f5c5f6fcc6bcccf64bffc6bb87ec9a37cb12f6b101a22c8bbe4f8be76e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e763a0398294aec1fc1c1dba9631cddb

SHA1
4266e6a5dba14d0137f460c3748368fb890688bc

SHA256
e39ebb26938c6af5b1b0570ee615bc5d8e5041eb6f3783548f9cb6d920586155

SHA512
173bc814facacbc21da47e2a0b3371e6c039252c7c813248e4d14e34496bcf8c0598e08074b8844fb407c95915b421f44970dfa263f64bfdcd8d021e252d44a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
417fb36d4c89a673ed75d93816b80f26

SHA1
01f7bdbc81d733556ba52af854df0292b10a3c54

SHA256
60ac209198cc2b2f2a78b431018ab95b9be411f506a7033954a7c5865bf54eb4

SHA512
0a50ebe3aed5a3e7493012b9f0e64897c5fdd736c5866e0ee20b6eb66cc4ff4da0f28f86a30f9e3a0a5f83e8abe4230331e9244f6c3d5c350d11dcc8d9862294

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb1135934810e00b5a12615dd9388863

SHA1
0a27bbe1be74125cc42eda4069cabe79fe2c9904

SHA256
61d68705f0bf469a757e25095e5f4cafdba092d6e8d1e2e91a4338f3ac92e665

SHA512
6f4cc18458ffd540b6acd70d0dc8885308518d803f5205b1af31ee28267d1bdc1c5067efbd07827aa4bd8bc96636fb4941c83a818a6a47faff96ce98c8ad2807

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
727a5576915fd651df451f674c65f5bb

SHA1
baddc798ffb93a75a4c7ee75c8e0e6cae0ba8e47

SHA256
6a3fc8c26870f62799c41a005a7371ae26e4e72fa0040e92cbdea5e45b63727f

SHA512
88d1b74317cab47d08f277068f994f64c8b3b3fcabc27a3500a099541c78a9d311c04a5f9875f39536bee5dd7bc83720f316e4309b61b802280aac8ccbb27bd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54e36cb3f0362e94ad7dd2fb94efabe2

SHA1
b8cdd6c4a8537971691e8e15aa430bcf55006bde

SHA256
aaf9d6894720aab2bd9cd651940d3fd0e7d4552e90b5eb2a14169a534391018b

SHA512
ea0793d04983b629e4eb9178ff4d4307ac7c2c92a48def1e1e794aa7e8a3f81892572f62cd098d51f41c5dfe11558f181e93a505fe98024af49fcfaafdeb11b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6e3b9107c07c90de06995e9af33a3a8

SHA1
276a734641c637502334195e20385172e5703aac

SHA256
6ad03e57aa7ce2f7d0e0757b75827c5dec32e6d9b67434b7609b89390b927bf1

SHA512
268f4fc2cc864ee738abe2b9cfd284ecc9f12c1cbf3a8a39d67cdff555099d46296390fe078c74decbe8d89ad0197f17dff18d1d6a838288840bca9866d73db6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a0febfd79884e7f6f65812f1eace887

SHA1
b1bf866bf357fd544e17d84f7eae253e2812a5f3

SHA256
85d0e1f0bbba05e7101c0906aac4b4110a2ff0bd06e58e5eb73d031e9d7975ae

SHA512
a36871a50d6c91c0be559ec2f543a6d61c92af9b5c6b074aa1be659d4fd3ba0e3b9a0ad713647530cecac1f2c0a3a875002d7a4d117c0c78085c2ef259faefd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
990c5a8123b1f87a98d0cae730444f7d

SHA1
4903b4c1503696c417c93057457f36b57b9a6f25

SHA256
a75a774d24003b53a0bade051632611e5d7e3986a67fd404cfad8f640f7e498b

SHA512
4496752017581158f859c5b1f22820cecf7fc59bc67d1daa1f341e80c46e6d56e3fadc874340fbedd012f9b6108a614d816e92de942b07c6e683f1caf3e3ad08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eeee46a84fcec3d8d690babe9592dbad

SHA1
55da9a78ffc218841df5d0834290cc9219742437

SHA256
4cba78ca99d1235db16b20c65cb788142f9ff3e5ac0b70843ae81db394f20637

SHA512
973b2d9b8b7211502670d6386959c96fbd5b5bb762dd42c44b3e42f106aba0adebd9b749eca4582caa691cee65a9e9af34bc1fd1ef3550ecd2487319450262c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f12f3cca1e70d0018c395d2e2182a80a

SHA1
b2f0d7726ab71e57f0176123dcccccc6fa547fe6

SHA256
caf77187482a68af97bdac3f851de8a0a18ff7a90b4fb3465301c74b07d0fe9a

SHA512
d57c699165b3f0fe613e974f2174acd2c199b1737eb77986edd44b9ebf4724ac9a7a9f25da664cf9c06ecfb8eed470b8d5a22672718f4db600f33bec109aa2ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
669c1c16bbe897978ea21fc46a2548e0

SHA1
9cd268f9bca7d8c489da0a5fed793293d8fe692a

SHA256
35e3706609194c117f6dd0c6954867402c477288222dc31280b9a27d520a279f

SHA512
a416b33303025ccf05f3ed257917f90b05cc09ab36de1cce1aec49a57aa4fa400e7dce6a095aeecb2f70edb752d48eb011002f4004b032a91f057674bd153f78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
993056ce458324a08e284ce3de956ded

SHA1
2c2d66bc22a70e78490cdb6416c41b8304490966

SHA256
4f2a99ce29bb05813df04c5813d73ecd534c0c2093ba671ab782942f1bc9fdea

SHA512
cbac995f7328f083a0f0bdf999a182bbc88a4cedd95ac05ddfcd98bb02d64e9de7a3095111f9db50d7c73bf970ecb25569fdcf0c11000de9f44b46a4b2f969e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7cb461b986dca1e54f9085aec72623d0

SHA1
604a3117a2239139242c3d9cb0b525d810e49396

SHA256
0d9cd6e76d6d6a83658ffa8339c94328ce59eb172a536231e481923493fb4b16

SHA512
2505e3b799aaa906fb7ba42531eb8991c1b07f00f471cdfaff6523eb8185e348113047c1f55867e3b290f48cbc99c8d3677cc80a22f546a2f8029fd4e6284a6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9609f59edf65897b0b9a103cf58faf7

SHA1
4a36486cd95293b1eb363dcd4ae3cf0c29be93e5

SHA256
d542ed103520a88b88abc1a369a63a1507185036bfd3b800e6b4d5a630229a6e

SHA512
3f8deb89af6999c927432aeb22a137824d0a4abb89b166f3000f4d3c4f4e58120a74b1c849a770bf086d11e64d1d2825d80af0c7eaf8374120657f746aa0f3e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFE4C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFE4F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit