dcf987f0019b98de6ca7b48912251a7b1333410edb5efad643f92194bbb6e801

Analysis

max time kernel
117s
max time network
133s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/08/2024, 21:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83ac7c77993c0cc10cf5de1653124be7_JaffaCakes118.html
Size

9KB
MD5

83ac7c77993c0cc10cf5de1653124be7
SHA1

69cfe10ac8cd7ae6cae9fa022edfee2ad6ece4ea
SHA256

dcf987f0019b98de6ca7b48912251a7b1333410edb5efad643f92194bbb6e801
SHA512

c79346a5ffbab53e363db0b11447f48489a1bf0867568b105d8d6a35734d11dd2cb027836c383ca03a718d06b75aca7d8afe9cf70440c4204f86ba2d7b465d20
SSDEEP

192:F2D/vsle1O9pRbyojXejtKxQE1YgR/XlDkR6YCw:FesluO9r+exYgR/XlDkR9Cw

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000005825ac2a01eced9097e3d462ad89a66fdfd8ced92337fc19aa4a5d6101108f0f000000000e8000000002000020000000560cf941d05b2c79af607b09d3e1ba7342717ed24567d3e18f9f82efaa10c290200000001cc4b2d2bcccce7dc0b96d3acd00dc7e4481c08a24d26d7aea2457252edaa3c240000000fd287d963317d26333b55d6e095bc151b4051a0b4e7cbcd8fccd4526a67bd04246f645b3957878b30fd3d4c3c392219528cd8532e126688505b5d6ab8298b97f	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{250CA751-5699-11EF-B580-F235D470040A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1028a2eaa5eada01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429401993"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000b23e17676a934dca3be80f5370cd5e8704b10b9d988c1b4763cee72f0bede8e7000000000e800000000200002000000038d7d535c22e0f50df55882e01c678835077f055ea87cd625aaa60a919a1d027900000003f7e836e2013dfcc800046b95918677171941b94d312943d8b6a053708750b26cd8b105c46a850e7890b97cf5d4603ba46e1af26531e37fb02f89b0f09742f329fee9d7238325bedfdeedb1064c32fddeb1de58bab753da7a3b599b39efc5001fb5f8899b38fd853ad728f0092079329e3c2f35ec88301fe78d28ce710b8332b3e5aaf56146a0dda00ca903836ab470a400000007b250d023a81d0f9230cfa9a0408b23e26013857ffa460079c0647bdc1a21c411aa59c6c139ba247b039117022cc4305a4afd651e288dafda90aa9b872bc1e3e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
984	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
984	iexplore.exe
984	iexplore.exe
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE
2444	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 984 wrote to memory of 2444	984	iexplore.exe	30
PID 984 wrote to memory of 2444	984	iexplore.exe	30
PID 984 wrote to memory of 2444	984	iexplore.exe	30
PID 984 wrote to memory of 2444	984	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\83ac7c77993c0cc10cf5de1653124be7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:984
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:984 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
349f3fd26d112827a9519b6a9957059a

SHA1
9acb03ef2f63b97aadbbd774d661bb92f3737235

SHA256
a9af6b346a188df29b86be3f9a067434395dbfb08036f83d12e7708320a608f8

SHA512
a422f85f41721fcd869e84b97e3175341c610b8c3fda0d7642b69038d0688b28dc27b6ca2c5e20f5b204a5487669a26cca3eb96a89363dec6904e35de4c5db66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7bf2d4ac88aa85439afd99cef283617

SHA1
075da16d8f7a8ce8313a9192ad79b0c852039d7d

SHA256
7150c00c3592a91ae6345d937d2722634239f4f5a97fc7d59694954042e4120d

SHA512
d091768d7b041d2513cc3255a6e08bb19a2511ca8b705480a145ddec843622bcd635f0a4e9e2e520f6855201c0b54db0c003721d853efb65d506b467d402a656

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
faf2ff19b5350946c400f462f16f6ba0

SHA1
c622c8e2bf75d5ee826ba0bb8ed4aa960f6b9f61

SHA256
5911799fc22a47159a2cb4ed5281338b263b82380688cc026b684fd46c85b7fe

SHA512
1c890b1c19ce1b52602b204a7f1f265cfb28daca90b5926daa20c42b3690c8e1778d9b8e9a0fedda2adda7f7e754d19ee0e548a870ee8684612350eb174c651a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de62f580deb22abac57c79c844af24a9

SHA1
3d85b5f999d95c1b998d698f42a31dda13ef8716

SHA256
a073d3d2a40e99769af3d78d7b4600fe22797177145d5a3d9f4f39cd7c512525

SHA512
550d26540b2137dfa85c1b789ebab9d5e7d7dab5cf3dfc11422eb19d3252fde5c1c4fbc2f45993eaec7b2cef318a089c73e9d0c3b6fecc9c332e34a6a9957c09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6468dd66292d968a00cf43661aadcfe6

SHA1
d57ea12910397841df47357022a8656845832603

SHA256
ea6139dc6e517d18df96d958a3245a7cdcb1beaf704af129f79efe984b6a51e4

SHA512
a6df4f12198215918961f8cbca3711068a18edaef405d8cb6af6af572696e6405cc9f8b65d15411079bee020896f3842adbeeb601d8528f7199bf7a7accebb54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c88aeaae066028158f08c8712fc93bb4

SHA1
a01211ffa143187b179a09ff78f234737cf78571

SHA256
5b9531a01dc7a0faca689c6ba11ff4c32f112222c02c7bcb1efd5d9190386f98

SHA512
18b9449825fef40eab516c0804e63136c3ec49c0c236645bb604c942b4121e9ee4459abf3f7f648e0bf583d8b34b33968f6019baed6fbbca756dc6cfca15802e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c725040d0b5f5275a2edb1b9db3c4c3

SHA1
502878c64a34b507246c2d16a7a25f440a3e4924

SHA256
8f433377a0844c8c25689df7d812384e4c065a4cf15a314621b36d61a90d08b1

SHA512
7a103f5a7fc5a8ced0c715b97172254428dea1dcd6e2c9b7577a7fca291d4e966b89e351a2c2c817d9f18906597d7e0d5e0870523c813f44671fab2b174423ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63068981f492a19ac02415d7dd749320

SHA1
ae3b54aac2f645719ee0f93eb75da8c944d6f15e

SHA256
3417da84335a14518581a7d3cd9224d3950ef52edef669c68a549b6c2d3004bd

SHA512
86e553baed603a411b3b479c4c47d30e9be9cdc7103634f66e32a81fd42c422cb26a23c4b5d65ea51687d51be2139e33397eafcc1224ec90e23a3a20e798f2bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc566d2d0ef748460a481c562a3a3aa9

SHA1
825b11432ddc8f2b74324395238576cbc68842b6

SHA256
8e227711e5fc95267f07de55eaacf9c37e60d8665c87c859522ea7aa0447fcf7

SHA512
a0f3fb80132e6c8fef80690d97acdcae68eaf4a0408f3d341d4dacacb3baa31bfee6c6908d822d31f5f67d43d80adeda8b2b8c9f5c44f613811727633abb70e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb66eb3af8fde413fc0359fc77d67e22

SHA1
8f253c8d5aaabf56a9a8f5011b8ac29ba5c49781

SHA256
6da0dbe8a9c498f5336d384cb5bb8c62ac93b87a791c3ff6b474960186b0139e

SHA512
b907a9e4e0c42f506a372c4b1dfef22eb8352a840f6d3cc56432756c24118427bf2567f376cb1d6e2ecabee14fb4be4087bde7012b0425e74e8d0b289294074a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce6b62419fbca0adcb08a21988ee583e

SHA1
732876de62b4bb0befc9b8a8a4df9de7f7492ea1

SHA256
0ca9102b2ce8195c544377e9cef0ea256460921f54b6b8b181c53283a5ffc7a3

SHA512
c997651b81a9a1762b8608d9d60750322b5b6cc18867112293e1e1db337c0db1173cb33cce1a000ef853136de63cdb842ded8007a87c9cae1595b5383af7da80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83ed6d674289a1fa134120e7a5e69b91

SHA1
a19fe9449c3964b31fef7c982da0c6f7e4297e34

SHA256
72428c606e93417c6f35b085c001d44c59fcfd09ca306cecc1cc4aea92ab2679

SHA512
895f98614f4b1ecc03c6e89f07a08d75283c6a04c8a0d7974a1d0677ec86fd4568d5a52556423f9636aec37916a04c49b1be9098b154f331f4e2efccb2d2b24f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2266c26f1a223f670cf923094251105

SHA1
7ca0649196958fe96c95b1003dd472f971a69199

SHA256
61cc1e8ed1cfffaeec512c0b7d24d53d7fea624db454bcd45a9a0d1dbd2301f0

SHA512
2538bafa0e505fea2b476aadef10cf13f1986914d7ca4479b5ecacb47ef57d325aadb9b1c9c495dedf1ac3ebade92a518b0dc71f98721e890ff2e3d461ea9361

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3964e4712161200815407f8eaacb925

SHA1
b792179831f6b832aa748f7d61862657c8b03da5

SHA256
9ed11bbca14c60eb055641d105f99a5c9416bae9c16326286923f401829389f2

SHA512
9859a9aa18f2c06933b82d57272f0222beeb1b9b7fe8efc27033c9c7d0db3addb0befd2188bebaaa5280d137140666334b8dcd888ec22cd441691d74f2e226a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDA0C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDA3E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit