feee9b1ef5c22eb93ce3bab0222a499892dac712318bbe0315c3ec80ccffd004

Analysis

max time kernel
119s
max time network
133s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10-08-2024 08:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

857363fc9d24de2f67ff95d01b26de94_JaffaCakes118.html
Size

16KB
MD5

857363fc9d24de2f67ff95d01b26de94
SHA1

0ce1c20d7e49a0a81c920abab356c7db965c8fd0
SHA256

feee9b1ef5c22eb93ce3bab0222a499892dac712318bbe0315c3ec80ccffd004
SHA512

2e2ea15c01b35644b345d2b04f4a431b9b807b0e75ccad73e7fbc4d1dede92bb905941b6c562745e8296c5d022d414eddb3c732219d026d57930d4b494b5dd34
SSDEEP

384:G9QVtcz0yFMQHewBKeXrWnlS5tPVSDvJ458:G9wSvo2eO58

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20c04ef400ebda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000295fdeb27f09c216a8ac1ecec0c6cf5952a4153bf0234a5a36fed341c27dad56000000000e8000000002000020000000c8ba641f6aa72497a8ffc4df3e1be5bc0d2c26191c926243cc5c2d8aada833d290000000ccd16ea16706be75666daaaf8b2c52957bd6823add5d7dc93596933f52b0b0a1c23c7352080712dc9daba2354c1bbdce70b8cda2f8e392c7a40f63cfc4e67d7f175b88969af12175f36f0d9f067e00d08e423e4e4529e71052e642293b2746e31de0f07f0960cbdbbf69a340b8ad7b249662eecaf8b11095d5519670e13a3533ee6095683f8d6108d3e1d733d6ccebdb40000000f015e3ad89e59a636ff7b1abaf1970727cf76d2ca9e3bfab5448c7a778d6f1436d62e19f5120498e2b63e4e651a47ab5113fb481c8e440c7ca09311ed4b4c9df	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000d940039ea13283f0f261256d5945b3173dedb8b11389cfa8d97bc1a0e69950d8000000000e80000000020000200000004c551c4240b6b9bb1107a3633ecb74e638d2b8f87bdb1f9ab7392974dacddcc32000000049524e4dfa5f0cc9bc9cf8388346346ee648fbdeeb3479cb5b0523bedc7711e240000000ac128477b3f379d195c883fd334321384eb5d1bd62cf6cf0e8522378fcf29049e1d0105aa2bffe4dc9fbb25a36d988863f5fbe7362ea923a677dba91e87e4e57	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429441067"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1F4EA741-56F4-11EF-BA91-7AF2B84EB3D8} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1948	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1948	iexplore.exe
1948	iexplore.exe
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE
2272	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1948 wrote to memory of 2272	1948	iexplore.exe	30
PID 1948 wrote to memory of 2272	1948	iexplore.exe	30
PID 1948 wrote to memory of 2272	1948	iexplore.exe	30
PID 1948 wrote to memory of 2272	1948	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\857363fc9d24de2f67ff95d01b26de94_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1948
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08589eb0261a332a0afff9b81bd601c4

SHA1
81d251b6d1cf42310f02014bcb8dad64d3268dd0

SHA256
1dd4894953a3f6be9b1f2c654c740988f8aa7c90daf1547569c2e0010e1827ac

SHA512
00d4dbafb45ad79f000bfd85018883d24a673cc9b17a75bb7df305d7eed7d96672ac9a63f8e2deff1c1cb98beed11b19ce0c7855beb93ade617c3a43eb303593

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aad11345f6299c80cb3d2e3ccec7b623

SHA1
bb7b1ac632b50b787971ceb43cb82864fcf38c93

SHA256
94cea3624e08b3ff3022072d5071007e9c522af6798da5bee41b20c4e6ce8258

SHA512
6079d80bdd1c08a8e09e962aa5f602f0b447a3ddff910530f92183814c892f3707e2e66231b2d5ebb3ce9226663f99cbb3c042d9ee83f078e2f4a87957e393c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77b5012e121b7830d8c34aa14e041a2d

SHA1
33518ec2c88fde2a4f08dd8b6962f805bb749e5e

SHA256
87f231de754af8eca760e553665d73e884ff854e99c81ce6f0a07cb62e069eca

SHA512
6abd219c5f7002afaa3517856907a19e39a550fd3c151c805c7abfa5747e53d55085e5e0aebd57a897a35da23b78ae7613193b57a641887bc836038df6ad4b3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d54c8fd57948e09c583196083b29ca84

SHA1
c0b6a0fbc471b10889abdb5280c6bac472914d0c

SHA256
82f531d126f07b7403193dcc5bb8ad7f51f0082c089733b03969e8ad4e9c77ae

SHA512
1741e09d607af531b2d0c2b25a63bb70044c2c207a222d660ef345a3ff3e13390a9afa7b9c6f03945bdd82c43b667028e356b6cea0aa7feca3232ecb8f585fa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b81f63a50e03ff4394c609b9be13a7b

SHA1
2b6c23d15f3eb3f6914e92c9bc96c9ef2e3fd412

SHA256
9c07d2df66a888f172f535049f9ab8b1d476bb86bd99833ca13102deb7781746

SHA512
c648fbaa05e82a7c050cc984ce4c37edecf16f82d11ff19294b9266f5ba60715a1646e413df3b9af09c50d4d84df3674567f2b25d4abe57db4ec8735b23e4570

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ebe46dfac1c0826ff608d7d06b87d1a

SHA1
ad0ac70b86d2460536a032620ea92190bc6e6050

SHA256
2bd6bdb2491771d6ac51315c846c98939b71d7939cdf93c47f0aed8acf237e8b

SHA512
fb98a0b4c63e3c8e448e568f380cf638fa0a2f506274ff0a50b19944ca7ac73c2f8d5180bfc0454e0df0ca7d1c0d6608bef2c3e2311723c3dcb4ef7afa56893b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87b05c29c4916120ca01cc096aaa17b8

SHA1
77c958802dd049ecb41ab61dd1b50128d41d7837

SHA256
5115822b040bd8a6c38c5d7a779ba14110230b1ea12973bf03da218dca72c514

SHA512
55146143acf176e887a9235297cf2a39e56951dddb46901496871ee367ec414288473f03be92a92febf46a426558f778db1b1c26b7c5d809089c45d5491629a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffcc788b4d9ea557be832d0fac364c2b

SHA1
0a67249796c7048f8903d55a4c10d6d0dd928bb2

SHA256
c1e449e9f4494d5503110f1b44e3fef24d0b85499e03e51a456c265665a55b6b

SHA512
0044ac58869799e4b51f48b7381449f3b181397eac0d13cac8b672c07e753ded18d8d9838ffc8b3c23b480ee32876951a77a83b9e79463e40be4fcd235fe3c86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
977b201b6dd939126032d49650cbfcb5

SHA1
97790b18241db144f03cb35273f4eb1cf95a06a5

SHA256
6f8a5fc358c03f8a30f872a7278ffc656562e4bfa4047d6e69141a680a637c43

SHA512
7adba60be584d25abd9f2d0c39d42c58e299f99ae1e12fd7b0c8ade7f048a52bc74643cd380be8374e077f123e4e7b5751d9b87f4c1a691e183e7fbe4974639a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09b26f155e888c273f8858d4b09bce57

SHA1
9618889dd5bb0d4c7a337751cf30bbdd3f52b553

SHA256
1931fca42165f11598e0de26ed3ca6d89d54bb11630069cf62a91fea634f8344

SHA512
59245c5a44bec1445a97ffde1c0cdaa7b4f724fd45e02e3e8bac7252b1a1b64b41c68ae25b838e0c35ba37230eaa006b509e3fff7e0d1da11291d1bf0642c95c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ce23ac122f38b172e52c94ba9d1178f

SHA1
8aeb03a4304fcdf5a5fb870a76a548c07c5f7830

SHA256
8206424eb3a05e6f4e4801442e317fbce60fd3a95a500ec8427ec5b57b40273f

SHA512
849dae8e06dfb06f3ac5ed299b402de58267ad98e376c1babe2dd57086160549c03562f03c706f25c2cb7b18c7ecc025b98418b7b825a848f8012708acac3d70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
118b911cf9bd2d83e82077a5a3f27925

SHA1
16b1b2c196e1838962062973c39efa2dafb10a78

SHA256
0048552030354d9fc249110f545d0a058f8b4003d1ffe0ac6f20bbc59bef1e9d

SHA512
2f8e5b8988b08826a78e3070b5c94fa2bf5000989098d88eeffd23ff96877c180b49be4e6c47977ac9d1e4883144962fe7ae9530e1ea7fa5460672e8ba6dfdae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
776e4e25d246cae2120bec93512f82dd

SHA1
18a32b41f2271326c0913b13920b95bf82a5fca3

SHA256
ff3219f19015d36314a638932a70eda89d25ef105d1a1403e92e0d4ad30c8c96

SHA512
8c658a5aefdc6164bd6d83dd1d9e3eee5ab980bf047f2c2dd3d02b5a414a29e26c24f9a78ea24bd0a09f1cbc3ac8f053d707a02057355542fd1c5ce530e888ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
429984ce2c13078801599899723f9524

SHA1
02093fdea3101963e3b26232e809c8142d41d80c

SHA256
2f815babc53acdae44abf91c0f30b350bb832a92e4076c314365ede34e637b22

SHA512
a6ce1f37b1cc5b547e99574d43a9d038680d60b388abbf58924fd36c740cccbc07ffe3b56594264fc2cc2bb82f7a08165536c58d80be314a52531a7f194b4b5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56252086aef633a8aff7112da960eccf

SHA1
69ed41c442d73cc821e1f7d55a7e19ff6f638fdf

SHA256
707b3b23dbdf51755cdabb04a0bb27a331b3316fb52f6fd0ab6b1cf732272c3f

SHA512
b85523e0be39edd0a028e15848327a3fff338e2719b437f8c43fe71188af2902e4a232862baa74a4d6a0d2f7c280babfa22cdda2d430ea0665b917e78110c2f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a1b476610b8f8e46b609dd100b00cbf

SHA1
3e200b5b3b8dcfaffecdf70691fb947d377583c2

SHA256
15585a215244230d89818a0e4ab4388e9c67fe679571f052f608ec76c0f9ec58

SHA512
fdc5e9b6aeb5325920aa9b3186d882a323eb87844178a84b38321968cc8c841759bfc75f083eb2a28d9b6107f6824dbc66378a14d661faf068dcd9213ac33b64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab37A6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar38B3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit