472673a494c1b5105e8d8c83710c2ddd9acbf6c8cd0afe144d3b88a0a3618108

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86881d9d65ba990a7739471f92c92961_JaffaCakes118.html
Size

2KB
MD5

86881d9d65ba990a7739471f92c92961
SHA1

07fecb6197b46dce95c3963ea50e02b003b5a4dd
SHA256

472673a494c1b5105e8d8c83710c2ddd9acbf6c8cd0afe144d3b88a0a3618108
SHA512

2339b72599c6dcf4b75ae1c466440ca19cd081015ff070c3a9acc063db794ede2a0a8bba320a539ef02255c1f3a10c957409d32c6c4e29d403bc7c91f73bac22

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000dd952908080cef54ff7ae817fa8b54397d643fbd982da5771cbf630e080bf7db000000000e80000000020000200000008d7557c50aef9ccb52276f8dca3fa1e8fe04d544015951f7689c95f087556c0090000000ffb801f1dc208a0b078f07002e9630784917a9a3d45e377d5139da612e12e70bb52beeccc3a182714ad5bc53abe1eb499081b31e544996f29037c0a2d05ed807244948febb76e822cb7a22b77bb12e23417c0c09405bde6cc4d47ef240ea01a56ee034e25bf75dcb42a1bbba49b5dcc179cd8979baeceea0b2b612bc7dbfaa63d2e3fcd014a47e40038042b3afa3fde540000000fc42eae4a17eab18f4a56b867e74358de7f417248eb74c8e5f52afe5c5c85f83f1759c96d9b1e219c8de52923bd67be9db8794d561fe567ef5a2d8e5d22f4c53	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429464122"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CE9CF051-5729-11EF-AC6D-CE9644F3BBBD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb78000000000200000000001066000000010000200000003c440268e9a2e68ebcb2528f52ba42435932b456b5913d35803366a5d45a97e5000000000e8000000002000020000000aeb375856f694abc0da50f9a4d34c8c0bb37fbbed14f96405adff3bf9b77564d2000000081890cf856975d02550808100d93670288c18477106a7802d1f34472cd232b5040000000ce10ba10807b9db4d18566cd21d9416c604bddb79ce2fcf4904a851e28bd6608c631542b749c6d763388d2d7a1600f1d96a433157c30220fdfbd87ff1c942120	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0aec3a436ebda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1288	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1288	iexplore.exe
1288	iexplore.exe
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE
2512	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 2512	1288	iexplore.exe	30
PID 1288 wrote to memory of 2512	1288	iexplore.exe	30
PID 1288 wrote to memory of 2512	1288	iexplore.exe	30
PID 1288 wrote to memory of 2512	1288	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\86881d9d65ba990a7739471f92c92961_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1288 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f78e266b5f2c498c584677b9c530825c

SHA1
4e3761b18bc50fb4493197972e8eadd9a647c40e

SHA256
07c97457126b08042f88187195617dc0033fd9dfe6c3e1acefd4def17e6ca075

SHA512
f79213558c579f7924e0e75182c27c7188da36924bfe2600bc03f9fb1eb5fe3a0de73a3d9be1b5c378031136bc6f6aafb0a681c0fc46878f4982be4111301bfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ab5fed0777c32ae755b95ca6086be4d

SHA1
01d16f51cebe4571fd45fe32df14e18eec92cb73

SHA256
7e9c5cfc46b8b24c436abf324f6256fbad0c7a6cbce0bfdd06685529a6b0bf6a

SHA512
34b3b1a5d42804ca77388e425f0cb403f28e528eef530b7f04b7f623a9348982d8a479fe0fa1073d005a04e2a1134c7bb9423fb2e07290b83cd997202770ceca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d28e0888a8063ba105bb7ce73716a16

SHA1
06a97a5ba6e7f15a39c00796eb2323f5e8ed0490

SHA256
4e3c1b2035cf7f399a3e1a21d19709d08e73ecff69c868d82194c95dea285295

SHA512
56369cb3b8d1a3e2440fcbc9f78b24f6365473c406d8c8ff4a340df448e37bc63f458a7fb83515f08d46eece70a3c1c7590e04281b28581b89005eb1a5704b18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e309b74f10d95ace8b1e4418d29b434c

SHA1
19218a63a8fe83bf589472e7655e931d1ada505b

SHA256
72a326fdd42683cff34b173e82f7bca2d56b920fcb3387a2c3b6fe5236ab5ed5

SHA512
c0d524a0b00debcb3a26bbe1433364098ce86697ea9e67c34427819f3c88386a3db0f9bfb692df9136e1ae17a57a47b0ee5ccc2691277e47c28fa56273d42e07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8f5cdac57bade6474f3ddd1180752d8

SHA1
2119d2897af9359606fc3dd9d1c80df7d35f7db8

SHA256
b7ee82ba7adef11ac584faca79f24f82858d0b825e682d556d55ac91dd3fc0f0

SHA512
1b139e77fe86d5f8ffdd5335c091c13c23f2d06f83fb14f23ceafaccc219d3f2484f67e4462b37e7fa65193f3a821c6f17c5b330553f185dc11373d2de51306e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca73717d3df420fc8403fe9433092f7c

SHA1
47e4d6ddb2381651ed33e926f0bf4219c95ea475

SHA256
1def1416173c48501176703408aa491608f8d3e2eb74a34b4d83e5cf56cbe50b

SHA512
3f73ac0760e6ae9056c71dee1499f441cef67a6b78ba34e914fbe6105ad93befe08916074a80722fc0165a04fe58417f476040d29aeff469a73d7221f74182e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8919f25404b93a6ad1e94a8052ab4b46

SHA1
dbf6db4aace39e92de705566037fb89b835354ef

SHA256
73bddbb1de38b6a84d6df4489a76b73a67b46d4dfa0a98ab4a4628d4c7fbc691

SHA512
399cc6231105b571ed081ed7bc9b5c428d517029a2a285d5f8bf93157c96c6606bf63ece6c7ecd035e9bde930691559e11eb3982d4babd643fb9854fb18a2cf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0ff077a2d53018ccfad25d3457b6559

SHA1
cecad6b5e7d3baa8c214a361074d52b3bf62798b

SHA256
fc4eca3736c9820f3467863256640717d96e7d773a6fb617f8e805a0cd78140e

SHA512
62765e445e88ca8214b6beeedd34217aa33a852a15e44faf1241878abedb8707f8446bcab79a925f8330d8fda9a5938411d18124a0be6b550c47ebbcfff95103

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf623e8d3b13bf24bdc3aae5a8bd6308

SHA1
d66cf598552cb199dc39d403a72f72eaa0049529

SHA256
f1f6b3477160a494d49f8955d6850a83fe170b5083817379d71810f0cd417fd9

SHA512
ecfedaca343723939fefb9a2e2b9b9f645b58a1e2ad949cbf23313dbfe50c3f2f10538748ee316bc81af2011ccd619e288fc5fc75bfd1cb81db73a7120b332cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47d057ea25099290bcf2319cd547b11d

SHA1
2e5d7856ccd86ca573a5b99fccc974a36be95414

SHA256
1c21f460b73e94a9f5a68b99ad38ca07408b8d0fa2ef1e9b0e330fb21b569a1b

SHA512
dd72f630ea95a2c5f20798628cb4dcbdc79b6d79a9f9065ef56d3493cc9f39bfd89c978fa5db70a32e40d9ea5f665722826c5717856e864f2e3bca0e3fde01af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
94e521bb079ac73a2d3bacc6224494c1

SHA1
c380d6be919647e1f629d65bdb4eec1031e61ffe

SHA256
ee258477d66d2bb7810e4d8065d5953015685b663274381b444b1bd3d0cbd1d0

SHA512
8585a3e8c91db71b26087e8a76b48b4fc813ea8664a8ba1954d5a5055eb5fa140d9b722d6adf079b6272f5cb65484f2e172ad77ec9eca522ce85e927fd2accc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
363a6da8bd971f5b7be89403c4370eb0

SHA1
77a8e22969fc3b30af4e6bd7d2c9b3c85b727e2d

SHA256
b60deb66744c6bdc63accff4c17d5fcda5831813393f9f6f92432511b3106070

SHA512
9f9685513006e26cec22093086fa0ed09a60da55c30b3aaa7b7e5604163fb47784179e2b11747dc65581f21570d765e0666dc485f2cf4ba7ed9011cee3860097

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34d6b8c7ce5dd011b5b2251a389b417a

SHA1
e7306b9d8677dc999f78acbd5789d44256bf3eb6

SHA256
ef98562bf11769eb9a807ceb3483209850d85b2434093aff02b97844010ad32c

SHA512
edfd93b754cd4068322f526fbce7d7449d15c10c736a90942a6ba25532cb91611fb8805bc30d1e7a3f9a5d55c57f446b5efbcf2446b3c1a40f145602554bafcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e0702dcdb6bbd8e43cfe340d7727544

SHA1
acc02d4e825428623878b382b6f43ac5d0c0991e

SHA256
f7bba805f3e13f08424d0966f7c309495e5039a5a16a13ead9c408126bbb3ef6

SHA512
9cd63bb95856b244023759358676fb65836fbfb322b1b617c5273d458adb96ef96f636578e2c265c3dcc0b5e2fb65cc4f619277f99976d6a6acb8afb1c15f55b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e916c60ff60116d7e6cf3e4adc8f4a5

SHA1
1be764e742d4523df435d2c8d0671dad967392cf

SHA256
b8ee69eb9f09d8e94a675beba887b941cbbb1c19df50c5570cb36a17ba0efe69

SHA512
6ac250ff9ed55ba239d0cfaba84d4f80ba09c499b627cda43ec6b2d2534025c6ecee4eb1cc75beea0984792d17b350e9e8c08369617688d44297078a9b32631c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d44bafb918d501b29b6bdfe7203621e

SHA1
ff0fb83f40ee4ac269477bf6d3716ffa8fab6f94

SHA256
3a89afa67aa23a0543f70d46eb92f3f42311d6cea5293090aae026dd5efb2881

SHA512
6bd0362f68b8287513591b11feb5bd15f2c1bbc8db3a45f578fed0e20fa49671fc9bd3afa034f1b881dfd3c36e47fdfd6aa34ea0021abdd9da7c22c3ff9448d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabECF1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarED61.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit