88eb2493ee20980454cf29b548d174582f09acc5ac61e331904cec4a618e9232

Analysis

max time kernel
136s
max time network
130s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8711463ac85816d572d7ef7589a07643_JaffaCakes118.html
Size

9KB
MD5

8711463ac85816d572d7ef7589a07643
SHA1

8242bf626ea77792497cfb783d50ade68e5544c1
SHA256

88eb2493ee20980454cf29b548d174582f09acc5ac61e331904cec4a618e9232
SHA512

24979a309fe9ede72384e1156ca5aea225c55ea4bf3b0cebaca7a79d72afdd40581bb44a43c638bedbedf1a4da15a8fd440845ebdf19abbc5e02cd87964e7e8c
SSDEEP

96:uzVs+ux7L5LLY1k9o84d12ef7CSTUzGT/kPsdpUlVHcEZ7ru7f:csz7L5AYS/m8UPHb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C6DFB881-5741-11EF-83D9-4E15D54E5731} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429474419"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000396701b2ce846d8687ffe2e77f9201e2a9efa24cef88cce134dd9e503e4aa7a8000000000e8000000002000020000000ae320470d81c83f560bd510422ead6c07905886684b2abcee878b0169109a4de200000002b8813358d826f234e77667f702fe3f9cb86c4e6c705c3dfb3dc7fcd6c74b26c40000000ec83f0e41faf816124a19be91be29d2f7c4136c58b81fcb4232156d7adae902ce9addd932c034433ad297e00230329d4c251d69d8f37194b70960a6e54c07ba1	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000f983b7318e4ecc1f4277f443bcca77d21faba642d877fbc1930d84a2b3bc7fcb000000000e800000000200002000000028a7237e386dc3862fc6573ca96e6af1760fbee645ad4694b05815d8acad60fc90000000f79fb52a2a9022f4de59c24f52b4a49a564fbd17927555f438e0c6c1e179d51c3fd7356e2aceeb5a9468dc195ec96668cc0fe911423c4247a5a538b737ed234a04c6da625e3ac4acbffbbf553d3fff00e4d78ba39c66cc809ac8ff45bd60a9acafc39311787e6cb4849297ac38a9f957ef7c71e24353819704c96c4cee9745e953f058c2a03875ced2fd0184828fe8884000000073315e1ed4ab968796dee864547c8a52bef3831852c85d96adaa83f64effbf18cc5ce0d7f20b80a502f47965b036ba75f26dc25867e7a17ca53e8690b7e0575e	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 504a6c9c4eebda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2748	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2748	iexplore.exe
2748	iexplore.exe
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2704	2748	iexplore.exe	30
PID 2748 wrote to memory of 2704	2748	iexplore.exe	30
PID 2748 wrote to memory of 2704	2748	iexplore.exe	30
PID 2748 wrote to memory of 2704	2748	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8711463ac85816d572d7ef7589a07643_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3a6cab1e6aff9e40c1c3aeafa58c8a1

SHA1
e21f12a33abf182697acdf3b9909728b40e0bd48

SHA256
c6a0be7a644a2c6c4af6fdaf5683329a1b5e79a607e146b18ee4d070d3fea9d5

SHA512
340375461b8ba6459b5527596ad5c910724f46051b0f0b442476a917b668b3b8e4df680805bfb4f360805a0c6d3fc175dbc7a5db97f3b17b0b4a081b3a8e4d2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16e649ade6a098a2a80addd95232c42a

SHA1
c71894c261b32050a4429721d6c9dd046a1db7aa

SHA256
c87f09425416a24b1d96fa46841277d9d816382ab80425ad21ffad47376c39cd

SHA512
75c0113f60e0e92b83c666ea23129a38cc7b7ad4d95f733be4a5ae51d6b2e540cdcfb558a93bd5c09397e2a08b37064c28044d2c76770757452719e2ab8cf124

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
318688d5c892cc27212106c1ac182ac4

SHA1
d67abf3194c2ee8c9983f69f74d3d2bddbe88b33

SHA256
1b669c0c9f2f219106f69b8554ee3255efe851f2dad552d9da98a6bd9e5603a5

SHA512
a3c6318e68523e50fb586df096511e9ba8d8a2ebc0a6c76d17477e4edb54e8eff6a0d866d89ade645370c8b6e12d6585d5095a29e53e90b5180931956aabaae8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7661871dbf924f4dcf833a0044a65ac6

SHA1
cd4b23128bfe4a160a3f20d37cb3f4ad05e2fbcb

SHA256
9c5b37c81a06177ecd6fbc134b84fd6b82ab619e6c8e5b364ce6827079c0ee11

SHA512
421211248c96ed0c0ba6588444be4c5e7e828f20990575cce772871a091d512b0bfec65d43a6577d1b00aeccae7f86918c70881aa077b25a819b66f2fd0aad9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a00e5b4244cd0778df204cdd0b9754b

SHA1
2ee70cb9730377ed679860dfc47704e681fd885c

SHA256
73e3fd007602da47eebefd5449e109c79f99e6618142b7a6474ad7db715f2250

SHA512
4fa3ea3f7cbe58a921a4aeeab4030b841ff298b0dfef1873399bf8b9005010df922a3b50b4ace8fe3dfcbf88e9d905ddf192db49dd16da9a07cab5bb48b41169

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6fe6e45830a4bb8290a47de59980ca2

SHA1
44c68e1aa06f8413f4497eee462663d27f567bf8

SHA256
d79eada76698764798e809823ffa97acc9f76480718629491b9e539894ff4fe3

SHA512
0d021103ef10ab01f5c8925e27684c8907b20629faaa52e921a77e49bc2cb805780229c6ba6fcd837c39ea5c2afccdc6219ba6b0c1dcf3a09f96758e1a993cfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8a1b419e0b02855214ca8776610055b

SHA1
8fc47f331eec1c04f9f72dc29f6e14e125b80a61

SHA256
7be793038fcc494e8f829c8b53a5f43cd577099cfc440d49e8c10dd8b589a5b7

SHA512
bfbe31f5c2b422142ba5aed1786d6cd9d3a272f71eeb30bf57d1e6dabd492c3b8f724e4b71e1bbfc51e7c348e94abb3c7e26b85d799be68a9c3910ed5c568782

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab4f877369d0e43f29d5f386aca675c9

SHA1
023a39d99863ac0baa65c7b092e8df1b86f12ca5

SHA256
ef093fffdb0174b913380ec8d53a52b9dbf8883a84a0fd2968b164809e847658

SHA512
3cf6f73345196c767f157402ac3de33b434d9719a55f9061684dfb5c4ed614cb57957007c388551b8df69e4916eaa47384d48ed203dfb7b07ad6a7a2558da9a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0314fe41dcdcc56a89e9de949e95ff83

SHA1
683f0274a67c43eb09d5b22c3d7d872343f3cb74

SHA256
ab0f192d63312b2d94cbdfd290ebbb10c81aacd92c5771fc7a405b05e66c7470

SHA512
7599b2b2737307aaa5d427cb6b455df5bef2313a173fd161f4adc14bfe649f198b266ae4734ae4b96cec7571254f9561f69d6c27c4b31ccd18c208eaf0662229

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5c24b100ba5d09147f4ffbddaf72561

SHA1
56a5ff16f109b7a416eee64d0790f77e7bbc4b5d

SHA256
ace97288ad09b5f6356f566df2652bbda9b044dd06ca35b728da88985de537ac

SHA512
17f3350c0d9970e110abbed13d415a1df747313d066edda7255411258701d0961ebfb114881771ff7ac60a52222f6adb90c0a67f5ff5ddafca5bcae3c9292a6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d8c69bfd5097821371909ab383dd228

SHA1
39fd689f6c718e07487a0973565e067a1db39905

SHA256
6d9d59c3a9bedd24ae60a71466ec06a9cf3a287e30d6b28543d9b0abc8d3b9cb

SHA512
c22fbd187c2f7e4f6b174eb68ebc0849e3c1ace242a1f7eba8b4cf04875c60a97e9312acce0c799bf0e688b8b79a8feb04b1e21104c7f267cdfc9eeaa4168f14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15c0d758653af1314b4a5d60e68d00c4

SHA1
42b0f26d59d15c295e0f8b4626b41c0402d7e463

SHA256
ee81cf559a08b2295d1ccf8c87672b55c0a6ef1b244d674e3edf324c28f45ab6

SHA512
83ea6724e0d645d147e4c5e699b501ed5fb36236a54313c17411dbb51fca0f2e75c26661b79a98cd97368cf1047553db5efadeb22ff36a19a9bae5c78e0a53f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c61d4f83efcf1bcb155ef8305118f219

SHA1
d60480f719a8f9bf8121087d0c43bc49f0d03796

SHA256
0b9ebf5bc676610d2a5cb4d669d09838827d0ff307bc1352b4293e09d9daa22c

SHA512
d35e5d5890aa6bc01a271dfa4fea87d37833fda2b1fc2f76cd931203f656e466dd0a666beab39c1f39c429e1bb9207518bacf1ecd678a1aef740f5afe89a76d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e951965be92b89845f4b8ac9ce341134

SHA1
eda7d553cd92bf84fd0639aae73d09a8c6df4f25

SHA256
03d0385f3ba2d569b1ec1f0c086b44bbc90461d21ddd0731826888fba175663e

SHA512
eedaade0ba156893f375ff361d2ffa51c3a784c6d74a78b08df7d8d4861ecce657938d2f9908e19f1fc527a44d71fa19d8b9dd15d15b369ef69f08c92e8ef028

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b463a48ed7d7c5fdc581b8f8210fa60b

SHA1
e1c59db8fafc309df96ec03cd540c2f3d143aac3

SHA256
b31bd5e5f59482f69bdd5d8c4f8cc16b8fb1f5984a6a5eff1c0a10385d13d903

SHA512
0fb6fbfdd359335402006bac3fe30ffe80a97682b299878aebda81c6e95a3f234d3ab0e7dafd673127c40d6c83150757079e502949902425d656c028d88e4abe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6F78.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6FD9.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit