62716b8fea36f3260792514b12c34babd14cb9397dd23eaebff339643d9b61f4

Analysis

max time kernel
142s
max time network
143s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10-08-2024 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87502aaf59b30abf02d4ae73061071a7_JaffaCakes118.html
Size

53KB
MD5

87502aaf59b30abf02d4ae73061071a7
SHA1

115d1a673c3d899ea27df5459677cc92c193b4a8
SHA256

62716b8fea36f3260792514b12c34babd14cb9397dd23eaebff339643d9b61f4
SHA512

ae5168b32841fceb047b45e21026af81f30f08cd1d5d0d7762094446a0718aaeaf6b64b2f3ec389958430344d524c22e91314bb6dd21614b85ccc1d1439656b2
SSDEEP

1536:WkADkAZckABKQbZkAXhTcr0IPGNMxZPdJXxPTQakAr+SvFSXTL9VL4cxNL4cPRFO:WkADkAikAIGZkARTcr0uGNMxZPdJXxPT

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429479037"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{89309441-574C-11EF-B6EF-E6BAD4272658} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000b3aacee7ebffce67a983f225ede71c48e5293b3081efddb7c6be85c5156768be000000000e80000000020000200000000a1baf22b5cd046ae1beedc8e198e2b9deed417abcca876b1efa72c506512a4690000000d5a83b689d375061f028985ba97dfc2f538f27c4279afcf4387816e643ae5665f38314511c6414cc428c45b649a78a983bd34acc36e334544c40b0b37fa7b07152064782467f142049810c65dd1d39c7a0a9b16b809dfa3f6ba2d50c03c553fdf6cc1f35b09b62a141dc16bf51ff0414c93ca60b6251f1487d9ec29cce259a0a6886eff2d67e5ad01216285f4aec55834000000087f996083da1ee096c10e318a21ec257465538912b9f8de19ffb390a95e8a63e2c7480b2af62d7ee9540f720512ad8b5a451c14289d04c9992f0993516a92dc1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60fe6f6059ebda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000598fba21abdc78c379a06814468b6eafe22f22f4a1c15fd42bf556dc5b237279000000000e80000000020000200000007d021ed64c2ecb485a324db782bab30c4f9b158907f8d14ddafd82d128c4716720000000f7278060495c75e87b982bc1e809faa418ab1477f2bb476bb9684b623903edba4000000007c7e6a5edd632fc613a97f605300dd8c2003cdd9741f192982b7371b5b39810845480f35e4e5f3c24743b617d2820b595ec600814beb8b1a1488098eac7af36	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2924	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2924	iexplore.exe
2924	iexplore.exe
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE
2728	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 2728	2924	iexplore.exe	31
PID 2924 wrote to memory of 2728	2924	iexplore.exe	31
PID 2924 wrote to memory of 2728	2924	iexplore.exe	31
PID 2924 wrote to memory of 2728	2924	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\87502aaf59b30abf02d4ae73061071a7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
62af7cd1ed8ef1247633f8c948b41225

SHA1
10f99c324fbb8fa51b7a8f39222da124b45563a1

SHA256
557f3ccf15a8b8cb29a5d7919179b9a6c710aa81369f07cfd70841fec53fe375

SHA512
81d0aaa94e2b7b0e3a53cc4b43766bc6848bc9aa94a559fc5ed8e0b9216a8febb00dfd13e5579fb5952bab7bb79407203a930b78f73cd989ca9de04946ff76bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
a8cec14680b00e2f6dec82462048a921

SHA1
c37a1e0c51d518918e500c1f6bf47567310ab31e

SHA256
a8565028f4bf78bd765aab09bb9f44d35a36356038f817536888d85fb3ca4212

SHA512
8b1d1fb43f3cbb58a48199c9f7ef7a3a279d38b72010ec61f89c3889b52df70f41e0d1d7ab332c56833207fa4be07304f1cec1052235e272145447d94c52bf2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
e8b040fdbfa385a028d5021e08631421

SHA1
47072b02391dd1e59ae9bb62a5e891b7e8b80d10

SHA256
b4884d37e012a2f3643eb45f0052c718d9fcab087681ec6775fbf6020c9f86be

SHA512
3039f7585786e16935383768e3346f8394365370e341d719073478ed9d7e90b970ad4d716d2401327abe00ae971bfc44b0d5dcc58b338fbf16cb590305262b58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19da46987aa3ed2422d88a4428e8fd56

SHA1
cec26397f55ec9ca80b93b6f0256e1c3e4e670b7

SHA256
24041d6fe797dd4f9eb8d03221606fd860ef98e7aae1277d12214d323ec8018f

SHA512
192c811ec9557f256e00d7a9fb6054defbc4e64e5d0f5d8b35bb03a6edab3c36f3a2c0f797a22508ce04b95afeb2f301ed5a27069e97f9804ada6c5543462b10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60c3ea25c5763721bc27e9e27334fc78

SHA1
de471e4ff6eb311aab8318d368d64cec74db1820

SHA256
ae9b659615a86b5d5e6e2d94dbc3210c0e50b06d958d124b74ebc9f0a0835710

SHA512
6c4185cbf9cca5023de26c13df7b34bf3bfa99c93c802d0eab519c738fae47adc0b00789f4cc682542983b9fd64c1c41050498cf4dae3f9f261a692d25abb3a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76fc4b6c848000635601953b8c0f8cb1

SHA1
02b3f0d9ba3fadd0a90ee927ba5a2630446ffd6c

SHA256
60ed0d26599b68ce0a067d2b6b3ee133b8a9bcb04dc9492e8744fe1b81e659b8

SHA512
d66b37bdd817e16ee921bb636a11c320bf95007b818bd13e41d88ecb4f07ce9782ac710a2f4d4a5e765b8ca3345ecab76b168cbee61623a8a484d4b4033bf59f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1f9d84536cc7e10a9cd99dc4d211ca7

SHA1
2e6e9b6645bf9752eb8de2b35b0d8f6e1a64e73a

SHA256
0bc9d3d331faade85f9d1c2a766f22d72ce1a73a65654a3e51567c07dd06e506

SHA512
249243b306c6f6631854014b982eb776a5cc972fcc94a19e30f101729163a3400a2588bbead8b83566ba6de689f245b46603bf567d18f46529b2d9b4b5ad1bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbb50df219f7e8a3c3cf1219f63a5e55

SHA1
8e5b0f1f8589360c41fad9d7bd27ea930c099a99

SHA256
c5de5c681501b91c071090e5127efe7b26d8d3c50d0e1dd559a843d3ab150cb9

SHA512
ef5461a987a80202f260a96b0b58fbe26e374dd0a635214b67b23c11796787fe05e24c88477fc45fb0728e71bc4d227488aba011ef90449c0406bf3997110d76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f600e88249ea1e1c75cca9eaea4c8527

SHA1
87af14ee79e39a815ea3f433c299ab41918856a2

SHA256
818796e6e3e121f38ff4139e0ff1820d6ace37edfc2d0ce63660e2f356f930ab

SHA512
38599e189e9e2db0bc2bc61b2125267b8c43fbbb62592b5cfdb794e8694ba02976aef4b32cdeb9144aebdf111861eeeb7e0646660dee7ad4ce87375bd1ec9a98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e08094877a2c6ccff177787d2317b084

SHA1
17a3d3755046629ebb5015784dffa1b1066fc44f

SHA256
12b7fbcf8c223cbf77fbe6d858ecf9e473adce25c9ab53bf906c515d426a338d

SHA512
45aaefee4414ed02240acc86f4e5ee49ca3f44dea3369af0a692b65618e9d59911905688f7edbe76afa0fcb2eda3d5102db289c413f2ceda64bcb4bf30e1e229

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
e4fc44be6af6841b31a85452dc79dba8

SHA1
198ea3d796bd87feb68de53f16f399ca000cffd9

SHA256
d03922b402fe8b4fd5364b55823cfd01dd0872d86766a1e4b7b24bfd8dc45295

SHA512
7696015612fed3a51a38518fa853fb77b7e4b6420c73997fc8ff388307438facd7088495f1a7af34a229dfbb01242ce2e5be67414714e9ef2af955092da45443

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
998fbb20d4044bf221f6df13dddd9385

SHA1
d8c03541953beaaf221241d858b34ba29303015d

SHA256
02edddc264376686d6be041342dd514eea871d5506a5c2d04b9c645958b22b8e

SHA512
3901bb11ac89c68f198b4fd55d9a6d6be7833c8e4e3f8c205e4e863c2a2b6d529b9af3da753306b8788d4f6b5536477325434a6a325ba5785bd8e8afc0f00178

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF864.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1D92.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit