91859c032f02c36074dbfe1aa90816a705b8fc35d37bf7d809ff0e649795f2c3

Analysis

max time kernel
90s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c12b7ce4a76353873ff17ce82a7b1ce_JaffaCakes118.html
Size

19KB
MD5

8c12b7ce4a76353873ff17ce82a7b1ce
SHA1

5ba813c240fd950b2ec75191aa07cca19536f3b5
SHA256

91859c032f02c36074dbfe1aa90816a705b8fc35d37bf7d809ff0e649795f2c3
SHA512

cb9501672546210ed708e86f1359636d04da3b2f845f7cb272fa7dd1bb8691f13db50d35cb6b0d278023ac238a5be7425be844cd35892934fb841f49c0e506ec
SSDEEP

384:3llIcWto4xJGTHG/FoWYZp/gb8LOXguLZ:Gkg4ExLZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3002162b37ecda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000097f0aec6eaee30c258c614c3b7206fe36ee17f5f1f3091b80f05bf7fc0863382000000000e8000000002000020000000930df92ab1e360115187b2b5a8ad75d6837e60cc94263c2bcedfe0cd55937e4d90000000bbb34ae9018d8cf1f5bf3e64348fdc2d6e0f0c867ed407c238b340ea7479a38865c107af4e0c843ff65a0c43ea43b29972f8ea6a4435710d118cc88f3201728a57eb0ffbf1650886c4591f27e27a93f89f5cecc90477c6dfd25907daf373aa8b87c6ded18e89c0ba1c1aa9d19a5512efea381b11ba7d99b3130c8e56c8f9f34fc3f0f2953c6323424e5aefb0ce5ca668400000001e81d05b28fcfcd63f0a605a728879b91ff13a7ec744d88eb83d4ba6e58305e6a1d776df17338dfd5ddb64f1595173f61dc6fad169474c14479ba5ed7ced5616	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429574242"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{333060F1-582A-11EF-B82A-724B7A5D7CD6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000095b16e9fdeac7a46984a33e73f83723b6c60897f7039d97409eea5ec1d799a7000000000e80000000020000200000005fc5b19c98fc79c3e5749af5163ab5ab78b229294f34844fd3644939e75b7599200000009045bde513c29503796d8f379bc633bab8628e12fa262685cab6a4bebcc22364400000004d5b8359e2608e9ee49daa3112eab07bc697b0fbadd86f3524fd1784abac3d40b8546088f9afe29a24aec34813005bea3aa8fb2dbdd6e90729c3f191c28deea9	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2524	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2524	iexplore.exe
2524	iexplore.exe
1176	IEXPLORE.EXE
1176	IEXPLORE.EXE
1176	IEXPLORE.EXE
1176	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2524 wrote to memory of 1176	2524	iexplore.exe	29
PID 2524 wrote to memory of 1176	2524	iexplore.exe	29
PID 2524 wrote to memory of 1176	2524	iexplore.exe	29
PID 2524 wrote to memory of 1176	2524	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c12b7ce4a76353873ff17ce82a7b1ce_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2524 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3bf90b713226218583ee867c8b96161

SHA1
3f718c946c2a49f89dab6721549600c183c5a48f

SHA256
4994114596b7fc25420bfe55e60f4a1cfd7a7c9e05bda4d8f3b085e82e68ec4a

SHA512
58d19917ec4b209c54f0506ed92b181ac4978e7fd7b0ade8e6878e8e06b2382551e8b2fa2570eb097658d5a27cf7de0fcd2eb917e521db55132128b31df690c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5f033c68ad61a97bc8620b911fc68a81

SHA1
7f61113fab0b590d9de3202896c1677698c7ab20

SHA256
007da865db95f3a57c791112336d860c15393b1df3df8a7b4ab4a51a5c08b5bf

SHA512
b3432b927811547928fa8abe95889c66c4db1b4e478a9465aab68b5f0ad7a9a793b68c2759d794d92f89c291f9e0d10cbd57528e6bdf41f03d03212746ac9487

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68cb822bf52daa1020e792282935c73f

SHA1
0eaad24aeef0d287fcc2f461ad0490a64d738096

SHA256
af7bdf74fa23b6a073e2a1954989cc94402cf2694210957bf0a1f4628ccb0999

SHA512
6efe06925574a6386c1904715a22a4f46b843417d3ddd0326a39f7c828e798ae2a19c92e6763002d5fee4f314015ba93f17d8a85871174fa759b6d5620897a9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c76ecffc478984866e913ce6eefb77b0

SHA1
133afbef02e75331f2eeeb8218ce062c134a5c24

SHA256
8cb61d23f4fc10d31cc3d7b578052b926c28c48cb93c51b45d9ddf17faabf3b4

SHA512
3baed83f8a6b388053ca169fe7a0e9ede995dc17d664a2bd894275322196fbface1c10edd6a468722b3d505c65b64ca7a845006f0f4bc06433f1e74f49d0787b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25e092720c6ccc75708f30a510afe1f1

SHA1
0f1496c00ba6d3cdc9d3287ed502a6cf4f37f452

SHA256
a1fbeb8a7a7ee9b9a752286f3318d9f583cb2868aa848171f8ca8803d3f26db9

SHA512
dfe82df3286bc25725c1e5d656a98809b573314c08db789378066c52662a908c382cfb0d6f42fab373b6b91d5070a21cd4088542b28d4434949f2de4335870d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed5e08b8f9734df4564d9ed9c88bcaf0

SHA1
a6cdc057b23ad1869854da7db555fbb5772d80b3

SHA256
0b4179d220eb71cdb7c8623c1512d3fe5a46e46aa2e0074bb3fdd8e8ed505264

SHA512
eebb181ad6a7b341867c77c4505da0f54eac580a1d5b8930afe3e70d90097e43903abaabf5a07a4955681f52cebba4d7b695fdeeeb4050e5216e9aae3bae1046

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4626265dd655a2fe2c4c63fbaef77c1e

SHA1
ee8fe532f73c764f709e2a1f5d6f4a857d20997e

SHA256
35b6b45584195d075c548c91881e9340cc2a364a0edc4a73a6a3515f47b746d9

SHA512
12c2f54dd4fd76340b8ea51b3c8e0ab9e5c284692afb961806c48ac5821a4051fdb6d337fcfb5baffc27266f9c4e0af2010a12da77404d51f87d484cb0c3ea75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
099c9e4220b82701fa1afbe890cea460

SHA1
7a68c213d5238a5041c767736d2aef2ca5c6ecd4

SHA256
947f9b69a43d1fba8af8f15f03f992d3f2faa833e701fbb900b45a1dccf6abb6

SHA512
bf83822532a2cfd5ebc8da2571091028ea19accbbdfc44d5b0621133e1bb6350994b190d477314eece0051292d0f0e974890007cdf95c36c598045cecaceb414

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de0aace3bb79b1387b24e22325170643

SHA1
7695fa3b4b222a2001aa9f9ba9525bdceb6d10e3

SHA256
209418e82ec8c92dd591558d11298e83d9bb8d12f9234ffb7b5f26eea5eb7214

SHA512
cefcf082d59aa7b0d714481b9629ac9b67690d8c31756822ab668bd37394048d6a5374b5075b3a597c841f7cf4d194acf496ef8befde6b8cc6d827c0327b1d0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c6dd51fa7d36d30ae3ee5954bae1009

SHA1
71e9da750a03ab455b481d603b545e9d354e2d27

SHA256
c92ca17427f247090ae446b359a0bcede18996c586190496cb73d0d314b5772e

SHA512
f68715479e8ab3e597969a2959916a47bd41b7263d78e8f7aebf88fabdac6aba80960bc105702d51ed3f381005476bc18d5d50d36b46e7e899cb33d8afdc202b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58d521bbd8bd343f4dda75c31b3c8a48

SHA1
5b82eea4039cae35f278a8a2a35749e0e7ccf611

SHA256
38d2d5536ce08692d1e5b32901940041c23a973133efa024e655ee1e87dd3e61

SHA512
ef1e97b64ef4b2229946aae95f04ee88d6136b335d3f42b8ff2d4ddbee6afa07adbcab668d424bb35b6b5d8652c6a48d4d3755442a214367344d28370582c4a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a12a64f71ea6f1b8bbd0b4856ff17ae

SHA1
5908357d63ec57b17b815dbeb4e9d3da8e792de8

SHA256
e3a2944e350e3f1f5d1d63757dda56472b2dacf6a8029904acc3c415832a9961

SHA512
90dae8a596626cca2bf10747c52b90cd035587cdec81a845b8b891edbf11d3e14e2637cfe90ea73e0ce3b0931280142fae380693a5a409579c429ebd6c75ae23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bf0d741de5cd0407d75db85bb0b51e6

SHA1
f3d44af9b1daa6e200883434ec465099a4299bd5

SHA256
84c9af39ca04c49ffa9ef99e6839501b0ce57c19f0e74c580738f7b454bb5fec

SHA512
c331d040f40beda55d4b4e7e72604719589f2ac55149ef2a23d6b39bd30d9031177d8850573d386d995b22ed463b7935d4a75a9b4486360e107713c88599263c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23340d7d910d83a8a103db1bd362228c

SHA1
3d71b83c8c49addee8e70e411a49ef3df85b71ea

SHA256
39978d0889cef345b42eac6a42d4677c1695a6d7d7321b6239b68c437dbe578c

SHA512
d9be43de28fe4fe3488caa1cf72d81fc3237fb67b72c64065b9823d7120f7b5d687f3fe5df8fc697892f6935b4aec8c4eb6e46f71793940da706b2c8cfe04e23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f734c79abb2b65e7876086de9eb53f9d

SHA1
a793dd0808c96ccf302ee123e263d8524a11eec3

SHA256
042a98364e758e5f3015eab20bb8bbf7ff5d5d17b6d8152ced679cdfa725d911

SHA512
1e8308fec37dc3614f5490000fcf4b0ad0d90954bbd46dc829261c1e944cc255ed5f458451c8dd58096484c587065078fe1f0fac9b24844a8ea70f20b4240293

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28db7dd887e24b3b58dae2297ee43f36

SHA1
d57a8951bd4013539cd85e35b044699c46534000

SHA256
1681fa680c0c6399b5f612ad45fb0391a4d055611b81c1e611e3362ad2d71494

SHA512
8d0045bef6a11fb601f6edbbf9d99cdaf92dbbf3fdfe08781fc05c7321d4f8d9dfb1b9267f36e353cd9376ea8dfa9ed8b83054bfb370911d5eb170362e1a0059

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab875C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar880A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit