8a83d9540adf969573c1b2bfdbadf540a8a1562e4341e741b5f2df6cd8f09981

Analysis

max time kernel
141s
max time network
152s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 13:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8a84c586f32a5a64c6902998651f2546_JaffaCakes118.html
Size

36KB
MD5

8a84c586f32a5a64c6902998651f2546
SHA1

5e0d013da8481e8b22b1368d3b7d23534e222af9
SHA256

8a83d9540adf969573c1b2bfdbadf540a8a1562e4341e741b5f2df6cd8f09981
SHA512

82bb6fbefaca2a4d202e9c5ee4c085357e111c1c251fe6a6c391e07d655aebed77009248405545ab7a88e3916ae7dfcc5a0f564831299c8287b60ae0c116e8f0
SSDEEP

384:F1NaCaBd/tiEM/go8K8ztXtLPH1r2QSZjOHxTEf6I8IxGXtXaMxKuedR5k/g06Ve:FitiEqi1/tIxfCEQbKD/my/XwGhuWyd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 400a6b5df2ebda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429544702"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c920000000002000000000010660000000100002000000022314df0ca501f17575c854a673175e565cd08422e97f64ee09ff4d4c3a5fd43000000000e800000000200002000000031adfc6f6a064a47c07cd18e9d6d99d5e57c899dd8a43d5ffabcf49eb1a0d86b20000000c3fbca962351445b35d902ca3e3ea77fde45ba3e0b11e5e8806290196a845eb140000000d5d7c710562ee361c553b12f9644d77b17cee6fa4b827cf3b94d385fcdf13f1957b99d53fd026fa354a0c2b75dc1cb515ebbb1b79ff3d7f336f7261a9deb42b1	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c920000000002000000000010660000000100002000000095bac6450436fb8f560800f398c45ef574257fc5abaf6cdefdab97cc901711cb000000000e80000000020000200000008ea2014d5cef7fa466d75ce995c6c43c9a31d8020e0a28e69226c98f520ab936900000005df4d5abb896e43a18eda1a0624cd583535ab01351571d0d6a458b04d7a08f97a9ca110cd0ac16191af7737f0d2d7c2f42eaef05e4c78c7e0d93ec476e966e9771691aea4b8a0f893d50c4d4e1c1dfffee9525ae05819554f087c6b06e14235bccbc91415e7c16abcc80e7821ca6495012d885d4d218882fa54bfca302f6bfdaf60489df87073a45f594cb92a6f6a527400000002f632ed80f6daacc82b426dde0ec9fb965f3ca9cbc8d5e16dd377ef3c7862504f7f4067ad72a1b83988a1abaa15ecfb74eb03127751e9c7b524647e59720ea22	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6C0F44D1-57E5-11EF-8507-5A9C960EEF88} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
824	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
824	iexplore.exe
824	iexplore.exe
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE
2640	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 824 wrote to memory of 2640	824	iexplore.exe	30
PID 824 wrote to memory of 2640	824	iexplore.exe	30
PID 824 wrote to memory of 2640	824	iexplore.exe	30
PID 824 wrote to memory of 2640	824	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8a84c586f32a5a64c6902998651f2546_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:824
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:824 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f06d4c55ce5efa967480193eadecf5bf

SHA1
6d3555ce4e77ec55527beea6eef412a77066e96d

SHA256
5036c9aa14e72186325f5a210dc2a553e554acad907e822f5230cf07fabd31cf

SHA512
dbfbc63a924c7e39ab63b0d4d47461fa3ce8d65471fc39d3bdd97c3dd1c0cb4644ccd2afd35de4fdcece0ed8afbd89d07dd5c30d1361dfdd391555c02b05bc4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccecfdd24430b6df8b89a2838b7666bc

SHA1
83eb86185558a88b049801041848c5a29b3a2250

SHA256
736b8a83a1c80149a223b9fb07874e7ffb3e36db7bc4c20d3455f0d84f4003e1

SHA512
fa4df45302eabc65839569bb1123942815be0945ca30ad3f3ca44c74f8229a588dda973b8554d4261266f6a4a103b7a8d7935340c5fc3c3dfa07dafde3b33a1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3bd4b952b229b08edb54e1b62bd49e9c

SHA1
18e9c65f119e8a7749a9e09d2d0a2da2ff92fd0f

SHA256
63ac47c7321d2e2729169861eaf86ddcd3e471abe48b862e6d703273136e159a

SHA512
7edeaa959a2909c5df50d1a5329e3874b5879b9f95ea3ce32e063f0046b8d4cd538c3aee259c8b91597bde703c2056e9cd9e48dbec78973e239ac2649d50c475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1e061a69dbc520b1c78d70301d63deb

SHA1
5e32cc949651789d71bd7aaa6894aa4621a23558

SHA256
b134afca636cacb46071b58c2f3fe6929bb69d6218a0eb89fe51c9f164f4f73c

SHA512
51c491d34303b5993b4cbff510b8e97ce7614dd7e8237490998fbeaf4194eb5dda758fba08542bf4ac9f37f3819bff486c7692eaaaeae5e05699127581d5ced5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a636db0b621c595066551ad95ca1e73b

SHA1
66654c194ba04d75bc16c335706aa89e444e0732

SHA256
3774918a80eb63be771fbe7a03195f1efe541e31094cbd36b89a5f3e10a4b109

SHA512
d4bda08d7a1466541ecec7948be7835a8eade0d1fd653cdd68b26be598192aa2cc5a89ac8dc89b6f5d9a11a2978a79890ef432d4acd93ea2424dd9eacc529d4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c350e3d2f0b613eb5e17172ef5eb9649

SHA1
caace8d0fe9c96c889b32a71aa6d9f75d70c6c04

SHA256
82e0d3558544f9b3b75611d090dbb20c1fc55e35ea72007c9783de47d247c895

SHA512
11ea50ed1779d0cfe1eb55021f5e5b7f5599aa8623fc4a7a64b94b0a05609f5571c5cc40732cda274c597c6fb5db682a58bd11603c43653c32b0b2499ebc73db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cb887dab8f27a68986f7d84cdf08c37

SHA1
f64295e236677f99a1d7455b5485336c4a76a30e

SHA256
b7c39010cb214db3ea0a701ca23a7329a3e0824af7d4b98cb7d974715ef2bff8

SHA512
4ade8aa1a26c7b75fe8c84c075c553e8f7c45f7a6ab1ca80be9c9939355b3585c2daeebf29d4b5bd8cbb3d9dc23b03e9cceb00c69975ce47272b13eca9f449fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9d4871613ad9b4dff80ce2823b6a2bc

SHA1
303a7032394be644549f1ac8ea9b1ef1a9358f42

SHA256
871300ab7f82b59100de4861ca813eb866fb97086eccbc282c0623723d970bbe

SHA512
f2460948bf8c544427cf40c9bfcd245a393d86f32c2577d21c358554d09b79642b3ebee9f7001f65444ce0352f56f786eda9c952653ce3ceac9c16c34cc7eb5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
305715a76afea66735f4272ee8fa17db

SHA1
bdabc1e2fa28def57cec36142b7095c5642dc7e1

SHA256
40cbfbd26673d626264b8dfdeb00d7e5a5fb7f5af6882f7006e924853b72c367

SHA512
529a2e135bf0f0a7822758d6b27dc421b54d41ebacdf0f0463d88ed872898e8d2166351a60fe406ded5bacc7dc83631e78c0f48a1221dd3ca4624ebc917a083b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed001c1c3397b0e06ea2e6f8b9d7a7ad

SHA1
2e07e3c2ffa169175a2aebf7842d9a9ff581c2d1

SHA256
304a50bf5436420f918ba68d1248c2ebabc98752225981f9cf724211bb604624

SHA512
3c98460cc7b3e8d21f331576e1e588376b75d4c9d412d6f08163520a613248a3993fb3070616d9a812e9c85a35d9d0c241379e64c284ae7316a9cf9a2c0f384e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11e62cc8d6d66f012c99c6b0753a78c4

SHA1
55b24a3ca00749dda0ec6115d747afab32e5acf3

SHA256
805da2e8de68f2a8b7ae23c92b766c4dd389f158466ecf75815eb9a0592ef9e0

SHA512
a9476e302f75080ae8acb6aa17351cf97ec30e36569205b84d27ed68def0ba126e755bb8a95059d49c5a742b063c72c7e27e78b5f3463876a81c66f8a07f75ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6c38aa28f2ff07d84f78727e607578a

SHA1
1a2fecd2ee84a78e1f7392c5eb78f40efe5dbb2b

SHA256
4d7b8da948aad9fa198337e9fac75bdd1d82bec2c9986668e801ede6e4fb6a07

SHA512
3336ee395c6d30a7190365892ad3e3fdabe207d1d49df26683780444e74f5969afb4403d9f377858e614a783e4f5d7826075027e2454e9b50525961f96b4272c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa62ed71ac25ac0796af9a03eb4537a3

SHA1
e44b7faf7cc7c51ace23bac2e662809de0ef774f

SHA256
eea869c9c34976ab5b62b5bac0050a9b719b52bb4ac96116cef69654dffc5e34

SHA512
25e0376dbbdbdc01b285ffc141ac2c00c5b0a490e5ba38c4d1ee32d3d4b4d1d8ce5965b00de1bd9d05c9a1547059b593d829ab7f6a7f46516ad57ce81dd3efdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5ff1586dc33d88cd59353199c5d2cba

SHA1
af79f7a4f28de0e660dfd7735fa4adee8954c4d6

SHA256
6d1e4e8309f2d77d09cd50f9b09a21a35ffd8c64245c920c43952399e2210d45

SHA512
2c60b64a62c71cf99c314702f9a035e309ac6ac2e2a0ce2367d254180398cea4a8fdde0f85d3ee3f2391afefcac5ba91a2881e45375ac2534c8144fc2aa48e1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fed8803ba05d331b1d2eb5e86134148

SHA1
663d378bd2c34dbf8703d5bee8ba66392afb20e4

SHA256
9637924d9a09b1471693beaabdb6be993c859652e137412495ace8df63770e8c

SHA512
b761b5f35f06d9d90b7f35e6db42bb8f42b3bdddee82150a8b2a6217914740f9633ee94a3e1e400ad902fd06ea36be565df1fa64bda6884bc02fbb1f57f6596a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0fe6fcf8afb98f488c3cc2aa5584e09

SHA1
cfc01bd4459f8721a32b424e6c11f31e85084c58

SHA256
837cc0d59b7f6df76a50f3bbbde7ad0ebf6aa6e65659ad1615e6ff535acba5fc

SHA512
dc6620b2c5c609051fe21fc31150a0355109e13d1363387cde8ab4d98836d1db43d9bf09bb8f2a4d9e5f8a76433a581b845a63e47fe5559c7d0222cdef032290

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1F35.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1FB7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit