a7a8da51aa689f3547bf830e0dcc787ed9c5cdca2747c790e95ff1b1eb4bece3

Analysis

max time kernel
148s
max time network
153s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
12/08/2024, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c919a8ad49919e426d15849e7760098_JaffaCakes118.exe
Size

5KB
MD5

8c919a8ad49919e426d15849e7760098
SHA1

8d4b8245203416b18d875964cfc479bf1c0d0751
SHA256

a7a8da51aa689f3547bf830e0dcc787ed9c5cdca2747c790e95ff1b1eb4bece3
SHA512

7b2f5a90b468a605e1448e058ff929280e301f18582861af557e45d57678a5aa8c49c98b1c3bf98d83ba50e7fafc27f32013882646372f8ae896150af54fe8a9
SSDEEP

96:k/KNqab4OtpxMOwjzcexTAyqQsZKtSFM9rWKIe:qKN2Ot41jzc0AyqQsZukMtWKIe

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429583768"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000ea99a4f189d24381ae0041a2f316e915344d7207de70fa2262b53a8514ff4750000000000e8000000002000020000000ca631dae156c233ed1521d8e2873777f3b6184e405920a91912603404e31321c200000008d03ef503a239915058417bbf4dfda0d640e06efc8b580c40eab35c8b78a0c0240000000c4fd3f8930aa9e270c985b9b1ba2ee40d6d5fd056a0658df5121647b71a8a83ef925e3e54bc713a42c14870fd6354155dabec0702c17c3e764905a95d35488fd	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000000adb908eb11df0ee43985df8a982757d74a64bcc9d0b401ef87ef884e0d3c2d0000000000e8000000002000020000000389c2da6be5922245c00ebd19381358068ea978f1dbbde36e92531c84e593fa4900000001be76374b0027068daecdafd6ffa707712265a003cd028855275f8f9a3571af3c24e080556d629845b5d6a7e81a7e706139b0b6c5e1719b000c80a985edf29dd0daf5dc7db64bf7e4f2fc5e4a987d7190036c1b88632938627bbcbe8add31d79e7a621d96715bd2cd5090c31cb8cc5bb2ef57a60311cb56e20a2a71758bf4e8b776d1e1554b315c6c04fa5996d061c7a40000000bf30d1cd23da9582e00ff10be609daedadb374bbd902f2da0760ef2574a9bcae3bd51c679240ae633ba5bc7a3c705e08c4ea5017409de7305834f6a2c1a7d0b3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 003d69344decda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{60026E51-5840-11EF-B062-D6EBA8958965} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1760	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1760	iexplore.exe
1760	iexplore.exe
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 2644	1760	iexplore.exe	31
PID 1760 wrote to memory of 2644	1760	iexplore.exe	31
PID 1760 wrote to memory of 2644	1760	iexplore.exe	31
PID 1760 wrote to memory of 2644	1760	iexplore.exe	31

C:\Users\Admin\AppData\Local\Temp\8c919a8ad49919e426d15849e7760098_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\8c919a8ad49919e426d15849e7760098_JaffaCakes118.exe"
1⤵
PID:2960

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c51d4f356ff69d57f3eab5e819419bbd

SHA1
7f13989f1bb300d458a1307df9d5f9fb1be4f242

SHA256
8d31bd98a7c14d084e1f56619e66de94bd0adbc63b099ec798a4c0f99200c675

SHA512
978fc0905d40e16c08ef6ad9d0a74266c8ea86b48cde82c0848054480bae163fbb5fd8860ed4579ba2358ec7daf719e226ef793f3c0e692c66119aae3f9ebc2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fef0c0f1c9073a6eb5d3a8c191ef2a0c

SHA1
ddc90217aec8e648677f856bee61463398a4c2f3

SHA256
77f54748ec4790b1ff14cdbf7ce7f9bbc269f0f05b05f319d2acaaa7f05354dd

SHA512
18c221c7526d04aa5952ce8db7389b2688572387c96f9a4b1d32a2fb9eb26743b9521d1db8e33e45ba6a1b254ee69a7d524f15a28c808fc325f699f3b5d075b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a0f6a585b5588c056a387d02e5c3f86

SHA1
128dcfc1e46917a00b3c1bd4623911a3b9224314

SHA256
af33595cc2bf88524f4c98b1a9ac62b1d80328fd6766d20cda5f3cfcd819b5d6

SHA512
b6e3a59b60aae3072e4075c22b0b4eb2b9aae184a173ee469589547778f3ed2d15ddc2857dd7704682da629880be0f5a16dad025275d2481fabe293532f0baf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9229cf9d34044912e34656d85973c0f7

SHA1
a3b0839d5bbd1d0e448d41e443bef4a71aba80b0

SHA256
201dc9e3604c1aa8d6fa208673dc722932c2b2b843eeb46cdf5498aeccbc376e

SHA512
40f9ef6999c29267b4a482d091c960cb381a223301a89a635906ea0681d50e84115a549f26331ea02fb67c03f4b201d656906db703f2d6c55726c9faf995b823

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f35884585e32542461ad5edab4fbd7b6

SHA1
f7e326ddb7aba101d01adb918b933b00257e3e25

SHA256
9094cb454b7c85b2590c834675d7ac9d6d894edafe5bf75acdac1f6aa604dd91

SHA512
e1aabba003f395fa36ca2c3a552d3bbf29a971701ab77451eebd0b2d8adf782a28bb562aa6dcc2275b0c9495b45d466ba509157b3ba5a1c016bca6ef013d9c7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec55651a6432fdff9db2eaee08dcda46

SHA1
04a2f94db39b7e1ff916f7ccb621ac392cda1487

SHA256
dcfedddcf284d56493fd39eb980fe5d65361ff3027cf3482acf5abbbd0fc68d2

SHA512
2d982f812a674a29da8f705dd2a6e3b72acf0e8019e8bebacd9ee3f9c2719b40a72b98668c558798055ad34ba59583846437c406a6fd7e84b5bd4eb69b189787

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad3065dd47943d8ba1d3c59b2fe496ef

SHA1
ecbe547db08bcbca739ac6ec7149f4f60334ab66

SHA256
21571c0a0eec63ca1fbdfdc55cfebc929a94975d2aeeacdfcfa879c2f88d70c0

SHA512
caecf286f8bff1750deea9bf6d91bed3254c9a7e1a906e0aaff754c433d9bcf0cefec3f4b83a43a180a2e3417eadbb6c4072b5ff93e4f063453ebe2490cd50a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af5b03b3cfb885173d43670f93ef99fb

SHA1
6c2327e2398ee197dae24b92eedc1b0e5c4289c9

SHA256
8b7115bce4fb75d17611800079e5b80a813f277ad9083dde2f797c79e98c1043

SHA512
036fcf4ecda95d12e0538bed0637aba951e9062072a3e1f94170fd78c8481c5adb682af1715abe348be54bb35a59eee98c44e8908ecb42fdfc54a4b86f17a3ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e670961694cb069f2242acb4ff7c4ec

SHA1
2498e3312d3d4de5e30e074eb13dff074e0e7088

SHA256
f6ee499a206e1b98b5d9f70fcd71b1e2d9cc460f0eb25dab8008f69078e2de62

SHA512
af4dcd560e079fc0fe03bf5d1342c3f84cb1350e0cd2ad3251aa9fdd6c6d45a354031a26e6edfbcd6342ab4fe60f66c428b274c508fbeaeb66e0d5b0911c6adb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3654148a7ca4079eef85bfd88f51f49

SHA1
4d597be193cb3bc060933eb401ca9924156cbbc8

SHA256
83433221f9af9efde0bf8b20f84a894b3a7b175081c7edd5b8592a44922c10d3

SHA512
894cfe306168330ce0af497782d69719e4f0ba84a7553a88a0882f595aa11cd2f7703c49e9fa5c4354b7de08709f62b9adc272e90b3c0bc63f5a0ee6bfda4ff5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c0bbbb21008b25ddbbbcb0442f528e3

SHA1
adbdeb1f518dfe9b5076ef625eeccae60b903e9a

SHA256
70348377ad689b5f75f11783c4a1180dced7a088ab532756ec83cdfaa228f071

SHA512
ab96253ae1b270e152e27d1b020f4a4d375f8303747a2d7d79b175b0bd52f28d0586d9611ff07cf4a7544ea0eebe662ceb31e8a9d7629bf34e5e4b8b16c9d04a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
abe9cd83052b5577e8dd1c4ffa643965

SHA1
0d0fc42d1ff1e3eb634a3fae3baea4aeb97e2e87

SHA256
b0688c22a4aa029c8cf8c6e10530927cb691026bd28a833f6df78f19d436e70a

SHA512
1935196eb629c2d1fd5e2b9bb6bfc3542df452d77ad0a064aba1ecb9b89f76feedc5527e9a0e15225eb3e5eeaf4d8f977924e1cc544a7a7bfe0930c9796d43c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
befdc4d4fffab8e287077655f1368134

SHA1
3ed72af3a1880241fe840b5eacfe95f5e4e57219

SHA256
d4c4ccbfe5303c1041b69ff667a68a60a2732d57aa9f8c2d779e3dd371ff1f35

SHA512
e2dc8096e405f82a9f023cb67981ce4eed2b9716bae0fd2553f8a42e92512a5927878b924da49d3c2938cabc2bbe8e2a6a3afdbc07582c7c0eaee9493c23a6ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5dbc6049ee66a9c82e39f13a11af0036

SHA1
853dec7d9f87caa89eda059148b7ed8e4983ac59

SHA256
7d5c70ced8e6401e7b6b22132a289a8416cc687aa78968ec598e236fd975b4b9

SHA512
64b71a2e33fccc47a6f3a2301c4616e2cd4c53a892262555ae9e695fbb7d2335edcd3a8660627b6bddfe90e7362ff5f74aef33e4f3364fa81566c5e7b347b9de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c71cf3173e4ff04c23be801c23d0d363

SHA1
eaf60d18681eed079c094703f21e24405c704458

SHA256
fe36dba5a609dc9c92051a2816b439397661150daa6cf70862157afcbd146dc5

SHA512
5218c3f1fc3708ccba15f442504d0e4e9d4ce6633c105fe57458b5c61aa1f77f55b85d154fa66044285dfb22fdcfbe41f87a7fb9eb861c2df80ef5c6483e46ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd8aebc496518958b054588c6e618a26

SHA1
a47817ea1bcfab6344d03d7ba323ba3d26d451a8

SHA256
ec741802717cee9b76d68d3c93efc54e30653421f9791cb0e6843cb0d3419004

SHA512
637a3bd1f0b9eb698ca6faba3fbbdce09e350cb333b95ce777701b34e7c5b0d6c014a801107cb3ef183f2c386c58cfdb9d8ded113b423977c40aa7f4361b9233

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef20d2cb2ac76cd5187132bc95dd2922

SHA1
3ea826dad489fec9b43b5613ab12955af6829b07

SHA256
441de99e2ed2470c3ddc0e8913b8c4875eb7eafc5369d935362a05d002046ea5

SHA512
3b3020ecdac4971bbba8ce3661e64f91925ed9452184ac67f79a4996752de875af3e9f0767875096c45e40c9822df0f84b2558365a71e4630bfb00e05b7fe483

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
memory/2960-0-0x0000000002080000-0x0000000002082000-memory.dmp

Filesize
8KB

Download