9357110c53a75c572fb2358101839564fa742878758d675110a8fdce260b29e0

Analysis

max time kernel
117s
max time network
142s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
12/08/2024, 01:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8cb5fdc2dc40494406b8fcae482e4a98_JaffaCakes118.html
Size

10KB
MD5

8cb5fdc2dc40494406b8fcae482e4a98
SHA1

5eadc0c7a0425f9adf3a8186c3aa126004ce063f
SHA256

9357110c53a75c572fb2358101839564fa742878758d675110a8fdce260b29e0
SHA512

d6ec8ff8d50fcbd0ae11ce816c5366c527b24bbea451ec7dca68c7894ef2addc39d4f5a1c2262f5a40f3816e23867adff4b23b04920b0c7e6703a53e1db96306
SSDEEP

96:uzVs+ux7IvLLY1k9o84d12ef7CSTUAGT/krIpfLWN9xzhkdZMVeUWN9xy7lVHcE8:csz7IvAYS/BizwAUVVwQPHb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 003e92d653ecda01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429586625"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{018999A1-5847-11EF-8E54-C2CBA339777F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000ab2409f599dafc296e552fd91fb3a4c433e5b545adfe447f57495d6398f9e845000000000e8000000002000020000000a44b5af5fb5442ec4aed02f556a8ceebdb451eafbe8b5d8f0567c6635fda0aa6900000008c99d45259b8fe26a50264c85d0f0a4a68ddfebf3f52c3c5b075e2b1662e7ed5c8c1a94720223d59fb9f100182df1621fb372ac06cb64c51cfe258561ea9fbb7022664719622004811c39ebdf5bd57fc9cf2e6757dc13cd2e7ce02774c521b673485c9357d1ed5784df70b57a79c06167fb3f6fac620302bb5c713b4e144aeaf07ff748354d4f89d42c3fea21aaa565a40000000a24192203b33c899336049a7a816a54d1d18eb9325dd1e034ca3566f1254ae1e5470d65a6eeac47a339396dfe3533079a1b2b7ec44c43ba85affbabf42f47c73	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb90000000002000000000010660000000100002000000024f31cd5a7d8df3db92e22a5a8a5d050dea47d979a9f158f1832e2601cedaf12000000000e8000000002000020000000e5dc98664a8a632da4c167bbc6d73d41f0b33289b79025896758961da59ccfb9200000008300bc0da83b49f01cd636246b4c7c169fed6fee36398b5f4e3db0f1792fdf3b40000000ab13f47ac2662bb646c4f779d9d44edfa7092a885056925d996987058e84b87c36bcdf99acde4cbf0a3e65ea1e11b7eb85603efa87158c7daca59d1a07d01dc8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1072	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1072	iexplore.exe
1072	iexplore.exe
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE
2988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 2988	1072	iexplore.exe	30
PID 1072 wrote to memory of 2988	1072	iexplore.exe	30
PID 1072 wrote to memory of 2988	1072	iexplore.exe	30
PID 1072 wrote to memory of 2988	1072	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8cb5fdc2dc40494406b8fcae482e4a98_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1072 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7ac1a66720ea12079a897f319954175

SHA1
c3350be34662d67a4e4c1a678f07ba573d05d905

SHA256
58fd5607a9f4eb7d64f082d5f9db4417f4d1422cf430234df3f59f13c491cb99

SHA512
2be7d37bc2cb3fbc3c0ceea03aaf1a64a316a8eac608f6777b2c4554c10e5c27a3ee4c165e809b172030326f114180899858fc0e0f84aa1f96fa3f1f46123b35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe537cd9bf1d5f6cd84d1f5a1b8e3a13

SHA1
df0d7a22de4d49712420aee51cd1f842ff06ba79

SHA256
8a56b4e5738e48b3937d4f7a59a19ba0a0e3c9ca3627a0e430ef3eba32520c0d

SHA512
8498815af0fdfc94af47fa99c78771e950b3872d1e5b647d9cdc6a008e8c766ec949afe5532be40430d0d0b4b4b5f7892d4acefc0f33ecf2482ad174c75f53a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c25ccc24bab0ecf963e6173730ebf4af

SHA1
d85a42b2335c648b79bc28215d65096ec7116bc8

SHA256
bf9c631875d7e280ed6e062533706ad76a83ea35ce64e0c6a740dfbc2480fda4

SHA512
fe727b3cfee47fc8d807c75c3fc6932283c4b820fc50c5818eae2a214ba89cf121b11f6495b1d3bb5b3f58deb21ae78780243425ca8cb003863c9677f3e5de21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6797f06923b5c6c78e967f77fff7ac30

SHA1
4d4220c8f322c83b0a7e11f01b12c4e7d2b04c47

SHA256
e6baeaaa12e1826cb971e3bc6034e81d82cb5015f78bdb5d6044eb267ea31cef

SHA512
e0e3dbb4a401eea405a405bea34d1f0027b9b6eb7cf4c99137a5ba18d51f9c03ef04293186afb204a5474fcb95945b88f18e6f73a2f201f65826764b0587d5e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf473f0f985529b3af6b3d30092e4626

SHA1
c2fb98f285256564dfedd16467f63648a2a8c2ff

SHA256
51f69968eb2dba16a8f43425ac9ffe71a01bdf1c888255c4b616c952d6982528

SHA512
71da955a03707ffd14e6fc7287cf77309542b5b2f6cb892b4dcf2585ec446acddd9d1a93bcc92001222772a38e302a4ca9a52289624630152fe3bcf144869bef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb39e3f8fc25d0af6d93655c79f03612

SHA1
f4ba7b2dabf809b6c01b8015dfbae57691b79685

SHA256
577100e3b6d1e87d19449b3f04ae43799f082dd16102b0d4876811bd3f5f5615

SHA512
94b712ddb7bdd6b7220094be578123fc769ba23211b8fa9403258b1c43548ab33ec6c2ca52f3fde4569828b1b6be6bee192a2357004a5235adeb592d19aa18bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
528a8b4d662ff15153b4262fc2d0d061

SHA1
8472aa0c04016a43512875055ac7a3a600ce6e6c

SHA256
49ad19231e1427c179f6db94fb5fee14561a8bd0a61d3dd99812f58eb0694e15

SHA512
faa41d6a4322e38038b64dbfcbb6d2b520b95e3078156382232a9540abf517dfde9559847b1d135da8079e35914da6214a67bf93789e7efe3745ae35b93e518e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebe8bc8b06fc3ef06b82fc03094ad6ce

SHA1
48ccbdc52efb55b49e82c7a421b89a190e4cc401

SHA256
fb7155b9efe90552b6d6f6d4be481827cbdbbf61c11316b0371745595f3f4eab

SHA512
2c57a26f5df0274e51b0ecc5de093c27f83bed5cb41cfbe15f303d6230d2a2894003302191952811b26e2b1deb7ea9b156200edbeaafad9a1ba68d7466ab7ff0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2044c99e8c4a81431d82ecb2be77e203

SHA1
746930c5b14f27ef7cadc16856955c94bf29813e

SHA256
5b36d2cd59b8f1faa994fffe5f1d33166e2ab1e492bd9e06a45715741cc85b12

SHA512
28425b85081d4b91bf11d3f9b0aa19567ebe22d6b0ae3d25613ca07558f50868133501d9add1a51039a2b33dbb6577c8b7e854b1b96d2b022583d712e822c349

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bb4f385b7f4defc0249f248007a0872

SHA1
7dbef0100eb5cc600b86fdc75c5679d8992895c4

SHA256
ae0c87098135955a90d1f658f12d22dad3f3e8372de2c949a9e2e1f324b77a4a

SHA512
6a61943cebc93f4a1af7a6cb1286013c705d3efd2580685b203c65912b71d8b986d62523da0ac5396f0df79d94834606a47fa8609b87e9d8abd75280832f4ede

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0941d045e5eaebd6ba0278dd53921b5e

SHA1
72b88e8f4cce90fbd852955d8bd767966733226c

SHA256
37d878729713cf3c4123deed5c5a73f45fceab063f0dee67a001923dd34e5551

SHA512
86f904c2c5eae034f9d18e363f52e7d527584e7163bf04e5bc9bc5a48bf801cd0f3a977666b6f918339d72c3e806fa874710340954daa4960b58a9f32fca6693

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0a99774468546c900288c99bce48e18

SHA1
4d02b2cee46fa33772bb389350d9b18b68dc4523

SHA256
53d94c0dcb3afa2ad0ee90bb1382d7fb29147d35a4888a7a7789b9317d3ddaaf

SHA512
4dac3ba064e5db7ccfccd708ba583201e3775f044153de7a4e36c9533dc6b835ff566e88569769a8dd0dbd5987f36d553079b5efc145fe845fd988e1b3d402d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
856d83abff846697872b39e766a9458e

SHA1
c304f911b7878c477613446bfe4e57dadddc8e00

SHA256
b736e9eb7a890794366fe49dd60266e987bba53826877166be3e8450835f7a39

SHA512
3eae7b7c537b9dbef51d28029f79c79b9e52e7fde7271a26bf44eeec25a3db9fce918371948a0c2457637c88301af8491c352b6ee1a947a808c1e54a6b63a8a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bd5760972e389f07606261abe2ac3e6

SHA1
a1b43292f7618f052302a82f3ce31afe32116f55

SHA256
10e2de520a6e811cb0edc4268897668fde1365efbde920fccb91c350bd6cc6e8

SHA512
772d1a158f4cdd1742b7a420061a152230455ff20e086546fb5f01ff73f079bbb496721be5366b33d2589a479e58874321ea300f6286b7e3996ea0800919969b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b21a7736ec5fb3f3049aa2462dee1cd

SHA1
df77a6919e5aab918d21cf087b8350aa9b47432e

SHA256
acbb491627a36134507b71a7fd29de9da6e5fbd6b1b7e2158569140840bb8a91

SHA512
354b37afcf073501ac33d1cb569bcdc8d7457fe780e53b6399b7614d1912d91a6dfc97ad2241da30f3b16d796c614bc787008d98e8d78455ed470f6923cfc3ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cdeabfbde21395558c1b66d4f3b0f5c

SHA1
0255b970341ad2cd5d7571a7f4723905b411f5b8

SHA256
4da094a7462f5dbf47dc792353219ddae0f8654593b7271528c224bb64a3caa3

SHA512
67c241a58f79781e6946694da4de26c5d7d7812533fa3a96655e4122c14d52129cd32ead6260c3f772c643aef435c367af696413506961746898042e710c964a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab45D8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar464A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit