c5651b94e325b69f90990467e86d0c54c2f3c3de9bf795c402c0730a194b63af

Analysis

max time kernel
139s
max time network
151s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
12/08/2024, 08:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e0a3ff0f73b181b579559eba210b910_JaffaCakes118.html
Size

44KB
MD5

8e0a3ff0f73b181b579559eba210b910
SHA1

69c4edf9112ac85edc409d36c0411eb9fcd4d0bd
SHA256

c5651b94e325b69f90990467e86d0c54c2f3c3de9bf795c402c0730a194b63af
SHA512

418dfe42fa8c8ce9e83d8854f30812b7d5ff609df781be173a153fe439904d977bdf12aa3ab1f8967261afe62cb2fa4ba1757d5353daf66087084431ac518561
SSDEEP

768:Zcd9QZBC7mOdMg5pC5I9nC44w7AjJ6QPd:gQZBCCOdt0IxCrw7LQPd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9142FDA1-5885-11EF-9A20-C2007F0630F3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000e433506842935391ec27edd7847f6b33bf81e26499b8c71bbb5bc23f6c662208000000000e80000000020000200000006ff1bd8a28286b0225d77fa64c51e4ab0cd0a94ac3e90b9aa996f6da663e0d8b20000000790f813629fb63bbb988bc8ed371a3ad66955487b2bad1840b3185f0cdf4bb33400000005ce3932c1d6b8154153c375ab957d0a7dea163ff1479871e26bed6b4b26fa7dffe4c06f377776b46f83a4e749a46e209a68b1fbd174efb12e47b041b603c68bb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 300c336792ecda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf71000000000200000000001066000000010000200000001e6e01c05de2c495cce0c8d46e605f24be088c0cb740d41dc2bdd9533e2ee88e000000000e8000000002000020000000566af3666ec68567d85090819f14cb22c5f261a21e78e8289ead68852906f1c5900000005d5370497cd35be27510afb7b598d95f4611c43b7844850beb1f4048bb5434dbed23f78fb21f455d0ef3453221844b47b4e39b810d7c90278b8bbe75fe8ed19937a44305e9f35eb835b7e43ca6524df29860b8ddad4d387d9f1892e60802c6f81e2524a47c2617a2a00114d3d4b5478ddc9a8f847b011bc55b1ec641f50bb8cca4efa96dc189df52e4b08fb37acf439040000000854edc8ab832f2ad5f59cd5c7223532688fa11daabb8444671795708498e28a4aeb077f1ae89a6c2fed72379023d9dbd0ff13e2c3c1e01d4e4209336ef15910d	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429613484"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1496	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1496	iexplore.exe
1496	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1496 wrote to memory of 2172	1496	iexplore.exe	30
PID 1496 wrote to memory of 2172	1496	iexplore.exe	30
PID 1496 wrote to memory of 2172	1496	iexplore.exe	30
PID 1496 wrote to memory of 2172	1496	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8e0a3ff0f73b181b579559eba210b910_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1496 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b3f24db35e79638ef7b6a700f15c376

SHA1
3c2fb37d35ef1ffa1ece607663932fb4b8e0145c

SHA256
5af3a58fbaff1f3aef81ab4628c7916f4b3637f2beb5a6efd0653fdc77b63be9

SHA512
7f47ba0762b4dd43dce418031eec5acb0b7d182edcc044cefd16378f3d18b5021a6123c922abf9b14141e10164e50b65659da124d2d81d9d15a18bb96a713224

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ba8ca3e8529ea1f8f0523cc9d93a16e

SHA1
be14031fb885378a35183f55b9dd12f9946ce1c5

SHA256
9260af7d324eca0f54378cc854af1cf1947cca44e04aa5e7f2abc96bd8a5458e

SHA512
3381d52333f430b35e795af40da9d1dc3a24ee4ceed0201852826a27c07766272135125a9ba06917c7aed89fa8d43a6976090918808c27d3f604f562fa056394

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e21aafffa4372b48639bcffeaa606d38

SHA1
080caee726adfcda3f33d07fd793769a93831786

SHA256
febc991d967eebcc15526b3dad963a2bee163b1eff8c0a39e0d9a2bcb846a4c4

SHA512
f158ae93cecb324d0b6e6cfd7f27cc0bcf1689f5cc5113288e27655543809006147cc1a6e4ad25de91c4e8e04a51d6f9e2a0e8a187ad2e9d06e39af3b6b655c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f5a65968ffd78fdadad1a7910322132

SHA1
afede943f7cf62d6dd56a3b725602d37ef344b35

SHA256
2a060ae91cc1dcb4f1be45674114fa2b45ddf224ae94c49ec24e9d0b73937d34

SHA512
5276ea183a9cfd99c99f3378f9d6838da2334937a120902e7eebafcb89c0ab1fb4c67383280ecb442bc4aa2bb329c775b311dd9670ce58a34eb397852ec184dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c05457e10f3e5727cbb4f31aae0996d4

SHA1
524990b3221fc6a05c4597053b9c4daa038cc0ed

SHA256
690fe203a8596166b814affec10567f15ba3944b3db74078b71295174b206046

SHA512
94630217a05631e119063396a5f5dc1ba89bc1b5bc359d12ffea008e26d78a61a2362560855b8ab443268efc4630bfd3d35b42c85267abb90b9f7157f85079ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04ef4b6bdb3de6ba07ebadeb9690f970

SHA1
86b9b0a506070ce5b393c79d7ea06d15365acccb

SHA256
3c5af4b47634507512a3f643723036245e4a87bad1d11279fefaf1c09f4d8a99

SHA512
1483b9fbc72ff99fda8182ee60e61c8c4f06fcb060ca14e28cf4156b6af8adaee5054134a65ace86c7304d429943f134098108920c026fd85b862cbd155da421

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf1953e9f5815944d097684029342ce8

SHA1
ff9565d5a8c79351016d91b7ed89d448f5e50b43

SHA256
ea314bf97d665f21e24e4fa3937a33ba93b816ef05e765ecafca4bd84ac25f51

SHA512
07f66be2906ef60c852f8916466b6fc750200392569b24ac10656eb64ff21b151d46a6e4f7076affd5fdd930e60b038e2ab1ee8580d6d80c6a1d1f448449df01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4159d22a97863d9558e38d532d67f46

SHA1
cd3afa7b9d72a90b9f9b32614b900fda2603d5c9

SHA256
d6ca80a5cd6ca735c403c90f8da6a44268b1863a72d0d465191799d670c15b20

SHA512
579af5735188d2a1eafcc1daa0ee6e5aa4b7495f5611fd2d549be57abea1332e0ad5051d73ca9bcf2910a0caccbdd52b852b7b8d824cc7a56d1a58c90451c4d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c7d626a73ff581e8dcdd464d4392070

SHA1
765137e425c23b9f26627fb018dc129813b0543d

SHA256
85246bb3bc3f8ebccb09f0e98e4edceec0e2a957b048f0760c5b258c7a276046

SHA512
6c9f5e12ec63cf4ad63be857de2a8f9cae6b0c34bb50fda98562e87a724efb8dd219d50de791e14b8fa848768f05d6ef6e7eda0d0c40c4b72c0cc608154f82ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddbf91fa442dc745b664cc4a91f06a7e

SHA1
40a4359c243bd793ad16832432ecf0559b7543ea

SHA256
a079e73485919ee684b5813aa3692d7d8a3f3d6a2ca90faa1a7b57148ff5d1bf

SHA512
50ffba016f959c74d83d8367009c83810a9223378585380f8ebae6a36fc1bfd4c9ddae01e436bf5e6551ccc18552b0984e44501e1cf74d1dd64c53a06137432e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cc39145eaaddfafb3c3acdb0967f8ac

SHA1
a1e21d5b26d8ac36075e6b5a19f904e202b5b75c

SHA256
d6bcbfd2d0e9ebbc82522bd0c22164f685c49bc12c397b32b9929ed4acff5650

SHA512
e7c96ba10f3d706819494aa4514f143ef65327bfb70367d7f3d65f478a5fe9d49da6844513ac8e0e66a644ec4fc691e7a1b4ffa486c970ea831ac83aee86af96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0141d06341b94a958ccfb784d680d677

SHA1
3220a98c6f94ffa36615f3bbcd8d49d5e54e0082

SHA256
f61e465e7da87dc4d421bda932024b5e97431256fb7897ac62070e582b3dcf62

SHA512
e2bbfa3834626c715c580e3e3002dbf7a844d01c7bac0df05544a6398009aaf7c9a5ba6eb30817498cab28c32a3b719c3cae6a27bdcf2313e7158673eea45794

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6906e30fa498f408927fa4ddbf8b29fc

SHA1
72110a7d968ae3c932d9bc340bf5c9d1476763a5

SHA256
6df5bcd5b284233b8d97b8744e6dc6b7ec069e1a9696f45657c8bec0f95ef31c

SHA512
e704603023a1accd3111573960845000797abd24facf6ed870a5d737105e1a15b32f69a7f01be2c805c92db98ed983712bed67ce5dba0fcf8040ae84e1422c9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb88bf896bcd6bd42bcbd0fd0587505e

SHA1
87df1b56946ab0b02130728e1d83a8031b94822f

SHA256
6db45e32ffbbd95e89d6d0e38670c5816b468c1ee8a8b1f9cdc786bd14ac7e37

SHA512
4c33ec3f2d4cc064f3291e698f18205031f1f41ba49d9d89da9f6f642e0b254eda15ff23fe809a5a215b17e50e19aafb95c669dd58b8d819b2b74b16ffdc4b06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
694e83500a8354ced88a5ca3a3997e84

SHA1
ecd8f10c0720b524f6442cc4acd3d66aef2240da

SHA256
b422f95b900e93d1fa768468388cd9c8e51e9985b1f76d46e72afc0292c4a09f

SHA512
0c2b580637dadd9cccbbcec4f1b0fb4ada2ab235ac183e96d13689e267d9117bc455d0374090eb5fa44a3f2ec3e2db2c1ecaf591213af47ea2ba7cf845c1d905

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
966d28d9bcdec0b80a72b4e62beb5d71

SHA1
15b27e526db24158d7b90ab58fc483e36908ff75

SHA256
ce42f9a2b3ad9ad1411378bf26c2db8dddcabcbb48b09ab9029667c510ee1644

SHA512
8a55d92eac183c866b7af37ed2e8b77a9845e62d7c3534b226b57b9315b6c111f5cb1181680bc6d7aacbf1cc2a7263760bfede6746f80a34e3b3f428b0cda7be

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB5EA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB5FD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit