454236b591ad461b0cec0d998ed1639e2a692874c5a3fcde6878a2dad53e480b

Analysis

max time kernel
142s
max time network
136s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 22:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9500aab3ac8a98fa59fec5501b5305c5_JaffaCakes118.html
Size

2KB
MD5

9500aab3ac8a98fa59fec5501b5305c5
SHA1

dcf0e9e34b94b24d2542612a1ca2cb0f04e7569e
SHA256

454236b591ad461b0cec0d998ed1639e2a692874c5a3fcde6878a2dad53e480b
SHA512

bfed4d4dd4336f2baf291ff531acf92cd19a70cefd9187d56a27a3dac8edab632d7896e3dd3aa462e5286dad23b3aa27c82ca3dffb76f863c338d3c467b61961

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000f1c546519a3a76b6f12dce8aade278d542ea5eaf82506863ba79acf186d96676000000000e8000000002000020000000d373aa7f16baf89c5eb5f325580197cb3903da1383db74e7b0630475be045ab12000000091e8d3db4d6b8174db0b34a369cbfc89cc544ec301ae7778f3cf4fd851795cf140000000ad996bee58f706deb3011f6ffe2790925b91bb14c64b7d5618158333a1095ef23f4413113d1ec65327df4812bb6cee03a24d88d44bb6d234922a883bea43f0b4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 901471b8d0edda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000006fc52b94069fc948521c7caf5d1726db1fadedf24d484c7d4cdb07b68765f3d3000000000e8000000002000020000000922e1da439237246a2fb24a1608c918047427fcdb8c91cb0ec8bc1cee7f9a1ec90000000c88072e64d0f89233f5a9c5a0ff4ba447cfd60fce948cac764da0e65abf9a6a53ba03cb17a56f07b90d2c5aa6544e64b3303988f8c43a2ff1a682806257efae99b5357a159f3526fcb98574933e1727b105e9c2b8defc5fa84e7059bc9cd45e34d500fe46b40025782e821a2337f54585f1a13be53be8d21a6267bc969a760811863651405268b2a2aa7024235b3ef9e40000000d8076a025237148b713f2ea3726cb7f8c5b1d8eb5cb8e3a24f9ed49c7acfccec023c037e0d22b2e34a912afdf8ac5a197189a7620df1a173ec69eaa9c5af7fa5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E25959C1-59C3-11EF-90D6-5AE8573B0ABD} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429750207"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2352	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2352	iexplore.exe
2352	iexplore.exe
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2336	2352	iexplore.exe	31
PID 2352 wrote to memory of 2336	2352	iexplore.exe	31
PID 2352 wrote to memory of 2336	2352	iexplore.exe	31
PID 2352 wrote to memory of 2336	2352	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9500aab3ac8a98fa59fec5501b5305c5_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4ad2620f384fef99daed69432e7c7c42

SHA1
5654b6a53a72075e2867553a3b01fdd809460074

SHA256
c9bcfa90d7c671736b3d6e50fe8586a53fd78ecd26802b1103cce4e2ac7f74b1

SHA512
f261d5a68679346610c4645348ef4ad5a1fbfacb3ee2a0b579ebf2b7427bfa1623a45484631fccaf98eeb6b6c58a2d20840bc38ffdc1d004e4240a7fc224cd63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
cf181fb58401aae4c24bcb676e8954a6

SHA1
b0a84d6a20d610baf943f0bd2731f79c33c70e8b

SHA256
848ed93f1af8633859b927465c28d746c7ae669f5ecc8f4d539f6405029daedd

SHA512
b024b595d746d9b42a4849dd4cea70157a4596b22652d54754fb23c00d69830ac325325f01f7d8b82d1e0af723d97631788714f9afed7bd730a5b9197a130694

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
bc0ae825210f7b64c9012c0002d912ad

SHA1
245c094d64f2f81e25dab98ab4fc415565bfde36

SHA256
204b6ad427b3214db8a04d0e1432820d45e8d6786a77c46996d4a2c82f78dbcc

SHA512
3de69eabbfd846c6f9a83450fb6bf493887dd31eb297657aad702bcea30a97c8ae99bb1e582051c630d1497afb5553ecfd677141df7af30839e4ed549b720416

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f7d139351258e9f729db00cbd69a8068

SHA1
170227a6cc88cb6cfe03451402331cc92e355b13

SHA256
c5c924cfaf74c1f689ede03219bc1c5ba115e9a3123a71c0e5e386c1ae8dbe1d

SHA512
32c990845ec7916071add2d520f26dac16bfa6615c434087f4563e10b7c97656faed2968384f4448b43d57adee4aa435fd3424aa35118a2b1eb374ed086275a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
418dae38a00608c86b4b5a00f1bb0659

SHA1
c0e74f339c32e84d44ad2bbf8adb9eeaa0280467

SHA256
0c229bceea2386e9d7f00dc5e537f87fb29718ecb0c5c2375a49273ef4239bf1

SHA512
ea3b4a3fcc5f8b94054921a91074e532e592227d68a0bf04054602802499eb6a5fdc269f8aa585b426448c4063855f0ef0addd365fc513c5655ca6e7e0cf98bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c994167061d2b629e5cb50b72460605d

SHA1
0f2ad9341ec28a150dba992ff91f7df567dd5891

SHA256
158aec17398036117832f9aea8d15e2ecea2de04a8270ce3cb69a28221fefba4

SHA512
f066d40943fecdfeff83ca03ff457201bae1244dbbd4204cd7d15ec1944775a76cc9261df2dcd36a5036aadaa8d488eee73192f8995fdd03108789de100dd492

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f1eff77073d27555ebd7991d0817cb49

SHA1
1d47ac6b8b43521c5053a91d72f29f8952fc998a

SHA256
57fca518f8c79225610b6b6fdb887bc2caea67ebaee963d416a1d09efad5325a

SHA512
7933308d1e1b3299224b73a6a79e7426d970cb8594b36cf1c4652331d82f54e0b92d1ca3e172b4336b00166e6d37230771e8713abd73be7772ed14bc35115c2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f02e4c50cecc4aea588f8a4b6cb6c547

SHA1
63506b163f58b5a8f818a8452fe4e57bc7829978

SHA256
89c8bfd74cf83fd79fb2d66b749a5073c655fecbe67708f59efdbf6d299e1c1f

SHA512
cb8012c90958021ded94116640b0dbbb8308c1e1da21a78dff19ad14ac5c389feb75a91b22884ac5fbe876de701e3eaf7470ef7ed278c865684a388b1807c63e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9f7d0866ae87ad27e02f6cb405dfd498

SHA1
d493663aa7df41b046e0e9c90199a77fc88ca46f

SHA256
cc3c1c533a9f7525266c977d378cd0528feeae507573e509152a581c40016bd3

SHA512
af5752ee8f78b66e2aaa689409f7f72924d7cd67311c9ae1ca9043dc38c5fcf537105aeb4d4e9da970743bd45c3fe86bfc8eff4ef1077fb5040b0f76ff049e30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
666eccfdb9f9034b23aa392a11d928df

SHA1
bb7debe307ae4b9ce3853d56f2007883a18d9099

SHA256
1cbaaa0f23c33c255557c8217785a6a5e199797bdf89a120657307a64e055556

SHA512
24c3c62cde1989ff832d6ac479d7a2b259651713629904b150730b984d4aae238ba47cfde70a3377a062e690c7ee6e99475ebcac71ccd188939d0bad6aa16421

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0df757b365203e5334be0de8cf96e91c

SHA1
82b5fda98ccf2108cdb7b1868531f323e3238665

SHA256
a77324b17c72d734ecb7e5ca3f62b873e71960d57608ff0596c260a75b775e67

SHA512
983d33766deb6218657eea0fed1dea7c85f8b81a278b3819d9351d1eecc8555ad2386d0b6dd2733017bc9bf5b3f2aa3851a0b49f62b9cf1279c22fbadd876123

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
98f0a1eb5a742ee07937d29425676ecc

SHA1
871fcfb90c411163324f59b2f6f751856f7b3ce1

SHA256
df0df8f5371348145f93512964c9d7f52d2a0e9f27d2a4b5d1436db7edacb654

SHA512
fdfa030467534d60064f1e7b5d2a16dba1f57e4e4ef7d0d4fcbe5986673fd37496aa99942de101b29a56bb7ab4acf4c8326bb214c1257abf7d9726d5fc176742

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
df975ad1875f3b57061016b05d0847cb

SHA1
3c0278f0e45c8fcc6be8a3aa9882765b39c3f5a1

SHA256
2fa70eb71f5a557b667d2c465c3a05fa71ba676b0d066d60b3d3ef3fe7cdc246

SHA512
e82c74a8f496c99735666f5c8e052d5ab7e582609cd526b0acee9d732960cf0862d7e80164b5b6f3a681b58cf21e7e6461624b695e85ba82298b88c0b9eb36cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9b1f58efffe6d3b053db8ed5cca5d2ac

SHA1
f713925655fd22dfc01954da21d1bc16cd0c051d

SHA256
945a5af6d9be2b1d13c61840f642f8e6983c65eda971ac51cae40b9a69a67d80

SHA512
fa42e55a6631365cddb601fa80b4bc00086eb2ceda2da3c8391d7806db893864b2bfc72f8d4d3b49d8e253d9e6b74c04ee7d9a1a5258b7db8693ea8edbd3f666

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFE6D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFF2C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit