64aafb9de0a593357925b7eec8688b9c60cbccd59495f395d77fc54e4d2dae7c

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95c573c536ee073d059f160a4352e2d7_JaffaCakes118.html
Size

22KB
MD5

95c573c536ee073d059f160a4352e2d7
SHA1

615ea92bd57e0f5e54348d8797b8f9d668f160c8
SHA256

64aafb9de0a593357925b7eec8688b9c60cbccd59495f395d77fc54e4d2dae7c
SHA512

b44efdd6773c200f50913b8882b01cb1dd789b850b62257cc91f896b5b713f5eb214cff9e5d5df90dc1aeb4df0ecafc7315aff824873406cd98983d8fd4716c3
SSDEEP

384:MrhbO38BGsXWh2zNItk9mpo0WWnrjx574WUjM:Md6sBGsXWouC0YWrjH7zUjM

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000004b631c6e7edebe9f6f227209e40609aa5a880899203da8efaea05876d7657070000000000e8000000002000020000000b3b5873b56d505aa24784fdfec7c4234f3ce2430e89d504a129cd54e0a7444869000000018d2522d0a3023b22421d6d375a4c7df9f588419e4ab5f16b902617f5436964988294b6160e8573a7bcec0209f28d59aa9aa34882f59e1d1c9d336dbad3183e75728ec22c2d0db200cbd959944d72bf18aa84b315749cbe4bf9ad97aadb8cbe4d962164c062869443973ea1bf71b7a6cbbcbebfed7b9c506f2b4ef995017374a9fa792e7f5e2ffa8894185e491874a64400000008dce4851077b73a8f4a2c103030e7b7f281f1bf39eefd6f5704f879bab6a9e142920c92e81847e56dd19c30f91c05b487d1cfbe0126207df7f733a4b6e4c30da	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb470000000002000000000010660000000100002000000061933606c5cde39a7dd977b824a116485cac5b454b94357a525594c099ed3984000000000e80000000020000200000001aadc52bb8defa5f96b34bbe99e5f4fd470004f2bb1d7f0df21932b1d352193a2000000038a033eeb86cd3184a6d7cd1308fe99725375e6bc9f952cb1cf5a46c3c47482f4000000095538879f9496095e94f395c30f32165929a3a9fb30642c8928f92721aca4361294a2e7360788aa9085f819d693ea0b9c2ea27c01176bdf85df4388b05494ec4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{60505B61-5A2A-11EF-9BC7-EEF6AC92610E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0c4423937eeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429794220"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2064	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2064	iexplore.exe
2064	iexplore.exe
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE
2132	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2132	2064	iexplore.exe	30
PID 2064 wrote to memory of 2132	2064	iexplore.exe	30
PID 2064 wrote to memory of 2132	2064	iexplore.exe	30
PID 2064 wrote to memory of 2132	2064	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\95c573c536ee073d059f160a4352e2d7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
245e4a3eb195f11c832c0955f2951c9d

SHA1
6898e8f7ef7336aa937969e91ae32d2a24da684e

SHA256
3bce37c0c0618ef23d62e4134cbe8df3d84c95ebbfb2912bb6c671e7a167f618

SHA512
11dcc139e39652bb4d05bfe07e074a0dd62cb8ecc0a816740ae8fbdb4eaad3087f6b06d60c4583a509ef5ddd21762eac5bfc73346b5e178bdd5ba43e9c9f9844

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
247fe0beb40ffa64f22ab6c5d7590a4f

SHA1
e9d060e53eaa3820a9c2ed18f64a90c854520234

SHA256
da3989375d8f4dbbd76d50cee18310d98ae13fd0ba0ce80fba345ecee87692fd

SHA512
d6778b1238381bde215e6771730b0952735e07fd0418bc39d599f02be8ca5f2368f7186a8d5f015d4aa7cc5ff44369e7a18ae63ac88e7f9647e70361106e1b9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1f52abb1fd4a1bf43f6e6ab16226171

SHA1
16fb27a45a81e8b5fe212dbbf9de8333efe6299e

SHA256
0d6fde48308a2bf495c83a92d50b150b85719baccc97b8d2f1e230120dbd6f3c

SHA512
7d483af6357185c1ad388d4b27190a6727e49cedd1022647f58dd06148e4a53a801d6e2f48fce8bb1efb09768d4dcf17d455bc4df1d01285af9f223c2c74bb2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3c9c634040533f19c93bc4e904a68ae

SHA1
1ea10244443bd87faaf4abe9476518a32c6f41ad

SHA256
7d96dd05ef520c19a45f21a5019aa61ae5d849000f80238c7d34fc1baa5094ea

SHA512
5f6a5eac13452fbb199f12f60e421b323e6371564956450625f0f0e490ce1a2fb71cc84a0f6ab260fbde783a92cf430aa28b8216ef12c9c6c4096d73f1140c68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f9e2fded9950eadcf499dce4562574c

SHA1
b7b8871a0e54a4fabb499ad2466dc9b557034cf5

SHA256
5aa898c4e9065ee6f48a74133b62cc7d4103a75f1474498beb0548375b2f8996

SHA512
e7d672a15e07abbc7eea5ad71acf31c604d087ae1f0be018b0f1d95b4b7b6c5776b09eb8b6540d852dc2c40022a2d3cbf2dee4c71f9d297d8e8d776af58429f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0254747edf47f5959260b6b444b9ddd9

SHA1
2bedb01d188a9de2f840225f477e68e3b638648e

SHA256
fbda54627b8d02a6e3c6d6954f248b99a7384ef9de2072940644a67243560d1a

SHA512
77f5a998c89d68094ed54590e83591f426a312d3caa58791b2cef6b4df913809c990ed00cc01b63c5164ae7a90abbc7387804bddcebe34fb9ca6eb98de540ede

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac1287ea58df8a634c84a75274661721

SHA1
ccb6d9512181f27e737d6d4e252576c1dddb7544

SHA256
2f755faa66af28e3c7fa1327e2f4e1d5af1e830b0e366f884838d0cb949a487d

SHA512
609f6f59a13ae79ba5cec11625572d932d64abb57f8796fc35cd93bdddb2f55aa21120c91ea5553c41015495dabc60ac880202f19e9df8ada518a9125666b4ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df075f9385b7b40c5e1f17301ab99e39

SHA1
a88ea24290941ff70000a65072e7d601541e78f2

SHA256
61d954922baac07d093bdeaacdb0d9745c4a4ef9fd91e129405c046f98efa7e6

SHA512
90b5af7f984f7cd7e7ba3af4bbff41a068af240ff655ef895262d66ab4df071b428bfbf01915aae310ba4e5c97078e2a9d58f811998d339666cea5b6fe31a681

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
838dbbdcd2c5248444122f51d8f4bfb3

SHA1
3661cf822c2e8b36d0295cc08a291c6e23dc10cf

SHA256
75ca2283ef364dc2c9c56813235ef251c5d357b4a019dc1af15da09e1185c055

SHA512
83ec9eb45772291afe696919b10368f9f55cf12fbc191ffcb72759d6cbaa5ef7cee8b82fd953a42829b85f36706437c52cc01e83da3ffe077dbf92a8fafc8e90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6de8f7c87dd785ed35d562d4fadf9f6

SHA1
234da92c560bff7ab08f05bb78bac2788081d38d

SHA256
cd591e059e0a4c4132fb83767fabedbb5aba766e3421c38b1967659151493fd1

SHA512
d2baf8e19f0d15aacb7226e5e1092e40cb3742c773c57db82ca15049f072388a591d2aaa34dd2af9de575e087f9425fddedb8f9392b24e93d893a6c9e8b07c12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c048cd9d1ed5f5f13e5f20aabc770d8

SHA1
73b91c96f88c9953bbc5a0cbd7e575de76ae4e71

SHA256
007628ed20eec7ea3b23ee6dbd34ecb2d37b29a1f4c381699b65a6d39ef519f2

SHA512
55662143e6ed150a630983cbfa799e8ff518ed25fb2b3f1bc6d6f4563be4a8f6328e7041dc3cf95732ea0d6c8438e43144d18de883d60539d2644e6cdfe68073

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91d5f7733cd584385c978946758a8a55

SHA1
a0fcb160449366ca2f660c2acd30f800d4b40c8f

SHA256
b76fb6844c1c88d558faf78cc03a8fa4d3adc4efd7ac9e9a3310e4057cee1381

SHA512
4d24f7a2507231f021de049043da160ec113e016867393c92bea79584e1fad8b1174c6a15435a8e123746011ae4eaec4b0ea29cf5617d3627d32a61316a8f117

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbec35e156efe68a0075b64ada3a4366

SHA1
52888ccc2b0144d2351c75e9e6046e03aaa03ab2

SHA256
23dc804d0ab6f09263e6d4dea841c8284f986f44c3d6a50e386e797ae795b150

SHA512
539a3b209e713f8783774952081e3c7063cc3de406ae864b8e61e803b78ce0429d36082f155619e59910188f2fafdb6c49a5a3288c9936fce49ecd2fa735ce5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddd75cdd318a9874bd51b5a98f1a0971

SHA1
34899ab1402e11dd650041d3f786b2b89efbaae7

SHA256
fbdf2ccc56b0bff6cb721f26ca02bc0f7525314693914f377f150d0a3e1709a2

SHA512
ecc6eecfb31773504b483d80c3ba14e5fe751919e2f80f81b59123da6f4c2bbd8c4cdb700e492de07fd7be13112ccfb3d1c2f78e424541aa3006dbe8c72e372e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07885ccf5015e468e510c793e6464439

SHA1
bcfc506a3595f806f05886ae54a4c1cb9d46a835

SHA256
b4c35fddb201a5c4a22e95c437c29c8d738658fa7e579db546442e46e52aa6d5

SHA512
b73d8e47ebf6680af5fec244aaea7798e5ab5bd9b3ba63709cea09aea4dbf9aea45d0082ce9e2ca87706e78d328ad239b1bfa7c0fd9bf96bed129cafe8ffecd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d164fcea4bc658006e894442ae7e339

SHA1
cf2b1fab3d2f6463f052fb9fc3734beb46c157d7

SHA256
cfb61e7d8aa74ca1f85a1571ee85804fd8cc0b320cb66d1bef4db7047fdad318

SHA512
8caf9bec6454483c5e6c77851b3fe72256f545b0992d387e8cee201f520f861eebd17d2c43280d03af4e53fbe4effbb899299723e14780a63c99b4e39b348b9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF47E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF52E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit