c1ee79a9536d5fa6ad2678dcea6256a1fbb0c990ee438ffaae68f1a20ac0dabc

Analysis

max time kernel
117s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95e61e025350266fab5bb091ba79e617_JaffaCakes118.html
Size

488KB
MD5

95e61e025350266fab5bb091ba79e617
SHA1

5228a2728d9871f353b1c20a903703ce5524166b
SHA256

c1ee79a9536d5fa6ad2678dcea6256a1fbb0c990ee438ffaae68f1a20ac0dabc
SHA512

8e33968b420a1e38d184e32a5f4a943787afeac374eb88106bc39e5bdad643b11ecdbd8afab0685d1c578f4ef26aafd1624f9703ec071cfb8aadccc765dc52d5
SSDEEP

6144:SFM/d3t4NoDAyDfnLtxCJJkN4UL2Q082kSiTxDvpCN:xZDtLtxCJotn0bt4be

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000205eba8b400ceb4d3eacc514afc89a67b3f36e456ba6d680bb84e9db8b58d1cb000000000e80000000020000200000003b69ac68ec2bc1de39e6748e11cc357640d83c45ff5e903386c0b131161b8923200000007c1ba8f2731e1322cabe0faf309914462b2e1865f3c779617b65daef2ea414d9400000008cb7456c568fabcdb508eab4065a8635b9e09d1ebffee67f12b97738fd17868268e5f16624a70375f4fc4fb8beeae02d162a30fdf9dcd828425fdec423524622	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429796544"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CA2A6711-5A2F-11EF-96E9-6E739D7B0BBB} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90cab89e3ceeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c70000000002000000000010660000000100002000000089ab47e121b0c0f2cd07ba05495b79f5dfe06d45cf215d51fae11284bbb48095000000000e800000000200002000000024ebbd4d317aa586449bf55695a6f8b8dd1ce1c1814d9df9e903f69ae816322a9000000052121e3bc4a833a9fcff69fecf6973a882d4fe3b7d5820019ff354228ee5bfc2ddcbf03465ae8c6a0e929bcf77de652cb979ac5432ccf4dc14d923944b901c927476e9c7309ff6393674d900e9887c27174554e5eb85ea038c364cf3b82f62a9e8b2ee849891a7619240e84ac0bda1f91f207e35d288fe7b349da7c24e1fa094ff2f408963f49ed2d400ab53538ff53e40000000017024b1135568ac0efe88e8117cfb7cbdde079a5a38dd0cf9d93cfa0638aee594f0c5f0d0afe439d9f7fff1fffbdb1aaaf5b78ed1a5e6654d10367afc0ddf43	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3044	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3044	iexplore.exe
3044	iexplore.exe
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2832	3044	iexplore.exe	30
PID 3044 wrote to memory of 2832	3044	iexplore.exe	30
PID 3044 wrote to memory of 2832	3044	iexplore.exe	30
PID 3044 wrote to memory of 2832	3044	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\95e61e025350266fab5bb091ba79e617_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4f868acfe46334761ca2d0c10ac3676

SHA1
0d768a6063bbb3e31c4f00f2a5031cb96a076582

SHA256
66c6a2dd193b452c5451da4a5931a4978c8bb0f4bd14b9fdc8e536eeb47116b7

SHA512
a9dcaac72d4fc48d42f91cabf4eeaf8d8f3d38a0b67ef1efc18e2794b728ed7906b55fca6f432882973bb64115c4d40b2a2b5eee12d71ee4a499d587530717ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f50258623e96de76784a05a1ed7f6cdf

SHA1
058493393a213b2f824e69a9c299a56a60f794b5

SHA256
46dd5ddb8b98a7c0cea4db5aac0f129ef510dd7d109db0eeed8659f54d5afe20

SHA512
508683bb889d9d1ffd0b1d12e7de248e16aa04cb9cd1d4db9367aedb408fe6916bcc6a85aba25f5fcee7afd15126025703cc1cc131e07fc9cf6657789c9546f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b20dc46c27280e974a48f51f64dff1b

SHA1
56a08278617cbdd8dda6dcaf00d4df724405bc4c

SHA256
0d95f4573053c1d71ec41455fc8589e7549ef48e1f656026dbbd0d03e8afb7b3

SHA512
8e88db8ee5bda4d192bf2dcc142cf97f3b0b9710227150925d3b90061aa7bd13054a63085cb49a120d87b87dc8daaefa8a312f633335adcfb14a1111cc355a7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b92a5e07cf461693076504a11ae76b1

SHA1
65eb05332f0591ac7dd70e4f6621895cd75ef9f9

SHA256
b79a3ba068d1755095adaec9c3d830b12bf71c8da0156341a0b924db056b6054

SHA512
8684b56a685ab5fe1ea4d17187a4368224bc27d517d49bbf9dfd77b8de944ae65c520ea2d88728d853d52d007c03ed598953002901ba527a6f844a5d54ad1815

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
084a7a9fa2f9d2220ca1936cffbdd16b

SHA1
5cb9ef350d00db884bd0a1e4b3e7390a65a025c0

SHA256
53e339964df9f4b6fe4fb5cf032cf74cd7da7c9998d56e4b29ec3815e5a43b4b

SHA512
089a86dc9648edb9b41dbadee8f0154469cebf28ae71a38a556989304ab70679f5003cf9785edda40c35d48eeb23aebe1eee3e3da5911d12aa44a67c733abbe8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5cdc05a56ec3de0b5952005875055f62

SHA1
d92cca25a17bc6ac733d99cd8c26ba29d8806d76

SHA256
54f5ce66bfafe4a21e7aa45f084feedce42d9ad17b40b6dbbbb6ca6c24160918

SHA512
933f23b829aacdd81c6d353b1980d1947eda042132dad17dc7fe4608480a8bb5d4b30afb6f7d8832647a85a33a98883549cebc843527dbc5fe44b4e135e4c4b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0c9c837bd85af1d883f8d09fe310ddc

SHA1
75a9e55ddeaae2f72a71ce741ce501fb43c4522b

SHA256
c0fc87d0df94422eeffeef1f8c9c75af8afed8ec5e48d7c27714b6f5bbeef8f8

SHA512
862fd8352a3771374b0cc25a938723eaf403e377755a838a2c3cf74daddf0455f644dba2a961ee6e307b61414f8e055ea48fab864fef4e2b200a53088208a1c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2912c5f7ac74049648bd7f3ec72e930c

SHA1
6d70dd8c0f7c53f2365a5c721434308b564b0271

SHA256
d399f70a0bc022feca43bec51b32cd83142eb636dd486a911fd0a3451560d5e6

SHA512
5d9122261ffe6b276278db0475a62d2f9007da6c10f523892aefc64e96687095513a68556893c58424d6520f64747c267664596dd81eecdc40d2dcc3527b4cca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c34203a4de672ff36650654c3bc6487d

SHA1
3ce9acb1c371654b579945c0f795178676575656

SHA256
557d215238239a2013e4328e0374094c7be98c4b46240edb38f2e6df4c31921f

SHA512
cd694c2187f5421fbb243d8f27280c6add7ce23ef8726fe0a12dff2154322229cacd0e14630f92f9588087a60bd68945318b6f57c13dd957e0cac5e13211b616

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8746d851ac19a83a49732ade8531976d

SHA1
e83f6b16448af8aa4536bc442d9c29e4b456641e

SHA256
d3132cebc9ff933e0d50406df4957d4717f9b21e50f18be0571def44c2c2ea8a

SHA512
3ce1526bfc2b6c0ddca938dacb510816bf5a6040b4db7825524f50f701fd4afecb545ecd060fb205c47d2dff872b7dc3b42a89372ec728fdd7b66bba2d4b26e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fae780f7aa5a1e2c948c81cf7a554988

SHA1
1c935fdbabea630bade3ac6b26d3d6ccd5e369aa

SHA256
f1c60056c43b3efad1c8d08c6538a73bff2541f3a9c5bae2f41c9a59a3ab18cd

SHA512
3f5ab35448e3a51ac2a07baba0468e3d1f52e1b23db47b8578b1d67e7408bf05fd7b1a078db9498501f4596babd195cb6bc8ee3b32bbb86e6e15579aa3958afc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d2d16871ec47f323acb9803f38117e5

SHA1
0dd0fd42d2803ff7e8a0613774c0ad16752eec28

SHA256
71e1310bda733c9c72c48c07365bd71d259091a978b4be6582b07d3f20a15c58

SHA512
5a5a4f2ecfa487016089251b1cfc0c76983221618c6e2279c5d54c12a14fc5d1e47e781daed2a272c39c3a8d69f63b736a092c774dacea5f52e16cb44004790f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc8cac6fff61ae912a41303629168b41

SHA1
b1830151dfc08f7d9e41f26a76c10ae81d8f454d

SHA256
73eb31ef8c41645ab04d70ffa20cec3296b852ee90bff716f45a8dc0d24fe673

SHA512
fad50b08bb74566756174c88bc0f22b4e6a196c990a75129f8d241a78de1b5e35f1af62a362e8f38d61fbd3db9b50f54332bcc127e24f0b893a61946b9010017

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9290.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9312.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit