c1dc922a4dc278f41447799ccebd23cdcadb4020132f035d3170e78c802f79ab

Analysis

max time kernel
117s
max time network
148s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 12:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96115333c9c7d769e8d2cc9378136578_JaffaCakes118.html
Size

6KB
MD5

96115333c9c7d769e8d2cc9378136578
SHA1

88bbfa5b0acf74cafd85cb47a07c8eba0937eba5
SHA256

c1dc922a4dc278f41447799ccebd23cdcadb4020132f035d3170e78c802f79ab
SHA512

a83f627b98398ad82a456de1ff33d812a330690a6fe68c0083ad3742cce7f0e8ec19b1dc16128cdb97ee1275f50647a6ffaccbc81b65feb42e3c17a82e4601dd
SSDEEP

96:uzVs+ux7y6aLLY1k9o84d12ef7CSTU3ZcEZ7ru7f:csz7y6aAYS/2b76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0c8260744eeda01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000233c2e085bf000645ec4a51ce3407ba1dcafa6c68945e6b71cf21a32dfa92a20000000000e8000000002000020000000324495c7f11c1da4cd7d64e886ff49b411ca88f0c5abdb1dc350373251dbd63490000000317035e6165b426da79ea32ecd44707cd2fd8020b1916fb357e46facb51c29ae2a63c46379905e2559330794a216544ac9d11f32c45d85ff183baa466a5ef7f008cf668c5c23c8be08edd638f0b47672f87b8593fbec80cbd2f94eb8bf9340ccd1c58c865fa85f56d5f76b360576102967335e763e639fa2b3b47f1164a791a5c6adc08b5eac3a50e1dbdec5abafcdff40000000648eecb1be8c4429f106b8fc31d09fb4f5326471fe9591adba10e8eb1c83d53c9c59e55146bb32873d1c80e02d1c194a0783d1f81b038880d5190b66461e5245	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{322EA6D1-5A37-11EF-84B3-46A49AEEEEC8} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429799744"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000020a94a4694676b0aa130387093b303ab034e17770b0d679f1f654539f186418000000000e8000000002000020000000ae06944c11f4c239c75f3ef13f9cf31afc9398cc3be54ddc19e6c438f2647f1d200000004aefe1188293a341b9b21665cd34b81ad78693a0a6d33b30ef78030180edd99340000000e6216a2dba5dbb78e7a54e73ffe98c5136d839bc2ac3ec91a6a8cac6732574f569798ae04e5f8575a2dc8a0b4ffd29224ed30a4a5c976b86988acf736d9dd532	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1968	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1968	iexplore.exe
1968	iexplore.exe
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE
2756	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2756	1968	iexplore.exe	30
PID 1968 wrote to memory of 2756	1968	iexplore.exe	30
PID 1968 wrote to memory of 2756	1968	iexplore.exe	30
PID 1968 wrote to memory of 2756	1968	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\96115333c9c7d769e8d2cc9378136578_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1968 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d09957e6564a037805b3f575ece13c2f

SHA1
252cb1362f6eb936cf1b4cdebf4df4e320d2ff0c

SHA256
e483086d0de7ecfdd1c98373a947e7309205f267cc9bc568f596d52d4c00a34a

SHA512
a374a7b0488dd654ecd84dc567753ab40d89d30d338df1d283aae79665e5d33a12dd1fff9bdf8b75a5c3cd92c3a1ad31bcf28221e4e3753c03892ff76acc4ad1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3d9110a31df9830524afb94221811c4

SHA1
abda24d2b43b077a0d4334022113b881523f053a

SHA256
a9c822260f76797adeb8104e2038ed2019bca994dd46a52e9bd4a2dd21ac84a9

SHA512
9a1363c31abb0d10422cb652b4d54bddd530eae6e1cf7094fd9c7717f6b379eaeac8056de7bb96999522236972c58bcbbfde18d5307661893dd0dffce947cb8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46a2edbdf07b40b8b2d1a7914e4ae6f7

SHA1
4a510decfe763396a670158d3978263bd424a555

SHA256
2fbed0db75c2c190ba87476e7a27675ed64f7dbf960664cebd2bdbe905ddb57c

SHA512
0dc576fbdf1b108a4e991b17ded6bddcfcbf18ac811b9763b91ef2777fd738886c597cfd472817b18f3e037555741ca66a5c682ee14a9a6c6a008b7823c998d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a92d0d17f8b958abc55a4df918ec7c8

SHA1
b6ce75cd509ddb67493cc22c86d0d57fe81a2976

SHA256
8f594913aaab1d339f6bbedca85bb1f4137695201a4d83d7309a75f0640aa5e0

SHA512
f745e12eee5f816392bcc40ae85b03ea786845aa89fb866bd1f92daa1bde6385d2537ae7ba0bde30bed41cb34fa94ec4dee2d454f97c861edd63c206c4b3e39b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b691a36b9be6b7c813ff5316b0e59fdc

SHA1
cd4487d1043b25576e51a0fc6d12e2de8664ac61

SHA256
d4557569c9f0dec36bd4787f0ac4547ad32b781361ead69f7a8cb1e7b2e5a36c

SHA512
13753152c2d5cadde0beedf0e6f5631beba55c8c07e8c7be5b257e253dbab2e6f962927be7c169867cc8e53daac7e1e295123cb4c0400c48c1933a760a5ba375

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d06996df39e107b80712df443e0bd5b

SHA1
50618af112dbe744de80bae2cc8f1bbcd4d4a4ae

SHA256
c939f0e0b8da9cabee8b1f1d8f514c75731acb448ca5393a0e6824ab3d267260

SHA512
54f86965e94f202e4daaaba8dbc13fe5214e6d6e1991eea17d9c5ba3daa81e5d72292e001d6724aea76e18d5eb6a837ec2a06db5b6a630f4c849e53863895369

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26d8093ba97b56b1f5bcdfb8a095de14

SHA1
ae9a5e1efa635037031d10c24a35e9e2fa33935e

SHA256
f5be84f93b82d01e8cb18a46bf2fff3ec6666eb12cc4210611257a9e054cdf40

SHA512
6508ab4dc1e745f027bf00e729bc61812c1b3a32eb2939f4cc58398abcbc9d60dd5c2a463e72c6e15ae7726defe39d87fb6b47a3a09bddcef0a7b1849ca3faf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11c4b10cba62f17fb97dec5f0f902cfe

SHA1
587013a4864050b82813c18e94f5cd65cec71764

SHA256
4322499f41292bab943c09eb1f43580616325c274e63c7fde4e2f31016170483

SHA512
95cba8e8dc7ed60cf62f5fb08a27367553191829d2dbc86cba7ac6ae057f20aa176fa8154c2d1db1cdc19678d90c507a5bf37ba5965d1268f05f83b650002f8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7c6afff597e9f5915a644425d23c0f6

SHA1
fb5953241599625e8cfc31cb99374a5734634f5c

SHA256
50f2c2fb2a68f048b3831660f3180c7073e91f2f95bcee2919a46a707db621a3

SHA512
c467dc76eee691d32350a768a439def1912720b16f20d723006a9bd05dbb762610cb17eacdd31274b1885d0fd0758e29313baa5c3c9dfe8cd2081e1150436a6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c11b12e3c40d251d1aeb3a6258fe83d

SHA1
06d40b0e26b8734bb19f77aa248c2ce42bff0bcc

SHA256
baa6412868bc7bbb3bac212c1ad226786ed9fdaee7b0f3842e522bf1bcc0f7bd

SHA512
378d19838f4f7a4b8f9a31280e5f607e2f9421ee2774e7d7830ff93faa87bff38e7973e9d852e2aa35bad695cba99282007436a10bf93671ed7ca4a7608675d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f23d204d34902658365b67d7f3f49b39

SHA1
a59fc9c371cc845102594cf02a012349f9421d12

SHA256
58e38a6b0b3c296a32ceadaf98e320a45ea37556eec4aa2512edbaca6d4bb874

SHA512
314eedacac92a88106910a3941a0b213e1e6771e7fb9ec2faea150bb3acd8a87c74074bf77a903582d7ae4d37b51a9210dcd6bf2b6c2dc10937f35f67e17539a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c1faaf08f7caf37e6a1de150dc8b8e9

SHA1
d016accb53bcd84c76096bfd8970a8fcf110d019

SHA256
a6cca8f30c03ede9d277484cd46ecfe6f6f3a05f4711f8825607d4daaeb192b1

SHA512
c1afac19491ad02039be940b65441703abf82373192632085d1c3727ba0d51ac988666dcd97dfd7e240e452cf8329894a93f11ffd0133b0ebd9006ccf775bd7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b79e7d547911416b94bf61c580f65608

SHA1
6720491710ef30e67d4d7601285ac744c1cfafd5

SHA256
f6ff1ade29de9accdd2315a08723aaf7aa49d2232c1c14b9366d62f78172ffb8

SHA512
e0ca0abdbe7081f9d9350124dacbbb6b7bb65ea67f7ac8d7be383a42ea8b92a154979716869a505613241ba33c5e71cb22d25a3f9a6e74528996fe3cc83182f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8889bb6705951bde48e74dbcbb9fd20

SHA1
1a3d90346f71fb5d673cf27b564f3f319174853a

SHA256
524adcac4b661a6c2d6410d353f4af89d4f5c90281b9ea1a26c197455fe870e3

SHA512
aa52d49c26025861c67b7d58302ecdccc623dbfdea33681e3f3bd0ecc32d3276878f598aff9ad6854161604bd0ae006be3b353a0931d6804f975fedd1687bfd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96819b1587fd6030aa3548c186db9a13

SHA1
bc1e18b5af7d7cf52111d54002b61552817c8e2e

SHA256
9a0286819b42d8fb2b02efef156013e5b9ecdbbc54316c1c76b3ab5e897ec448

SHA512
413b5b3968e4a31ed2179119ec19980ae31ae3a6caaa94399e20030b80dfbdb2942d2618bb0b4e1a62920ba9512e02c8e65950a0f171ce598ba5fdffccc0ca38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac6411472d811034d9de61395d3654a9

SHA1
09d1e17441964b8c60af09870436c136a6977aeb

SHA256
0f062f956fcd1de548be9f4f980dacd00269cda3f4b3d5edee8ea54341fda37e

SHA512
445f74381ca23d1008014f468e29e70fb27d2424ea7d2fa2cad35357fd3fa4154bb7a18bdd4ea433d8fd3f7dbfb844b22adfcde50b54909bf3236a9b5a1b1c9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9F00.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9F9F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit