870a30620578f4adf6f76e28b8ba9de78dccad7a830359741aa292b72af63c02

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14-08-2024 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

968725873c42993b78c237631f2f119e_JaffaCakes118.html
Size

3KB
MD5

968725873c42993b78c237631f2f119e
SHA1

3fc601493b4ee24b6801634c556f0c25559e50a2
SHA256

870a30620578f4adf6f76e28b8ba9de78dccad7a830359741aa292b72af63c02
SHA512

23c8e80c657b75b78a7306a0903644060c9776bd567db737743b31bcd8851abf93a8a957002f1d4eec0f5ca120e228e0127b59eb907893da19a7ac0f5d62db04

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000004dd4b3a29d237349acdf3e0b095ce92e54fdac6a4443ad0a1185775023623756000000000e8000000002000020000000c40506ab03b6b53937a981dd1fa9ecfe450f2f1e1a10496076ec79ee0f8e5f2f200000002486c6014ddc3d8806d83c3ebe96e39fa6aaea31286e879650633a4134bcbf4d4000000007f54d062d45395f20ee5bf73036cce93f12abe899165e4a9a08d74851e0b811dd5655fc47747a653e4dba4236a2498975ab4b2c7fdea3508f01f8faf507407f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FB133DE1-5A4B-11EF-8B6F-725FF0DF1EEB} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e007c5cf58eeda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "429808654"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000005ef617df4b90d6ad96e4e811a20594dce5d2b8ea00c49f3da21d19299a058f98000000000e8000000002000020000000a7a6bebf7185f1b58bbe3cba1c22520c4b97855c7a629a74e1005fb220ec7150900000009adb021a1fa403c6095aef867e6c0fc06449fac66a05b6f190a11f47b7735df180804f67d3be895f42d1d75696ec1674dcec34e8542ab94665419c921f489d46effd8297c6c52cc5ecb53ef4554a51401a2abc99dff35dcff38da2c817b78f20f7349f88eb305dd27e7bfd1031b2e29dffbc7705d454db64c83d83403f6e6e0460b533e85373b3f71299a832f95ac3de400000005463d91aa95b876326cb86ce2a5b08a5888b3b2fcd8f2175ea2746f518ce2d1544407b9166d63f0effb277b65ea6d73195b34a68c4ce528892154bb567fa1666	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2708	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2708	iexplore.exe
2708	iexplore.exe
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE
2736	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 2736	2708	iexplore.exe	31
PID 2708 wrote to memory of 2736	2708	iexplore.exe	31
PID 2708 wrote to memory of 2736	2708	iexplore.exe	31
PID 2708 wrote to memory of 2736	2708	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\968725873c42993b78c237631f2f119e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc6f13c79c4753e5a721c6d1e268af4d

SHA1
c9268e059cde65e4e9ea44ddac17672532e2fa44

SHA256
7c2c7ffed30b105df0c67a30b1ba6609f3381c93cabcf4328486db10d9788b5e

SHA512
999331c25262250c441b4b63a9679838ab2f68f3b14f8a0cd0512c23091ca3f77dff87892c3fbdbdbb32449b9c680135d6d9c5280780fc613d6f2ac83c6f3424

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bfe53ecf8066d196a1901c2ff15e618

SHA1
e12933ec95037fef12a0b419d870057e7ed5c10d

SHA256
9a30d24e3d2dac5ab5c1814475eb872dee762b92700c7cd6a6be69400133b44c

SHA512
bcf23bd48dc093b9d58ee0e742b4b18f24a02ea60ebf0c718765f002c53996a0648920585e40840fe7ca500a0e307699785b1e3ae61e2085f0f400d5a7313733

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48dc2b50149842bc06d99535740da26f

SHA1
8db6e0b26aeb28932f84c03b4fc4f97d7a65f05a

SHA256
ae04fc6fd4e656d4ba6cbc918bc704a3241db422a505f01ee752cf0a68378ab7

SHA512
4cd6a57be076fe79b561d722f5e15dbe8a3036a28ab0d53fb2c1267901f1fdc0e7e158af4cd20c44e086acc4f142cb531bdd804904464792b60b578c7ffe4d09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a54af0c3ef3d43523e62d6c6a08403d8

SHA1
d82510521838458963760f4c8442df6afb50e982

SHA256
a2af6849f0e6f6d6d6f4061ff5d4a380aefc859ed82306aa81cf7c4aa76525cb

SHA512
d1b2a57553799798177dc94b733a488ca5358558e433a174b826b96d80a23b8b465dc6abcc6925346431bafb4474f6f0e060f4c0637f349c612bbae3a1e1a097

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8974254f84e823faab806fb9672cef7

SHA1
814d10311c8e92397ba3a6fcd68a032ff6f6c51d

SHA256
369e6297457f5af886f1ddc83bc57055ec796b8183fdaf8b7c5ea045a707d072

SHA512
42888081c64c15d3dc026281bd8c6a520289557b4eaa3a7ede98d0e065b7c430188af6c094bd725c34906c9f4fb7cffde3352a1b001b809b989ceacfa616d728

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f86964344b5b6c52eccfe2714188fc7b

SHA1
ef95e82897dbd08d81436052f4b29fbd108b8cf6

SHA256
4c86f5b199a55c882b52bc04993174f83745166b4cacef2bea9158c9249854b3

SHA512
94b90d569168f4370f5e96e0b316389cd69188146281ca365c569b85e47672d472dcf6914f49de0900181f480b61cbd6f041652c03169a21b0882dc5c7a5618b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20a08d37e86886262678376a0dbbf28b

SHA1
0ead25c5392293fe2c8981f2aa71234eb008a0f6

SHA256
ef92236303d3d5abf651488b091b0f81b241bca9f1d0ef004db0c485dc26c3b4

SHA512
46dc6ea9ae82cb304b93c0089399f4f06feba4562e9171b6f5f372774ae549a8163f151945ce136b54ef04ae1fd0071b2c5fa760bde898dedf153ce003fe3ce1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a42f7bd96c5b5959242a86abd68914a

SHA1
ede3f1dc6b593da6caaa26f3254d6cd6cede8a00

SHA256
0f47e47e817ae973e112650656cd65e194938f46e21e1d73982e92e43353c7bd

SHA512
d09c32953760d2c333c1e85ea9b8728ede4965017559878e11aee7546b856ea0866e0859fcf25ff91f8674dc70e54a8c89eca797abb3ec20c7c966adf268d07d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1ad057a5076ade554eb101a6d1a7bbe

SHA1
0715da50f794f002e38c3057004b221ed23376b7

SHA256
2a1edd4f10f54ebe92a94cf4b6d866b99be86662635d18f7382705e8bc54fe75

SHA512
13d1020f19d7b7ae79646115757c834a2b95bd63c48a5ad81e06cbe35c8fed5d9bfaa2850af2e4714ca208b362de75637696d8cbd79cb30265c3fb0d07216bf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9cb0048f5dfeda1921ffad3b18fbddd3

SHA1
8808791b0c901b4686b54c61b053a226f931a03b

SHA256
e0380bc780a1f1046c91f621ecb9fb4b0fb17d6094c9a461077f800c0effb494

SHA512
a2f88fb7a95c48fb15dc5045c65515638bd7ff816d7ec9bc6566ba53eaa98fd4822a7effa00331e8592a1ff975e4f62c0e5cb26a59b63f60bd7ffbaefb56fdcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91a11984107456dad058161bd8890686

SHA1
9b9877a9fc5b60b6aa6892c54d9806f8a459478a

SHA256
733df252b2a1a4130db782974822c5c40186d6f5d6ba041e17e81f896638911d

SHA512
c7c0e98e1dfcc471f362489cb66361d2cf104d2fa124b21a1f1a74962b9c01d535db121e070faad0aad8abefa75c44524ec9f8248ec29369c48ac66ecdec5492

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc674bfdd7978026f4e99ad8a7745cef

SHA1
3ed1a364f3393640c2bb810e972aa0a998f4f624

SHA256
5f016bb0c8aaa944926fba19bf7b4bc535d51ceb3d449d86510883e269d87c87

SHA512
4a2153de3cc4ec58a549867a64df2bfa83efbcd74da3f103f55eee52a60af5a77757672ce17b1a417b92107d517c31e257f5c7d55beb69c4d737fb7d13066d30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58a78f9ad11507e5aff761952035a2a2

SHA1
cea0acda1df62cba104596226f280e7ad67604df

SHA256
2392e1b89c3b6289284736b3683072cee11e3e3f234d28276a76792fa34eb352

SHA512
24745a446fdb8d1ce8f7c83833ba87047fe72c8f4f627778ff94392b39efc650bf12fcac4640233c2f362a1d20df0f5e77126acea7f30b57694863b1cc323f4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
440dae0a4737ce9c804fd49356331ff9

SHA1
2970fd74f4d2fa6fc24a988730d1597dc9a53428

SHA256
3a420b7f9ed06902cab7ab319a3aec77cd1ba3e7c5a11feb5dde109bacdba611

SHA512
7de7b8d1bf30147033bb05b133dfabc367bb352d7c5ef62ec0108e21d7a9fc14c98bbe89a271bc797cc47dbd48ec406bc2aae4a1cd1118b56e5d027ff1bf28cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6eec86040c92012250fef165b233fc59

SHA1
f8baa8387d84142abb91143d63d26586ea778163

SHA256
5e6f421bfb988329040e49d0210b95924da87b12fe78f07d174fcdd4f3a7d3c6

SHA512
491014341a92feb0b9f74727077c36b40048f966f2620af4bf56e70debb9101cf217b8a5db2ce52d20d17f5c07f51c6d31578929b3a36bb2f787b5786084d75b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c47917a29169d5c6413e544b132d72d

SHA1
dc046f6ce893b5a21a07069f1c21ea4280ef16a9

SHA256
71888ee2caf7d049c3e0a958127883943f91c439b067ee3c7aef6c26ac4c4925

SHA512
9528164c1607d33e6e17d88d76758ee5bdc6160b1e09843f0eff999bfb32fbf7f96ec1e051e675127ff3b74efba6f494aaaed60442b192cca91347f8e4fe542f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90990b2f8295152abca117e703b70069

SHA1
951685dcc443a47a366401dc1bec8c09fc712816

SHA256
4202bf2fd5a485014b8afb3d1ba2c8ee8cd61b5a0331a46657f7c67c05be19c7

SHA512
d392a96ee60b510f19596e8516d1b9adfc1fc1094772938179864e9ae5ffef8f2551095359e250af509168b0c489bb289d4ad1a11ade9aee2dd51f2fe92889e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFB24.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFBE2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit