f28c4ad266b851f97d716f6fdc8e7583251e727afdb821c1ba162c67b8fc57fc

Analysis

max time kernel
93s
max time network
94s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
16/08/2024, 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a061efa1c4b071ad8f279059c6f783fe_JaffaCakes118.html
Size

150KB
MD5

a061efa1c4b071ad8f279059c6f783fe
SHA1

b9f06497bc8efeee009df81453e390b2c8b6dd0c
SHA256

f28c4ad266b851f97d716f6fdc8e7583251e727afdb821c1ba162c67b8fc57fc
SHA512

aead873ff477e941d14ba078e0fe2a9d6e8d7ecf3ec574839b59d03d59f33c0b3ee6c6c93b1ba736a7352e3156f19b91fbb8503b039a510d645832b8c5cb3fca
SSDEEP

384:Dp4aRWIYS8NMorkqE0aFnbHPTSqFW6JDcEecypSVBgXrD/H59UQs:rTfKAZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C49260B1-5C27-11EF-B066-DEBA79BDEBEA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000db150189e9f926443177e75702b9992076aa0ca39a16151e1f50ed2887dcd7cf000000000e80000000020000200000009f7f306438ca13159bf6f7b0b3ed8b8ca01bd9d734248e5ebea03cc67ac90a1d20000000f61eb82f1a1ed12c53e05758e6e5441b93e38edaef233bd7e9baef39e53e5ac840000000a3e0ee8403d1b4bc2168f6265a7ee6bfd45df7ae0c9be64da5e65e31f367cd5f1c62b87011e0e05e8ba7c0361ac75458984749cca0751a7600a507072e08b97a	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a062499934f0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000b2f98be328701598ff44e15128ab8a2594ab1e37acd75bd3e94f02c425256fde000000000e8000000002000020000000f2e49b1d983e00843bdd7df21decbff6911d91b721b59fd37a79f73d404411e690000000fedda5abfb5e0ecd6036e88f69c29aa99b757330caea756d65f932c4383635e6d27f2f035576fe821161ebe94310661330644c11f90e5c5a3485d6d66b6863db47dcef03ffb60c458f722407f1a91df5753cf60b842969e06976e240bb6c053650f5df704bfe7d0f7c34c179fc9d546ecb4bdfddfcf7058c7ac4f5b6bea9e205e9faa5caaa251aff16fb59aed2eb5cac400000004e8f45ffca6b8b79a44f0171abef8160b592336af804828b4f5bb377fd55adc3da3e5c073c41b11ac52da4e748d0defb963d33ce6a4aa352ab580beff308c3b5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430013028"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2616	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2616	iexplore.exe
2616	iexplore.exe
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2448	2616	iexplore.exe	29
PID 2616 wrote to memory of 2448	2616	iexplore.exe	29
PID 2616 wrote to memory of 2448	2616	iexplore.exe	29
PID 2616 wrote to memory of 2448	2616	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a061efa1c4b071ad8f279059c6f783fe_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19ca5580b3422ce5f8dbf379dc76c799

SHA1
33b986c0190c467fd2f3e7d0fc5ae6984ce8ded4

SHA256
c5fe5f4c8b9d4516625c0d4905976d3dc6ad544cd113125ecf4020a2fef84d1f

SHA512
5972206874f9ac77a84f2051ebad532ea710c0fcfdfecd1392d59a6001a1319e59765881e46349f0a35ff3b92d02a768b527d66bc3f0fc5f649447ed6ca7cdc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2cb3e540d4a460573fe0d9ac570a1765

SHA1
a6c82be56329669fef9ef80e5ef4d61509dbdd85

SHA256
6489e9eab6d268f4ad3b28279ca505fd563008a815d2f08241963fb662627bde

SHA512
494824527feb8aa3c3b751cf2d22f56973def2b00f2d6ef5968bc8911aeade5ebcaf5c47e41c17963583be1a5731e3928e36922d59e62583ed36a2b233fd7cdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1bfcaac754ece4f345ad6c3d675a5768

SHA1
dcdcde4adf575449b6231e8f40bfa2b5bb88e604

SHA256
e62ba9825924b6d40fac6e7d7147d5eed8fe250289b2220ba8016d029986bb1a

SHA512
1dd9d96afddeab0b348ef15f8a4c48ca2ccef20c4e7dfec6700bfa84b83b60594dba3dd741edc9f6cb3f3936b2783225026ac4c2daf969b23dbc0f2768bac5ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e0a5a06f8f583cc14834609dd4ed85d5

SHA1
81a8d0f35d8c95994a71ff9ac1f3a7d767452a91

SHA256
1396adde6d51231197264978c4cd5328d6dcab9877297e805f170a8287f5e4ff

SHA512
9c7e39f57f933d41a33a101073ed87f2911409ad94a1c0f634b00e4dc3bffea9fa9c44187b095114bd11c3dd3a50db4d4381c0f369d8cf6bc08cefef99c41694

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4417c58b7f5afe01bbd7758a704afa45

SHA1
68128d958c41f81ee66eb41f4490f66879a960ad

SHA256
15dc71e436dc0d865b004fe6f5510476556ed12486f9076124d639f20dd9bc3a

SHA512
5cdb239d382b9d531f2404cfb3f167555495477a1a9f8c63285506b8c279ec313656b78227c6e0aac10aaaf36535bcb55073a4d21ce9931490b4a543ee872baa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce64620b15d85120406b71038ee2928b

SHA1
add5925dc8aa53a085a5d10ce56d3ae4b67d60ed

SHA256
b1c8592d238acbfd1826acc488edd835da87339c953a0be11e220cd9f4690239

SHA512
f96ac154ebe569d2d40337e35b993ecb1eb70f680a1233b5625c4d8ce7bd21c021928ae2b47f7e15b587724207ea0e8a902c5fdca5fdb9ba7b9ce92929b4ee78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c21da96509f84aeea4d61a86df766b86

SHA1
60fd605dd1508dc3e2c146c45dc3fe5d1479ba04

SHA256
530f5fad2dba3901408fa76848b1781b65ec943b1a87d520a696f44de4fbfdf3

SHA512
c72c234f3ddcb250faca83be947733624b37f99b45fe5a35b97495818013622aade35b4b6af5118adcfc5cd2ca719215d451e4c1b1e2b3fbfd1b0fdd6441ebdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd9589057286af41f7fa1d2552af1e4d

SHA1
3d7d137bd301f81d16ce6b12cded10f78e1ee27b

SHA256
76a5e25c60d262ae5b21d8033751692ff953d9cb9f6c6c4265735af3956e0bee

SHA512
88ae8e24dfa438f8b646ed579f64a8fdcdac289fed610e6b86eeb232cebb264315d03ddf6bdd5ab0088f659248743f928d84df2136d4ee6fc92d1ac2a4268917

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
847aeb764b0f95777cd5106448bcf986

SHA1
549f794109322992c2723ba3136bf43dbc4c68ac

SHA256
908ba7e62510cd60e255bf8fba078d852b18de45b9fba414ceafca0eab58a377

SHA512
00877d0a748154d27def8d8f57da1dfad6a9dad82d64df644a71133668c1a49a4f2d1fd9faf49002cae456bb34c41db367d2fb84d439d3c3fb216d3c3643b533

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
273317cbdf8a48d2c999401f696705cf

SHA1
e8d1f2a4292695bd01c61609c748a0b9d2ab0d49

SHA256
20d8e19fcf23e1f37cb670df79a0846b5ea68ee1f6d690c24c12bf0cf12fb2d5

SHA512
8ad4e3a2ae29621bd70860475347d3145ca5bdd8564fd39f2f434f362b292f8413b684e0e0067dc72c4adc585369c7b3040b4a3f2755ba1fd36ffa542761e53f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3061c6c6c977c503ead09706c3b5b983

SHA1
455cdffabb5630fcd68ea5d0f8898ea932b6460e

SHA256
d99a8a43bbed58e7a9871d2fba90974fb023f6f0cb06485eed703d7399904527

SHA512
be8d4fe90af526d9068c66ac04cfd21cc66b8b49d017e9bbe01f55afcef2d51a38493caed64355f199a7cbfe6990e1a3038645430767940528e265f9c27d1cf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7116eee2b8db40598667fc2a3221262

SHA1
6f7644710299be24d2e8fbaac09c202ff175ef49

SHA256
cfa3d1d9138bbef26626bee4a5943b277704f1d220096b80eb8509b557680035

SHA512
7e47c2be8176b83fb0c9bc37436e6d9d7f211b5f4dc6669c00c7acf48e71f35006cbcba150abb7600fb097ba381270c5657043e1f7dd6dfc7c12540665434082

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b1f1737edc402866bfde76652aaf411

SHA1
d44ccbd5918f3ea58f0173176b379253e8e6a95e

SHA256
20bb88d6a562fc187f8117bbb5f5f275c909476cc2dd638d74aa79f7735ddd8f

SHA512
ca64f3d11973efd6511236bf0b12c1ab50268b8065132d6e7c908737f3881edd3e356db5b0480a1f1104135ce0a5c09a4a1448dbccda64ddeac0dd438c07e031

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79a78383d552fe142dc8cbd9f8c37441

SHA1
a4cd4f923f475cba765328d592e37b2283bf3dd5

SHA256
da6656ed526aa246882e6c67ad2d2bb8ce716d6107ed20988ada0dd474744017

SHA512
0e800183a865c7df864197f679fc607f5029e89a3b1ee1e6042c3bac5ad6658c88c5553ebf66bd78df1341db55c5b0b65ee4308db38aa0aeb75e7d212f137c6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43e77bfa91ac94e2245fe10d101fdc62

SHA1
cccf98932edb6c6e7b87bc44b3679d42038706f7

SHA256
b2a1fa75d4dd4b956876d05a7ab03658b8e2a13293eb5d26bd20accdf064a5d4

SHA512
92bc489a184bac14f8c74881afa8de265fb4d10ce97577e00fd8edcf31cae46fd4b9ea24ef7e4cb0020771af37854de7449695f7b6fb2db7ba7ff18cf0da0a9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee54834f1facf135490d36f059909cb6

SHA1
8279d6e721e8985356a33e5dfe1958f000a7d02c

SHA256
3edc998ec6420ca613365c55deab794513563c622990ab734719d5d38a79f370

SHA512
48ecbbe2aea1b41a6de3236228be1477564ab6c3f16664c821ac99972e74e93274bbda2271895acdf2dd6ff1939cb9c2dd9f7f899e32c8229ec5837a3708b924

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6B8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar747.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit