5b22b65b63c25ebd26231948d628c77742a45af25ddefd30ec60b34cae578770

Analysis

max time kernel
120s
max time network
131s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 01:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0b18bc6686445c77cba2d86c6f22464_JaffaCakes118.html
Size

6KB
MD5

a0b18bc6686445c77cba2d86c6f22464
SHA1

8eb7cb9bd5a815ddcc68a7a607e553f7d32419c8
SHA256

5b22b65b63c25ebd26231948d628c77742a45af25ddefd30ec60b34cae578770
SHA512

27d5b8379d62638df1e23048a21526b272734cb88285a9c23563598dcd1348126d10dba85bd2f58b7d1a30edddce920989838d545b2906fb379a8112f10d7e41
SSDEEP

96:uzVs+ux7bRLLY1k9o84d12ef7CSTU9V/6/NcEZ7ru7f:csz7bRAYS/M4Nb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 405da07444f0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000008fc26c4252f4ca7ee62cc3fdfebe36d33c7f65b1459971bba20b54bbdd5c5749000000000e80000000020000200000007d0948b1e2476ed1d08a4e06a4fb95f325870ca1a481bcc542717f828433449620000000e29a92642cf8c7242c2fe1d88c6c26446322d0fb3a7349f02481490dce50725140000000433c07b1c319a9c66c49d5cb9522b8af66f3e63994f10d5a78ad3ed730aff5b12225b721c861994295c57079c75e5d5816fd2b90fa6c2bcfb672d67f21977918	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000005cbd31091746be9276fc7908479ad6d9a4c82cfc1ae8a8649f808bd60e5fab7b000000000e800000000200002000000029cad4f30acb318d7fd37158650bf8afc25bf91cc4c3c8573c84a472203f590d9000000069a8fc3e4b4abfd789eea6eb727390249aa3266525fd6394c0c71d0eb9cc7a44dde8864183e7bb75a90ba2fa9c35026dcf5d696a5aabb85c42c6b9cdd5abcafe4ee5c79d6fdf70a866d1f91d201e301ceb895a253d10580c934ce5050c3f983eff8cb87af1fb434e09678186326c8ea11860418d1d724c237be91b496b57518a49498fb6c18279802556bc487341fbde400000009cdc5695bed86abca0651db7ff27ac766bc831b1b9e0fb77816483f98dcf6be6eb974877e88e4c64be612296cf86b87d72c63db91d061be10bdc2cea39c16f1f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430019771"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{85732801-5C37-11EF-B798-7A3ECDA2562B} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2936	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2936	iexplore.exe
2936	iexplore.exe
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2276	2936	iexplore.exe	30
PID 2936 wrote to memory of 2276	2936	iexplore.exe	30
PID 2936 wrote to memory of 2276	2936	iexplore.exe	30
PID 2936 wrote to memory of 2276	2936	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a0b18bc6686445c77cba2d86c6f22464_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2936 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d61ad020cb3d143f8aaa5c9cc5d5b98a

SHA1
84e5f8cc32f52d3b37cf3d82fb174fddde634b17

SHA256
9dba9e907a500f81d9f92a910e0c1b3efd7bd40b7b5d8389979ac96336ec2a54

SHA512
c4d3e68b70a11c127136b82f3390c70e0ceb272008bdde027bda61aac67159eecd87320e9fe418a2976425246f0b397dfa2d607a82af3e516e7c43de713e4625

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44618eab9a784361a0d783a4103f336f

SHA1
58dfdbe69c92cf2ed11dac8f1eb2bf7de3051295

SHA256
fd38e09006b6ca1004533abb51cee95a364096f421a2bee1b74ab1e07d88f051

SHA512
fc5f5e8e70ff99e853ef41d8fc575f10c580c16b3b8e57d06af1547876b961a1d67da3a854b2b0d0cbb243e70391f1e482f3a63e6a1a8b761b54657c06fcdc01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c03297832a325a49120a2e285ebc9f72

SHA1
5062fbc3f30295b84b7ae6c94660e8b6018dbbac

SHA256
daada881e34804a1a3d160760aadeaa04445b8ba90ec936beb33c326e52736b2

SHA512
9caeb1fbbceb2fc7286c573aa6c1fe5abe5109876bc888389c2e6f0c4816dc374fc4a62f534af8f41daadf11961b6c8ba8898fa6e94e4f399447afdfc85cced4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
757135ef368a78794579fb8b24139d45

SHA1
acfd0666db4e469c063e0ddf52cd7330fee2fb07

SHA256
b5f005565e3043c68a5fb8d004a1f9cc0ef180e0bc654d2933806e902ac6e4fd

SHA512
b0e4329ad12eaf23cebdb5674016318405b8f3cadf832cbb6f3ac9a1dbc851bd662bc2d157165a8126f46e34ca2b7aed27dce2bcb38c6ed4f3d3a3d460169166

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
359e8173740e0b914e6b73ea33ef64c3

SHA1
02106e5c8adb7f72d5a023ad7e1eb3916c05a404

SHA256
33fa5c0699085aaed781378b12854e908a5923cf6791cb7c4186c52d06bcc37f

SHA512
8ca2d104cd2e872cdba1e15a613e9d9b33e1bf64adfc69f13da570b154aeb5cc9a62c6efe88363306abe053e79b1f499797b6c5d1412fb80f1cabd09dab9bdf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0b08220d60e38c66b9fa3a9ecf29bdd

SHA1
e1a62dfd1ef18ddea93f062c76ca1623fb83b12e

SHA256
bc2984c3236afa248927ca2180ebd8e3be749556fae754cf09cca24b25ee3645

SHA512
b719a1104b6789151bd9c4808824a8f519f49ceb7f8c57cb767e661b464038755912ccccbe0ad07ec7b1d9269ea674c0aadce38c933d92f72f93f6bd8de28cdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe1cf248e413a9c389b1049f14be437c

SHA1
195063e31fe195896a43d8b97cd98b883e203588

SHA256
7ba7ca016cef82d29a5427d19d0254f854b4776c803e4856f23e9d353a8a980f

SHA512
030f8c4d5f3952afbc3ed163bcc9e5b7570e06d50d523c4f1c5b1e23eeab9d93cebcf701f7ac8a15e45a6b4d9446936d6d908865f1aa622bd89009c1f616ba72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
828ca44bfaaa575a187634f9f305d426

SHA1
9087628d000b4a2713f5b39ac70859ed95d7391c

SHA256
ad0e89a8aac45d6b098236bbd85b41d03ea900136112d7aa4c809e128513dca6

SHA512
34e53c0d17fdfca112f08731ba2a112d5bdc36f6b31090835ec43440ed86a99108854165d56303ae99e0558eebd5b6fbd0cf7077cb7c54d3fd64616a6a7005f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c689bef0c0df542745de0b02fc9d48b

SHA1
6cba0dbcd3a4c0676f507dbd9ea11a4705183f3e

SHA256
0f74beb429085d2d67cf4e86c0a3ab16148b5f86a28964c93728dd6f332679cf

SHA512
7f05ada43c65b8ee02b30df8bae42b9871ae754aa00a4d16445bc7cb04ea20e232774995d1b2434732c9eb7fd456c263c33cdb41446a54d0b48d1d98a8d84405

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16e31a45ad2be3e67a1463fbc989bc82

SHA1
15f341e763bf7cafa3431b9d06fc75a7e5bb9e38

SHA256
2a089911235cab522af8f1375b07b97adbce9272015a4b37d4cc9e20c1c0e9b8

SHA512
21d206158fe9e56ba470a1402ce805ce42513682afc0c0e02a60973e9975a7a2792e99b01fa299dd7e5606eb52a28a7b6124ff16e632e24808c965556c97ee7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70d7b904041b682982a7779fc10e0e5d

SHA1
df3405d21d5efc96ffbbc03e7679ff0a7dcbac18

SHA256
30317e5d96a018edae96add2e74f1d1925a8b9a64e01af775bbde268f7e1b92f

SHA512
1c152c28e310f50e11ab6d12ffe43c913f1a69aa8f9767f2cfabeaea8be0d6a7448a2b99c92f93e9dcce26ba7e283ab1dde28c85908f11a7ee2ba1f1513eeef9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bca557c29b044c87404dbb219a09085

SHA1
101c133f60e9ad82fc53e90c3c323983fdf1e857

SHA256
dcefab4e763cd0a735b6175768bed2d15e7dd918f63de9df073e356872469166

SHA512
a2fda8280e9efd8ca7aeb45a8b05cb02713041bdea4fc0994b6d95609287925953a6137bfb996100d8e972ac4d837b55b41696fe5ab11cdc44894f1c35d3d3d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0aea4cd796c1da308799dce7bed822b6

SHA1
f75682f61c07a77550a8a9388ae27c06dcfd9ddb

SHA256
6730a88a046b9d27406bb37736b7bac1f74ec7d09b6fdff9231d26a6b8c320ca

SHA512
538d594a8d386e1daa051037439c31639b230cbee795a3dd8e7b5112bf00bbed1a3645864910f433646c8b84e3e8ea82adca471294aec8bdab3287ec64ee5a73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f1da64496a541d641496994e0e89d29

SHA1
07549dcb259d8a5c91241bf600c755a2522fad2d

SHA256
bd79ee8b9fbb371448d234f458a743968e09e8cc6602cc0f9637f3f862c93a57

SHA512
b6b42eca97814a93f026cf545fff56d5c800420cf05aa00c7c53890fab7fab517429928afead5de13d6799f79e0c549ab4e05a970efb27b26202da5037cf0034

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8A29.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8AD8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit