fda6f1575ad5cce9434eae25f3c64134e7c3002d40d8cb13832127b432a7ef22

Analysis

max time kernel
67s
max time network
127s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
17-08-2024 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3647e164713e10ed1d537914c0cec4c_JaffaCakes118.html
Size

78KB
MD5

a3647e164713e10ed1d537914c0cec4c
SHA1

9a6bf406d8fe5a7fee30c1ea8634e220dc1ff4fa
SHA256

fda6f1575ad5cce9434eae25f3c64134e7c3002d40d8cb13832127b432a7ef22
SHA512

f2cf6ea3ec59b30518bb7ce8201a485ceec39ac3fa52254ffc6fbada4d8ea5304a8e608120bc6f56ab083e95667035e8d24e1483f2334d4e2d9fbcde849864cc
SSDEEP

768:hp1qlkSgOriWNeuavoBgG7pIUSE6K64pLnhR/bjtOjoJzRSERMyGLmDnq1go8vLK:hp17aVpIYZpDhR8jFLik8vLSD5NnNBH

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb90000000002000000000010660000000100002000000011f8f78eed685169cbbf979f51e046f70f239ea3108b76939e2753a5c9d9d955000000000e8000000002000020000000ff37a3841e86877dafd80e9115b0ea8ae09876090aefeb4de767bf8a21f2a56c900000007690dd32523c11ef4486bed53ea54d9b628b5131f17cd6414705cd52f984b7eb2fcac11648f6f71528d4d1b1340be8912d0dc7275ac49be801658c5674011b6032775f339e659ad0693cae2d4992821b82bfdff2104092bfdef6b09710b6d0df09b969c8131da86716d1ee13e9eafbdca69aa4758fbeedd039901df29ec4e2098a75d22a78aa594d867abf3f92c281c44000000070965d14ad6ffc041e755dd2db575fed570709d03e63899f729f635edadf6cea2d483ced152d308370beca519999594a9ad6bbba3de4dc1b1ff437944e7550c9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000002558100b4a2f576143b538456528dce48d1b50e44c171580f8c05104821e5685000000000e8000000002000020000000cd6e0fcd3ee922cdbae7c31d42349ae7f7d313c4672828f5ea306a1cc70984f52000000067e9171c7a7415b7c3c8054b98df81ee836b10a1a491d665fa5051e709a7ab8c400000008d39f28fb0839c3588705b5051260bf0a0f81ebf34eba69b340b7d3b381be76edb02472d340d5a51ced3d4412ca534de8920d8949d7b564b31ec7781efb6fd25	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DEC57E21-5CBA-11EF-959A-C67E5DF5E49D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430076182"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0a0b4b6c7f0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1820	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1820	iexplore.exe
1820	iexplore.exe
932	IEXPLORE.EXE
932	IEXPLORE.EXE
932	IEXPLORE.EXE
932	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 932	1820	iexplore.exe	28
PID 1820 wrote to memory of 932	1820	iexplore.exe	28
PID 1820 wrote to memory of 932	1820	iexplore.exe	28
PID 1820 wrote to memory of 932	1820	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3647e164713e10ed1d537914c0cec4c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1820 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37c8aabaeb293568f61f9887dd410a89

SHA1
0eca723ccc15128e7eb263b7964b42cde6d19ec2

SHA256
83fd977da4bb865388afb778b3dcb9bc38e14e53c3df9a673c0da5fe4ddd1696

SHA512
d40ae3d732e21169258b121be1de47a804d90ea6cd956d6765460daefc8f2f126e6bab6f4520f84b7a27f2a94fd896163815140523895432670f94d559ffa115

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f5ba79239b96aa6154ccefca6dea5cd

SHA1
4e4df3cbfb5974cb03722bc2f5cf858d7072a63c

SHA256
07c8698c9f9a056231b0eb2c8ed923786bc8363bbb53a6554f706c1271dadfaa

SHA512
b3f7e3335d2ecaeb6f857af2fb29dfb2acac4fb71ef3398090df7f28068080cfc3df9c54460120430cc511cd695e282d5187da49dc553e61c2701c340fcc5b51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b826c8a14fdc313caf28a8de04eca60

SHA1
f8a9e846c12be30ae3407680e7a1eea07a4bd76e

SHA256
b29e75b9bfa29e931901d2559f43141d6d22edccc971a9a2c12cfd47cb84f526

SHA512
f24839c564227b0e02800889140683efba19dfe6981042f4fdc4cfdd4824d0fff257bda16593fa861c5969c946860586661b1658916b361059ef17f58f2172b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc027c41d66c9c47c392ac6750731ccf

SHA1
01d9cecb03bf1ded1fc8b90d60ab546fc1358f4a

SHA256
0590a29ce9f79a40a76b133f1b18660d75cd11741ca794c2a097ad6cefdb6dd7

SHA512
5a521b9daca86c9b05755e38bcd03fcc40d5c3a422e38a2f48e3b59f5c0e4fe9ca5f1e7da2fea4bec4594e3814f3f839beb2c48f8ab96de1a2acc70ed8eab5a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a030126fd79e6c7fa9ffa5f54cea101f

SHA1
6e1f554a1b83319c0092803e3325002fd51e6797

SHA256
9b7c051a55b9b9bf7eca6359d115566925bdc3a53cdad5a05ec57b5ae4c8aa3b

SHA512
ebcd288a1e01a7ee5bbc50d2abd8c6194e7341f1a287f836e813ea0c01f99b9f428cdb38f87f247d555c6c75fcabc61a6d632c28752ea4f7ca16028842be5c90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9da4451b42b994e5544c60945ffea9bf

SHA1
26de395ddf7e1c889909560fafc6f26743671796

SHA256
88f06d897b5c5899c0da0744a877ae9a050d5338b6b24d954620375b777393e4

SHA512
e9a623ce5136f05ee49fc183d63c733b6c3fa86f7c5bd1d8b44efc6bbb403660dce87c911a310a5f700dfbf50131223f51bd891307da2a45b6fb2b1b1337a613

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
589bc525461a99769ac68062ed05ee03

SHA1
ab16947138ce6790dddf479f07bc0f78f06175a5

SHA256
1a0c761ea1791a0f81aad239cea924afb053b6b04c8f91327353b0dabe5c4a6a

SHA512
d5d62d31d4e4709d90553f37a1624b58c3c18d9beb187644902a83333742fa750ba1fd6e40c4d35ab243c6f3340b1b9bd871ffae440068729ab6dd684d3bdea0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
046106c64eb4200a95e2b47f8b67e087

SHA1
9ee58494d2c3ffaa6ae56d9d24a7e5b24721ea75

SHA256
d0a010741d732df7af2774be4d909410b13333469600b16cde9d151390d261c7

SHA512
f6be0a8dcf5f2ecc2f8db58cebf1f90f641d2ad9d4964253d0a2425249ac28426c5d947f710480f83931fef0725af6113300d6549b79d6a7e6c3d1d4114f649c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e77dfb0a71e1b44372b44df6d321e962

SHA1
34f6323fbdcb0a964af598f8253005b13073ff7f

SHA256
05598ea975be75ebc93f6556d3645c911143986eb71551d2d557c32b2bc04dec

SHA512
3a9d70416a6f715466fb6bb42e33e3566f6b316b19cab265bc262f14b2d2043b42186d438c94f2e14ee7a22581c9f24c8836f1e7add7c93619413f1025e19d0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53ef93c91f90ef7b5d36b5998f4effee

SHA1
eeb045e319594547fae702f164df4f38bd8a890e

SHA256
9441d28f8c42c62b02ce9e372ef1a9ccb978d240572eb2de42d0d4003621a73f

SHA512
adff7bcc84d2f338387eb00372d352b5b78f1894c5e03359a9a8cf7d8aca689b651e6738fe12e041cbb8417899be6aaefec9e5457d8cd9c71054403e642724b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7eb95782d7ee99ee63e2ac4616c8badf

SHA1
46093047ba7916305d347f42bdb7e0ef3a73bed4

SHA256
877a4fd774f9309038f3b4ceaa9139d44ebc2574a43f17a8822adbabb456b13f

SHA512
10f14c695b1a8a4015cb496c90da2112274b35b4d698c74f871b3c66552879356d52c70471106ae34b5762a1f407c3df6d1e6d9e3324e99b45f8f1a5a4fa7e27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d045f92c9b6386b90787d02d7747ff62

SHA1
f3c72eaca7df799a79187d2e0cb2eae905664825

SHA256
c1a308cfb6fb5c458c39576964bdeff8ac2243d01f742c000100ca4df6399cfc

SHA512
10d5bcf03d1ac0111409fe92fed99ff3882f816bc962ca0395b0e28e627ab81e8ef3ec03695e79388107c1747ea36755f4c96b309142096df370df7dde6bb53d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a7350d92abc724e814a6079fe6818bd

SHA1
cd8b102b4b48e01848913d3ed6c2bc24d52bc030

SHA256
28e16e47b9ffd5029067914a021366cd77fe34f5475d797af0afc31e119db8ae

SHA512
71fb86ac5d003c05a546de62d53bd6d7f4eed1bead4ba7210a189e000d1ada524c404a7a4bd223450077f434c10b12e507e198ca7281ecfb4b60ac9474cd9c6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46d31d6bef66321703f9f1cfe32a4ffa

SHA1
44f08f8259ae7f3e725e52411714816eb740c4ba

SHA256
905495fb5dad5476bcf149cb8498aec2649d4a28420248874834ace8b60bada5

SHA512
cd69bbadd494fc3f24f8851ec2c9d6dbdc1aca0742ed1dd41c1427f99f6a7f1ad3484d4a132bbf397071fcfb259edcd5ea91037236d317102166e0e3b40543bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab119E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar11D0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit