74ebf0df4f5fbab4a3ae78c275c54ce92f67a1860080a881a903c3a7d4e02721

Analysis

max time kernel
146s
max time network
148s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3f512be4e967ff78c4c66242786811a_JaffaCakes118.html
Size

6KB
MD5

a3f512be4e967ff78c4c66242786811a
SHA1

822945d6aaa32ffffbaf1c29914163046d86e5c3
SHA256

74ebf0df4f5fbab4a3ae78c275c54ce92f67a1860080a881a903c3a7d4e02721
SHA512

779391d3549ede298cabe0dc3af65ad87e35435468b952e40577092edb922c8ef099cd9916669f1356aff912ca8362f82e460946e0e475580a498553dd4a34c5
SSDEEP

96:6UBejFbOIBJNX1zeAAn/+4vjMmE2dVwWEGL:3ejFbJBJlP4v4mE2L

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000cd6406e5a46e54ba49339b35e04a77e9211509511990631982ccb97b1e72b2fd000000000e800000000200002000000064658acfeb5b8f6bf2f92e70c6aaa9b9383a43b79bf8c8e6fcb0255cc924a63f20000000673976ea748eb608d9fc7c28883f141c3493059e58dded3421a50e1aabefe610400000009d10543f2be1d3a4457ba3c94e45d718294a355f047639d2aef3c0e7ec19304c7d1d0c173ddd356a37d627f50b00e7d54ecfa335d5de974e104657d0231469c0	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430087184"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000007ccbafdb88c56a10aaa5af0fe878903f805ed7406ee692109a22f7f72ca988ab000000000e800000000200002000000054145379528b107ca09c40ae4886bb66d179f7da6dee0b975e1e1f1be2a355619000000074e59ff9fd4cf09917ebf0dc4a125fb1bc1065d29fcd9659334bdee8fa3607f53f756c8218f9019dda02dacd847f0d38f39834fe768af5753c76f93d1b79b47ad19190736e3531f81e2a6ec396189df3c16f0cb66769abb12564dc7d8a89c30c15f07108e750f1f687185d48306a8de332bf4a4b446292f61bfcbc5f902f0b8a84f1bf7a4477581d881eaa4ababb50c740000000a6ed4c874c61478c085ccaf3762590a8b7f25ff8855b32723c1de226ea1cb003cc5b611bc503f9d4498581c8f1b4de47a596e04bdf20d032e1ad23e410e184dc	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7C73F111-5CD4-11EF-AC29-D6FE44FD4752} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00143a58e1f0da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2444	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2444	iexplore.exe
2444	iexplore.exe
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE
2644	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2644	2444	iexplore.exe	30
PID 2444 wrote to memory of 2644	2444	iexplore.exe	30
PID 2444 wrote to memory of 2644	2444	iexplore.exe	30
PID 2444 wrote to memory of 2644	2444	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3f512be4e967ff78c4c66242786811a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42185e1a99ee29825ae2daeb91a6b052

SHA1
90ade2c599081f7c2c0338bfb4a8bf5c65167e22

SHA256
a47226c324de19850f4f54babe98c2d30b6efeba1f365d8e79912d2ef5f8c364

SHA512
16656700b374937325d1886700424ac0c41c42a457998650d8acc427b047f895ede4a01ccb1795db56b43d3b9856502500183955fe21fee44a713441a50acdab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b21ab8a296874305e9933cff411dc0c1

SHA1
8d1c8ffc6a415dbf0632525742826fb032a66cb3

SHA256
5efd1c6ff73438c88c0d73f86937c5234a024844e6c7cdfdac58dc72461d887b

SHA512
09c333b46470f53509e92fbc35aee19961141b041aaa08aa4107cc1787dd8a9ab6853dff9f789627d6c88dc2d02c1b050a486308a16a9090180514f97e4d222f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1552cd06cbbf906a4ca2844af3da792

SHA1
8c1f32fc4ad1b4a1bc768bccafb6d842f82a9309

SHA256
c35ad81f83aabd4e2510f6f6837484061314ffe363f91d4c3555e9f0ec4c92bf

SHA512
fadf38324f1de3c925f893a642b910200501575a1fb51ba241a94cd773f436766edc932829014df65d938c8275a3167c334948c244896b9728e63352e097bc77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e0cf19d1f913da399cd3e0025bc6290

SHA1
663e11798b6861b5cfe1cce113ec7edb25930ebc

SHA256
be147cb91ed208c57e7bcefcd0e18b47c98173b4f8a3c434c8cbdf901542b3a1

SHA512
ef073ec317cceedcdf11229b25d9bd302f6b95d503b0bab223374800ac1d29fd42e3e9bb7de55626ff7d42f2a1bb59f5dc56ac3aa1c68156ec40ecfd47d4a032

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41e76eb99cbec89c6295b79a02632ade

SHA1
441d93986eab7f623f8d16639ba4a6784dbf1cb0

SHA256
84d226871703b7a9bd1b9dcb5f5102e9116595c43a5083268d0e9543f5d57af1

SHA512
1398e8ef1f698376b7d3f3adfb745034803052501014d8981b4a19d7f2d18a8883436a913a14110ddc143ac1be89f868b3798d37bb8f9ca8fcf7c18772bf4eaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66ef3b714daeb2f1bffb1b758a64d4c4

SHA1
905452248085184fec6e7057b6d7d80337d18841

SHA256
6d595a1789af0f2a80c394e3265457cd887704966612b427b991d6ebe930f2b0

SHA512
b0fdb96c3a5d216b235deee5a69c223f234778f7aef9d5fde110b0f1d9292de6d4be1e8fba60cf08d9454083aa32a1dda9cc2a4df4e2058a15ac9826abb410c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1c9972ad33da29dd5749e7432cdfc76

SHA1
52663a928af0e4a59fd3386264bd6e19f817b966

SHA256
e6eacb932b3290670b770377b1c93a2e6703bf6a64247a098ba557442c0ac914

SHA512
e7f3ec1b5dbad2e18070fa1e577cf25d7085db239fbcad908d9c85f183280216e9341c2a4d0ebe32070f25428b67d00816bde5b84d081b37e55e7527a005c9d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c1baca76817c8c478b6e79191cdca96

SHA1
c80fac78a4cc3863574c01adc38f8ce9b57871d3

SHA256
9b848a8c15f4632cb2759885a820752b3143ccdcd9a4482643b4c19c497199da

SHA512
add52354e8a3e62aaa8df8a0e1dcd556370ccf387b2f2442870a8e8b7dc4bba13c00c1b2003de4bbb1747f002bfb1956fd85a1f25de8b39909add20e739cec70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cae5b1003db2355ac84857c853d2e78

SHA1
ed96c6fe5294648a3767dc04ef6c93683139d215

SHA256
65d6bbcce363c893f218b02fbec309f83c1c231c42c157c40410b7be2bc4a542

SHA512
f51cf5e5ac333b66588d7d57358c0d87d18d27bab88e84ac4a026dc0859f9d7251110049bd45ace3fda2fb7dd84bde62bb2cddcae03ad7649469e4ad0802bc04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5cb60eb723af78957da3165b1d757f8

SHA1
0ed03c39f535d893c2edf0871695a8cb534b392e

SHA256
de58dccd3a1331759744d007446d89de0f4dfa0224ff3e0287c7a32e75f800ed

SHA512
981ac0ff3ec29224dc75e064bf9d3d6ed3d8354608851e1bd85ead26aa7ccfb77cbafd36499fcb5c74e851631eb96dbdec8a1e3abeb794ae52c9bac35330a864

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0549435510b9e314a241ed097d8ae14

SHA1
4b48221b81213cc3bd5963917055ee4dd20a16c9

SHA256
880505ac2b100fda67493643ee2b8dc6c0cd2b78985ce48d2af5d7c3a167379a

SHA512
c7f1944cc3396594d70de42127a14fc2457b7c54544fe30c725f7e020117601850553a86422b8a106ed7ad7b0b5f6012b4126b3cc7f74cd500e43fb0c60b8582

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ca9810326cb7bfd9e783fa216d5c459

SHA1
66690b09f621233da805f01fa8c522f52ca23a6f

SHA256
00b576f7706fadb6c18389d38c33d7e0c3ec72ef0f69bf1241c7e71cbe9771af

SHA512
c30007fedf2c503f2f968f41b8a03b9ca2da9f550e64fef2e8029f7396b7d58ddd1e156c1133fd6d7a71de746dc32e379b7d6a6a2ad9cd34301d38d2d8660f4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4965086d18ca0bb0e613841c22e12c65

SHA1
cd6684fb045ef7fee45305a1dee3f8c862518314

SHA256
2c4dc808e6e5ae7f8633624e477e886b38a6b9ee104653bd6d0b5203a977b8e3

SHA512
ddc78903c1da4dc302cb0afc0bac98c16d9bb31bf26801d55a163810e1b1c05d67a30622525fe2108abfc643566b19ea96c8402574722ad4d775dd99c322aa2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b940329bd01ac2ddc34b36f30e10c80c

SHA1
1127009d2bb92516f5dc452394f835174b4c5dd4

SHA256
653a089810eff6c448106b7f2615092c3803d058d455fc6c355e15471689b873

SHA512
ecbadb04518ef20283a3fc51224233dab880f84fccc7878e9ad1ca796653554cd9d357ab632ceaf3ee22124cc34d39522276c60b83c35597ff899de15f071116

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a63378b498c3ce8af5459bc24c28aed0

SHA1
89f90be604b9f10dfd64a11f274bb495ca1d299c

SHA256
4f7991d54940d86bce4031b1698dbeced7816731c623a4d2dc03a86efad1392c

SHA512
7d0585b18203c71bcb7cc53e126eab0b23fda85d5f9fb8f9149dce9d041becdd8c4464505ddc8f4046eb0df552779340b4cdb45dce54e1624e3009c5f14320ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f64c5c3efc839ae4c5032803f23120ed

SHA1
d4d005075250d88d090b410a867fca7b69041f9f

SHA256
f1154361dade7cff623188d370a68d0028151530c86e963a4df2c439c3a89137

SHA512
f4206a018fc652f5a764958f7ceb18179a62197663d3d59188e37cca945b3a5df9c1f2c2e165cc705d8dd84abe0d9b5ee28a67f32da32964c7c463cc79cda2b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2F7B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2F8E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit