d33576accca2ef9b1d3fa2e5809161b1ed90c05e6c8bc3036991095001cdcf59

Analysis

max time kernel
142s
max time network
143s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18/08/2024, 21:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a83fcb008e41daf4aa3aa67ecc107590_JaffaCakes118.html
Size

83KB
MD5

a83fcb008e41daf4aa3aa67ecc107590
SHA1

857910a05264f2f1aadb82738fb4360ef5df3f31
SHA256

d33576accca2ef9b1d3fa2e5809161b1ed90c05e6c8bc3036991095001cdcf59
SHA512

f9b2788e4ab9f2cc098d4d2adf6c7c2722218e99ab4e922ecd921a61a97610dc85bd380a1f2e79c4026142e74a5fd4ff09c4cfa97a55394deff60d6f1ca32771
SSDEEP

1536:fLOrV46BCb1kIYNovOeWalLPccaw6E6ukJ+lHQLQBkrJgo6KaOPMTD19DfbAkHXU:R6PeWopI45Us5IHtl9

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8CAF6811-5DA7-11EF-A1FD-CAD9DE6C860B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000528cae4f5243635589c9b6c6047b32a605bc5d7d74edda7cc88eb5f0630a93d2000000000e8000000002000020000000243aeb08a43862c853575a560354dc06594c04b1f5973e5cf65a7cd86fe6ddb320000000bff36dbdc412e48d40c53fca3e459c65babe196e486688eff3781973b2fa8db3400000001f0140e8ffa5f324787309403a8859a2e10b0efd7eb630992f255394254864095f2cc25d655848d9fc11ae411450706ed4afbca70d1fc66c13f3cbd825a83014	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0749f64b4f1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000cd829f4b60421fab7df6eb2ea2108268a5c1dec0e05d864fc3141e33103336f5000000000e80000000020000200000007b62d0a8556002adb1e21c5fbbf75203870300e5447a25d6c41df35c474bc872900000008612ef5a33b089a343852ef2799e3df0d4cd1769fc98721f4fa4aa48aa11e314cef28a8609cc6b03e94ef20ff5bc4b0683d677b41b2b5667243d0840db530586ee47a04fe3b51072727a6ee63248d218c33c3cf51904540087fa60dfddcb431766daab3fff284101e11a26ee8aa489e7a6cde1f8d9bb622b14ff172533ead4e4dbe405c63f88dad59cd19d6b8e4bedbd4000000060dc1b3f65caf1db0f8795f00acfe9d2a6a680b706ef5ae6a2951b4fa332681f950ac883ea2300dc38691747fff0f585291c984b59f934c6c94f37015af940db	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430177838"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2120	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2120	iexplore.exe
2120	iexplore.exe
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE
2468	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2468	2120	iexplore.exe	31
PID 2120 wrote to memory of 2468	2120	iexplore.exe	31
PID 2120 wrote to memory of 2468	2120	iexplore.exe	31
PID 2120 wrote to memory of 2468	2120	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a83fcb008e41daf4aa3aa67ecc107590_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f80d2840b2d66c8c5813039fd8f9a943

SHA1
cb3f818877ba95453b1d4ec44f9aab962082e865

SHA256
fecfb4963934c7bb77c603bf4a30c0e19a189d69ba8058233db49f31b9bd044f

SHA512
e131254da7b275526807c0daeb76e0c81b5cb47ef6d166271c30e1894f5e324598dd6fab3ce58ee83af2e9f97f67f7ec8c9897a332514524916b40f6a1e8a274

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e6ae977783c76a342942e698e875f6e

SHA1
c23fb9783c3329f9ba6140f8ab151c00bbdbf28c

SHA256
965d953c5dfe81af6fcba0fb5b8eaa1096cfef7e91025831ccce2f058469470e

SHA512
d2add161cc4fc6977966610506bf0c6782fbdf645518377e07922589ed2c156a11be641af822db2bafa4ad7c3f3911115d6b857863158510c643113966248788

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57ef61fa1913267da0afcd90d898dbc6

SHA1
a97ae125eb70e543723318d46c8540762ece4160

SHA256
2eb30f57d41a18dc0bf874cd9be42eb5edb5ce79ffb329a50271c56245bed1f3

SHA512
2d90a20078c62a79e1c03167ef8479391bfe2740f1e5d44dd78c871857ba473444896e46b12eb96cd9a07ace60dd998bcbcbf839f805d0405df150ee673f5f74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5ac4febbf8a927433d7863cb33fe41c

SHA1
8fdff6d4a68777eb77257b3266aa39affcbb419b

SHA256
98eaf119a269daaf9fcfb40ee65512957316dc4608226598f5fb5265715e29c8

SHA512
5ee33c7b3339e3bd8783ebde0b324ee287496e013cae7526cf68a475eb1392bdfdbc88fc744279887c20189d372d169a7946116aa67eb6de65540b8a27507165

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0f80768bae38a1301d88f5b101c00aa

SHA1
d65269be608aeada8c5c34ef4f6e757a18561af8

SHA256
90eb4d354f58551bc8491c4db32f86e29e93ede99373549a05ed8701c07d0cd3

SHA512
93812f3fbe4b822d68c626fb726c3b94c9abc5dc6d346128128becca7eb4cde70ccd93cbe78b241a1dc38a5779c8ac36d7f293ee8a72d101e2ac90af6865180c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa2984d415a971ae3b3f0c7cf5df707e

SHA1
0eefa4cb0cdc5cbf817e62e8de663275754cd8d1

SHA256
96d785bd464ed69273d31af4dc6fcc3b7ba57d76988007f34c61e0e77c46a2ed

SHA512
13a703d659b12746bc01d38c8d730ab717c615cabe3b613b5a63cad06fded001041529dd758c5cf95024ea636099fc09c7be4a2b62db887d1554053cb5e4cf19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7354c59822db0ca0910f7dcaf401ee5b

SHA1
107ddd771952f9f13066f7af4f506ebdf22b7ff3

SHA256
fa69161694e49b378fa56859bad190d48e081423497e3d30551a07e36fb0ff91

SHA512
55889e0dc028166ce244e3fa8579357200e70ffcaac9b6d59bf25aa0670522b6b94be1e35474a55209d3c329aa950afa98c443d6a1462515f2cdbe8d624c0ce6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d066c74322a9619f026262ab6230d4e7

SHA1
a0afe077e13d64c73276f6b0346735501ed75ccf

SHA256
4beb3574d91cedc7c50db270f861cdfc3162ff15c70f6ea5cbbef93fa4ab4052

SHA512
d2f4fcf6c76ffc3709fcfc35e29c821541dc941524bdc1e7cc6e1582c034aa8371e3068b889df66ded0fa9cbef52414eba94bc067c2a6aa0feae7e8fd9db7f0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
876212c5d39a64d85957d5fa7feaf14b

SHA1
2b3aead5ad25c8d2c38fe350131d0cedb2cb937e

SHA256
655e0b706d8f1b3086446fd6c76fdc13d14721f3585b947ed65b66ec31902db0

SHA512
535623fabe10ae430b685e7f7a2d6567f432a9069d746db0a151af321278a5cd10f3f5ce248bd233f73ea023de08e7808a0066c09dea26de619837d26bd2bb2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e3de4a99e0deccda87b69192eeb9e6d

SHA1
9c911843e2e8bda6ae54ac3993486ca5dbcd5356

SHA256
e0d1b9af9a824f334521ebed9d56d124d828896b504d18278e351fb23bd278b7

SHA512
7e519bd7feb1e21d25828b87b3299cf815180c519b37e758db93fdbb33c4341d24f5302b66c73cec7effc1c8ce7e8b53d1293ba8ccb3ceb9e93084c927bacad0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e36db284d8e232d5b9c54d6efc2fcf4a

SHA1
b3e25a0b789929c63e8e9aef28e26ebee0c86c1d

SHA256
042430bf7c2cd7751ef79086ba189f987e6757db8dfbd50d50cd3de0574be9bb

SHA512
912142210321c479d04f69fc5c3bf72e39eedcc730a3a3265fd19343660eba9362b4cbc2c27b5473f8163c38786013e3ab24ee2b7f4e30f5feeef63e685ccb92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee3d2b5372011cd44b9fc6fce5261067

SHA1
13b0b6a968b9a82eaf663c2925476d8576eefab5

SHA256
19883e2f7365585e186c5748de030b44afe8c0bc1452c31f6464beb1e9d21c0f

SHA512
6e353b3b786825f1ff9e77df4d9a23a7639f4ff522383d6db87a9552c98e672d7743bf670f61546e9fb06709dc6b59f3154dc16301ccc01997cf2f8ee7c83242

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16e87fb156e7908ef613e46f70f7c253

SHA1
af46c7b8b7d4ef0c598ec8f1c44a7cfe00aecc0f

SHA256
092b383de88863722a106d752fd849c8a42da606f893e3e498f6c94cd8b171e7

SHA512
c8ec686513e1b48b9198c16cdb99010e0e28966438fa00fd14495cd1a8d962f4edfb4cacd2c7f32358a56b4f8709e8d8b284f182a1216ac6731d1f613ee2c00e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
768c272ae36b6c8bd28d885e7deb1e02

SHA1
d28e2d65b31aeb649ac392453d3dc08d371e485b

SHA256
000bd3c778ba05786270543883152ba9ae5b04776bf558421d1056c7ad025363

SHA512
9f235028e6183b5ed56d0787d940c724911b41bfbe0e634321e90b16447a8d7d6a64b2dd6276018de3e1f85eff3df9c4eabc765db80c27d6490dff2e74e3a6e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3347c7f27eb994c1bfbb6103edc773a7

SHA1
0eb6667c6c5e6c4b79a8a357ebd6a14cf92b77fd

SHA256
d96a714859bc07e8c9d50c122a5ad4a3dda81489223656db889eb5e8a65e407f

SHA512
38201044c9967583ec8ed5c887cf964ef0cdb7d5fcb1da20246ab54384e0b343607549e83ccb8803cd814af78f525888e5be3b3f7ef4e58076627ffa43908130

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23df1c382d7daad68e6df97b695c1c0f

SHA1
b81319cf103191c36874ec4af3c60a21eb2a36c2

SHA256
1019d8dd478aef0e71b677db93d5fcd3961d54bf95d6ec12d2718a579aa3ee71

SHA512
e1e83d1bcba6a6990252d443162d9874465256602dc8fef8b9464b64d9ef697dccf154d437884793762832e255bf8a834d587bdef2d76a9af1b1648ba9d0d59b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c50019f7af86b7824b8112567b39eb9

SHA1
ad5f51a6e15a6d171692c95fd2f7ae07f0310a3d

SHA256
88d0cae5571c19987bf88212246a05fe96bac5db529f588dbad65ab073f54a09

SHA512
2c9fb2879bd5700dddd22e5eb422e5cff02272555fb02d1e1d92982b11ffc8267d3a240c1ee36a9cbe2a362b4584c9138204a1ca7096f7b05c47967203d0c0cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab42FC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar42FD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit