7050a6e024b76cda70385815f2feb23869982d88ff13bd255209e2731103dcf1

Analysis

max time kernel
143s
max time network
144s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 00:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a8ca5e7be3c107f48ca759aa8da65b4f_JaffaCakes118.html
Size

9KB
MD5

a8ca5e7be3c107f48ca759aa8da65b4f
SHA1

ae83b4832960f1a7b741b105272f601c1edc01c3
SHA256

7050a6e024b76cda70385815f2feb23869982d88ff13bd255209e2731103dcf1
SHA512

eb39ad5cfcd3ccb1375294c996e3c63598461b75e87621513e3805d31029790ce7302d84576bf919a77eaf1338646d7fa6b91c1814cf6a47d898e35767571056
SSDEEP

96:hFKNDu1gTIaJouiozQgnJzvAgBW9AqzRk5r+ohCe4s+Q/pqsa28kKfzSWYIVQIV1:hW6Ju4GyCqzidPh0Oa2J2rl

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000ac149ce712deca8dc2c8390acf4d1509add9174f4243b945aac36d32810affa5000000000e80000000020000200000008a2425f891b741292b4e8c445fcc3fa93a6fe2d8cc5b64aba4f7f6353cd0e04320000000f19a3b0ef4efda6713ebd568e61012213815720913fbde37f2387f221ac80bd6400000003409cc3fbcee9c7abadf904d308a84dd02c884e5a97cafe2c8aece55eca85af07b54e6c6b8a55a451b3275206bf9a07d7c9e85c3f9d89e7e30f85b8eb750e2b7	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c0000000002000000000010660000000100002000000003f32de4c1ef91337275094f019e65cc51b958ddd9eb86626f4873fde3648ce6000000000e80000000020000200000000e948f55d74c9602a32d4487841f7314de5666ee23e053f112c4941568388b8590000000c6ed5b432b1fd2f09dde687126b68bbb98f03170e64e65e66e594483843c4d06bec71fca0e65d776c55608138925c59b50b16584fa04af3fa02bcdbcf2aff0e892b0d9f8fa454e1bbbb91cd880e948aedeaf2e9f55d9ebf32964864475ef830001bb909cd55e9ec608d58c6e10ec04f2f599016cd858857b51ad286f5a2d39c93b633b2d90fcbf6f1c1fb6a90710251740000000ed119cd0a60273b67fa0783f14ba42b3c74687568f055d833a227cf0be6fa7333f781bc66649c2eb2e6275897cdb86a696a3ef5970444308bbb2cd401e4faeef	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430188134"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3093d675ccf1da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{875A7DB1-5DBF-11EF-B161-F296DB73ED53} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2092	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2092	iexplore.exe
2092	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2856	2092	iexplore.exe	30
PID 2092 wrote to memory of 2856	2092	iexplore.exe	30
PID 2092 wrote to memory of 2856	2092	iexplore.exe	30
PID 2092 wrote to memory of 2856	2092	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a8ca5e7be3c107f48ca759aa8da65b4f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2092 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a6c8038794111d73e3dd6400818a9308

SHA1
8f3e6d7ee4122719e25278902290123e5fed8530

SHA256
50ca139b107d11f36a3330ecccbd0e22128fac0488981b7a4d8ca3b487de64bd

SHA512
4bd9ed5d21bdc9162835b2510cc9e8a54d22d4b0cc7864be3d79b43571f81f61a79b6aeaa08f011f3b2a79e44d15464033955f70ffa6b5f880d2402a153e461b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
0425514600828601da57bf8b70b2edc7

SHA1
540c97336dfdb9c7420078540889bddf92d0c685

SHA256
f62437b945b28a3c3ebc35bf11b34f15bb5aa4675f3458eba5eebab854f49e98

SHA512
24a7245e09374d98dd5ed109f113ca3f1d163273a10a825d609c3936fcfb3634bfec3683253d5b20cb709eaf5b263ae394643f5b15fead7a21e8ede0cd20dc7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
bdfd7c5d415695bf9560edc5d16e2232

SHA1
f22b257dd727d60f23184482503f9870fb423c88

SHA256
aca300e78894a7aff06f94af1b41c86c245d4dd0baf30f7288e390eb588209b7

SHA512
3a7181aab112b94337c72f2f19aae6e4cded199b1c3e0d7261ead327d023c4b7f508a51aa23bfbd7884826bb8ad5144d74db1eb1f2e71b0986e59ab2be440804

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b8e2aab25e2664232c41b06ad5512016

SHA1
afd9f646affb7dc9306eb0d7abe02229c27fdc58

SHA256
9a5d16b5acfc4b948c41bf4033bb8a2e55f07b62b8566bc8bbfc529cd87fea52

SHA512
48190c30f8b6f04e0354c616879a9cbfe442ebbcc4770ab1ba63d735b3f7b7c006d75caa5bd70cf55ed32e67d560dff29a6e7861dd7f508245468df8c9cee4e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
62bf5d3c12ad47e7eccb1bef0069b5f3

SHA1
920f803c6f37289d6ca007e15a90e3216d8ec062

SHA256
75c5cfac51ab844d5fa833df7d1a914b6a212e347511b8ccbddfeddaac7eec29

SHA512
dcee60bd0f589b10e62427e7745713972bcb7b2047342960a2993bbe8a9aab2a6d89536a6ef6860a5498ac6d3eef7d4df053eee9dcd12baf87b8436e42747691

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e998bbbdf1e53e677cfe82f0fc6dc05a

SHA1
b1d29d901560999261d9394dad646dc7c6939074

SHA256
421d39eaec438ea52dbb918b82be6bffe39893f7b7f9d4f6cd1f8261b3cd6737

SHA512
42e4451405b12a3abd63a9547dc98d899f83325e774557c0d66420c446b4b88b6f3cfcf18437130c940395d6835e206dec5282c4f1cd271adf89a918638136ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
e9ab8ff4f6e9f6d22ef59128840ca508

SHA1
184a4fc9bb0f955472ebab5637a1a23f2fc40be9

SHA256
95ff192b24df5d0c1516fb4de0adf501a715aed60038e0c250b74a5279415bba

SHA512
8ed84a4ff6d1050c89bb3138a33870deaa1f9c20e384365ceb1231482452da9ad48ccb5920e4ef8d66de2e28e2dc5b1716c640eabc79367b7c5537b456580008

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c5cba429ae60fb91d6d6579cf0e04f02

SHA1
8622b54dbdd3baee5ec74ea3999f1414bf383ead

SHA256
3b316d08969b208541fd5994a56d2dce6fa83c9eb13ee0ff945dbffb8d472da1

SHA512
d977e7ee3084b85971547d6af8101cb535334b554fea81cd6d87f4ba746090c006d086585cd2c39b2bf955afe1709cd71af3f9b45ac4da757ad7373e4edf0554

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a35b3e310e8e0adabc615d9ae8a66726

SHA1
946d93fae8215e98454ee0c08581c3a5d56d0918

SHA256
fded046f933d474d359ef096d4f56ce3ddc0470cbc8c8fd82846be02c2591135

SHA512
4b1c3288cb5cf98ace0a2106a0de1ce47fb35b192a26785dccf19cedf7638c2e68ef883b70eebaf4d184fea53e1b58bf9436adbcf5712991c6cee8767907db41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d578b13a13ebd33f7f3ce236f43eb08d

SHA1
324933a0dfb6183db0724d24c9b52edc18322c3c

SHA256
1401a44292a88701b2085c48dfeb1579b903462ecc4639341d5a93c67682b687

SHA512
aa26f8f842883488126c24ee8a4e3f0d95af7b532989ae9afa328d117fc83ec061b77b3043fb793675c9cbe92cc1e83a26079296ddf927df0fe14ebc5d7880fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
7f26efc9afd4bd1119ff98f94119b2c9

SHA1
08d32a24cb32de81619920c8db7fc9f7a437b879

SHA256
4a6a3f1e5ba1c7c1bb73701f51dceeded9d379442d132f354d0b3fa20cc9c76c

SHA512
50054d686ac33f56d2f8d576db25c5b9ea90bf2944e54e6e82572eeb0cf3ac5cdf58f659439b51acdc32e1c1709ba2c95249200b9fe1e56297ed22d1b23deb8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
67fe1f227b8d109a5754812657950a44

SHA1
25cb8e982679c84a7d4775d1c1fd209def6d27a0

SHA256
b3141071d9b4de8b6c0602a0e2af68a1aad568b628234c379cf37d6dcce5262b

SHA512
b1f9e439e7b3fcb485ed53b68b765ff10977bddccfc0ac1e6025a36dff8db4aa0701c01105d9a4345b8081a232ac0a3ad5b763177aa3df9978c6188846d65c0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
6d700a238a3d31b205436abe63f352f2

SHA1
bbe65366a01909220d24133418cbc96104427193

SHA256
86764a5c3f250642f12949493a3c59715f067b6bf14058b1a9a7a90cd7be4251

SHA512
c8ee8b28e1cc2d1fabecc202bdac24ac544a643cba574df53547f81247026a54c3eaee83113bce1a37713f18cd3187843d16bbb44316abe9a39ea88f3f1bc9bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
14e544620c3af4cfe5d7da8b5f1a71b4

SHA1
215123223dc44128bf8a662e21342da2c3bfe571

SHA256
8e53c171ff267c45492f8a08d580b3c07a56d0918ce5013fecfd26d12e2b513e

SHA512
e2fc8aa29862ca7ce364e252be127da7b8b3613e9413523c7378434f6a77f5da9c98a7c6e62709f3976e242cc877d9f6abfe2cd599fcaba6122b96e678480b26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2d55987aa826324fe6f8d21368a38697

SHA1
fa5c14193ecc1138cd027f0e9a976ba45dcc0a4b

SHA256
59a8085b8649c513a5a1da3224dbc78a518d28ece9a6ad2784f0ca73b3c59c63

SHA512
35972e8c2b99ba1c2dfd282bfae785a4de794331b5320fea1a1864269599fd58b1b25078873082f4202517cbe006f35f70129788f7b8aa1a5eca8c94367fb447

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
920fbfe315be7814e93713effbaca5f5

SHA1
9689d24287a5c5016c64f0fe2eeaa599069015a3

SHA256
8697d381e179622f47529e63d9a922504569e675f5d181057c1b72e8e17b88b9

SHA512
49e19ec17695f19965f9996b2687f164345a63656bc373dac54b4479ee7753ce5fa860963700b5d0f76d23107d919ad028a389ae9eb81e1856ea08c3f1bfe3b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
644a9388a029e20fdfb85ce805984e26

SHA1
59cbaf3ca8856c8b56a888b3aba7a572a9d43bec

SHA256
19ebdde6551add573594a0ba456829bbedab8816cb493bb761b37fefd90e63bc

SHA512
e930c64868e21b2dc7ae7c91b02b22b2148dca9407a2a6a58ecb6b939f4d9b819c012caa1e76d3176b4be70decb15be20fb23eb51220ac3a61a26ddea8acd10e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3988.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3A39.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit