579ea0cb5b1612208850e12e2dfda7e50673c9f256bb78b0a03f308390cf0e61

Analysis

max time kernel
134s
max time network
144s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 04:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a99afd693fb50b38272ea505ddfb1aa6_JaffaCakes118.html
Size

119KB
MD5

a99afd693fb50b38272ea505ddfb1aa6
SHA1

4f627b04d16e757ab4f8651e79ca868be81e0a0a
SHA256

579ea0cb5b1612208850e12e2dfda7e50673c9f256bb78b0a03f308390cf0e61
SHA512

8cd9cf45a01346696678fd24548415561ba22195bdbdd3577787d3d968cad175fa6f068e415ff9a70bbef9da38a3b73ac68d661186c9b3d3cc8c0cb718306c67
SSDEEP

1536:v40CIn1MsxqFmmGKsGIQYf4pbq+26vI+jce:AxInj8IGIQZpbqx8jb

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000022f499f0cf3b1b1248a67f93844cba9f4c414fbd8ff53f186bc752b16e1bb6a3000000000e8000000002000020000000124e9157af648ba0b9edcd6f76f78e56f1cc8cb1ed43e5a87591e4d4b109b53290000000bc555572fda05588ba249a09db83716460e81f7fd23dcaf87813039b28bb13cdd41be7d197b4fa2c65b1ebd8c80897ff4e8c4308dfee0a059565fb63d97411600d72682d46a98fe114a0d339d53c2e37af2084d1667e32e0e67d55ebb9bd71b3c6c651b6ac6a13123f3a0a6e6279557add552d2fd8a07bb3634bc67ba27fe80f40f2dbdc90deb8261fbdf4302b266ec140000000c872b324136a0c384a92d3f5143edb3cde8e80886b80877841f386a07edade865ce6e10241571a82f4b20dcf9b599b32fa1ec631341ddd4e049dcfe27cf17983	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000057980c1e9161e6fa4850b9c1f59a7c1710b6c204a5b3321f46f24a1ba238ed4c000000000e80000000020000200000003d9fe81b7300464095a7a6baa510d1a4df542b27b686a7fcea616520bacd6b9120000000ab0c3eca0dcff599ce85d701951a0d65467f4cfc9b48781a177d72442b14c869400000004b533f2a6a0b725830f08e0d25e61629cf33850122e9236ad7604bdb93a85814c350981c36469436d29b73a3a2991ef5b3a5767302ad0c43ece28e5e7f2b68e7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6888D011-5DE4-11EF-920C-D692ACB8436A} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430203974"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50e6c958f1f1da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2532	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2532	iexplore.exe
2532	iexplore.exe
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2404	2532	iexplore.exe	29
PID 2532 wrote to memory of 2404	2532	iexplore.exe	29
PID 2532 wrote to memory of 2404	2532	iexplore.exe	29
PID 2532 wrote to memory of 2404	2532	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a99afd693fb50b38272ea505ddfb1aa6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d41f495fbce485b9b8b07b90315c2ce8

SHA1
e161136bcd9d49f08b15165e1f49a08d259d9ef1

SHA256
7fa007a84c388b3dfe16bd32d29620e8f7f03d741b45e4326d7219ad26ac20d4

SHA512
3d7e25cb553e5a7e5592e83b9f978eb8737fd81a1c5ae9513eeb3e326c7b38f1a45345b8e79ea7f0e5a5d5e49cbb28ee383a9f74bcac06d6735aed6456824038

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96b16cd1b055cbbc507f416e90fb125c

SHA1
919545a69e7db2106ca36d7ef82f8b6598277f40

SHA256
1178d18024c330b33d3d126c412725a1f35e2d1dc2dbffd363a739c7244306a7

SHA512
22a9c850c1ae9ab7cb2d6e0b10b7b69331a22c80b7bd110a4e0be3778a8b13ec6e9713a4f38d24d97c4f59af4053c48fcfd3fa982fd95d2a0145a7f88e5f57ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4811dc62bffadca55a2785a48a7673d6

SHA1
988f56e8ab84bc9952ffc10a59c6ac5677ed8205

SHA256
9bbba22121ebd748b5f3853f2d74ae0f185d130074dc17137a4f19d88cf105d6

SHA512
0386a0893e761245107df5b097e9d95b28d791265baf022302ca16bd178e7353edb6dc038de82c1ea6ebe32549a75ae7c30ce3ceda29dc96b1d554aa17262649

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0abc2b776c2514e1475f60eef86b1bb

SHA1
0a5f36517a18c42134d7bf8092e845146bf04a02

SHA256
ddf2ec808a5f2a0e1c8316ca4bc261762f7f2363820015e85ab06cae41573b37

SHA512
06b481838ef8bd1ba071ca20c38f62a50039dc06fbc912438fff8c7b904c55d136c3b553a1817f4531dba686a0bf85a9bfe823ead4b0feca855cbfb6b1e674cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4da03bc282c23734dcb4d2af6861f6e

SHA1
b6cb15ccefb2a686e8f9b17a94abdfcfc6ca9adc

SHA256
0b9d9354bd6147d352aedaca9a9c1c0e278fbde854c844251ca50b3553af24e0

SHA512
4728854fffe8e0e40d5cf2ded98f581fba73901dbe98aa99660d7ae2f85d60ec99b419c49f719d9c56581095fd97e8ee24e0f654d6bb653f20a8124fed8acf81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b9186e66344ac68b4c3d84bd428ca15

SHA1
db713de9b5972b4dee10a2f5a582c5806e27212f

SHA256
ad4d730a5f5260ff705673733b4c876b0eab6923b4ce58030cde4d2088cfd216

SHA512
090459a87887742d3f50dc3d23be965b9b0434aeb193e43404ffa6a5767933cca6e319d7dfab5e08a00cbac037d87e0e26ea4cc627e4a1e9fd7c7ab0f103168c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea3e4acbeee1258b0c48a87a53e4aaea

SHA1
44947cba320be411b08ec179cac6b74f024ed38b

SHA256
5bb09f34211c86d55f07e8b5069becf5bc18a475340300b271bcb7624e8e6a22

SHA512
6a6e637380b7b0e6f6bf5636a1a133808f284b9876c4564d0fc375f04b74bff7077ed13bb82af1dc248a8009aed80e5829bc2706dc5b66ff9673bbcdc89ed7f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d55d8a43fb33092f40c042292aa9e1f

SHA1
47c74215e705267bb311f64fed39452880366a3a

SHA256
1ca3c51d848e03a571aa89b8b9000bf17b2ab720ae4720705aa68e317bb19413

SHA512
7e607a1e4972ebef004b6e6e9deb13a9e5170c20ff8ed4b8d72d8ca2fab44ec7f0557f104f5df4a71a44ebfcfa1762cb07b4065bb967c1aa0546d985a255e541

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38174bc48ec1605767f235a182b9fe9e

SHA1
d671466c81fa665ea4c9e849ccc6d69a44920053

SHA256
90c27395964f54415671f5200a52e1f2100056444eaeb217eca87acb9ff2aff5

SHA512
0f1df3a0869b47b7598f34d70a9fc591574126d80f1d10c724df2861b6fd9d3a7def402ee157691cdeb13556ed411095a40c16cb358831247a293220108a622b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a4e48d89c6a5227bb2541323c2ecce5

SHA1
3a935f724c6c5d67193ba1c0b1a7f467040b3088

SHA256
dc8d564f40698a1d49f3d7ab068e5ce851e9ec748f6b8d5019f729c3af218aea

SHA512
f23f737240afd1bd36830d0d2c671c76ac3726475c7e9d776db032f28c3029567277d114b4afa4f7887cf05c1ec90c744a4f2bd0ed8b9b0d98b14c4b62f60a76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df0690275e26a9fd1615c8139a6b5449

SHA1
61e9f0f6398749818e3214612c66a8043bf0c2fb

SHA256
3091a2fc8df41377be60c7b01c283288064868003caa7e4ce0c662cfb1708c61

SHA512
de63e87cff80ee74c51135ada040cba7afc88f9becfc3f402a0c8b8817376e10fa0acf2324ff82c35ce93ef32b36f04884b11176daae3d391b007bb0e92ff5a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2a9138e555d06d775bbbf145da5b665

SHA1
4d5588b8aa8db49aeca37ae732a86f63cb9045de

SHA256
e0e70ab7d588db19ae77909c141e366acf8fcdba36902ea0fcb0682efd304c3c

SHA512
1e9c975ed4a9a28355c5cd95983418268749c04f5fe1283f5454e3f96732fc64b64d122f79e7c8d2797907f402fde7eecded8f89d44df4be968ca0823a4ee2d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fabd04ad53fd9ce8070385affb52cdf4

SHA1
c3bdd1038bcdbdf7eb2bee19b5387037eb91b844

SHA256
935b398ad940dbf06853d445ba93ea9bc1534fdd2051ecb1222063d2b83db07e

SHA512
d00a80973d9a34ea8c19672a9e2c45e38c814f83ec77db7bec19d4fd165a805e954ae994240f07e219ca45cc1c86a3a7a930842eb72011c646f060937adb757e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD6B1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD7BD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit