06674cec17ea8f200cdf40cbd7b2b68ace35d2b6585cbb91f05ec2246abb0ea5

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa0643178bc790da14defb554cf1daf8_JaffaCakes118.html
Size

1KB
MD5

aa0643178bc790da14defb554cf1daf8
SHA1

9ff9fc2bd2da62cb047defe6bb3a74ac98e8a80c
SHA256

06674cec17ea8f200cdf40cbd7b2b68ace35d2b6585cbb91f05ec2246abb0ea5
SHA512

04234174bf7d0024d5de376577232c75eefd5099df22d2bc8c3ff7d277e0ae0bbd5f6207c040f8317aef884c405f5c222ba4206dd0febcdf246cfa1002643512

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1AB76591-5DF8-11EF-BF10-EE5017308107} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430212433"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d07d4cf604f2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000032d1759dc305e4a4b2061206c9f054530c2fc4f2d39852979c4cfcdf5f1eed21000000000e8000000002000020000000c184faf1ccbebabcc38f6a73d2e87305bb15fdb60c68a505d37bf699e69d9626200000009d4e69a5264ee88d72127c278830060eb5ba1c09fd0015c4733714b3b9b8ef3340000000366c7d4487f4f8901d74027f2f2131e7a92b74d3759d5940c41da6cbd537d5a76dbfff53c19d991e07394995dd495bb7ab48218c34d1cc59bcbb538c83777f47	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000080bc231294e17ba3c960f1ff2b44592cf76167a172506cb767c3c061fbaeb4ae000000000e8000000002000020000000d3f24013076ebfdf8de889b7b0fcb3732df276aff69a2b2d89bc2b2072cfdc869000000063ab1e95763300fb4e1cee781be8fac48c5161543c0ce5ac3e854032c2c6ed0b7aba06ed84062aecca5fac6d10101a5b41021c192d8e2baecc86f8a95dbff3bd3ead61d78927e134acbb6fc6fb54cf34728b3b9b4453365f35d63cbf7715c9635c26eb0402028a0f9e023b8336b3f51ca7ac2146cbf710a5fed9bac7974e63da89854d46ebe65c6a28964bce44eafabb4000000085a4a91435760926a282adde967e73053483d33b493d548a707a1316c6136ec8439809c1a7b064f9a789324edfa4fc0d35a49c6d6cd765f2ae399ae51a54d944	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1856	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1856	iexplore.exe
1856	iexplore.exe
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE
2184	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 2184	1856	iexplore.exe	30
PID 1856 wrote to memory of 2184	1856	iexplore.exe	30
PID 1856 wrote to memory of 2184	1856	iexplore.exe	30
PID 1856 wrote to memory of 2184	1856	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aa0643178bc790da14defb554cf1daf8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1856 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccedcf23805e680beecf65f55827ec6d

SHA1
41e9ed8e53ae41d9f05cee399f2120b398fc1901

SHA256
0d27eb1aca7c52d230257cfe9f2456243589b0dc120ae019fd160264a9df27ab

SHA512
02e31b9f911fd0505f84aede33b4578d0371d2e22895468af5444971506caed0e4d8b6ed94276cdb386434e1a5abfba21d86e2282c746e94776f5f24ffdfa6c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83cc9ce972328f3bfef0854aac4a9751

SHA1
51417fff58508f821a9bd1e40b1057ac927563b3

SHA256
107fb966b087610b772882a08563ebae34e83810522d2af761524bc211b83552

SHA512
da58f7dec2debec50dfd02feca93d2a64bb2b39371c497a27093807c6871fc495634da1d77241485687c6f9aff84664c3353c19aa99de2e5c32fb13ba6c90101

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54de995d4dc9629afabe3a07bbb633f6

SHA1
befdafde34a78a6759999d51c083e0ab79cdadc5

SHA256
b958b13e0559367f6e1eee7f39d44cee921a306b5590bf52fcaf4ab4288e0651

SHA512
8a39f9c7c0181921320e399f4aba3912f44ca192056c0c6db56d08f4a5bb23931a8ceb127342b86cc8c5c6138b557ce1c610fad5a77bd8fc602f65d7b7d43925

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2315655912b27177562e197ca2e1d79f

SHA1
f30cf413046e7e2360709f8d231ffa9c74556b0f

SHA256
90148ea9ca6beed240e7a5923a19e14670ec23c0ab8f43f33f25748b4d361137

SHA512
4026a03a5cbb3a5eeb8c13b9e4163962b2eee86c0390b4f0d0f1444e11aa272c6886cdaaeadfba57d36feed46af389ff64f3fea9d2a33ee4898b59ab668b5f50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92ae92ef596c05e12dda7cace51ed4ac

SHA1
4b66cc2c8fab5e6ab904d75f593c17554de56c3b

SHA256
7fecd421f99f300cbd788d48c2af0a4e7dba7bb1fc674d4147a9413ce35c395a

SHA512
10484fac2ba8647ddce80ae63a450a35ab71bcc0d3e747457462a4fb44474249e233ca7d74306bca14c0bf0fbbe49f4066fc58efdad43f4a5afb34fa47df4e4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb0a999370367540ca2744eb1bf14484

SHA1
d7d368931b1b7d896fc15311985e931fd9434ac9

SHA256
b30a6c92e452adf13c17de69fae006a057bf3caed03755d1fe02cdb0b1d53c06

SHA512
f3ddd0663f62cb08c063ea9a375a3dafebec578a64edaffea2b38346ccd67d827556000a1f43e6d9d741d8c14c1a10a853dd316a35e9c05c05aeb4b97ef6ac29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
177026c59c78fe2a9459f951e685fc31

SHA1
46744f51b018330fff1c5c41e7946d53c69bf03e

SHA256
77249d318211fe8245cf9336273ab23ab7b6020d614d3d4ea38b8df02bb16170

SHA512
d8c90729b26c7c4dc390c52733ca7b36a7dd0bcaca3439af9b02d169b00e6504254f7572de8302c9f7a310c7cdaf961305add7009244818101a3200a98c1b853

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eac903d180949b94eebad4b399fbdc2b

SHA1
8f6195055f1557aae00eb85c43fd45aa59d2023f

SHA256
19978dd5b53aa869accd9dcd97d549742bc374b1bd2de6c455205a04b7b7dbd1

SHA512
a8dbe4306c0051a8ffb86c567ef3336c3710fe07b799a3199d1b8e3f9ef76473a0ce621be4229d9033a9d8508378cfd66ef9829fb1828e3751e9f3edc5195855

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
287ac04786e16eef9509246667a32ec1

SHA1
be2ccde5f56d65bc427a549180cbfa78d09d1b37

SHA256
805a5d55b455854ae7812e22f77c060b4d7b97d1fb5fd534a616574dd4487f63

SHA512
6b2b4db88257f9336781be24deba1b02f719783adc27fc2a41aa7544ab3fcd8f30db6556351530a2157f12179ab7b27cc51b50aedc6ed8c1305efa34bf1bed5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3a2b87b5f489c57ef799a687955ef9d0

SHA1
a7a406ddde76c43e91b69fb3ab24a26534735682

SHA256
9334d65fe33100598d5bf7e591024fb28777b6dea00c3302d4c89b19e0123090

SHA512
e3310ee1bbffbcd94386763b9586bf0e03afbce4637afb4679bc4d807e6b1dc58a4b21949924e2658f61bb4384295060c4bd44a7c82e45b2e0112051408cd1cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5730084751d3d606d0fa6c7d2e862cea

SHA1
154d9810c3dd17f1504005d616c2a86b24dca0b0

SHA256
cc30bb0d8fa3c023fe46113e65424afd4c6286a53e55b2a5fef56d4335671a4c

SHA512
2a3e4317f476028be125ce2f55f971e83de229c0bb0ba87f925ab12922992aec7d46183b02bfabefe39a01b9eb794153afc1370887f425c60e67cdc3422a0389

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77ff99898f421e70779d2717edaf6343

SHA1
79abc529c072b632ed9a05ff8516d67e71bad6df

SHA256
383de2f5f050b50f06d802f781b72b31dd61857e8946d5a26093e7b9bbcf757a

SHA512
1588898549e609b5bfadbb0c7b02fe150ac61084d69cbe640544202ea4395f7fb96a422a22650c9a036ea98be3e31ca2975b043808218a30d14893dc26f9e3a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e1143ceb08d01cc2fc69db464b52a05

SHA1
a497bfacb311c24c2ef8e1f2cbc1021979a3ae46

SHA256
2846465ff4969bd9dc25cb09de1d4ef86cb7ecf782f82db2a34e01b5708bece1

SHA512
5461f80164bc1a6fbcec9453636f4cc8e2a2c70db70b0ab94b5ce3ccf2e4954c8be2b7f08ca30d35ef650569d24801bf01e133389db1073d7428dd37d504be3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d13555d8098b80ceba1fd0ab349b817e

SHA1
3dbe444553bee970b09add3e305bfe11bf80daf0

SHA256
e57dfe7a19b19bcd4751032fe4e11adfe366f78f229d9d7210dce8807c5a1356

SHA512
6cffc03efcfa28cd0fe51a240c977c82cfeff31363927f82bbea15bed2dae23d8add8abe91c6ed5e77f5d7534b10db310203be178101aa1450ef2b6345973389

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cab42da6ccd09da2cbd2a99722613581

SHA1
752acfdf58fc324cc5e4514bcd8b0c2037c155fb

SHA256
24f28f66d56acbd474f9beed9490a7fe689c8aa26d6b286b563e2410583018f8

SHA512
822d4254fde3aa0236db267c6b91246f45e58f38fb17c64046ff938a4320673f2b51ed5f15cc8d0c677c07531c32db053765c8d9dc8b0404271237c936e6a8f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab699.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar709.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit