54c8d1ffe91c5896c0f8d9b5c54b3f37c8cee4c66360c4c8f5e6c1f948a184a7

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aac7d235409204231b88152a20ecd4fc_JaffaCakes118.html
Size

6KB
MD5

aac7d235409204231b88152a20ecd4fc
SHA1

750523c94bcfefa6341753928db56f635f68db80
SHA256

54c8d1ffe91c5896c0f8d9b5c54b3f37c8cee4c66360c4c8f5e6c1f948a184a7
SHA512

8000e7b88677af6f9a8146d1627009cb4ad0e35dd15405b30ce80167ebe7f7f81b4834350254d8f96e31db05f6f9bb6e40570c38001469d2d92b2c1f9aa85332
SSDEEP

96:uzVs+ux77aLLY1k9o84d12ef7CSTUa7aYcEZ7ru7f:csz77aAYS/LaYb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DFC3D581-5E1B-11EF-9452-E2BC28E7E786} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000b8d0549c836c86f39f650b8a70c112a833fb5e1deccac5a2c8ddbedf35c493a8000000000e80000000020000200000008325021d6a26560213c09105e12b9c7cfb874eafdedd9722024f2cdd2a9d66729000000017718ff5f52754bb6ae2f94f79a46c30d98201f85058df0dc3928994a172b64beb1809aac5316dd255031cbc7db8194f1dc76255245576ad519e5cd6504ddbbdbb9d331f6c6680092b5d3a14b91224e427005ad9383a5f51ca520f8212884c03fa7183219f44df6f51a4ae6f3e585ea240233d925c1e2ce3b5f54a5d83bbb83226bce1cdad3a85d145f73fe99d3627a140000000acb5c3c5be128ff54d7c834a155a6569a115084d08232172c74ffb66208602504c46b10a87870b8564cf1e952538a4effac1d30dca714a5e29aa6a34c7f96fa4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0d54fb628f2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000661bbd63aa9a2ba4f893096600fbc059e71fc5935dbeb4a03f6323c63154914a000000000e800000000200002000000043638f370cfbd4f185d7d6d21e0ce0117c07651cfa15562cae64a730fc80c37920000000e0d353450dd902a23fe3c15045aef4b2b3ff736d712cbbe25a825bc35b1ae9f440000000b1577e8e48040f5e208f723dd6868aaeb65992f85573badb8cd87b76ca0ad6f9e1faf999b192d416f85da6eab5ce87994e8b0cc66cc1a977bbe8258e6ce27022	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430227796"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2484	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2484	iexplore.exe
2484	iexplore.exe
2072	IEXPLORE.EXE
2072	IEXPLORE.EXE
2072	IEXPLORE.EXE
2072	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2072	2484	iexplore.exe	30
PID 2484 wrote to memory of 2072	2484	iexplore.exe	30
PID 2484 wrote to memory of 2072	2484	iexplore.exe	30
PID 2484 wrote to memory of 2072	2484	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aac7d235409204231b88152a20ecd4fc_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2484 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9c14863833476b66da78f167ea34283

SHA1
ed57868eaa4aa5e6af61b02485a6f4c0e4ad8872

SHA256
b606e4bbfcb869393d2a3c1511d405ec67c49d3ec724591f3d2d49305120fc4f

SHA512
6970a606ae4077c8772b6f4e6313444caa186b89a5522d4fa9abc46e156e1108ac311d6efb8c6e70f7695644a04726ec64d06e3e8a20696d423571fbf5778c4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19eea22ede57a3bb62fc59fb8f7e6e15

SHA1
175ad706e4ad2dcec2e18d11a56560314c70d741

SHA256
1fae77f2e2635723607eeaa69442e9ec5d09c2e275f221325557ae140facc267

SHA512
0a767ff0eb9e0da588afbf72604f065431e5ba5865d7169a99466a18fa3a821a643177f8387076726d222cf9471918cb4042446be33e9b38880ab7dbad926863

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1435e9599f727ecc95b82e274b5124bf

SHA1
d220401ccee1aefdb09eabd665172fd3614728e7

SHA256
6de95996601638f9c0ebdc4da6cd22ac9e82332321508f34645eb56cf66ab418

SHA512
f990a04b474b4b6827c54f8b411678e1da3d86b49125b72301b399cda77a646318e2856a574d28af3abfcd47d9c490b466debd0a5458f7bbd081c255652c0015

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7cdded6734ec570e5866de6f9219ee61

SHA1
3a02fc257f8e5ab355a7660335f04b81a06ca7ab

SHA256
089a4fac14d074e66e68edeb41d4c69f2c3e8d694d73ec252c9c2c49f6b4bbd2

SHA512
a4c32094f04f6e40337ada432f7fbcb0c5d02bc2fcdce4dc40188bf3955539f947c4237496569a92dbac8206692945f0c91f0313a8af6bec78ccce9a2d2b87fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd8b1b7a9852dd0e8d3fbd35e8896c44

SHA1
0e11f06415888116bc1006fb075037964823c72d

SHA256
1097d50c94f07620b8e88e692f6c16fb6b036f4ec2fd9ab4d34244baa8e70595

SHA512
574a64757525e6d8adc93deaa21d6c0389a72941031e42880a20758b97ded3a79dd234def16a6369801b2a95a1f722cfd4b45bb4644138ab8280a85474e62d6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f66d93eebe6f0864be3a5e8ed077e90

SHA1
515909323fa2aad7680985d9a776c6f13c8e6444

SHA256
8f09f9be89ef62658023f924a701af668348278f04130afcb6a4d988034fbd39

SHA512
a51ff09e3afd4281e496b70a61d1e8b8f8af9d5d02c06d352f96dc1a49ac921548a962243f61dad474d5f2ae97357858849b3052e5a64b29d8d6438ac634df35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f5a858c2689c5fa4eb8d97b1a81bed3

SHA1
cf0252dbcdcab8ab3a3ab44b4301450bc2fdccc7

SHA256
b5556bb6369eab5af8412446d5102f7ca908680c12fa7887ad411fba7a601995

SHA512
5844c660f04054de2a46101078b67e290980e66b2fd2d111c64eb67aa59ad04c30f1a4a2923d0482a884d47de970445af8898da8fe8851ce8f1ded97064935ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8eba9fc576df90122cf48bc89f756911

SHA1
9f24ed473fd139d15b7ba8d8b73589312232d97f

SHA256
be6b6fab56ddbf21456b515922f483588c248562ffef170b40d474b50ac6b8fa

SHA512
a1203f56e0c5ef0d7f4d8dc087e30b5441c9978b9ccbc7b352191b1f647ee49a54a90a81f71caa65252a8215be8c9fe2e88d702a0f8ba92eda521b9a7de761b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac6c6e0e40648ca28ff473ee03a29702

SHA1
a1d3fedb6c62b2216064cdd1148c3a52c6d77d06

SHA256
744adb100b7eb00973502863768653e7d08cc70dbe5e80d94237cdc0703d92fc

SHA512
4a05b69cc6f42a29fb7a9513280ae9669cae29de6f16bfc689a6beece1c7a964cc520674ff4e59a5393754984dfdb2b98284904e4130b71dfe4289cbcd6feacd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61ac50adc28832086bea9bdc9663c122

SHA1
b319282d90c96c12840d33bd5e0941dcc967d1af

SHA256
48ffe56ac58bc177cc36963010e9dbcefc55ebf58e5b69512ea9878093a9e61c

SHA512
179c18809aad29f748cf64c4642d319baf730bda019fa0d54a40edea58d67dfcdb646e6dbb5c587a6cbd9ad50ed6825f8d954a4795393319f6ce25f36ce3448a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e583ca156299a4f07410fa3118b2d1c7

SHA1
79c6922444d5d717bdb15b9b1c863e61a1760e53

SHA256
9637ab2c16fb243db01a38f470c0f6f645bf1117f0d656c3301498a9e0dd9bac

SHA512
b7de4803b84e2758e7f5d2160d47c7005bf850d245dee861e94ddd7455203d46ce0aa01de14f0e985496d450de8902ba878dbf15711ce9b562cd8524825aef14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c73e58e685aaf09b8640192a9da449e6

SHA1
5876aa9b7a01005ed22c661417c9a8772b7f4b4a

SHA256
7169a2ce367103446e42e90dbb13a5c9d3ce5cf0c2742796e768402821212e6d

SHA512
a37b0d4a6348e001dea249a6889f8264dd4d4f2d731ed35ef5aa3e6d66c19402a2c255ca3796b5aeec719c255214a91daf789579ceef5f9cf3e2f9b18fa3608d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0333a4c0dfcf4840d7780605d377f01

SHA1
615a7dffe3dcaa8195e75d3ca1c19ceb144ed1dc

SHA256
a2ebd04d5d50ce662bc239646a4cc344c75c198b0caa27dce30bc1289e8c8ff7

SHA512
2ba619b473ec7bfb4f711ca2e73a0199158e65fcdfc0c962d68fc805675b9edf91de1aa8201eeef0a4eccf35fa27791f51976b99f89d300d60bef976375eb1ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea08bdb58a74cae3805b5e2b6ae3d133

SHA1
d4713fcec010c826817ed94ede3592e1703ef4ea

SHA256
3ea3f1407a3048cce02c7be8d19b746bf25259e93016e496ad3405fb46c9cd97

SHA512
929004d74baeb9685e0b9d7af7fab50aef034c6d4ddbbcd9c64a51ec56893e564c909e672aa6007897779334d3ec57cabd030927f2031d18a84425e149a3bea2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
928a427a7513ece069c974b014e143a8

SHA1
dd352fd1cb9bb12526cdef2d8ec368b7306a30d4

SHA256
a64241dc5b90139994d58ca75a5c59211e244c33a2808aad71f562498e628780

SHA512
8c3e45aefd799fae9429b6a91053cb9d2b6c6bb3212b6842841b2685a3042f857ae4d65569af8402f99e63402c11d4810b2f35ae10decf34ed34f76ea05b44cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c916a1cf0fe1a3c0559f94f036c2c41

SHA1
a2d8a8b8a2c2400e895529ab75ff2fee9d9d2ee3

SHA256
6d2838ecaa220d91a865ee171a7b189cd10902822537fae5c9c5b88f93549254

SHA512
70717d7b418e79376e54c640cbb1fdcb9e7e07633d2d6b64598d4062c177058f043cab547905aeba0167a1c48c41769db24305bcc8ed4ed153be789fcf7aba07

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD7DB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD899.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit