14cc7bb942c121ea35d6bc7240e7b54621c4216e5b2c642242262de6ed5ea342

Analysis

max time kernel
117s
max time network
130s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b11dcf48ef92b543cbe6fbf389a4df78_JaffaCakes118.html
Size

6KB
MD5

b11dcf48ef92b543cbe6fbf389a4df78
SHA1

7d0a958d9188e6defde9fb622b42f979ae06a6c9
SHA256

14cc7bb942c121ea35d6bc7240e7b54621c4216e5b2c642242262de6ed5ea342
SHA512

63e345f3c066c0c91976183b619122236c6b4b0ec6c03ee47ac2b9cd00d59f22af80ab07bb31b81cdba632dc397cbb32ccfb5d35513d7bfd47a74cfbdd1a9b7e
SSDEEP

96:uzVs+ux7hILLY1k9o84d12ef7CSTUibx0X4wcEZ7ru7f:csz7hIAYS/aowb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb470000000002000000000010660000000100002000000076e1bb765bc2a72f59e699ec3ee0f1af3ba4f80a8b33cfb76ae421a03e62f289000000000e8000000002000020000000e2def94846e94a865512eee790b1df55c35538b2811f9fef7e94ec15934d2b1d200000001436e2676c2f851c9f9cd57d2909a49e37c379b610f346a79b0907fd3996acc5400000002bb4e731075f0d615fe0440b738c5e324634015c8fd2aeb52d4d44213b3dedaf029668699a4b3c32f13ebd75032f2de6b00d6a471b10e06ee483a4e59a991030	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B195AD31-5F44-11EF-988C-4E66A3E0FBF8} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50a48b8651f3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000001464fac56342ab3496b931fbc77117710c6f6969261c81241c58bd4b6ea988fc000000000e800000000200002000000002ebafe215ec1f3521a3d47459d08b30df20f774c55d593fb4d4eb9cee1d8163900000001fab67d1db71318a8f9158e337be31f75c74979c961849cffb561723b23d84e4ff3bc600950b13140fdb3d9427e6cf6ea814821082bd27fe79ac5a5549e84bb4f74a19812fa9d3027acc0389bcd789d080f4ef458fe1c119a5f82de5cf7d01dad4be5aabe03ca93f6abae4e912538f0e2f285752f57efc61a5874432d796ad8f682b957aee0ac610865fb29b0bbb7df340000000d576f7d8134c5c3ff31d58fc0a0d8f7280c835a2dea9e31a74367aa0d58af66f58c06bfe69967c225beead847e0454e808644fa55a636f4e6141ae80982d453a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430355280"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1908	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1908	iexplore.exe
1908	iexplore.exe
1876	IEXPLORE.EXE
1876	IEXPLORE.EXE
1876	IEXPLORE.EXE
1876	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 1876	1908	iexplore.exe	30
PID 1908 wrote to memory of 1876	1908	iexplore.exe	30
PID 1908 wrote to memory of 1876	1908	iexplore.exe	30
PID 1908 wrote to memory of 1876	1908	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b11dcf48ef92b543cbe6fbf389a4df78_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1908 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e8f048f749579083a812c935d905220

SHA1
5883d643e7fd29c85b834a047f2ed4034d6313b2

SHA256
d57664e89808d0b1456e88b08b6d807da8263a77ca276b1038b6edcb3d100453

SHA512
08a5973e212070acc749f3ed7d59bf51a3ca1d8d123536d7a7cd4df3c0bb8509634017d52bf5fe56e938ce0b61143760efcdebb8c7958e17701440c1d9333400

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f01c56d955a38ca5cdb7906a7760ebbf

SHA1
5b0ff788b0ba5fdb86184dc45626381474afa0f1

SHA256
bb995d682bc7aa0a2b948c5f069ddfd521ea0e340fbc199934b8640d1e226671

SHA512
635b7080d99b593630becd12eba5f1a5117281cf1d7ed435521de47309cf8a8fa4718485041ee9fe4cf649da2c80cce6ca6c46d4cace7918405853f4ca38976d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b4f1379aa12dae3783e39bd116e8342

SHA1
ba21237f2ed22d3e2636a1b92ce4877598c69d5c

SHA256
4587caaf175c2a4b1ba65c89d372fff5778ef3b728f3ddb0f1821b2fd5cf4883

SHA512
eea1ad57a68458a165dcee729c87f39baa02f2d4a902ed1d328bc2e58baa8873c8684f0cc8d135d509bcfef1d23cb0f6532aa7d4a5a4ed357b8da9e68b5dd1c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78fd72003cbfe29ed4fe1512f6885ce6

SHA1
3fb73810b00472a10d2530b454b2144d25740747

SHA256
82c0affd2851e1f626d8a3db78c7a501a42adf3a3b6e6c92ecab30cce2ed7d44

SHA512
b621a3f150b95a4497af9fdc4181644c3ccfec24657d6cec20bab10faf8dc921a857f07c49617db5ddffe0402040954ad46c03976d2ffa7d03b66336dcbe72fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa9e207500dd59eaa0bdc3060f7959c3

SHA1
6b47f4691895e41540b5c22d913e3bed196fde24

SHA256
83b8ff24254e7d9f9eda407a338dc35a812ad57716649273b25e6ecc71cc01d4

SHA512
e4dc55aa3468eb31d8a98a5dcde59c51968016c6b78396c9d66384b65bdeaf9e7292b03b2c42f88e4ba7fd8b402f0701c1df2b9e652aec18fd0f73bfd62aaafa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf478c49c479afc5ac915f55a4d27a37

SHA1
7af2bf769eb77a3d2340f4a4ee7164660fab95b9

SHA256
9cf21b1b18b87a00e494872a5b3502b120968844c2351e5c4376a5cb84eee8b2

SHA512
57a6cde916119d24a7c1216c2137f05233a3b2ce4d4d4760f78d75bb14cd1dc4a8278fee4e4012cbf69e948b2ab896d8a8c4ddd50c8f13fda0b286917caf8d6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2af2f0209b9b1b67f7ebe198ac87e4ba

SHA1
1f726661f072db4efab01535863c8968c307a8f2

SHA256
150663202494270e549156636372d5b679c2169155e6e5893151a051324d3c90

SHA512
a4bfb41fb46e98f530a269bf4a446b6f1f0c7dca233680556da2e2035d426a227a79b0459e479cdef9284836930cc6efec41ddbd1089cec13e4ab4366371795b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c5e566f6227c0597fe94a1b820ddfcb

SHA1
f3da54ee5b18efa400ffaf20bfaa7d417dc2d616

SHA256
e719cb20104068910e0242ccb3a6fd68e14ba47d4f9ea940abff71aa1f8863fb

SHA512
456fdb51b95d60f39ba4fb7ad52aa2a2bcb86ed5be5df3b7670cbbd6470f34b734108b01ec98c7f457b28a386fb0ad129ac06abdd99aff519664d267a92ae915

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efc9cc2b4872e8a3e568fd4142502a1b

SHA1
45217188a9ff7b1df43499784a24278f5ea9e487

SHA256
42052e08cad0d3cff5c7d0a227cf2daf197b660ed081026c86818f4b1852a932

SHA512
aa0a5ef5b1758af1d357e90636f09532017d375a3f652da3194b6f14bb3fe00b0edaffb9a98113af3e6e7dcc76c114652a8865882a4b28084a32acb958d97bfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a2bbf22df6c0d986a837840c869ea02

SHA1
cd343234b20cc10697d2a5037a94ce1641e8516d

SHA256
447abd2abcee116dd2ca925ccec538e0bb38560394b54b292de1dc5a8ad1cefc

SHA512
af0b914429a6122080ac160368ea17ee3343edf875cab7e48328540bd9fc766c0c348072d39704a4954b4c7c0f684f347787b7a8a9ac7127ccc7663a6b989af9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e75bb4bf74816ca864428de0b92249e

SHA1
a3edeb7b938069291bc904d14042c13960c1dc6a

SHA256
158fd78b26ae77cdcedd5e9bec1cf929d82f069014e7faee0bf3f8720294b3b0

SHA512
a865aa36c1345cf0cc11f1d82e51990ffaaa80f2c976d9297a8bc328bb9a19941cdb9452ef702667aad51d7696322c72bbda9d0dae12aaf5a0ef10f5ca9f6b2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d464e8f632049a0dd601ecc6a85ce44c

SHA1
d12b47f771237c304cccf2795aecdedb943db36c

SHA256
7afe20ff973a882913d537c82357bb0625433562b57db81e6cad73e54b614575

SHA512
d45f8a070a6011ab83c18cf9ef6b4767ad74f3621d82c33b1a0744da4eb7afea6a5b69c581cef72b02727e5cd1b44480e2bdf92ccc06f13e36bb45e4b8418254

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
521e5679b0d07cd9916c5a15ffa4adf5

SHA1
db5a756eab7a9403dab387b7c5f423e2302b741b

SHA256
99de0082880221693ab5d415961937b26af7d968b21fa3ea3714e09d644789e0

SHA512
79e8062962b879c691a7e0017668c799a96fc0a3a09184f8e1e0c86f087fddd6264fedfe7146e7eea4aaff058c4e03ffad4f033b96affb8c93c3c011bd552234

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8533ffb7b9d408ae145a6f09ce63d809

SHA1
b8025cbb5a4817579ed534f6e6baff0fea58124a

SHA256
c813a9163d10527ff2eea44132abdae803c167fe1048127b5ed66fdc06f09b5b

SHA512
a32332d0783ef60382dba837fecaaf7e8eb6a7c2914cf6c75697c091dee32e5f8c505ae1f4e3c740bce408f3f930dd91a86132c167e4aef7948803752a9b644d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca583634b74da5fd8a49625771e1f269

SHA1
0544672df79af4e51f4e055cb0e878928c778fe2

SHA256
b9040672a5b7fe0ed8e550c78a83715b084068ea12834fb1f997e18c818825b7

SHA512
eb4aa7fb380874e7f6c3c06edd0449131d77ccd343e0a350cce7cec6500b0ba1ade9987f88a3720e0e987ace5e38c9494d8b60ed676b893ff2e2b6afd9ca85a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1E3D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1EEC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit