e8919a8831715900153d96538aed5ef67025647215a9ff5d43ae5fe963ef88e2

Analysis

max time kernel
73s
max time network
140s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af3ad03c69980825c0e4a386e7d7bfbf_JaffaCakes118.html
Size

12KB
MD5

af3ad03c69980825c0e4a386e7d7bfbf
SHA1

96faa809be39c00b4b04bd8cf97e5c6b8d0a1cdd
SHA256

e8919a8831715900153d96538aed5ef67025647215a9ff5d43ae5fe963ef88e2
SHA512

4c61a70ea1934627241eea54cb69e88c1c8e3ef31ac0691839f63e14706d1bec5ad0ce7b2670b9ccd6a027f193ed2ef2792c0659b520ff9d6ae2d61c4a4602e5
SSDEEP

192:Jlqf7IU6Vw8yAl7bJhy6s1ftpf9hQe7ylI8j9Ju9VLgxMNACFijou1zUNk:qj3Al79OftpfkeceVLggMou1oNk

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{19FF4B11-5EF0-11EF-B75B-4298DBAE743E} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c92000000000200000000001066000000010000200000002b9e4d84ef920a55dbcb017d116ac0825b732c00cda9e6000b0916df0e312ec9000000000e80000000020000200000001b8dc97e51b13f4991f56b10b332bee4e9ee5536577d03fb51d9a2776fad60492000000085c2e60b31c3062dcb42537195106dbb3487366dfa08fcad503be985e1b10b6a4000000044fc553c664d519030c4bd690d81398e22f9405cd608ee555701eacd8df9bfb959229aa060ee7ee68629edbf6b0fb6a850d0fa8ac14190d7486cb2e01473899a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d00816effcf2da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c92000000000200000000001066000000010000200000004f6140422ad1ca88548fdbbf645cb4a0e4837a5a3557b48d0b0f0f7fe5916015000000000e800000000200002000000008857931be933e9f7232fd6f15208203bfe2b52ae6ed0c68fe2ad33dd2f6b90890000000a0dc3a7d881ca6b440b7891c20fc2e2dbc99a7979d65e8598dc78ddec5ba0facf3968f540ac2d6ca5b24ea93993d72562cc424d475c758745d5956ce73d9175df66fd47e498eaab918d1067ef5a48a5f678b628d233043a41c21ff459531c5df3133ec7acd4ecc9c1c0b66b63a9a6e270dd1498c0cf6250e0283ec6a004e879e379e94cc628d1799229bbd46162889b44000000039da663a0799fd3795d3550266b5971291078da1634f4e18b095c8522e0e2f22d2e477601a19d9e322fb60d3263b0aacaf438d0c38e94a447cb71ab83cddc221	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430318953"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1368	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1368	iexplore.exe
1368	iexplore.exe
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2696	1368	iexplore.exe	30
PID 1368 wrote to memory of 2696	1368	iexplore.exe	30
PID 1368 wrote to memory of 2696	1368	iexplore.exe	30
PID 1368 wrote to memory of 2696	1368	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\af3ad03c69980825c0e4a386e7d7bfbf_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1948349064d07a41d5d88442e712ca35

SHA1
282b311a60b1c571f1eccb1f22c095aeee48814e

SHA256
72d0eea5a43b6ff4d1d572db9ecc3324d44dcea59fd62df106dc0077136e445b

SHA512
b64c940919f0112331b503d5e4cd244b8e28ec0d1efda32a1379a6760a18a0813bca5023b547ff93ed399f01f83e82cd8c3e7afbf5899afc8b71de29f38d205b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97ab94a5bbbc1a2869f75caf575bc4fa

SHA1
e355a9c7a399bb325a9b855d99fe56f44948cb3f

SHA256
7a57b85c79f029fe48c5391a4270270aea6e356fce80fd469e353e037a3f8dc8

SHA512
2e4cda658a0fe0271d2e05a6d7e3f0fa316ad4a8eb76e50eeeb0948bd5d4bba0200ae80e76e1b27ed8201f57751e4dbb1fe6d9c5d98a490e11b92402fb22c07d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4eac2f87f3fac8cf6b97e4019ac36876

SHA1
ed4c12be65249b6a32bc6222c0813d96b48fcff9

SHA256
9ce8c0bce73cdd0a5a793b44a56cb453df1f5e0539429ada758503a18bf3e32d

SHA512
f56d28825b0a2dc7db6f48d0bd01aa3fcbd0d5a671b3403a4eeb3a03230457cef9c01c822a268f739d1bb63cb792c520fc8697d02c49272154224a10eebf5c49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d03eee0c8b060ac7cfd1b0d7502fc472

SHA1
076c3880df202af527fdaee4d84c1bc2c9b71e27

SHA256
a0c4b5765151eb351e3cd65a44b1bf9c0ba11dce81c4858ad699f085f388b451

SHA512
8395c7d8318bcf833d594cca8eaf2b6293c4439b681578bea8740960685a08e30c13ef7f993cd8d1bfdba1db2e73607a477c000b10aefb575fd8b2e11901f510

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a65ae4ae1cfb864a75ba8fcec661d03

SHA1
54a35190eb388ab598199b7c950d2b28ab148128

SHA256
d75fbb971ec4929d96a6bfdb7633289d5ed65e8c3faf226fc0c06e1ac6b952f2

SHA512
b47d6c3932ca7ff19af900ace15917f618b3135ab0d27ad896cd624ca9a25fd45a2afe96f188fec1e381dca57bcd4f9ce0e31bf98657e60f838ba62ede0bdc2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6865c51e12d7fd4ae5301ac8c8af653

SHA1
24b9e3a918deb73ebe6f3d99a90c8f71308d4f4f

SHA256
0dc8b81f1cb7c117e6363b68ba585f7a91c97a379f5eff8618e2093a216bb20d

SHA512
6dc17877cc0fb5b7c9b1677c17f80b7fb43f51711b53573e405c91061c6b85f4b49719edbf6db5b43414ceaffbbb22e7620e30d866ddd1c1130c333f0d77d115

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56ebd3a8aadf1dc95f58706ba6a47e3d

SHA1
b66e727e1d8bf42b825e700c32be899025be7473

SHA256
f35aadd0ed197142a01e987d54c4a2f71fabc208bba9534ae892e2a7cf7d7752

SHA512
3e9fa068fd88747fe1915a7589cc38cc844e9708f208ecbc3e44beebb184649c789332e6c0fb397d037d190427e8d4665c573de5c172164c05f41fcafe3f19c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
190eda4553316d2f3cd1448eb43cfae5

SHA1
ecaaae97753da39a53d7d4b73a555045f6c1f39f

SHA256
ef7d08182771d478fb7e4e3703f41a3be7f3aa962aa263ac3c4621d3b2b44157

SHA512
e4c6d1064688a6cd4524344e19698a3be82e5f136d1511e78a54956dd8eee226e2fa4807079e3d981b8865b87f7a8b5322668c2cb2f1ec4d3bcffbad5ad9d6b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
400b4c62e5d5d963e1b599dbaf99ba8d

SHA1
0635f255049391da7a3cb2b4355b3b26274a0245

SHA256
36b5f3546f7d94b8533e6a3c861646fca1ca7285a20809fb89fe4852d18fc383

SHA512
8ebb1632eef95fba0d39e7304307bf83091443f8af62f3f4c4ccd62188a1bfbc95e136d42e6a64df0e988f87b94a20da787815f5f1e09cd22154e13d5c94fc30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e68cbd024a2632f8b45d960508c75a6

SHA1
bcf985e7f6cdcdecb09077e96857621c0ada73fb

SHA256
eb1f86e5dd643a1797eb8d73fab5d0a04cb9e9ebcbe9050b3d55f38aac6b6cba

SHA512
a323f8637b50c6a7544ac467279d48b13826c12594f40f8a38702fd74cd1473d2ee529e7e1c1356dfaba471888bd2427fd4363b28ff80236ba2a846f0d2efb10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf0a2bf3830485a1260da8122a173203

SHA1
abb02b5418c7c04ceab9fd6956f72526b09fc970

SHA256
de3c648b5e87301a9107193291947f356422cd85870cef4c9ea7a07063180ef9

SHA512
9cd07c9ded2318d5abdd31f1f355b3d8da9fb3bfe7fbe11034b8033f17e4eb530c48e88e9e4c9c02ccac07bfbee9d7b37d8d23d8dec1e3cbb92640c1cbb57f20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5db7a7b8c64e7d49f130c87a5e17a8f

SHA1
49db4a773e73a86665d3b6da166eeb57d6bcad10

SHA256
e5460bafcb04a0e3127c283dd1a83d439f7ece3acc083822c802b8ac3a7effee

SHA512
8697f022e05bd2d15578ba3ea00c2dac9c43a35eeb21328b758d0c0890536dc81ef357ff3410013676deef3f144ef6ba9adb38b1dd5a8d1c9c280c5e65bcb559

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea174e2cd2d76b9bd511e967eef0f0d6

SHA1
516c76af294aff28d04e5ab079084cdc2ef23190

SHA256
0958e6ee6742f1c814f8f00dd38d5de27b20702186c7b66ca3c1f0e3e01be8a9

SHA512
405110685a2955be0589a1b29472572cb9bd94f34f7d1ee3ef8d12d799bf381582564252d059b75f3145ae39664ef9fb5daf336ad2e53bcd3fa75ce330a2ce2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dcd210c7cf8579702ef5ce03985933ad

SHA1
667576e91013594c4cdeb263dcb5117fce648d91

SHA256
642aa6687dba53227d2dddd795dd1acfb7e1d96924d36eda72b07ea9d75164a7

SHA512
6e84a1d8ef1b80fdaab823f15536a46212a7b503feda13a275dbd2bc178a4096046605e98a8b908ad47a34692674cc2b1a74d37d46d481eda84ef834647e05ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31a47bfd631544864dd33a13cd30c336

SHA1
41ca62f95b0c3e30f1a8b84efb2d69c58c718a4d

SHA256
9e4b8627c643497cc3ff2e64385a6337f0082d223a93bf7e49ec18b8f1d55da8

SHA512
54e0407d1f65ccbb492328bf53d85db8ff8782fc8e1bc2880a0bcd31b38fa92649007f45d64e9af763bc62ae74a308c0e5bac0911dd8d3e9788c4c21d911d222

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e5ba09dbd7187f9ef991df4bd59a1ad

SHA1
59fa588ec9e2fea74d9e43d8bd865fd886ca3e2b

SHA256
78eac3369fd7d15e7ed9c934033106ed798a3340fdeb6214008d5f0af7089be0

SHA512
8febe7cb1ef41b4370617765c7e1f0bd537f35ccb5d61c5d03484f4d906f9376b606255ee20606c16f25e690cc53048a2360e5c19aae792bd54de249477e979b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab79E4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7A64.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit