ca66a8804f12ab701fc26100e8845c5916f6809461a711d70a4d16430d725114

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-08-2024 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b1907dff5093667fe5b79ef8a3ad59ee_JaffaCakes118.html
Size

6KB
MD5

b1907dff5093667fe5b79ef8a3ad59ee
SHA1

92f264d996c1f7839e20079d4707e6933c0d3806
SHA256

ca66a8804f12ab701fc26100e8845c5916f6809461a711d70a4d16430d725114
SHA512

7b25fe90c8c7f9c567cb2009d6bba98c414d24785256bd06d8bc756566433e892f1b8b47a8d148cf5f1dfbcc0883c65ba9a7ef334c95e61f42fc18ff752864d8
SSDEEP

96:uzVs+ux7HQLLY1k9o84d12ef7CSTUeJ/6/NcEZ7ru7f:csz7HQAYS/54Nb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DF7F2051-5F58-11EF-83F9-EE33E2B06AA8} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000f7abdd16fa1678407c20656d32513573194d236b679b6ddaf26c679dfaceb856000000000e80000000020000200000009f2c431753bfe93b1f77461f62179cac60d5bb0c7578f6bcfedb2cf6e37402c12000000074cb9676fd689af6b4bce12732aec71de483f875429a73438793e8a572cf480340000000e1459170a1ef73413bcb26a5f46b9d16b1abc38a2bcad02414f3956ef80529517178722c4a384d9e7ed93b4f2909170463c17fd44c58820f4bc993d5d26d39ac	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 005c9ace65f3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430363945"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000007ffefce6c1cd2738e71c5c65b5c8bcc28a78c1323d22e34af3d5f7fa05877a1b000000000e8000000002000020000000b0c68fa4cd88deab074dd9116059e25ebf648bc6475dc480ca987b561556352d9000000060245c84bcc5fc4b2c10bfed6664f7904d21b0fec3e22eae1c99e0443b2b72bc1892bb2143aed93dd2913c39ca079f3f24ea8ee1a05b768ba0a60379d5d0bab525ca1ab0773332ed05a9fccf140c428073c59cb19278c111faacdff3b48521083f1b5f9ca3cc99f3b66af7045a306fb1aad5d4c6b770acb97e261112af486da8b60de07c12d0351a704a7457fb33aca740000000bbbfd478be11db2b1a3ed700b9d753eca5a766b01bc6f795482eb52b9aafdc202e16728df8c34c821ebb19fbc9844868fb4bca52307ae559ce1d436b42a542e7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2404	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2404	iexplore.exe
2404	iexplore.exe
1736	IEXPLORE.EXE
1736	IEXPLORE.EXE
1736	IEXPLORE.EXE
1736	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 1736	2404	iexplore.exe	30
PID 2404 wrote to memory of 1736	2404	iexplore.exe	30
PID 2404 wrote to memory of 1736	2404	iexplore.exe	30
PID 2404 wrote to memory of 1736	2404	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b1907dff5093667fe5b79ef8a3ad59ee_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0be4f2f6b0365e6cda7df5a5d9a94d71

SHA1
148f86315758cd5f768110db2abb0ffb08fa6a10

SHA256
94202e131a16c976dd63161e77f1dfe1246c17fe5d7f1f1f45a68f25a164bba3

SHA512
2877ee5973b41723fff76653f1c58d4f6eb040472ef9c1d3653e06982e270c3f4c0704f52ca7e8f9219ea5966c3648d3f67137567777a53f0938fab25c8eccd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
908d629ea7e87c668ddb18fd0d468040

SHA1
8cbf0845b54964c90e62e2ab7b5d8dbe08b9c9f6

SHA256
2c9cba98b99f289174698d925b09e6ac44d5ece972a5b787a32758e9f4c4fd51

SHA512
8fc5a2c9a98a5944bc0f13e965ff54dbcb6c563d8595dab2f61edd5bb77762e7c577a393b51141f0139f1dc80e5b466942c30ee5c915a6e5dd7da6cce6ac3a37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbc0870b055a9e7bca7c1f847af9f84b

SHA1
cb7659b4fc970294d0aeb3745a31d18d87aa7abf

SHA256
445b2e73ef24a169faf9042f437bbeea11bdb6c24b0895937ebcca3ad946e3fe

SHA512
4d56d9aa8c37a7c5baadc6954946d1b5c817f3995aa014b044eb08aa71dcaaf2dedef9c070e594f9c58ead004a7195368d3fd951d443433915494ed7f6c52647

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a96c3d398a4437b163a7b81ae139b1d7

SHA1
36cf28f69bf1214799947a1fa528a1fe20078421

SHA256
ff159cd82accf3037ea20e47d6e26a1cba5731778d06198b48cc2c5391e9f56f

SHA512
fac06f80087e5bead37c47bfcff46e8c0c2ab4b30aba88f713865d7ff17eeab8b8451c81262559846ae0d5cbb23990c94938a37f924ccc08163d6424a40e0db0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5758c86e52d8a7b7dea6576207372a72

SHA1
f5a6a7dd5ad5270450b493275141788dfa31e1ae

SHA256
5ed1a670a6da94e4a6d1a40cdeed27da9e88bb7511661209c28cf9119500acdb

SHA512
bb4b81c94ce801e714d751264d21a6e21d97e546139d3c698ad350c563d6644a46e87befc80dd236ec63e9938b34290425ca1faf66392d953fe0337da897adbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccf32a0a783cea7a01a29f44757781a4

SHA1
09398786468e9d31901b97e758cd268c33e8c0fc

SHA256
2ee964c6ae08be11ddb4416eef12088172d9de588934e889d28343597a3c5376

SHA512
9e72b06708b5ab1795156b23e850371ac389a25e477069d3c6f9e720b558bc77856fa0bd6439d807b677ce2522e8d0175c50184de293c50e061c0300ad378df4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d688cd5de43b231ced102c75ffdb126

SHA1
4668ebaca84e91ffbe9f556b50058bcd88b8c6cd

SHA256
9e3aca7ae72f43f41d583555c85ecbb9c3636ab97540014d26ffdaf8972ee4d9

SHA512
65cb8e62a3d3dfc38c6f599c94e047e0625b8b5082a86c98ff9cb757fdb4240ecf45ac301a2dcad8273c6cf1a299821ccc1d095525498231a78cbaecd7bd6171

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ccf8e32f72e79865a7a115400355662

SHA1
7e784fffe0ee72482077b96b222a95c72b7732de

SHA256
0d0af687a7314d02e161deec21158835b1235a3edc0b171179256830bbe00668

SHA512
d8140c43419ce689bb9ce6bc4ead84c7822d35419cb6ec314c614f406a58d803a50f63e583be755dca066811570d58e99ea0eb34821176482f4e39d796730e19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1908000bb836bc1c3e23fabe20f3f85

SHA1
f7a584f5b777a426a3975f52580e8eba8f690a77

SHA256
96795d55eb61bf2d32172a4fc7d1dd91629a44b513cf85b8f487754be8299d59

SHA512
f876ef2b8f102fc3d3c5f34df9821731d512dec4f7f393d51521d5fd7a1b9292de8731c870764ea90a1b7e6909e4b45f319a971f4fbf3d7c5c9ee7883c9f4d9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
177c85828daddbbcd373a0864d106998

SHA1
a748e6736660d1a956275f37f7644940ef863975

SHA256
5e8767bcaf7203c6e39f508edf38ea34346a877f4f321de7b209cae2f81938d0

SHA512
eedd796177c2a58cf75c0d1ae596026d28916d2e2311c938a8026e213ed99df109a100532698f9b7c321b44aa86043125337a880f3481aed7c508cb106986d6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e98ce7dd805433ee3e5ccf1965c49fa

SHA1
c8a5b430f7f87f244f2f5de38a57916717c90b67

SHA256
dc765ec08147fa2257b2066c4b850ad51508962fabb999558a42a4314d64c472

SHA512
aecc6ed429fafc59b629e8e9c04bf5b03a8b633739813b5a6f8c19cd0b90b17f45f7de0961f1c1c4cd0f385767bebedea832853efbd5b3c4c2a0c9046faf119b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab568C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar570C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit