60a669e1bc580934ff86dd8a0c9e9cd4c1591354c43373b0ad8a029f4a1ffd58

Analysis

max time kernel
142s
max time network
152s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 19:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b4a96ae3917210158ab45bd538f24599_JaffaCakes118.html
Size

123KB
MD5

b4a96ae3917210158ab45bd538f24599
SHA1

5fb23a270bbe89cc5ca9916154489943f0911a9f
SHA256

60a669e1bc580934ff86dd8a0c9e9cd4c1591354c43373b0ad8a029f4a1ffd58
SHA512

6c1b585cb6454149ebff69ac76ea4a56d5436a0bd5aa282f4bdec34e7038377e51e7305a159f36c16c5791a743b179cd5c42a079c079a24cf100f6b8ecee158a
SSDEEP

1536:iVQAv+BVOCvbrTF7GgYx7+TcisoITtH4wuHJ:H2+BX8g4IZwo

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000694eee4fcc7a38771ee62795f0eae62b7f8f2ea82af019bc0f84727a3d3d5639000000000e8000000002000020000000237c610b42f076481291629fc8806004e01d034514a7dafc767d3c642ecdb032900000008860c3668efee0e0f1f367a69d01b5b19a45b259523e73a68cbbf40adcfee6c41d332153b980e73ed46f1da1d1a07311ca23c901709679c83c95b85938a2743380160a8b098b487b38bb641df13fc9b790627bc18747ddfaf8adf892088de551189d0c062627dd66d0859b6468d5a52fc0f6b33a9c8fc7b7a018d1ec628d387c30da3a76a835639e4fd1eb7166c198b8400000002c33b6ffb10030bb12d0e821f7105aa81a330540b2e44e913f35bc94b6265c33a5a1aac0af735c89b04d22f7be49a4b40528c8bb01b775f535ec573b709fc012	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0972410fdf3da01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430428910"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000190f680005e9d576b329e58a2a428aebe5f5e2a9710fd77eb00bfdc969e5b632000000000e800000000200002000000090ce3f5d10df1452c0db55286af635a03a3c7da6e21529b23c023badb702b80a2000000021b0d171f4406b9a7dde5a970e81e7d5592908ba22acf4751d83d75b618b580540000000e1bd13a6b127de77b5ea4d3029b7c5e0b02acdba7a48f760a1a437512306507faa26c131f3d5a9af7e5f63fc2d31b497ed7c00f80e65bb3e82185b64908815cb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1CB50D81-5FF0-11EF-A74E-76B5B9884319} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2432	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2432	iexplore.exe
2432	iexplore.exe
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2832	2432	iexplore.exe	29
PID 2432 wrote to memory of 2832	2432	iexplore.exe	29
PID 2432 wrote to memory of 2832	2432	iexplore.exe	29
PID 2432 wrote to memory of 2832	2432	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b4a96ae3917210158ab45bd538f24599_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57e5680502b1fc66d58ab833c78e2046

SHA1
66140e77441a34fd01c656f6f2a26ab10e9a3119

SHA256
e53b07761eebd2372d1fed7c6c9761268b43f78cda4357158045ed6b72e67895

SHA512
fc778429d814dd9f903e5cf774436736117f78d8bec062bd2a7a8eef30636b3b637b80ef2a65e9b018854924234642c357de341bf84090773e4a48e21178c712

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f92e3908697f63b42292321005224362

SHA1
9c5664a88dd84f6cbdbde02569c1d200734fef01

SHA256
6591e239f5b77b8af823d8143ea01a718b2d1b035ccef74f55db4f7ba514986b

SHA512
40c1e8ff89e32c00cf272bea8bb53abf84a3d9a3a2f87ecc9542e55ef25642b6120c813418e05c3ca15840764dac1e7dab696aa03859ec5a052d225f34842e71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5842dc9494bd9b6800bc739e6ed73e1

SHA1
5abb5d28291fc1d46a7d8e0d440de89c782c979f

SHA256
2a026f1a989b698877d34a45325d070af8ac2f7dd8c2898afe42f8db94107384

SHA512
8bae428da0bdd29ce36b00145c77953bcce7a90f73ee1bfdca4279f2c36da6e1868597bdf7ab47f7632dc37c640345a9ee3df6a36d3a6cc39190a750bbe6aad4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8c36327d314a427488653a37b7853c6

SHA1
c2af50d73be2597f41846f089cc8663af115c761

SHA256
46fa18ea45dc8f92bcc62cd5d951bc27d2a96d81e42298236f6b041b6635aba2

SHA512
4ba6f0b017811853bd8e8add7e58ed84534dbfe8ad6bff9c0720372eba20cd4ba3cadfd6b8a5c7f6fec0c5f9376189356fdf9435de0b89ac7db6633cb110145a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9867a7fff8fc9eba0d552fd2117e4709

SHA1
b97500386e97b65af80c5f52b8c2ab5a675c98fe

SHA256
e0d045866d92af93ab8bf8b17dbaabf85674682faadbb7f083341b400f73a191

SHA512
44abc40af44fa3b797b1c62eff714af45c326adbf65cdb9d9137c4654a5eee46c58e9e82023815f9bad62917e11409e38e7b6add61b9a5a4f79dfaf847c31a2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
204f1bc74b7222c47af5b4d47dfdf4df

SHA1
e22698c546727690360cbccbd197e330114f13c4

SHA256
11894184ef8b688d5d64ea79862abe40423ea96c53ee36cfc74a19a7b7b2b3df

SHA512
0e27ffecc50c44b79de3c99911ab05e3c631373db6a30e54744dac1e6d7d2d936e89f205b4f254ee193c96d50810b794fa9ff5362f46156aa13c4e4475de2e4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1836c77072aac1879797ff2c0962035d

SHA1
e53148f9ae074dc8c7f4e70de3710031acb306f3

SHA256
1287b75a25f4c3c05f7b7f99ab2e65aee32404c8339a230e4db964243d5ea8d9

SHA512
421639c1a3d6e34f57249541367060418fda5ffcac19f2c9c6b41f070e47224b07105187f28ed9888292173ab4234f3090f9b89c9b4b6d0b0637e435a5e508dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d897284bea0e4b09cdde9d7d2f9b3333

SHA1
f3df7eb6ec127d6b6fdc60a87f8b4394d2912896

SHA256
bf2c97d1d2183bcd81b8e087a6980c20aa0e7651288628f28b79415075206ddc

SHA512
151fecbfd7a938caed886319d1cf42cb36b950346be8c37c0dc5632d39e312b03daf153da6d4890de6bf002fcc5b33f61481f918eb86ba7cd4559d2c624501ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
071b13cac8d948f0eb8fb508f7caf97d

SHA1
a32b85eb09e9dfd2e980cf7824673f4f8e67912b

SHA256
0054e33b874cf9ec51340d0ed40f1d0b2b8935f7e3a822be8e22ccd5beb2a260

SHA512
a48de4bf90e6481fc09de2e033949ee49bfe5bce7db30953c8f1382165df7e5b0698343bf28238f7c5dafe1a89ec04891b0a915b27b37922345a48e719587323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0c71f2199c86f51cd834d8b470f6a83

SHA1
e2a76e39acd9207f73446bf0276cd8e8c49b1524

SHA256
f4c02b1f3248241a721ec5c41992415bc6bf82920a46c1df127e2236deb7c339

SHA512
bc3ae50d04ec8eef313053a3d064803929c1b68f22996fcf6b1e3e14757533a4362a93017a9017de4eb222bebfcc2bb6faf4655b90320a94df48c73ad8657a43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7cfcb6b39b780f340faafa54b23b889

SHA1
46418224cb64f05f448d7cb3ab2fdbc4bd549698

SHA256
b4d5ff1cec59a0fb15b6e226004ba320bc1a377442b2b8ed363734c07c6b6cfe

SHA512
77ad304806f7411a7916c1e82e4acf765872f3625840a16316b19241a5257707449c1968e8d92e80550c07bc7f22a29060459e0f7ab1ffc30d2f03c17be59f82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad04be2621d6692668e640b2bd644a88

SHA1
f2eb2ac610b79e2780be1c65a55d2004f4d27189

SHA256
57f9ae5290f70086b527276be63c47fff623e6afc816b6ddf4d295ed2cddbb5f

SHA512
87b7acac4827750678df101b28723914114d839b1fb1d628d99e8c2cdc088133f5fdcf1231241497a5777a60fc62579b70cb782d51f8312ec6d352d5be7be636

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9462a3fd4caf7066d257cd15cb2f410

SHA1
61757275125d17537d0ee03c3b5e16d3b3979a4c

SHA256
3cd4eb7c4f13d8d4de028cc07674c9c3d793d895d87759e54d72e7761bc40d19

SHA512
c10d25f9592c698690f64ad13652a4b8804170a1f52c43f6b14b92a19fe811c4cab365493d50dfa4885e59836d609bcf40637fc47a8b945905faf0b43a865fa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2aa768512cc8746a289d16810f362d5

SHA1
72ad6fce6055150956de83d79ed1ccef5fce5132

SHA256
ed2d96c230c0d78b05d0785d993d6fd8099111dae47d66b0d268967bcb497004

SHA512
ab0a06b359d67140855615e9a1e150df8882792290d6f34964d0fa60a3cd6fa7bb57ff7ecaf4caafb04f00123e1b8d3ed1d079d32e60199717e9afb2b61744b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
649ad3963c9a4509c803447e1dee7fb0

SHA1
de00a97e54e68f001064c9af64d54150c52ac699

SHA256
044ff1b4cfed840fbd53e83ca23eaee28fc5cceeacc8a078bb90d7f71701798b

SHA512
65da166ac98106ee4666c73fcb84ca9df8dc84527f30fd52f9ce466a8b2214f6bd66f3df6beb36474615e4262d7712df10ecb46d33233d495e6337f76d59c6b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD0C8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD1A5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit