3a2604e0058d22018942827e4576695875e87406f035dfd4476a1df6315866c7

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 21:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b50b969fa4557f4767b870cfa9da3cf2_JaffaCakes118.html
Size

254B
MD5

b50b969fa4557f4767b870cfa9da3cf2
SHA1

8fae2d8ccae6877fb0640d6d78bf64a58ce0f207
SHA256

3a2604e0058d22018942827e4576695875e87406f035dfd4476a1df6315866c7
SHA512

6a5155253fa34700d24ee21ea46ba7adabdcfd982dc7f042916f93b31aa0368bc84b72901751b61828061a2ae6ba0f831014b16dde9fc8cdc7794355cea1ff6a

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000a2f9d8c5f587f7fe6b4c3438c1f7d5bc53f1d014caaadb02f62ad1717a9c0f1b000000000e800000000200002000000074d9a1642a5939e6e1070b2af70fe3e9562997970913d9397b0bb4bc780d8d3d20000000510044378ce7871764bd6154fcdbfcfc9dd840e921408af3ab836347aacf63f740000000f5ce1d61853bf9fbae91c2f8a89c2c5074422420b70ab4553c710a287a0f9f154eacc388e56bb601bc496a6e51110c7f3b1129dedb6edf8544bba7f5cd3f1c01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c044ef040ef4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3055B5E1-6001-11EF-9CA2-E28DDE128E91} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000c51854cc2970d73e8b36c41aac3d037e81581a4765c376615a3f08e92a38151d000000000e80000000020000200000009f46af318029c8d56f3da958fa18b3278d1e72872193c2eb3ffd32f2277b82c690000000acd4f173e2c56a7ff28784f53871b17090c5793720dfeef152f697316f5fa5b466a6c99507fb68216c14fe7c712baa9014737e5eca59c638e4bbc4ad02b0796d5092c923462b7cafa7461a1175376b8f43af756276132a5c5ee3f46e24adbe54d621806dacffbed763fa61c112820ae372b3c650544785577e3de00d6b40fcb283a284c52d4c4931ae5fa02b0fcc5e5940000000257d9c5986f65735781be1525ea0c002fb541aabf932ef43ead308ab8f7b5f3ab42052ad0df3bd75d60a49244433f091a8532e8720febc4cb2090f6ee2c19c7e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430436237"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2148	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2148	iexplore.exe
2148	iexplore.exe
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE
2948	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 2948	2148	iexplore.exe	30
PID 2148 wrote to memory of 2948	2148	iexplore.exe	30
PID 2148 wrote to memory of 2948	2148	iexplore.exe	30
PID 2148 wrote to memory of 2948	2148	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b50b969fa4557f4767b870cfa9da3cf2_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
760366bff7c6f8b3ad20362dd3b72e88

SHA1
eac5da94bb86360d238fe9a286409524de577821

SHA256
ee41ebc68324a2ac3bf2e8bef55fda6393cf5ce3d683047ab7bcc114ddcfeb39

SHA512
fa93be41ae8fa5447731b7761e9f9f446b33233caf34b437e143ff736c8dedb06a7c6cd4d4911a4ee2ee93749e2aca5f8ca6a998f0bc70f5efe1804711c4b323

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79263dbc9bf3b0b991cf2d6262d538c4

SHA1
215186ceb6b563ad62937c75ff968fa5e6bc2e5f

SHA256
a92c7382a6249a1eeb166f4722f72652cd7a3bf2b4083fb3224c92e3bddc5125

SHA512
db2366e16953edcaf5bebe0c2cef85ee611fb0fd3ccde693ebcdc5fe4afc9a13000a1ee89a91604f5479d9c5dc2c1971a85944307e2c6c0abdfe0f751d937d9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4a1a6984a2281a88994b03f051d2345

SHA1
d4fef34c46dfcfa37845b197aab5ea571f1fc292

SHA256
9edaa897d3c36b2a84e44e1ec23f56a06c7c981749bcb7a5f10df2f377221307

SHA512
f87b17ed71f221dbd3688dc96194551941ff02d667efe47d689f616e4ef3c0a4ec138e794d877f1bf21755bb207c4992f42c0b82068c0bb4559032d69759b871

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b1c259709737ee62fe11f8c4e82a6c5

SHA1
33071aa05070b0144c237a7243e177a1ab3693df

SHA256
da21d21ba609e4aeabb8ee03325a25b58b04fafc56e1adc9a1807155f40479ee

SHA512
2e531df62170c8312253aa73c9de4379d64b6eb34476ffb4f5e83dacd1cd16361f9ef86bfe2cb149019e18c6da9702508f9e6c6eb38f14338b312cb1495ef53c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0558c2c1235514eca466e919ec55fa9a

SHA1
2ed9eb05712c35a395b30b01fe8c11e3fa390921

SHA256
0ee229dbc9e633af080804be0e95ab57cc7727edc1d7f1a9de3bd019d8d9ba46

SHA512
4e0f0b9d74d21b92a33d1d4cdc16fd69097d8645f377879b1ee1e691b96b71b18cb8316037b6b80ca27538fc77894b10a633dae0c3f326f00ef60d153d26565e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ca54641ab7be50d0717de944b3a8fd0

SHA1
62f7a68cea8b0a2b667558e3d3e7a04560164fb6

SHA256
f4bec6592e324accb96f454ba1e9dc61684e14f4acec6665d77fbd1c9284ed1e

SHA512
e1dbb5cf33326acfa08889ede28497508f34d152668595d9b2cace607463c0f16a18ebf8bba61ddc7c53b71621d1c0a9e5b2bcaba9e624598e76fa569259963a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7798c563c6b65969cfb8e24cb905449

SHA1
4a5e4b1c7b1e99104b8066fe1ff86144e699ecbe

SHA256
1e4635a5508a6bbe130c340ec0ec71accfa3b08ae453a438339dca95adb426bd

SHA512
001df021954db7a4777975dd4cb67bc3490d5410518f3c1bf96c504b214af073fdbe8cb55c9162d42a30718b6a3afc59e9ba302c90eea1821c0b1d5ae0881a79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f17403336bb8b602b8b98bf9fdb1b0f5

SHA1
d0de0aeb710504f7d7dbf1e48ce27a13ebea3976

SHA256
739c5433357f806a29d3fdfa2e8553a2096d04f2dd2ba3778d18a7653b5b81f2

SHA512
71e182bc983ffc14f62a1c28233acb9811d780912f9b1f800a7e38cff20f809be504fa8cae9550fb39354fa83eaf3a8a2a51fae4cdb1547919ab407ba04be2ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d23c6e7552a7160dec83d1697eaafe3e

SHA1
d83eb7d9b958413af15e0285d82b356160edfb78

SHA256
f8c3adee975a8709701a01e6c46f92a80c517537cbdce85e7edb0fa03f9eb7e4

SHA512
e00fb10c079c3812806a4aca143e6f305e7c1067d70a51613b5cf9387c83d476a115333be539b67858bb53ccde00c3aaeb58a2d6dc3fe24d0e4f0c9e720ec2c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7234407c99e62d20c317a55e27f75600

SHA1
93a41ac9ac9be3f41b5f45646a5a20fe194d57d5

SHA256
deb4cdbdcd9622615d2d9b05dcef3fc974712a2bd331d9cf17653c2e30ce1755

SHA512
fe169d9c4e30743b6bec722de2bca141c803101c0bde1f0ccff54b6a0d05c74296f9ff157e40dbbcba3ae8b9bca67ff5d9d5cd1c1caef7883f4621cc4046bdad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
563b3757bd86b51663c45c095765e454

SHA1
decf9e5ad35e82923c376b0683209078430662d6

SHA256
bc69bb6071d7a9ff030c4dbca16450924df3f55968b2a634b727f0d0b249c63a

SHA512
435d7e1e66f9aa32c4fbb5a9357b8f1d717779fb7c649eb15603e3d0986ccbcd8ac8b47001badc821a0b80b538e7e2d40429ff54e56a938bbf22f427d14977b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6db36994353e3ae108ca72be0155532c

SHA1
1da17a76b8b0c430df27606ee0048dc1de9124e5

SHA256
7c342f47f319b455ce373bfed8fe6944fce05ddcdf2c5d6628f13292e6ca6e08

SHA512
940082ad7c6b1bfbc68394b1f463841daf215bd5b87f176facc5a87120865980b92482145c944bed72a899ca6897e97f89ff8381bc6fb403eba3bf7c310c8585

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c45f51fb1d39ebea5677cfee82a2a2d

SHA1
47dac5827d2e506b3f45f5e9d72965d25d565c37

SHA256
8aab3c85027780c91377f7b8e7f8b7d0dc9cc5ffde1616848156670b69c2877b

SHA512
57b3a73eafb789de64e74f464344a254451415927660e2ad4a25fbe25fc3f4bd2c00f4c5623d854a79e54283b4cce2c27a79da57a539d50147b90d92e6b88c51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b85e51d437332d2418280a8aff497440

SHA1
16e189c0df5f8434645746fd9bacdf7578ae91e0

SHA256
9630681667d5aa159c49fd1597fee453a47ba6d0169efffb96f128cedf7da37e

SHA512
c64b2a5604232b4930be62f71ecbaf057ac09b5c2a89e9bdb7c14f7e0491824ebde190e52c1fccd14a1b0e99934bf89dd8529336d36f739ecddfea0a1a8aaf69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78e8227040ad8845d7256289b5816361

SHA1
05501d9f3ea6524866dd4a512ea9dcceaea00851

SHA256
204256a7617b3a99cf621200a318db072723bdff0921c5a0866b3a8ea55946a0

SHA512
799f5a83fa90286921322ad9dff97da64e0172c06bc789b28f21f2867ffd8be8e716a0ff345e1f08d3ee1cc25ef6b9c28622d687cda8d7cd17cc2b6b815e241e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
544760b33e6fe4dde8fb3c49c46ff28e

SHA1
823f07a3f376dc8f241fe43227be94cb3ad168a2

SHA256
4f675b422bdff34d01ee7943a614736e409d08ec79b2c83674eb9e0e2c9379e5

SHA512
3c073095802ac5bf0c5453bd4457e84c85bf075c5961e1275a9fa472a41d6437c771ce916e64723681b15a2762634bf33eb59b92a765e709365d9c7d2fdd4276

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3e0f69768a02963beaf612fed493f7f

SHA1
7e0e6e158f02d1404fe05b58bc35dbb87ede17d8

SHA256
0888c44daa0cfe1e3fcb5ab004ee397b5f268f74504cc8b2f48bc22ff8f08ab0

SHA512
9f3ad04f9c3fa9f0ed3f5dd8df317dc1e2bb10856eb886268f53e25a9829aca6ba1155dc316e0058d2a834c65404dcfc698862b9809454e39784bde86b87bf0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD664.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD6D5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit