f5d6a07c1d2967275ad629938afe68e2cf78cbc979e0ab62e4cda3ef86f8582d

Analysis

max time kernel
90s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/08/2024, 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9494eded56a7ff59ea11af0044191ea_JaffaCakes118.html
Size

4KB
MD5

b9494eded56a7ff59ea11af0044191ea
SHA1

3e0dfb232f0dfb7d0bcdb99bdc666956aff05495
SHA256

f5d6a07c1d2967275ad629938afe68e2cf78cbc979e0ab62e4cda3ef86f8582d
SHA512

3169005485576d2fcf09cf6f80cbe3b4cf91ca020b64cb8a8237212e8b4c698df93de8d7a4558dc965bbac5a3a92be03477bfe3523f29ee83d43d27364f88cba
SSDEEP

96:tI3VMLHBWp4ShVRd0X5QxtsDrkqXrKVLFbOs+9gc:tImLHSVX4X5QxSrkqXONTc

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60b3983fdef4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000b731047e7104ea1c3d6297abeffa0ff5d334512854f41f308d66e044846f4b94000000000e8000000002000020000000291ed44c1a99b7a3109962fc6d165e4bf3bdfcf251362bce24d0977387c905de200000009b5f1b5581e692c684c3c2f0a02cc667d14830e490e1943fd6f2aae844039ba24000000070f1374aa89234fe0f6f4a81fbada2b603f2372c01c484957c24075f6bf6a5b422c167f6c19bbbd0c7cbc8f80cdbdc72c7e40ad3d7508774821c75aad4bdc25b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430525694"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000001cedddce891a93b7cbc973f85b952ffce53da71f32c88d7b97dcf5a6662aa31d000000000e800000000200002000000009ee802d39acf3b358472a635705724c4884d38a14dc11f46ab2176d5efc8c93900000006825abe78d38f1cc98b3831ff091d0b2f5ce00d117513397721602c41ab62b382397d392f35dd8ffdee68ac50bca300f3cdb74d00aede8ed1425d334f6e31bfc9db56f4e9e5270c432882bf97046030c0f99f6234dead4b21c31bfc2df3823b3cd5cfca1bf9c19a65bafddd67872bae619eaa6cd9944efab960687be5fa61a85bb327a90316e0d05222b74b70f117df44000000099aee09b125f9fc2bf735137fc68198e469470b2c6f32ce37512e932ad0c2db1a92e855c192a4dcbee8f77c0926415c95613f3fad9139c1d6112d627d5acba1d	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6B1F00C1-60D1-11EF-A2BE-5E235017FF15} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2220	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2220	iexplore.exe
2220	iexplore.exe
1772	IEXPLORE.EXE
1772	IEXPLORE.EXE
1772	IEXPLORE.EXE
1772	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1772	2220	iexplore.exe	30
PID 2220 wrote to memory of 1772	2220	iexplore.exe	30
PID 2220 wrote to memory of 1772	2220	iexplore.exe	30
PID 2220 wrote to memory of 1772	2220	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b9494eded56a7ff59ea11af0044191ea_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fc2514486622be58fe4bb81c872402b

SHA1
fcf950bf74ae1d8f877a0638defc3e42001cf26e

SHA256
b2088e156863b5404750e8619a014aa78fb41189787ec5260f19a4b94ea3ac5c

SHA512
e64a9e451359fc7f40f66174822d5a3007791063254bb8d6b356ff74accee7c17d0033f7646aa2c0ff8d6021d7dd4bc01eef4d35d729bb4c930a4598aae37d49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce1187c53a22eeda0939ad4140ab874b

SHA1
093027cf411ae7b1a5d6e458be40835b154b1258

SHA256
c9bb438b41f317e791ac5d4b3701b6444cb99774d4f39a8e95f66469ebda4785

SHA512
9e98e587e47f90ed566fc3e6959cf9311ec78ed1bd872057df17184a836fec40ff3a1df09956fbf3865f6a006d94e1aa4b0e66aa1e3a796f98388b59f642549c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
020005d42dc97f8a11c2d6154672e6e6

SHA1
de9b4b424359fd44402e3e078a75cef94f1a64dd

SHA256
bff2e79163eb90d0683d3e8ad03e44f595e575a69892575566aed74c7d45b951

SHA512
d0c8bbfa3b65fe76a05d4001accaf19f6d7b1d31ab82f0c9ea451477fbfb08185c38faf67c91d81a776479a2bf880c35f552be437a0ea5e7c79fd53015bf8641

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f7657ec0c86b061f09c90aba2f52e87

SHA1
53e8300408b29d8a949b17531c9385d5a3aa3f50

SHA256
5f83862d511f45ff4539f192476bc72e321ab3fe56b876aec641f22a0e297032

SHA512
05b0603f3c62c998fd00fb52e56e078f756526bcc188a0790cd61f1ded63297a9389d7070f320131c0cc3de847976c664cf9cb1440cc33834ecfef2550357562

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bc78d431829e900901f8b2386b74623

SHA1
6265791ee8723ad5f533e120a0d5e230cdd025b3

SHA256
97ee263e52804bedca8f61b384aa2add6f2f859cdd41d2057598eda7dd2b474f

SHA512
0e214fccd5e7f2719652d6305c6a01e5f2d2e993269566c1299c8ea051f45d10f3fdec6454cdf7fbb2421ca99a46925cb8ec2259abfc35bd504c5fae9ec01a30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
935560b8fc13256e2121aff8f72a23a1

SHA1
9eddfdaabd5e689457ed92d5ee579b8a876b5dfd

SHA256
c892dd1c6e360f1728abb54993a5408d6cfaa9eca8e07149c17a3dc2b0334a72

SHA512
bdd84438f0b5e304209d000f7e2fbd7cb63b90f655c82477808e500f78592faf6f881254a193396c089816cf2c9700413a2a4612406a7c31e10d42560754b19e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c67a4b46ec6c951aa386a2e5750dafe

SHA1
55b58aac1e0651d3ab2df46f640a506314cccda9

SHA256
5e78269dc482edaf2176611d1e8d1964f50abe011dd3cd309e28f543739a8046

SHA512
32c931e4ac5c16cb8ee86302820775b827c80e1c3196e1382bd26cc94eea16f65e6a1164547d2e2fcaf90f9424c11f35c2e0dabc75ddfa2d82d64e3ce6bfd179

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66d330ef100794d1e3187f8166cc00f7

SHA1
81fb1aaa93f427ff283afcdc03d6775f1f1fbe99

SHA256
90c5acb93a8bb9cada88d68394998cea45673bb22cab6960659c502cc0c1f0e6

SHA512
7d5b3ce7896ddb59ad06f40895f57fe4fdbd9ef39775ad74273f93dfb222f96b8ecf382593bc562167e07e714431469b50f2b540927727f0388bc4deec48bc42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be93113ad5bd8f96b849b6c73f8805e6

SHA1
939cae271c6e7e8e96e24c982dd80d4a78204c9b

SHA256
c4622ada885263ef16878597fa8a47f802afdf708c61a9a44f459965dea1bd6c

SHA512
f6a4c1e6b526751220a0e0f9e15b9dbeb954f2a90084b40af054e29638dcb274f3259c1263b93745b4bfbffd019c9cf2bbe171967842f3ea83ab15d181af9bd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fc933fc744ad8920873a9298fa8f3fa

SHA1
2c16da1391cda18e2341fd1db4d82342ffbd217c

SHA256
cab14f13d25adf7f0ab277cd41364b55cbb8d086ce819b072c0130787cc33165

SHA512
f91170432e60c01e9cbefc6c0d8bb7b18da28bbdd63c358df059fdba79b54b93c97247a69e35e69eb85a0ddc5ae9fe8e4d09c3b32037193434f3a3e51c3806b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01bc270f3914e7f10498b7dd5e66d14f

SHA1
963dafa2b9870d88228d76c2536885343ace5b42

SHA256
46630956176700b95f755a361c9dae853bf932e4c78968082cf7780951b3c937

SHA512
15326720216d24cdcb622f4bde54869d4fdfd808527ef75ef39859746f1aa820fb5705f4c4a8ffc75d85d3c391d4889a8fe45cd71a7f5891a529081fcf77ba22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52a8ce6a6d09a5fd692ac6b09f37c803

SHA1
220ec4d580139e330036fde1a6bdff404d93b310

SHA256
509463326b95bffe4dc220b5212f011bcefc7bc139afadf51248e8c4bf84e685

SHA512
4f5e880c57e04d8c4f6bed29f1a30a3511544a37fb9dd61ec14c22dde9f072c64d910a985e095a39ae30357c698dc7c905c9186b47db4837765a9bca290d14d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2ed8c6e798b49542e2d9895ce9f2582

SHA1
4304ac19b26e8568ee4124162bc53762559153c7

SHA256
1af062f824316fceaed4df60cc16ead3b759635a627920749c264da28b818be2

SHA512
a85e0adad5f2ed5d3eff79daca0f13df6635144c5dd7861d0313230bad524ae3fdd738ceb736f9b6341a52df93816110da1785e73e1c7e67633dc1949cb3a3a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a2b51df6768ec9169d39293b6f76029

SHA1
386fc89c09c208dd459b697110339c6cc12a0a97

SHA256
ecfec5bc3fb008da44e7a0b6b69ba5d0d2c77f4e8ffe40241b30106dcf12b35d

SHA512
f1296e417945044a4c5520554e6d969a873a62e89050993a2617d9025d9f861ac25e5e1f89537997366e48430d86816ed1d68d36cc2ca4676ec8c649630d2d98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4471f116fb3875cda40131dc57c6c04

SHA1
29e6228021120da7eac2bc76067dfad03afc3f14

SHA256
afdf60d4138949683bac7d2b375450dcdc6465bfc26146b2ccd992ef378db2a9

SHA512
7755ac596492335793253399331137fe2d05a838a59419e9892c03255524877c98c0ae796622dd2e6ea2f008ea3c3d7f31edc180308bfdc9969a62bc1a6581c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0834c8cf445568fdf0ac8dd548a5d96b

SHA1
ee509307bc258486edecadf72323441b50be9de4

SHA256
ccad0bfa5d94aac5910a67a03c77d04a9340a09e8ff2f78ae6c145fe83042e66

SHA512
a07b837c5e660c50f7c9c16c330d9c63d761a955a35869ea10663f96ec05d034ba94b3ba76b47bd1a6d039e2d15355955aa9f420211f0c4c91ec27e20e9fb713

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBC2F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBCEF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit