c4dfab3a29ad83be0510afd7e2c099bf620f7c241df72b2b3978145995c62283

Analysis

max time kernel
70s
max time network
130s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
22-08-2024 02:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5f54390e0120bda63584cac64d4961e_JaffaCakes118.html
Size

5KB
MD5

b5f54390e0120bda63584cac64d4961e
SHA1

a521a5f234f7b7fee851ece7af46c0f8b605c59d
SHA256

c4dfab3a29ad83be0510afd7e2c099bf620f7c241df72b2b3978145995c62283
SHA512

d1a6ea5f9dc62ce171bc1afced565608ca536bfb671a357289da942268e1e89028b17f14970ec1f9c915b2fef83a5847c9434ba8c8a53db2576cb862d4165a8f
SSDEEP

96:1OyyM1GPJfFtVgaSYH3U6w8U6QFU6M+mggGT0D6HM:HyMIRfFtVgXYH3JBJQFfM+m7GnHM

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{094AC001-602C-11EF-9A20-C2007F0630F3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430454643"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000080dd9393c0e880a48e2458f36eb38070d6b09521d0f9e8f8a2328b0c5ee18b54000000000e80000000020000200000001167eac5ff81abccaf5a7f2636ec017d81222f3d2fb2c43c7a14fd8ff54f93c6900000005c3e951aca57b4069b727fe08c4dc2986a68a6414dc216f7b7c621c92620d4cf77679e0bbba7a969ca74a58f2b5f775dc21f0a25025b12e6231dca86e401b506e661f3428e724aefcb8101e324d656e273c8503ad7c646686f0c07e0dde23b3d252e992c8efcb52c635e4e9d4bd0777571065bc2fd8210058acaba5f91ddb52120ce6403a8ac66804bc8fdd41a9e7e5240000000677ba8f061168bb392cf88538304631299c3f6137eddd7257d4a6b10666f1ec914cec3c848541a3cd3f56bc4c0511d831400afa2796900c1d783bae2b6168acf	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4046cedd38f4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000a0aa3b4822160a3ddc6c582b2f1861da6420db348e355fa55605311ddb090833000000000e800000000200002000000000782dd7e62ccb2f2126582e987da63b04d7247afc794fde94e57162946f9777200000006cc47818ff5f404a3ab772ac428da059e0de980babb82d5899335265257a590740000000bd79d2aa568f02367c0b75cfd5fa9dc07384a941356fea53307c65802610d18902c127bc9a8f8b571bbfd8cf40998a6d853d1241c400be3c7a6eb6b723341159	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
700	iexplore.exe
700	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 700 wrote to memory of 2172	700	iexplore.exe	30
PID 700 wrote to memory of 2172	700	iexplore.exe	30
PID 700 wrote to memory of 2172	700	iexplore.exe	30
PID 700 wrote to memory of 2172	700	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b5f54390e0120bda63584cac64d4961e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:700 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98f3a7c8c52f902c41fb39397b9d0074

SHA1
9e51cdbec62563b431f5f81198341ce7ea714b39

SHA256
7b336fc6deaa3ed1b17c5b8e75ffc14d367ce5d6e683ef6f237bdc280ddb08ab

SHA512
c169bfcc94231998815970758a2f781c2f2143206d7209f06b105e3e3e916038bc0017237b966f5f1a0bdef162002dda7318addeef7a4e8fbd485c41714c2bd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91d7e7ecca9c2d1e7838d6b64eae26bc

SHA1
7c60403f3d782c012b327743518697b1dd1eec6f

SHA256
4941408086162a7719f977cdcd4bfce1cce45da6737029e1db64b69d069b248a

SHA512
5e6fb60971ccecbb94b118aaca5e77837e4c7af1b94bfbf6de9c9eefa25d5fa811ab203e97fa54d1fac22f875834887ba81281d280a90a89ef93d51bc2f22320

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
484980feca3d3f957ee9dea2d5c92c2c

SHA1
aca9dd40f89a48a002d08e0cef29d55f677784c2

SHA256
cbe4f232f4d98dd8d5c28a068ffdf7506749e7c2e33005a35096bd3dbc0da27f

SHA512
a9600dfd97d96069c7c3e02fb6c370a0071b2563a2c7b0e15ebd974fa8b4797ec0c483250900bcd7e2eb39dde612febddfc27455f40e0fb04a5369a946d8616a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7938d8314aaf22532a1da6a5b9d23d1

SHA1
a89a14e0481260f0a1ff82a660cc05526678244c

SHA256
7780b59ade4a305367b0c639af5af57123797ebc48296a1213bdfef0ada83a1f

SHA512
85d527f4898db9aae1551e93ac4707ac3158bca960049d01dcbc55671b4ddc763a5165170fdbbc72657da9ebe16a19b18acbad9cdac682265c318046700f486c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2af4d9a136c69f72b5dbd14f0e784807

SHA1
f651eabff4b2ee5d9b205ea51be87dfecb4263ab

SHA256
1eb4f597adec8b1ac6e5f7548ef409d0ddf62dc3d743286e2c147efdef1df085

SHA512
e34bbaf3e16b026d3ad3ea6443cef191ea11df93c10841642516176ad158143080f51f2da10b5a5945619c4c0332cb85d33dce56886d74e792dbfce39b525d71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8d9f29f24ad60262b8623e2ce08f5bf

SHA1
aa611c5dbb2eefbff77b6d253b1761f0844ccd39

SHA256
fd9aa864e63f173a38c7c91e1d3b99ed498804fb4065d10a6c1b4f47802a14c2

SHA512
ee1f820d0e9a35a7d149cfa489028fa9fa793883685dee603df0a312ea0d2d8085692dd8c7c3cbf2d6f69e9dbffe30d0c44a6b0a583548859350e883dd9f8ae6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d61ec8362c0400cda45febf37bb2a69

SHA1
8474059a75457e7f2aaa5175d1091fc5bb8c30f0

SHA256
3e32bfc87c64e5a3b9195a13db3397f99761498f7f538aef0c0791ba83f65972

SHA512
9b3558768e41433a17cc416875f72fad4eeced118978a8e7397aefc2486927be0db47d6228681b819bc7ee42e39afaa00dc584c4410d2f0f2dc7fab32df2b2c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ae1e1f37426b1b00b4d95659530112e

SHA1
e1654cf3645b03f6d80eeac0d2f723caaab2c441

SHA256
ade3828f0c5a066ed41d93d151a9d22b92ba39843ee81bcc2b3626d8faf83197

SHA512
a7ca6f5df3c832d9c22497ac92fb01f9d2c51905e84d64119559f99f782d6d0ba60a46afd0b73bc9f321a66c0b17b2b297668dff00083f4aa2f735e2c0573e75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c37f240b48d4ccddd31e161ab8158e8

SHA1
fd983889b6be67a9111752983a024fb986ea14d8

SHA256
7215ba7d159f82c31b65096853541cbdc6e6686aa6a918e9a04ffae94ebb17a3

SHA512
ad07a5db2525b15d9c59ee6aa0f321bae8ef87c898de869b7e62c4ee90566a3f7fa85de2301fe72ac21edc85fc8d4982e6d0c6772a6dc7a14e92451230774b79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91d581de211f70ce3a1de96d7d8b2815

SHA1
52480fb46b788646dbf13a71e41f0227a4ec5f29

SHA256
3b806033ebe1dfd1a55db9cfc55950485181f363026f84176268b42300447fca

SHA512
684893d264703f3412fb2caefbf74300f17c8ec5ae809f2869581e28dedebbeac8637fe27a7c8e83a641107129c874a363d750000cd9fbde36cfc8ba05e11881

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aff0e4c0d02e12f3ad8d80bf5172c03a

SHA1
9d9426c5cfc5dee4cefee082a565a096632f14b8

SHA256
77ca6db1a6e838ce287cd2004cc364f6a88602001ae44256501790ebcf6583a4

SHA512
6bbb15a530a774309a97494cd3cecb1a13eccab5a7a66253d46867507db8debcee8e42a881b80b747a7a2052e51deb787a1f5cd2ec26b3ca2921a8882eb46779

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c299db5a15c17161874926c8906e2fa

SHA1
7b3cf422ca362ba432889400d522e897d0f4fb51

SHA256
871398823f78388322465fb209fdede63e531bd4a76401683e696289a7e265e8

SHA512
1c56fc5f198f6ff8710a082cb3f1cb1cd7297990243f0fc5f6df28b1e7e73e3fd89f584f897f8332c316e90251b1a7cbab11e8ab3c32790c7c4b9639effc9a6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eaf9dfa27bb0356b96559df61b141240

SHA1
ab00ff40caf638c9260fd2e73838b568d8be4f34

SHA256
a3cdba9e5c7b67ce576f91cf4c712d31e29d39d9e5b978c669993ec5ad88fbca

SHA512
37a8301998f8cd3257c1a54998c1eb5f066e06050cdd9fafe65c3b09db9bee715b2fddce3c4846249fc393ce4871ea35746d817dc873b7040608c7058e8a0210

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34e60821c33d100e7b62d45c6ebdf0a5

SHA1
930837c8cf5a1f8b592b886aef24bc68f764936f

SHA256
15ae5b7c8c6f49e339c39c00f77bacce2826fb79f54df2739849fb9b59074185

SHA512
db61c03e8bc834432c1ce6cf385bf8900d561103993f66c6a344fa5be215e847f22cdd64a135bd7e29d5665c0fc4a5aded1820ae8bcae7c65a4026e05ba00f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6beb27addfc2711320e5803ded1064f

SHA1
a836d788adf458c71c3dd7ca5a5005b8a2f29d59

SHA256
fc8674c314bf67e9ef16bd47b725a1ebfe2ebdfcd5cb70ced2cf4764b70bc576

SHA512
1326fa35a8871d588ca76f1d401fa50278e204676e2c425873fd2ce18a8e7d82b5cde94f46dce84c815a4b59bbfd4266c8f7d252f5820e1381f6709a9a891ea9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
999eb8a54816b786ce797fb09038072d

SHA1
7d9f9e6bd4489ed97029b14bc40d08b67f8dcd48

SHA256
a8c4d2d4710dd7796ff80db6d0f082286e53c9384f35c353b5229f6e8d8853b4

SHA512
e32f51e30f25624d20bc12250640499a459e32b442fcd377d106befd39f4789071b4801d84b71749974fd9febfdda2d8725bdbc849bce0f4852d37cdfd86664d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabABAD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAC4C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit