f4a842bec5593dc743b8ba918f87d2ed52093d89df47a4e5c395ae6c9bc8e1a0

Analysis

max time kernel
68s
max time network
133s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd708fbc600ff980b3b459566b3014c1_JaffaCakes118.html
Size

95KB
MD5

bd708fbc600ff980b3b459566b3014c1
SHA1

e0ce2321e161868d36cf939d65d7682a10c36384
SHA256

f4a842bec5593dc743b8ba918f87d2ed52093d89df47a4e5c395ae6c9bc8e1a0
SHA512

55c0bccd16e83b67d7693af85e2aec4429de1cee73c4dc18600b4baa671e0d0b4c4d06dfd70784a2c6bd71013a520015f15fcb55fd86fdd7fee45af3a4f7afd7
SSDEEP

1536:v32dr27uXNTQYjJiiwohpmuopUwRvQQ9z2LhI3162CpRwJOF0seIEW8GNPylfUtD:P2dr27uXNTQYjJiiwohpmuKUwRvQQ9zE

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000670fd15f1709b648fdfcec15abc5a441c84cd2e870937ec50f872a6e211e22c4000000000e80000000020000200000005f944c299b3e3e3fca63b1450e6d42b3aa749a73a2af94b6a43ed23abd4ac49c9000000073e9974d070f77daab652c5be3707422321810bf801c4bbe8a8fa99501bee15fd6baae66df8cf5a583ac2d608567e75d9e34bdd6a9c869d221b133fb2cd55b8cc4f3716b25d4d1eb36c7c34109c2fe999bdb61f003f231cdbf0f6213e83799b18c61a0ca19af292722b977dbbfa9b9e729458f43118be1a9262a7d5f639e7eaee8e77eb8c6b2f77aeb364a4b80499c9a400000006b001a21e8ae7e57839283a99bf1b3036b497ac30a7854ab3d38077365c73db4ec32c43c2cea84db3d00e01a981e62cc407c9723cdf39847840b7336d54d01d6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5092683aadf5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000039d34f63a820e153aa47e0e98653eea2c3e5c798b964e0a8a3dbd45c9390a2e2000000000e8000000002000020000000b187a604e3f4fce4f29dc0b29df459952621833b98675e4a4313e6732bedac44200000007562b985f919b522d2e82e268cb579cbacbe8bff7ba2979c55f9794b758b5d8340000000b19dea8c9e95c519c512a6eeaee9c9d7bad2c6788ba4165f77d68f41bd9c8d86de81e24a6ab912f2468b51f02e4496030ad247b173c33b0d3944283a44dc353b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430614568"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{653718D1-61A0-11EF-A251-667598992E52} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1900	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1900	iexplore.exe
1900	iexplore.exe
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE
2248	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2248	1900	iexplore.exe	30
PID 1900 wrote to memory of 2248	1900	iexplore.exe	30
PID 1900 wrote to memory of 2248	1900	iexplore.exe	30
PID 1900 wrote to memory of 2248	1900	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bd708fbc600ff980b3b459566b3014c1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1900 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
483cba59b9e61521bd4cabd01120cfc0

SHA1
c1809f3c5b6f82a0e6efd673c773e778f3f5c5b3

SHA256
a1cda586616c89d3b610a4b636826d4cdb2ddeaaf7572d70a27ef53bf9bf7dbc

SHA512
4ce05d9d2150f3943205e9caf46869007b22215feff9ffdef6448575d3fa3271d90479d53d66ea1866ed34c50796855a2ede8cd8112eb3f9a035798dc95c6723

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce7172eb3fb3a2e318f497e60fed2759

SHA1
aafb547b711523e4a0d5ab3396509a2d6abda49f

SHA256
f6ee8651833e01750df1f6af90ea292efe9f9bb07b2371066449701f46114dbd

SHA512
eab9e45750e0f3a2e6e65cc5c881a55aae0ec5398debb849203bfbb8535346dc98e18c135b8a9a9b9c56744220d77fbfac5b5f4af3ee727bb395167d5af108a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb0d0342953d7d909775bd3588f55f95

SHA1
2ca9ed59d735e271b6e45da1d163160fc8636515

SHA256
2aaf043c64e8dd9cbe7e6aeda2024c053035df2236b2306f7ed0b92f12b61892

SHA512
0b15dac78546919f73e6217a729fbaf9f966e183659836609f6e8d0dde2333b6b0d545af96ca6fdfc14f0d3f1de75580da46714295a661388c8c85b3f6902d60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a94eaf0051a80782c2311ecf88f2d44

SHA1
8f769b9a2b2d05b51e0414fcb67725d536f018c2

SHA256
3ae23aba540e2ca28307adb33a6ee62efc5afc1ecd01f993fabe41378c31722c

SHA512
5b42e6649cc52988763619d0747fd8b71d2864c1e17510fb222082d8c5a70eac56d476bdd9d4c0d23bfe32e3df8940b92004c445af5b96d35ded1d6081a6fd03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
603ecd0fe25a23555e2bf5e44490b00f

SHA1
404e2a278c205623f08d4a400f67f6b5784b45f2

SHA256
08c3268b77069805de9dd1b1fd99ce5e2c6557346de08e48bd7a4f5a15dcd1a1

SHA512
052989824f160334d26957c5ad9cd8feef226abea807a1338c61151c21b5a81443659e237d18bc1ec127a389d09885ab6e12bd3874b9b4e5d3d599c527d95315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a10e8ea7c8eceee55959d2de215305c

SHA1
b61f695e45630bb7e726ecb3bbad2b376de4b85c

SHA256
3c965278224ac8afe7fca203ed6c50057a8df753077d1dbc3996ea3fcffe0480

SHA512
f24b1cbaa9eae84582edc5f5223aed756a330338206cacaff65b030722dc0657aaedd69844bd3cb3947e2e3317f3be5a54e039f41dd7fcc1efd37aaa26b7607d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ca0cdf3e690ad27e7b803dd832a8eb4

SHA1
e0b0bb21907ff9f346c9713613e11c48ddb7cc52

SHA256
50691ebbee2706b1c18251c4ae2fcf9a8e29336709370cdcb91ac907ace37225

SHA512
7969a6b0cdbaa336fa7e08fb63f02aece563aa9eef8edb144d2ae94909503f3f21a9d06797402b3f13ec1e3c3edca1662b66751423d36c2e526e29dfb4f48f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3439e64d88495815427c785b7d925cd

SHA1
1f4064887391a3c98b3269c09fbf744f40e3e1b9

SHA256
a90efe2de55bffa86a664723efd7e577724285412d80e07a8bce5ce236897d3b

SHA512
a85df5bd08ce22303e738adc86def4b3dd722be9a33f35ac14087eff467a2c6b3c0d187e3df9addd8e6c9ceb8bd3a8695702616c114f110728099b09c22cb518

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d333c3f3cf65cd12692532bb60a25b1

SHA1
b53b562f59cfb21f0767262bd4a335b2772b902c

SHA256
ff97380bd071c101905b1f51a6f28eb92cbef3eba0991669cc27372f69037ac2

SHA512
c06e9439c9d1f270652db0a10b7aa5a53c05cbe9dc3289f639dd94ea42e7718e262fd8e3b01fbae83cf989202b51df963a1e7ce37cdb40d0f428d16511800999

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eef4c652c61e2cfb25713efc96d4ea6f

SHA1
25bf5e0a6b5391117e1b49e94a2f4cb5cc50e5da

SHA256
e260e404d3cba03552da6d3d6cb8de85047f06ad18a5e45de7de153a04bd96eb

SHA512
51e4b322f35ba8297ed0c832b0db33d9a423b496eacd9c107d3b75d7370c34b0ca0a6a0a0a448a941b34d12a742e7283d1f29c385425f3f571e1249d1b8e3bb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea328ef509fa25e5c8765c8185f10542

SHA1
491f54d42c05fce3a1446f9ea0d67fde73c36aa7

SHA256
7466979ae8c80890694f65f6fc53c405ebac39e7c2aef324515251ad36ea8904

SHA512
8e6e80a078839ebb18ab0e88a6be84bee4a2ee08f766d11ed1baddd91bed491d75d11c82b2093ad13f656f0d553142836f0c9f04fa8489d9620b20844b13d802

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
440a3c42b33a69af5f3c3d900a63001d

SHA1
f3540bedae2dbdcf95f1383402233d731ea77bf8

SHA256
1437f493a77fc8ccbd12d3be0ef6b8a3c3744b13769e2636dd2d36cb56bc7127

SHA512
ed3fdcbc20c25ddf7a4ddeb38305946f7b18fb4afef0fda6721ede16673eafd5fb6fbe595b3190d21e1d6ab1811b9ef326b8530e5b8768226a99a93113235d66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ffdad032b15a6dbbd42e73ec81d6be53

SHA1
6766309275e02a5e653864c6eaa11fcdc9f7a309

SHA256
533436731041020a432e247d256de89a616f4304daedeb9ba9c203fc6e38947a

SHA512
ddddd0c0699cfe75417346b2126f4dffcc1c6bad5a7e5dd0f748582e4c1443284ea4f029a332d216975bd9037011c3c3c6657f2903885204d5ef99b30e64a94b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84ab02656dfc6a14f2c9a4dd711e33cb

SHA1
b40fb07ac757d10b24ace8734b83f137bb230ad3

SHA256
93597f268e7952da228ed1aaf1d327a569aa8821c007ca79b74a6412d6334e1a

SHA512
af65fc60f0f216613354239a5ba53c68e2305c07ee0ef229415dea2196e5fe7c192c37e5e76d7632813cbc9c4285bd905a94f57f4182d9fa7f8b9a4a8a2a5aaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51021c1774e7807636e6bb93033ad7f5

SHA1
fc5800c7ccdf8251fdeca49b66f6cba9db28d89f

SHA256
73e135c17f1e9d4b46dc7de31d260f1db15b00acfa022de97213796d16ddd6c5

SHA512
3e15ebb64bad60d6b2adbfff65f76bb51251421a2d957a27e1a58145bcef08239d6d543516589b5e506de880b99a32fd41ea153d7fd37bd82f3419741332f104

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD175.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD272.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit