333065d59de821002120ee4ad059319e36e6e4ec1239ee74dc08f8ef2a008e3d

Analysis

max time kernel
135s
max time network
150s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 22:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bd7f05a8dbaf2fb7b40dfe8192478b4c_JaffaCakes118.html
Size

118KB
MD5

bd7f05a8dbaf2fb7b40dfe8192478b4c
SHA1

f978debd4ded42f82baf6754b9401d1bcfcdda8d
SHA256

333065d59de821002120ee4ad059319e36e6e4ec1239ee74dc08f8ef2a008e3d
SHA512

5270c750fc0942a18d8c45e45f275864d3741d649efb1df25bbcb22f5b1879a9ec06d7065bf24e19dee8de7fdb26ba592ef21af6b6d2749bbf5d1825f210c5aa
SSDEEP

768:Xxnzr5foov0hbjAfvpf3klgOjWtR1d7rhbgg+G2Pb0aMIV6mMzc4yyqoMsDC:XNJtubjAfNkl/oZr5GJBV6mlgC

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000a00af5f5be314d7abdd8b334ab88f778351da6c9c6a80314a2b9865ac73064f6000000000e80000000020000200000001bcbcf3622bde62853767a9aabdce4c1124addc5087bc091e83583a4b0b037e220000000c24f61bceec1562b0dae04d7e249c8b83504a34aa679ebaa2af0ab2b3fb22889400000007d329a0baa5f2f8774db2de6070a2ed36ad2e3dd7b8e0ce392e13ff17c2943fd449f00da4898564aea309997ad4384469638f4b5105af2b93bc73753ef941c4f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e056f4e8aff5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ECF6D3D1-61A2-11EF-B29C-DA2B18D38280} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430615657"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000a6f79f9e392c972ac92900779340762ba9bb66a989f2e33ccae03207e7b70005000000000e8000000002000020000000629bace930c4d251c77966d872394ba8c4a0bb8d6d374d1537dcec7cd5b57ab1900000001214f88b516a99fca3da233ecc0cebaffa337def97d52eee3f1d5bfbcbb74097d533ead5b9055b5e65c4523bcebd519206aa491bb5383e535ca3b5b48ba0072bbd348d5218c15995998b267ef935778556ce39388a014f07c38dcd38491b0bf949efa3d8adc37749eb108df3dae7102680034183e6d76a9f514840614531c3753f10c1886d79c942544355296549b79840000000934471b675e1382c0c979617641fc93a0f7cf9690885c6d28906afabf92826eb4a1429d8509473cb021d312f493c96e1535f3aa71fee53823936303ea8fb8b84	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1272	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1272	iexplore.exe
1272	iexplore.exe
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE
2776	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 2776	1272	iexplore.exe	29
PID 1272 wrote to memory of 2776	1272	iexplore.exe	29
PID 1272 wrote to memory of 2776	1272	iexplore.exe	29
PID 1272 wrote to memory of 2776	1272	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bd7f05a8dbaf2fb7b40dfe8192478b4c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1272 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6342258b4319fa8afff4f18fb2c68986

SHA1
7368c7f06d825556ab976d7db43107954874ad66

SHA256
927596668b0d8e9581d394eafb1900b4d27f1ff827579711244b8ed12bc9eb5c

SHA512
70a780a1dbee45cd219c8944d029ff1a09d09238add6ef7aaf59c14005146e36764ee7a2e09ce11966e674005baaa027bac37e0cebd52574a56c99c56e34d390

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2879f6b8eaf68d814de8f89cb1e2076c

SHA1
b5d657692fad363fb03e78f1d156af5e56e7d324

SHA256
e31e46123204cbe0702eb2bedf2fd33325d05ada1bf895d82d9428379da10c82

SHA512
e01c8f3263ef8843ac6d9628f79ab2b3412c23aa65c4ec76a1038191313bdbe2a7769f8b36f64e68e4db16489f8997f322baef6bca32ba5d7463872e0c8f993a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03943863b338be0daf119f93b098c73e

SHA1
7517eaa9c8fa3db69f30ff79782f44e7ce84559e

SHA256
97f1bac7e3903f0cd2117e02a24b6186b491cab5801b2a892872d9937647a2a2

SHA512
2482d8a2a51b1eb92c47dd278edce1b23fa04473f1693e95e957e2c6eb82926b09d67a0a8ac3c943ee6902457780c432fbfee52dd6a33b5c1d884dd2c02fb69d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a175bd6b6f4cf7f89b169814af499f11

SHA1
633ba104405159247c264fa635f87b8e40eea944

SHA256
92a1cfdedbb76ade9b9cdabe4ffb07e6d157d07264bf7d6e875b750f034d6df2

SHA512
7799b1e5f4497f977508e241d8cb75f98bcf14725d75e6633129f926ca29cbe86d3c272891ede6f2f659019c5a2507985ebc9ba6e3aa8099eaea28cd88540fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3133e89cc58eef5b691e88b6387acaf3

SHA1
354d402d06b433a075b0324bcc17d95defcfd796

SHA256
e2df6b84af727a912ca12778d5f4162054a7ef1cf7d107bc1ad8d7b67b8f6f3d

SHA512
738aab0e8eb4dc1896a90d94d88843e1ef651c0bb8debf76daf1214e9f878c765ad18d69400c557a8457675c954d1a56420166c556ee96d36599270d4c5f3f7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3bfea406558bb555499f911c4694d5b5

SHA1
bda12445be187ee5c330a72a9d35f12ce29d49f1

SHA256
b11a8212fdd6e4835e90b01beb54e78e4cb3438c33dd89b622bab9a91b6d58af

SHA512
499af6188d5de32b07866f3070ef10f75c0728157094e0cde0da74d6ea61dd5ea4ca18e830b8908e7a08868b80c26448a28b4ee8a96ddfa07fdc70d12a34ae56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25a095f86e5f5492c3f46171f87f4693

SHA1
c96923c255d4fde816518d4e96664639b162d097

SHA256
1fbf865578a5ae414cfb3afcd5328b2a138c522135dd7336ea33529eb78ce6af

SHA512
cb820135791395794b426dd5b18ee73c30561cd16b40baa8f395d907d5de10e29aba104e873e2396830a6a33d5035f0f694d6580374787b06fe6cefb13184ae0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
452a91642c770669be5c1df4ade84e63

SHA1
88210401865bd89a632d27ec5536f87ad7a07c9d

SHA256
f8d28f7f612c7d4bf481453ccab07b9b90b206cb35bb38c6fe28844d07ee55b5

SHA512
78c28290cdcda01ad3210cf4afece68259ce2bd68a68daece2a1481f1e05a008221fbcd8b8a984df70d994d6bc6a0deb0e7d236f559b853f2f21a29330c4e7d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8626e62d8049824d91bcc495e2f119d

SHA1
b3fbb37536fbba9000b5563271862a48a6430e0f

SHA256
85eceb790163968cde51df89163749edfe69591ba10ea7a2a8a55e50a338a2a9

SHA512
858d869946a43de9dff3d0d368988d58b1a7004fe2d0edad0dc6373f7526a8c7ff74efa3cbe92b08ab9fa8ed1c702f034ff3e383099860f4f97ff9d306781ebf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5ba2bc7f44896508b7707544c0cf0cd

SHA1
6b8448c8b94b3ac04573f5f85b5f82f934a99802

SHA256
da31546d5813851b3cfe9e474f3506960c16f7b3203e4744bbafee2ed5d8cfde

SHA512
cf2e9f9709a17139c1cae1cfa976a086396dbafe74017c0bd6144c6adc2fb7dcb2de3a47a5063a5db29b69e82b649119dd5e1c1bfc31ce58a850d58d1970f89b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
064cfa8d31846bfcd299b6050451df2e

SHA1
0a0e0db8b5b13db045fadce535604a0f394b36de

SHA256
bf9b8034c48d4d08d3b84808784d7448f9311ec533320eaeac3bf1557b8ec5b9

SHA512
a835254402d95dcf9b94c74c045c918a67aa7879fbb7929bfc10c9fbe189beb9fc7e66b375287782d3987b2363cb6ae54a235ba7f870ec99d2e6e2ab24abb325

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01d3281c90ce5aba2ce3cf8d1f1b572e

SHA1
6d8e46c084ebd0e9dcca458d3a998058e383778e

SHA256
adb511ad105a5f1863437b7b81b664dde19960f4d81c1d670da81efd555c3b63

SHA512
3fd53cde768ff3a62b2a69a42e1ffb2ed2f3e55b3ad05b10669edae37521a885353db1ef954f9454d19267381f11aaf4d182cbb0f9a3bad6b54302ac5992dd90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a208fc4a59d24c055854e19bd4d0067

SHA1
c2d219d50064569de5542a2120166b3902edc3ae

SHA256
f78487079c0f868bfe81ca894a1c31340d5fce6190d080f9de451d462edc21d0

SHA512
feb1977adbdf68be04155820e80c0ded956e63e120b3312b35af17f08930bb05648932a0406f95bfe991bb56676229e931683d754db5f6f9f79047a7ba6f43c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d13b13c4c870e49ccbb8ba5af74c5adb

SHA1
d5a19a5347eb0466d914e220dc53fb258a1c32e0

SHA256
26b22a29ec76307db49a10c8f850315ad8c14cabf8d614822eb5f54c6267be5c

SHA512
80dce1919a8a4e3722838f326fdbf6a06eac43352bc7b8abe203eb10292d54186ee3f39f60ae00125d2947b45bdcb92087a978fa34a5bdf55d3967e90d9f7337

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb8c9791de09b623ea36f2f3b520c4b4

SHA1
94658cdee214293d324b90d4cf2d13e9b7eb3ee8

SHA256
847ce6ed8a53b6cea751d4a87b97039a2346919752233c13327b7b379837651d

SHA512
6765e86a3e67454820045e5b54ac1070811d223158fbbada295c55ee1ebef538017e205f137d3066b82673091eb1676a37358264b7cb5c89d3fc211142630b75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4dd128500d213a9c349e65c121e22d36

SHA1
b71325b454d01bb99d536755a114b4a8a8a7c254

SHA256
2bcfb53c2d3a2586488bd8c609d045add1c998a5c58d1820e1e9029255660ddf

SHA512
5b1dfe922e3a4cef5c344293485ddacf4abd8f2e364ad8176c1948c33e5deb5e6dfb754affad0b34a2153d8a7c5676b2d84b0064bda0db3928c1d9f6b3d8c47d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b72f5fc8734e0df33b5a548e6b42c104

SHA1
7b003cef9d4b1ac730cc19b42599b045d63b2996

SHA256
4ab4d8dc0e0964960fa735cb85a21a025349b43f9bd631f9960e9828150d0581

SHA512
19e2e6ca60557bae22b7cc96584ae5002c8418dfe2614d1e4865ecfd5ea3985c56d634c540433f1915fcfd81a5bf328eb32da520366f3ee8852800ccaa1310f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab45F6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4608.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit