5a0a6dae1ada2b1dcc7be2f88f37e818da41b5a881f012cb8a674eab7651769f

Analysis

max time kernel
148s
max time network
142s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
23-08-2024 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9b71492dbd4a474ca63b603b3b5bfe0_JaffaCakes118.html
Size

38KB
MD5

b9b71492dbd4a474ca63b603b3b5bfe0
SHA1

ae741220b9a4e857ade9fc446b514486cca292aa
SHA256

5a0a6dae1ada2b1dcc7be2f88f37e818da41b5a881f012cb8a674eab7651769f
SHA512

fd8cd4d9515d5371f3d6fc9d88d268477478d71b73e43ce2c658b49388e2d0ef0120da882872eef3212b73a935dff4143b1cc1396b19ce15a88f23a6cb09e77c
SSDEEP

384:sIlIcctX4b6GTHp1Pu+Bti9gtTGIiThDkj+t1uHEkxPV5iuOt+/gcMBIornxMCp6:pvjBgJr9AxLZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30ded977f6f4da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{771380A1-60E9-11EF-B8C9-666B6675A85F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430535999"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000705ce750eb2f1792dd3449c7a27e1d741015e198bf04f488238981bd8bfd1db8000000000e800000000200002000000036da2e2289131bc319a966c36577c1d3613cb20eb8786e96eaaa718a20586daa20000000a03b4cdb9903affa1068d266c7c23b819db94af6f1566a3a2bb2cf692a27a2044000000069a84f2e53722081088fa65e9dd1aae59ace7e33f72dff6836ea4c028b7b8f7cc924046dec1da6f6c35c89d911631d273cf45105a6b680795222704eb55b6c4b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c92000000000200000000001066000000010000200000006ce02113161b24c979114a5efd20ee0ade7d19f874f1876dbc2fbb230741cb8b000000000e8000000002000020000000256f060183d1e0dcb314045b847ae4db72ca412421fa8621dad76e51468db7f2900000003c1836b39b9b78180c594a15fb35250f823a0f268e802771c710e5758ef51de114594dd8c3df41c4c7fd4020bc3864d0e6a1d2d9d3ad8e736d9d4934b8b6020c65399108b54192fb623ae393cbfe0df344ce57702e64080c18c0725f1cfb02f0bca566ffe73433c5cb6c53cbb8d5e03194a1702bbe6e45c75298b80c4974fa03390d451022cc0bbd4049f03428a2dd70400000000d166725c6393fcf0d328d5b14e3186df1989f5a4414caab65aa8f5cccdb30d9332c5a62a161ac2fbc8253fd3f8d5cdd71147eaacfd966806b1ecc71a8cc33ac	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2408	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2408	iexplore.exe
2408	iexplore.exe
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 2192	2408	iexplore.exe	30
PID 2408 wrote to memory of 2192	2408	iexplore.exe	30
PID 2408 wrote to memory of 2192	2408	iexplore.exe	30
PID 2408 wrote to memory of 2192	2408	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b9b71492dbd4a474ca63b603b3b5bfe0_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
146693a0dcfdad8f18da967b8ed7ae02

SHA1
c2c328c5d5a51351f3693b1a5b794430324c101a

SHA256
621967b8ed63c31dcfdc14365994dc4acbbd65620299cbcb27ca516e90f5a5fe

SHA512
96454b59a832695098329b3925b81bd658133452a391c86a9f8aea8913467b3c9bb31389362ab67cee3b0ca5e6d0a7b9b0aea8bb4cedcdd55e050346446d339d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc5ee5ed62d737d4e81caf98620d1bd1

SHA1
7cc496399fa063718e83b7df8c2b6863f06cba6d

SHA256
d5f5c657fb457979e10ea5f9996b11c83677fe3deb8bb62c0634cd4964631e5e

SHA512
23a9067404392e7989f63ad674f232ff5946a2948933c37a1af15679fb54d4c3821df8898f2f2520cb8e520b24a5fed48b9b8a885d810c975522cb4e21d3e83e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed53c2c0c9dd198208a004f962f57523

SHA1
66e23abc6691dc73d8dd1a2abbf6d06d08d2d760

SHA256
9537244c13202a64574c68390fa5684f11dc5d6dd92b4b41ea158945c371600c

SHA512
082e3ea6cb1bbe1982bc79a1191f3bc00f9e23bd430bc58355fddcd5b917835d203eb6e518ff0497e63c66ca44c8f46e6831d7f1169fe6a1d1b4c0568ca324f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2d9d8edb0bc006bc1666ad2785c275b

SHA1
9ba22cc7bee32bdf593da5f063e9cef0bb2d3280

SHA256
22c918a9d1322bb6d44d6168df4234511e99ffb82763ed60a0efe59511268c52

SHA512
08d965fc4a2731389374304a56efaf4f5aca2c518dc77b17b42ca62e68c52d14037a1f0c16926600ed3b841c7022b3e3c77e632204958e6d4c41ac3990956840

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8661e04b2a86bede169537dbb640421a

SHA1
e1660c20644badc51a5b83442e7417527ebf278b

SHA256
2fcf591b4d984d4dccc1e76971d2da13138ed6e6e68887d0aa78c224ddd57880

SHA512
c065e55e639026126ebd490afd4ae286ec99c20775f9e123da685dd33c4d6c793b8650a0c2b5404ff50720db4262e4f0dd9f1c43ccf2d59efd6bc7ca6ef302f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb808df38ce7211a58b43e718f6bdba3

SHA1
e1a31407cf727d8cbcf284e5f69c95a809e144a1

SHA256
d8cef99c889fbf91bc588807f7038ffbc7eb39049343659f5776cad1cb0efe11

SHA512
21f551163a1737e2ff0d8997e11ff7f69e45ebd07d81a9fc683c7b01c98517e183b5cd8d897d7effc2a52bd35e04985e8a0b77625a1c3e642cea01230aa5989e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1efca1411c43d496445d5bd8922ef78e

SHA1
6c599a75a96e4b39f4c845ccc224fa9ceb215de2

SHA256
aec1252c4f53e7948ead1cb88d4e485fe6f8aff7958136e9e8c599f6e4dea87d

SHA512
e571d467c1e1f2d3d7b625b01e16e7a45ffb9b59b6096fb0f701a70f1c65fc4d01938089e6e34641fd611268846aefcf9268bda9df70aa38a4f3f0ad6eb5871f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ca643ba1d5ff6259824a3f42d44ceba

SHA1
7cdc53dd27e2e70d02c676ccf66377edf8eaf54c

SHA256
b2d3b8ce96705a4c39cc25d68fb61a3dd96da2aa4b55ecd2af9a795c9a39f53e

SHA512
f79aa1124ee7a02714e5c4a0bb5449073d059fdc2f22052aa281541bdbac20e8105cfe78eb03ee3c95beec81674ccea7ce0f28fc988f9315c26644ff3c790f09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a697d33c581a7e1d8f76c4554c8064fc

SHA1
000e6f8c5e3792e29c41bab72a27352951065f76

SHA256
f6e18bf77f1812d2f81246b7d08d2264030c08f2762130c9d6f0eb61923d1063

SHA512
5a4fa10da9fb18e8e7452d329826d64754449f9f3047e1ef3260583b3150f4d2c141f73036a19252d2db4c93d68e6815cd3c56852feac2294590f069f0abbcb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45e9f6a005511180de4cb5c19e515bf1

SHA1
17e4edc6c979435c0f679b54a4cda6b17a6ed06f

SHA256
6b9c283cbfd5e10e80de744000d2f644bc15181e7c1f058e015d9490d9f61383

SHA512
a0d347b364864d20ec58b70d999a589b7bfa35a98885aaf0315917606fa96de1436b9ab78a6054267058f03e8b437c0777951a3fe7f1043b20a16322959dbfaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d82c5d14ba0a7566d367828fe7142f34

SHA1
c7c251a1a8c8761c5a7f5d414bfb0e4db64a3963

SHA256
ba2bc785d69208dd7cc39f793c46bdf6101673bd3a4d0e5f579b3bc462527642

SHA512
bcf82f38a6a9057639529c0885454197d658ca16072a9cbb06d186e89ea4837a1257aa984eac386373ecce9ff0e35cbd86bf83fd55da4722ab044cd2f0c4da71

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73d01405d9afa98f919834a7202356e9

SHA1
7a4a7ba137066db5d1f3d09a05ada90431278936

SHA256
0404e8405d00a4c1565e09633bd3dd2957e1a07ae4b01d15be3ef3c479e903c8

SHA512
87bf8fc288e5df2b4c3c62bc2462e305fd581a7d80ac853c242f0f60cdfd9c29e5a9d9149021b4dedb2a5180e4789478cbc6c19be9139db49e455b65197c92a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa12e02608b19c123c2eeb1317505910

SHA1
7f95bb59546c623dd5f6c2065d7a2661e372a424

SHA256
a6f9fa517e656edd9102d7d61a162e24e5d9d0a2a1a99fecf6adc6e3ec2071b8

SHA512
9a211fdac2de81b15d7710f117995e07a86988bd13350f939ff4caae259969b57f6ca1895c689fa8515cdf6c74ff2215fc598ea31883a7687f56abaff8acfd69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9069b40d64d3aef52720f5c0937f580e

SHA1
03799c8a6b6b5338a05ab9e0f02a4bb4286310c5

SHA256
b1cbaac166a47198cd873fd1194a7e5da5b3169ffe029292f2544563f6ece761

SHA512
c471c761118238c7bf459b79795ff87686cdd544156154e783777e0254bf8b9b322c3b8180952ee13c48d2cff9061acbb6d44cef8878646aa9792f778f8e94bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD6D1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD751.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit