2a0fd69ea47fda0128e9ad99ef56b09c09b697580c888ebd86eeead9f4896af1

Analysis

max time kernel
137s
max time network
149s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbb80e0d8c9dc644e8f3bc7c84c70c68_JaffaCakes118.html
Size

121KB
MD5

bbb80e0d8c9dc644e8f3bc7c84c70c68
SHA1

e381f6fed84c7b62a6bbbc6665d506738308482f
SHA256

2a0fd69ea47fda0128e9ad99ef56b09c09b697580c888ebd86eeead9f4896af1
SHA512

767eecc97938ee7f3a2f37d727c91311fe625f87fda45cd834c81dbf1a930480e16f14551bbafd8f361d5555a2d0002e4f7dd68e9b478791ce3f34ea7e5822b6
SSDEEP

768:exLV4KMAvoRh3KchGrvVqrKyPtQ6SpIc/dfV4vCrB1LDAaS6C3/G8EBeRW3E:eNCEUhCMrKi+6+fV4voDA5/G8EJ3E

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0051b0e857f5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000ee4922fbfbb04d5fe0021804f7e657765d847ee506ab6c8e389fc55c3c3e911e000000000e80000000020000200000008c9ace7561052c8c9bf5a689b591f8bcb267f13478d02e7b188ae4516fd89bd99000000079e06673554419fe6d910dbf89f26ec4f3720a324059150284b84d0fb0a63f7a6d8f8eb5ca19ebebdcd080615dda305f8f6c14b12b94fb63a5593f219f35f026c259c3836267f579171f74e85e04aa1826d061118ff5c6d409643c94e13c3c002dc26c874e151a6c9afc6a94a852b341c7ec70863e7ab811c99502e3e0efc2b90afd77e4c1779e0398a953921617883a400000009fe08c62bd3f35ad3390fe75bc643df3bb91dcade47d6b7338f7041af8565c7e70f2a3c42acfb707cf4c576393fb52ccf5df235ff1595a835b1107475309f5e6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430577871"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F4C8C801-614A-11EF-8B31-72E825B5BD5B} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb780000000002000000000010660000000100002000000055cc1c0be97baffb2f5fef05f5c030bbc9ea52b1e3df1671ed7cbf091185f112000000000e800000000200002000000019bc85684144ef27cd7efe2046edf0cada7316046c3de797716c8d94ab46220520000000acc19639c5969b374260326762aaf6ea44d8def05ab0df9a10cefd908967244740000000e1fc4e6864d286d0407fc6dea2dd0aaf7285d0d13477adcf29a4535e360a33540b47810747dd02b23f5f80e83dc927a3b1c0ed307b5d16d0c17ae42d079104ce	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
304	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
304	iexplore.exe
304	iexplore.exe
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 304 wrote to memory of 2552	304	iexplore.exe	30
PID 304 wrote to memory of 2552	304	iexplore.exe	30
PID 304 wrote to memory of 2552	304	iexplore.exe	30
PID 304 wrote to memory of 2552	304	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bbb80e0d8c9dc644e8f3bc7c84c70c68_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:304
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:304 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f522b2703bad9c3797c68ce79e2564ed

SHA1
b6cd8372a78243a6c54b8ee3a2396e40df338f2a

SHA256
64fba1cdaa2418aaa5145f6a33bf89a8ae54a787fd07a22531266a093de9a88b

SHA512
1a9b2df0a3de3c7e5058650b3fa8cf28ba2ba9065b02ac1f472494a20fdbe447ef45b392a05288f1c71e74a1ad4ab6445c16a44011b3e89da5912b4f813f1f10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9c0e92d12af0d92dc06f343632ea0d2

SHA1
71fdb392a8b2641257f72da1cfe6fe9379d0475f

SHA256
b0f405785b0db2a660069e55e3300da2ce1b315a1fbb3ea692636732810cc220

SHA512
b836b0613d60a8b28894c146f1080695f5540011a64b7ef69fdd34a10ad0b297afc51a18258c8fdebd73c16599a39753cafd637f02e0f418a357f2c1deaf4437

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
585d45fa166a316cc6a91830fb1b4c93

SHA1
6a847537f62af33c65f35a6a1cfd587dc35391ec

SHA256
30798f3c8347405c622b4d976b7acfe366575fc3b6c00f05e1e05664c5b0b13b

SHA512
c54ff403bb5c95cfd912979d3bfd28ad4b2a51a9ba5cf980670469eedc0fa441b6cd4654947f5b277a0eaa64ff3eff63c4eab56ccd2c952988b71bbf482d6365

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b9b818f5d33d3b67f6d3511770e2569

SHA1
03180c8ccd0e2bf6fcd72cc6f6e068bd52ebabf2

SHA256
8c2fd925f84a9e5e092da4d6d5ae0518708f9fdc2c410c7b503fc550f44bb137

SHA512
b15f9eb81158849658915d317cda38c45bad114bdc79b882bbb3a539a7de87ad2f6228af80d18dbff5709beac578640ff39be4697a29282b0b0fd626fcdcdf56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e390eb5144d3716d4a01e5c21d1b872

SHA1
fd585ba5d7a3ecd77abd5602b72cfcf402c68cab

SHA256
9c7a328ff693fa923416d60f3d6f42e25002540897c74dc65ac30a509490b241

SHA512
58256d1e65419ccfc3eed7a850bfcab3480e9085a6bb7f2d09028fd282e888cf07a2bcef4076a3fa615e10a015cda54dca13565eca197ef0253509db5b6ec145

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e45bfbc11400a63ca2939841b9dd91a

SHA1
1778d5ea3b22cd40219290dc4df17598c9df9718

SHA256
c66fff36b1cf34719ef6b96432fbb591ba49aa58fd690ee23b9a83ff379f5396

SHA512
8466427e88949b89f2bda52437ad1704875bd667dfb4e101aa77b84f41ba388f06b4a57b0b4ed082d6acf1c20a2d1079b3a9b3f6532ff3c9fb1f3153696eab47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e09bd80adda0e23833b932c69b367fb

SHA1
7bf2296781fa66f631af743ce964c47cd9ce0624

SHA256
5027f4d94a7c6529d2e09e64e534d0caa617de6a53be2096756f6b92d568b0c3

SHA512
8cabbf7e545f45ce656022200d61561cac474b39055c211216a7a94389d541374f65191b0926049c19c99dd22ad0e96415ba79092740d79f4a3096343acd7411

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f173015057df6a425919fbbd51e9114

SHA1
758e2383f088b7871dda81641b8c1da16bb0542f

SHA256
5af4edfab4aa0780f1a0d4eedc0c3ae9094de9142d409ba4670176c81418b4e5

SHA512
5511e3c49a0f7af1541db4c2cd3c192596a0e66649dfe8cd60e51f35dab5bdd5df4369747cfdb7b918838ed8281f08db7b00b534adb8e5adf85c2279865d7174

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22611b3b3be56049ffc6c2a101be3424

SHA1
52cccf526ef42c27763bbf5d856d812c19a8657b

SHA256
68b30999583eba03639e90db28d12e1282562e2cf97455e0205169097f4590e4

SHA512
20d43d1781869bd9cff2173b24b3746f608ea4e9f2a34c57383756b3783ed37c9f018e2c1928b74daaeb03759eb91c6f3ce92c9b038ec0c442dcf46d1c62c347

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ebc7b8b6bc568839b9021f828da5ce5

SHA1
609b675e2b4d0aad3c64ab1274f3074db470ac7e

SHA256
892ef8981bd76e96d392e907f54aa645eeb72e2c46a0ca87b22a26f726800600

SHA512
86b7dbf602512a9046ad409f532c88282926a3364d04cbdd7d59a06dc1919e8d44941888f508cb7253dda711c847737adf202b9c30096ccdea665da02eb59ccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
665f8cd61e85c17afab2f362bcee4d07

SHA1
0dc292c76cc559753718283cf28d709ddfb389fd

SHA256
75b4ceb4a1998e6a5fa6c1053c1c1c74e7c4be43fcf159fafa00e7e649ec6822

SHA512
00ccb4d49eebf35ac36c2f44cdd3401da91181a93870aff987d8f8ab0baca26f6b3e6644479364d810e16ce5aa2a6093130835f1b1be4d834fdebb72bae42388

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ec1506a5bebd6f7c4ea4acacc371d7f

SHA1
a42fa6204c3a6049e399dbec8b5d89acb9840229

SHA256
c029912df7edfef26fc62047dbc568fb91cc56f9d51ec40c1892dea3993bbd62

SHA512
80ad3636f75026ac74892251755e033b1517bfa099d8acb01b383f7d34a61236fc3715a6674d9853511f90549f7eda7f79112c29759dcbd3e6f87f50e38ce2bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2927574ac8c6e6cc723e08f5de8313f7

SHA1
9506ed8891018b98b8f8942f2fd12d26e2c48a9a

SHA256
271ec903510fcf6cf9ae6f4b4e053dc0ab2395e55149f614239e17d2938dfed5

SHA512
91b98b616842ac0a412f5c8b4b5608207ad6423e642f83bed1d9140b8fe081dc6841a4e63edc7944e34ee08e4b5833ec58537a32e5f94970bb918b9ce0b6908c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA67F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA67E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit