df5c1f3c2b97b0667a76e0aee67e50d3e9ed9d279dac8ac55afb0344d5696ce3

Analysis

max time kernel
134s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 07:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be279082841db0c4a21bacb898bdbecd_JaffaCakes118.html
Size

15KB
MD5

be279082841db0c4a21bacb898bdbecd
SHA1

6917b9bbdf424081a3442687fb7943f788406b14
SHA256

df5c1f3c2b97b0667a76e0aee67e50d3e9ed9d279dac8ac55afb0344d5696ce3
SHA512

fb15a49b191043b02b3491a8029004c2a21e114cc7132b3b4d9b57a8dfe3d25f907d4fc701106ffd645d61bb97d80a22f9e7871a36d2a736471d4d20da6a7836
SSDEEP

384:P43Y5tVYv3a2Ol6WjFVsvVG4GbGlF6gMdwuG6BtJUs:gYN2OLIx63

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E24B4031-61EB-11EF-B557-C20DC8CB8E9E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430646989"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000007fb7abe9eb457485977aec8419374c395d0c065e2b767ffc29384b20316a4de8000000000e8000000002000020000000a278a27c5852dc9ece9d985785913266fe9a8fb4a88492627d9a0edd21c606989000000059a29f24f06c3712bebc32203909979940dc94e77eaca7b202be51dfab2bb9b54d333dd72b579c8952adb51787e2ab27733389d54e0a1861f9f61bc724fbf28d2deccc112cf9f0e22712b07d6fc111cb241b68365fca8d48f9182bd2a41a1cb9d1ad5510fb9d018c255fba80c29031e930a2db67ed38b78c4f2709065b938ed4a52dd8344b1c983a7596fcb21d0861b44000000096b8726bd576247b61b2cd919be596b9b8683478aa03c4a29bbde2c44a535df627d44b12bbfbd1dc70ac1c6243acc5c602c02332d80888adab901496ab9a650f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000a82dcede0979db720ec3924a61960e20ffbd9d70f98690ccddf751bf5de2991e000000000e80000000020000200000006235448baf6952d616851a69284c69fb176fff68c8a2c1aef46ce4300a489455200000006e1255d10abfa30be8de82a7ee867759be54e57bf22feee3082ece51e31b498c40000000e26204ffc1cea73039cf91a87d3201c0c0e3a68d0cb63991b2d2d505a44d58e3db6d1dc3f09cd5edf59c3635fdec86d8d89da42d6c4330a77409b7ad45effbf3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f07125b7f8f5da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1976	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1976	iexplore.exe
1976	iexplore.exe
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2784	1976	iexplore.exe	30
PID 1976 wrote to memory of 2784	1976	iexplore.exe	30
PID 1976 wrote to memory of 2784	1976	iexplore.exe	30
PID 1976 wrote to memory of 2784	1976	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\be279082841db0c4a21bacb898bdbecd_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28a8e254b2fe5ff62f7d4074865153df

SHA1
3ef91eb6d0c378b097f73cfbb682204edb23e1f7

SHA256
cd2e8b6aa8631fcdc1e7fe69534e13f65e1165a18f3259dc8bd3658e1da36ff7

SHA512
54a314721f5ba3b2323ea7bc079fdfefbcb51e8212ee316326605568ddf4b18bcf5ed25c3c1643be4ef28ce29a0afdf3e29a78cc1f9f3f0b3f0b6465568fbf06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64621c2d609da3f7b9b77cd811c09fb7

SHA1
a9efa4f8ff1c450288c2b2de83c16e4d90a353de

SHA256
e6b667ede1edcfd45b1cab9892ea722f5a81df147328518fe6126edcee30e709

SHA512
6c0b81011bbdfdc1b61c3c8dae8515fc7a6fb8a8ea8d339f39009bb2d92eb02d12d18266b97021b08387f953fc0c630ccd0906547d5836e0acb0320669b033dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c25bc8fe3a34bfbf640321f53dce469

SHA1
389522ade858def83a64c53450f445328cab7e11

SHA256
dab25548189705c085bc7a74d0f0d7829a57f08a43fe797ea6b45e24acf81ac1

SHA512
c8ae8d722f55d2e5a7aa918f0b86dd429d4c0f691d8280ef3aeda3f98f4c03ba38815c8cd1f568b2c89c0fc7030de2d814120f34f0097d6242612a99c0483810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf325cfec250755c1f65adb2ccd9bc52

SHA1
160e469247b9323ae937978166d9cd00f4a375e3

SHA256
24d4cd454d381ebd14971cd23cf9e54daf44227db922f1017edb09795973fbec

SHA512
46461d19da45429859723c90bd1bd7c2e2cddead14d3b88fc27abd50469f66229908f955a0ddacb77da71ac41813db907b8e55cafa06a3ef35797278c47e02fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8688513b4e0b5eb6c85d957fa4a655f

SHA1
2d10b38cb843f792fde77062eca29be6b6a3bd9e

SHA256
3193235a90b9a4e3e27fe13a5f066585f432adb5da4b59879821eeeca6591be7

SHA512
688e79046b19d06259896686a3cb172650c03f605e11d4f7ee3eaf39d988a8a74ca2d11662bef9e9ebbab632a263aec65485fabffca95d739a531828693f33e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe6c1f4df5185bd602c3cab8cc642749

SHA1
40596bacf6039239c4c6ac873eb9c7338b45bff8

SHA256
a4c6dd552e2303a7fe98e470819b6412425a2d4dff83a079ea59b3cfd9e90109

SHA512
9641a12f5d62f4d848f90aa9f785a796475bb6c089c3fc8200211dc271d04631d2a6e3871f865774e647a40b818cd74066df74f80425d863dd5e1b52fce8c33f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c195cc5783fe5cbfea491f4565493e04

SHA1
10cc3b29efd91f3398b34b0a177afa7e30cca0f3

SHA256
2020e17788965623a6863202d003d2be6638f00e4a7040a0023ab298dd87054e

SHA512
17bc4bf519135b2185b421a2c9ddb7716f012e5afa6fd8687fba3ae5c43e4b7c4f40fcfb5b6fc7024ab8b244975e297517166b1d3a570546d216ff62535f787e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6778d4472f4e7589d7661ce65705f1a0

SHA1
1a685a5630f5a88a002b798c3d80f0d819a49d3e

SHA256
942951801eb957ccba6c7283bcb8ab87761fbd610b4863e46e4e9af8ff12123f

SHA512
8092e19149ab0720f946ab6ae138361bd98557c2f19e08e092ea3834df417b6e4d3d8bab25319a99ea5454db513463b5cc64a07ad4246f10bd214e1b5e9482a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28ed8ce3f928c79a854c908fcfc0db9a

SHA1
346a68aa4d4930a54f51f096f4c6fd9854494294

SHA256
f7b40b6b613061976a9ec5de3bc34d7e888fd1bcb0359415b323699a64ad6a51

SHA512
f87a6333ddc64411c49d93d77fcb0b0fa291c6a406b922b422ca468ea06f06578f996f194507a11885df729dc8e4418f06897368f18ad74351faacd7faf7739d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3df3020e40ac30cedd7aea16d8881d92

SHA1
786f83df945413eac841520225eba3d3ab641c4c

SHA256
82d1b2ab0150a69f0150a863bd865f66bc9cab1499bc7bd3e2cba1c9177764e9

SHA512
bb6f3c7a812697cd456e6cc9f87ba380fe0bef4573a3e34277f4e4e27a89ef91ceab2a16eebfb005865e5cda17fd7342a801adbe544c6bf8e3032060d686e07c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3944e4fde267c8d910b06a584a3ff0d7

SHA1
9fe59efbb490eaecf6e83d9ff88a9ec70ce89d0f

SHA256
4cbb5e68d76aef0dc9e7a7307ab43f4cf3b864a99846f1379e2f9aecc75bbca8

SHA512
fdf36928a39239338d9286f4e65f14b077dd7bc81cc0c65341085ecce171781771994d3e2436a7c9d7a946c18cde884f5ac36a70a07886711f92a398c80291a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6fa67a3ded4ed0a0966d738bfc8292c

SHA1
6d37c6617dc9c770c61c83c443c7e14ddf958f71

SHA256
7d7bf6ed35f3803a63865e650892154d92ab52005ce98281f5b434573a2840f4

SHA512
761bc882d386c0671a6956b0b5fe07e05b3055b523ffe5b905849e8e1184d95fa7e92cfbfdcaecd6b857ea256710c7c8b4f2e4355b2b4bd381c876042ce2712a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23022fa90a1a690a16a690ebab0e5d8a

SHA1
c342ab98da63ffc074076f65e968df40363b1a97

SHA256
ae4adefec8805e1f7988878af1bd24007cc42c727bc832dad6133855d64507a9

SHA512
7d70cabd576b4f8794ff7569da457b21c635c406f7c03ac5f9b80c2f45a7b0a4b585704f08e8e95829c3fc15cf36d86453220cfce61bb2269f10243bbc862930

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50cfe6a5d85944c5ca8464c37fb54b01

SHA1
f43a5f94d3177e0e5e96a663ef787240adad6b6f

SHA256
49a1d5baeef6544886a9cbb6fc1f2293aa51fa8ea71f5bf67150e337d4cc85a0

SHA512
3dbabe6a8cd7f244d3dbdd2af4a68284b4f03696e1abd8dd1ddaa9176a6cff889bf1a03fce28cf2b5e2b9d0d7cd75e4c046a289a95b5ac4f967dfdcf9a844230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\css[1].css

Filesize
729B

MD5
b76ddb80a4ffcaa0d748ab0ce348e766

SHA1
677830b546fffcdc66cf650302f7bb1d092608d7

SHA256
b85725abe510347fcbf31c13165e0ff34436f6fe9956d5a0e68e41c33ab91691

SHA512
b67f661e84044324a8af3c92b129645fbf0cd0d9359cf7020f7526caf3d718809eaa43ef2d7be73c932428001f91fb5dfb9f6430d8e79092d1f8d66e753abf15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\css[2].css

Filesize
684B

MD5
d1399c9e61371643ef62c66a3390706c

SHA1
7e50837ac0d83905c3bec8f0435e158e882dcaaa

SHA256
3bbf40a682fd3c0afae412c6e8503534e60f626697313022026dfbebff6f0953

SHA512
bd33515c0f72e668c03427e2a8e9c8916993b5ea9ecd59901257f9dd27e91142855bed6cbd74d1a4e34112cc19e3988544cca90312d01fffbfe07bb85b64f1e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4D29.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4DE8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit