23f31068d48eb974c2d3bfb9c91d3d3b5b0f61f6013c93f3f2ffdc22cc6423b1

Analysis

max time kernel
142s
max time network
148s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bef143bcd59adcc8e215ea52396391c4_JaffaCakes118.html
Size

60KB
MD5

bef143bcd59adcc8e215ea52396391c4
SHA1

d43131fc53fe2e47f9d41aaf8be21033418fed7e
SHA256

23f31068d48eb974c2d3bfb9c91d3d3b5b0f61f6013c93f3f2ffdc22cc6423b1
SHA512

533123d23090f2614276d96d0c74fde37fc8f383d40910ff6573025aee9d73cb416f6c67d20c8a06bb5a5327e25c48bbdff6b60f68c1eb531cf447cb7ff03ce6
SSDEEP

768:JiGgcMwUc9GeCSXuhj2hitgoTyWhCZkoTnMdtbBnfBgN8/uQcc8QFVG8sP/Ijkk/:J+iRm9TRgec0tbrgamchNnWC

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000097dc8b66d80f88682b75a6aaf5791ca67af0e8092cbd760151f45d35ef167450000000000e80000000020000200000007318e95fb371d6487437251d5d407ebc8de5271af5a1a74a033f6f4adc4d7b012000000062c08c3121ba42a13451b3e26a263026eb883bbe8014809d81cb0b4e5f84c0ce400000005dc07ee87847a5ba5d3556f7e42bb24b6343882c554110dd13f061fd95acf0f625bb1e7181f289be1ec647cdb7a0adc1ab2de3debdfec2edd7433d5b7840d017	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0cd76453ef6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{70261431-6231-11EF-B8DF-E649859EC46C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430676872"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000041c105cff107090df99a42de129e63abe72aeca70b81a14abdfa778c8db96121000000000e8000000002000020000000e6fdf5d33ed76484115e38f5ce57e2418eb3e88759a774f09adf1b48343f568e9000000022e1e2935e8d27575b799266a3665f8a7264d0153c191a9c7b16466034a26bb245004a3855ec2f2b42a7c4218ef16e247f3ccb3af7c55d264d8f6d1060788dffaa49462c43d4773bbe8ab401cb251d327f4a8f84b47ef0c633c4b985ed43fad36b667e0d6acb391fda6c4e077f918d3568729f4d3f85997c5c64d1daaf9eb7eb975bed02172f9510f5ec66b118dabf954000000002b69c2797a2b7748461e62bf17c3840a6aeb622cfaca5d18822041dd19fca6c6fcaebf93daef5f50039c4e95f70adc2e4726b2512d5d399857f6ca8285c134a	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1732	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1732	iexplore.exe
1732	iexplore.exe
480	IEXPLORE.EXE
480	IEXPLORE.EXE
480	IEXPLORE.EXE
480	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 480	1732	iexplore.exe	29
PID 1732 wrote to memory of 480	1732	iexplore.exe	29
PID 1732 wrote to memory of 480	1732	iexplore.exe	29
PID 1732 wrote to memory of 480	1732	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bef143bcd59adcc8e215ea52396391c4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e84e1160d07080069692caf917c99836

SHA1
cd8dfbae2d2c67e1bb23dce371117f9bce1d3cf9

SHA256
a64d574ecd2ad01ca57afd0fcdc71dc3eab1dd0f7baeba20e56b59d54f98a930

SHA512
430b666893c9dd09239aeec31a23e3a42cf239621c405de3823b2f69d7a0c10693d1cc5e601edebba9a7108652ca2927af8c55d49098df6bc07f4f58c08769ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
630b830e474333f6b248438131d67481

SHA1
2da55e2db294c0fa303b4d9134b00e6071e90945

SHA256
a0c91f7dbeaeadc6075022f8a24da8b94c8fae521d3cc23fe3a650500217cf14

SHA512
453a8bb25241482d1582b3adb4ddcc5162c182dbdc2e657d40bcbefc299de1146a5a239988953a5435fca744c1b1c5cbb518e430f716023c55f21c0317f64c0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d686b8130b0ce1bd75ba4ecfd6ff9768

SHA1
c257b5cea4741f2391d1d593d503eb7cf74cc71d

SHA256
f08d14a7fa7beee2be915082d320cfd63fabe2a118568b197d1a113fd6907ab2

SHA512
233ec860d136e7b03d9bcc9895848100255fb7b90102e4ea10d2310bdd9329346a6d102b557aa74880f8ee130dbaead212ae67892896a876260d3e4ce20fcd55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3bbf3ad805a6c7ccd3cddf5c65acc796

SHA1
533be60d10d8c2b20642873d482120d72ae2af3e

SHA256
5417bf391ba6344c397e69de4847d52f5d97f8882115377ef7c5751de876689a

SHA512
548d19ad532cd4fa1e6e2dcb5bcc7f3fc467fa7065ef843d5dc5d206b055fac0a45603537f57e28f749a14018940f5c4c4b0fbae9e03d4dec4cecbad3b03427a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2a8f20af29ddf6531b616e505b7b04c

SHA1
79a95beca4506dc6a9c5d297488c9208ffb706c1

SHA256
663d9cfc00551a05c83d15a617176c524cdaaff3d31dbfc71e1a1f6954875f39

SHA512
eacbfb439d29ec3fe52ec0ab47e6489de07140f01171fd3621b87887de4d1765bf2b247a2541c37fac7f03a42e374421160e4a562cb7ceb3b7546e37caeaac84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb33cc0bb1be7272934f9baf1cdc0306

SHA1
873190bd3812c7bc74065a51d1b900499081f792

SHA256
bf447df796cc7cb325365618033e332a996424a57363f8255a423a2aca9b19d2

SHA512
c5d390e8067897dbb901f6dc2caa0e869c7afcb24310e7229e9f0427d3246bdf799e547ebba572fe632e6193646984e08edb6e94af834e394b6b79db8721d3ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9bbe0039ec9b5a3745abbc6be165417

SHA1
8f9d8e85ea10920b7c0f867dfd998188babd422f

SHA256
565ae5c0b7ad14816592bc3f5bbb42d47b9735d6420695edc60c81fb065f34d6

SHA512
5eaf212f59ff46e8c000294946eb7ad0ecd37276f074da64da8244e529d708b09eced0d8c5cb046ee7fd8828e30e37e5b00b3c66fb4197352a6d364af0aef27a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
150858b1d526d64ae7adb745fc1335ef

SHA1
265abac69ae10d33b290737333d21db4cfa7b300

SHA256
13e933030c37fabf99890cf09f85016b079aa24e558bdf5b7208011de6762e33

SHA512
b342f5198658b96e62aeed05bd8c66537e2ce8d51800792f288001120e71a642cafeb5ff30bab7c8bd38d31b8be4e6fcc0bce65cd50892c0b938cc0884dfcd68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3116ab57124df747010474b6b0052e27

SHA1
fc368c357243486ed523c7ed096da13d2ec16d1a

SHA256
b76aec467318fb23761b3276bfc41cda2b39b003718746ef703e3578df700ce6

SHA512
ee3e81b65c9f4e79e9f2d9981d84fe9f534e2770099f17cc10bd984dfae78756ffc7be8393bc7321b934768d3f4eede8e973679de782ecaa2ea78d524ce204d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
722104762dc78fb24e7221bdff39c036

SHA1
1bf7d3be508ee4ca9fec8b82f6e1dc6b25ff05a6

SHA256
144278397660ea10c79870f91f3a67b1bb88fd4c9d93478f335cbbe4fb0cabc1

SHA512
bfd8df45364ccb4ca59fbc9fb2d291afef94cf0f81cf87721015ca31b6fa7858a87becf26c78ecf879d256a0557ccc5ca9bbdbbe0993f742cd82af1a0bb1b0f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96e28f65b9a2507be98805cf7cea447d

SHA1
1f4c2cbd8a1eb6922e7bbf72e44af41306363ea8

SHA256
b04c0715f382bdaafbc0bb2a31f31aeb511934c1284d4bff413c25743ff11672

SHA512
c2bf4a12211deeeda01a29cb1837e6d4c70898bd4f60c24f793b5dd7499c7da84a1d3fdc79cebb9a3281f9db606430d7931ebaf831006c99bab91d9d6a9396c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9fed7e02e3256782d8467a070c50402

SHA1
fa1f09b5eb77c7956842ae0a45f5b36d8d2c9cae

SHA256
e576fdebb2a6c98ba6af21f0d1d5b708ae3717388139498eb2433f6e75be70e9

SHA512
a420f12d470034b81bc912b71d83cf43738d28fbb37d2a10ffb8923224c9d4e694613a82ffd0346e44e267dec24c7c35e91eb2872e6b407fb281bec7f7b6c24c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01a3e66882bcc1f2de793913f57573fb

SHA1
ff5335f28bf34c6e01534dd2383873d405788319

SHA256
523c3d2fd47ac24f856f5e7c5d346f4d3a6604014bd1ebe4339033b80a5cd5e2

SHA512
4be5153c1d68c6118c77e42f0ba9dd507bc44f9e2ec2ecbeed0b111515046eeb7665d2c92072f86e3b2c91f83df7d4a6f71abf22bacbe2e43b9f10352d750b31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8effd0a30f0aa150f647b98cee96e12

SHA1
69cc79f20d15882f4e4c8abfd4b5588c2985e6d4

SHA256
6f5504b5a242db2619786f11b6e5f2cc4179eeb0e465703b34d3d973ec01752b

SHA512
00bda5123bdc6a18542e9584044db8395cc08b4ad73f94f3797521d51dfe1c0ad8d6a6a498686d516f453015d92cee2f6012bfd528445c08b56587219526fba5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f40caa6b67fced3560a25f9026281fab

SHA1
9112b28d6372ac77d34abd93804486618950d820

SHA256
6b886334767f3af2ffe8bd3efb631097ae100e1dd6b95939fa1f84bb47bc0310

SHA512
fc864dd6db93ed8b928e4423174cc9802715a2a8964972e4ee8a47b487233cc29f0c0b8f76852a3d810b4a9d2b34a5ab2d95fbdf5a498b164e9bd243fc9ed38b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e99373925a8f09268aa6127f6ddd261

SHA1
25125ae10da9ef92737dbc0e7a449e7a5d931641

SHA256
c51fc9f88a2c611ef2fe7b3a5311863352ead64f4985396f10b6e0541b2ddaa1

SHA512
48b76b1803656eca0f701fc9ca9906d38c3d2baecd4d5254a38522ae124057877573ec4213a7e1f27b2f76b7a8434f39010cf8af1ca4350dd5084d01beb65583

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3CC3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3DD1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit