2f270ea11303549b632fd319f3917045cff687fb46dd1a05997e1cb519a2fe08

Analysis

max time kernel
138s
max time network
148s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 19:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bf3e2fcbaee3573aba322692f99100ca_JaffaCakes118.html
Size

123KB
MD5

bf3e2fcbaee3573aba322692f99100ca
SHA1

862ef5f5ceb97f4bd75324c0bee54afabca419bc
SHA256

2f270ea11303549b632fd319f3917045cff687fb46dd1a05997e1cb519a2fe08
SHA512

011c19419ec52fb7bae08581d7017c6077c03cb715b6f030960d475e7b926076f81f6715ca7cbfb73f619d052ed95a7062a4ff9b7740c7eef75d01f96900a393
SSDEEP

1536:gGeNlqMgsoRGfbgc5j9hak8LgNx47uFJkvmRionL:iD7hQOgMK7uFF

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 604bae365bf6da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000002157c3204eb2c62b0330ec2054f8ea463f96c74f6bac5e789a093b9d1ba301bc000000000e80000000020000200000009c9a82965e80abed2648fe4eba7e078a11ebd1aef5cdba9938eb4239b3854fe490000000bf3806e3a0839b799d1870e00c1b737c74c15e73303913518c2c33476025e106e5922595329ba262da273cb500bedbdd3d1d6b0da3cef1ec388ccabc1508019d20a06dad9e864982c815c876685d0dfa3294c21b79df9b2477ff69fb43f2c33edac83b989803f806d3566847c843e1168953649b99f707a58612c344fc7e49cf2ec1684ef5d2ce343b6f403abdb9991840000000af46868fd6612f02236aa00e0ebaae81a94043e2e03b81427636ac1271f956502c9a30e677d83fe25e8512167d48ac2f900eb6920540875266e80ed553c0382c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000eeaf09474637500ff71b2e2e09cca644b3853111a192e28852689be5e90f67f0000000000e8000000002000020000000a63253014a30534d85bb0827333252904cedbb10fb36a44cb40214a93ba8b507200000008408692ae69c431350c2e38391256eb9bef7dc29c451b0a4758f610b8a1e09bd40000000be9562d29240db7199b5924b84306ae52e413cdd041253cbc7857c25434bddeb064084df2e752124ed6f78ec331f2ff091e3de05de4daf625c390c04435c78f7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4265FCF1-624E-11EF-8893-6AA0EDE5A32F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430689242"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1932	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1932	iexplore.exe
1932	iexplore.exe
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE
2192	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 2192	1932	iexplore.exe	30
PID 1932 wrote to memory of 2192	1932	iexplore.exe	30
PID 1932 wrote to memory of 2192	1932	iexplore.exe	30
PID 1932 wrote to memory of 2192	1932	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bf3e2fcbaee3573aba322692f99100ca_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4ea477dcee655c2c9e824d1b4f48b12

SHA1
f6278cbaf05871c691320a955f2baf9019b42827

SHA256
e93eb63fcec1cb18bac51ce3c2a9cd651bfdd98dd10760c66c74552316683f11

SHA512
1cc32bb8a02541a74abf963efbbb7a4528797b04429fcb2066af44dd58eae11adb35157b87b2ee63a02a346c0b902b0bea79c54bf88da140128ae6aed6a74167

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a5f1553f1129772f881dbe703926937

SHA1
74eb7f441f506dc29f2b6011481de6d2bac63f7e

SHA256
14313104bfec6b3fb55b390e3cf5ca4927b9238fc0a88701043b3483d8d934ff

SHA512
e62eb82a1f4953f062e24eceb03b45e328ad0d237e9b44b40083e8d449e94cf41a4ff3d3343e4c14a05aec0b2600af765ec0abacc3dcec1ddcd12da6cf157714

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
938c5e95ddf9e11648a4157487dd5337

SHA1
b76b1b1f8b52054e8c8a64a1a2bd6e2bae50d9d3

SHA256
ba0620202a59b884c9aa2bbf1ef5646fd77c1b46ec6c803255af170a94e1106d

SHA512
3ca9d81bef0d62f1919a694c0a7da36730aea97d595a202bd0a8df734cfe2bf250c6df5d831edb37da4ed12989ef97e763b650e2aa793cecbdb6009bfd466c53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a439887fab1012773a5159a2929591be

SHA1
f9d654e486a65bbb004807871bd5d616ddd20d12

SHA256
3dbbe87c9782d11a930529ba960d90c38f8e10ead1be129266497205c5cefad0

SHA512
9a388b269902d783c6832d97f9cf62d47d13f2e1f5655f6d57af25a6e44c6d887f2ee756cf0fde9eb6ca71af05d8991eca7fbacca7e39628c74938d74025d129

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e36de4ba007bdbbc850722137c86637

SHA1
b1dcd6f6863e7aa40c0df05ca22d057c01a08f7a

SHA256
5ba6a2a32daef92b132f4867650f0e6d69c4bcd8b9682e8ca494083978fa1f5a

SHA512
1e1d25cd965ebcace1f2ffb08d729991b0af2d169760a27104d6a942ab35f55b67fb9445bc45d2a80860f714b3402be95bc37cb6e4f1193882fd7a6d51652553

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec58409358aeb7d93f1c50c1491cf6e2

SHA1
11ca29dfe4913551aa363a78b7889695719e7f08

SHA256
76d716a413760c83bbd9d49988087ffd239f82eae59513648837b5d5e11751df

SHA512
3192ad6fe2c0efbf25c5efd282f99f1580041fc2b61dde82eca2193bf91045ebd381479b57c262424d1b86544eb2097f49510bc6160627302c23325b38a3ad2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c3a9a61d5b659cce682204d7db3013c

SHA1
8b3ff56816fbcaf3c60ea914b6c224492df54650

SHA256
ba73e7334d029d69588bffb83c952c959037b72a4f1cbdd8d621c09440b317b2

SHA512
9fc02d6728b4fba46de69343165d1152c0f7ba8a60e073f1f80c6cba0263a8f43f17a9261b532387a2341315af81fc446d6b510b1c0997fb75d9762761048654

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59d5775bdb0a037226727827cb0b34ac

SHA1
56c420ed7c495de10ebe1a1bfdc5b33d16ebf42a

SHA256
8b5c3a7c6a2ed385e677808c15eb8f570151f2cb42c2485e52408622d0eb4371

SHA512
62f0998a56824f99753665f2678a6fe191b8304a771a489f4b09dbc6a965d34aec9863ce7905a79d887573c508826d2a58c5c521da3a539e5e1fa508fccabf55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
636a9583118bba7476cc2a18a794c0d1

SHA1
b1febd5452b4b40766ebe85e5f75639c274f189b

SHA256
ac9fb7c0c79a8b902d77b49846be4b4356b9252dd3a1c9e5c47a8ed28dbfe37b

SHA512
95068630a2a0e7cdc115b49a08a22b63ea3e41bd028ff9c3b8b5b69baa2c73d3084c055d420c3851e1477b69d31946e6c62998ef13fd5ddfd9e3b588cbcc730d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9b896f1931ec43362d38a70437c6278

SHA1
8c5948d2461738950dc37b70e3333891a02fe1d0

SHA256
70e3857e1b775abee91746a54895a5f935a0c10ffd99ec48f417f2fa11da9fa7

SHA512
2af6cc2af8ae1c445a271639d1c7c28b4c6d0acc3b772efb41af41bd076f0425c6c427a186292a07b4e3cde9c21ed4ca8a4a7cadf3f47dc20732301bbcc1a0b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bdfdc6f253456832781a31679aae5150

SHA1
4f1a7cf13bee75cb092df1067ffb0ff04efa1286

SHA256
ee9ca72e9d0bd749c48b634971cce1ecd12685a723fd1fd47a97b518c1b46e08

SHA512
f8d62a7b0cb09a9bd4b2e3eddbfc94f4f400c3718394325b47546336be18078ede607dea96d37c24b21fa8072c19e41efda85ff2d15327f1c33ee8472da9e86b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2b44e5944711602753671efd34afefb

SHA1
9083f925c41efa246a74212e7c92621e419ef552

SHA256
e9b376a731c8df65d8f0881444544cd5097717cca0e87dd70616cfd175e3a48b

SHA512
ad92dc95fda0e3274a36ab693be8080525829cad20546f8b9b837611d9c1434420a57861a9fe1a1f9717cbccd8943c303488db9baaad4426d411b313ed017fb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
131801c60aff30d4052199e9dd6d4407

SHA1
4f13f6ce79c4da4336dc0e07221f30fff5b6ffd1

SHA256
b131a657439793b69eec6d6c7c53ea913c0a0fc43cd5fbd0a1db030664beaae3

SHA512
71a1796741ae36b31fa3a9f896d7a4700af211e08b486d043803e2e6cea139b236bb2f3fc728b2be12de48c95782911d92bb50c37febb61e864bb13a9403b7ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
960a9294ac76d09847468f53761a7855

SHA1
36d4267ce3c9412f30b7165946b447f420b50f78

SHA256
7d8ed5b4d1bf8776382d354c8c9d5dc32c904c7b81308fc7418d37de1148f221

SHA512
fdc69d0c8c1c62c0e894cb088d98b234f56e70dbfa5d1d246b24642b76ebbd8130ee044811f47946486336b3580ed7519ecdb8c3b0351b609256656739324f1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11bee6cc6dcaca0d20d279e72adfd6a7

SHA1
406fcf2132ebc296632f65177c95bf6cd823805a

SHA256
195fae6caeb4a2db94778b00c8253c81dde469974979b4c42364b22537bd02f4

SHA512
ea351c521c275178d749d0b3fac462764dbeef8c94129f0662b51c77784076b099135aad5480703130f36b880dd40e20fe13cb0d3c1fe08576af0a734ded2d0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28c42bf180f00b06a600cef58b553a2a

SHA1
931eae92a5e44037017eafe5471d4ad482f723f5

SHA256
75734aa2a0ff1c021597e284070c87a697b6493d846a8aff98b6ebe6013b2757

SHA512
7799c2f279f51825bafd9f8065d4ecaf28b94253943ed97ca3ea3f3f88e9c4352d200c74b6df8f0f97c24b60f970264f740e47544de3396c122794929d4db068

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5641c0109f01b9deec43bfae200fa4fe

SHA1
b7263b8d310fd679b0fca11e98a27155aa29e1f6

SHA256
e7943fac84932f7914546d81cfb13d1137ebae5b4b9a8bb79d300528005104e3

SHA512
1b928660b1c7f0a1e6e32a3a6eb2f5c081cadea5927826829874c9abf2777686f4a57579650aab7db748d7b295ac6767baf5c0f481f1bc44be5e9c2e22d0133b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9C51.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9C52.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit