5528caac4db4e66e3605abc969a3354cd028fa74c631ef266529e833e6f54f52

Analysis

max time kernel
137s
max time network
142s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
24-08-2024 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf3448eba44ff01ff21b6df35ad54e74_JaffaCakes118.html
Size

213KB
MD5

bf3448eba44ff01ff21b6df35ad54e74
SHA1

9152b18056e9ce2df39d08520a84001a1f0c80c5
SHA256

5528caac4db4e66e3605abc969a3354cd028fa74c631ef266529e833e6f54f52
SHA512

a34868da744a3488085e67d8019bf96066ff72a692a30ba9e59ec5e4061d6983dcd429c0102a4f19f3998d83743c41e7fbb8f2cd4148e338c53f62c60664268b
SSDEEP

3072:SseEYts3X6ikX0X3cp6gLWW4Pe+hIQ7jcngFpU9Mv3RjnnrHir2Y2BtoeF4lclgF:StA+ACsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{380319E1-624A-11EF-A76F-5AE8573B0ABD} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430687507"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2468	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2468	iexplore.exe
2468	iexplore.exe
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE
1976	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2468 wrote to memory of 1976	2468	iexplore.exe	29
PID 2468 wrote to memory of 1976	2468	iexplore.exe	29
PID 2468 wrote to memory of 1976	2468	iexplore.exe	29
PID 2468 wrote to memory of 1976	2468	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bf3448eba44ff01ff21b6df35ad54e74_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79ccf0cdc298a7421e690d9f59464838

SHA1
69ddf6eacc4908bf466425efc844bd54b110eb9c

SHA256
cbee3278c812b117b432f6274b5a0e678d76c796b1dfd0b259b0ce32315da460

SHA512
2dca172a82853de55896dbdc8564026eb9983835d0834a56dbc0614328c8cf780cc1c156a4c6007aedd6a2e88c11afc1970d6b244d8687e91c62abef1045ee63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa4b23f110347ad59cb0b88f14660281

SHA1
7185d6791c4fe847feea2d09d683e20179c60c5d

SHA256
a4abb7136f8b8e43b44140d17300fa40d58fc2e99ffb0cadff58b5187cf48954

SHA512
4a0820f141ece3786f2fd0e4010fade8fe76f560644c9b051ac9f48b5c9b39dccedf023a78ef8ad75ceb6530f45c08a668d010580af1ed8cbd2072a49d26a220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
293a90e50f4f75edda476d6fede68f10

SHA1
86c31eb5c42520f001fc74e1f3e0e4459786e4e6

SHA256
10274373f285de9067e188bbd68dbe3210c293bef9c056f0ca6304cb031f6ff3

SHA512
82367bb1988183b90d55b1d72f9ba3a70e3a7242d98258cc5d057c7573bf901b241fc19145e00b016e56c86671edebea89e15da966badc76ec559de6f2815461

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
340128d7bed014b64a7bf94acf256f73

SHA1
90a612c327067c51fa1deac6fd42ee53993dcf8c

SHA256
066ebd535d7f33760faf284cc1410568992138d5b7010a2589896cd661296811

SHA512
9c43e79b357564fa36375549e0d526f52d21ae934070c66e9fd62a7a95f808261a77e39e784c36763f93751071d4f02c7046335d5dbfd0c2952c973d8e6bc765

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1bb61d125d3823c7b39f99fe9e3f967f

SHA1
114b1753f1194688b5f84f17554d34b5522b0376

SHA256
8bdaa7bb7913c1ae706d92457fd2f83b9b09d49a6f501593e1590976e2130683

SHA512
96d2c1aa6bd2dbda860131dbb6b8a93e10ea8cb2df9e61280e4b984a43edf95628a11acd9ce22ada892c8bfe08871d1d75501f5853feb76d66f6f13c5ce1e79a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a515351d3b96524900c9a3be05ab7260

SHA1
7c5ea3b249d05795cd5b5a3bf678b81b9a7fa84f

SHA256
f5040855ba6aeb07d1b74542f0af65ad7cd6187701d8524fe1e99327eef5a828

SHA512
24ec897e461747780fc39f38c073bf81cc45e0bd0abc67d82c505b241600316e60ea1ba84e41597b2feba34aeeafe379552c6f3e18ab35b3073fb2c1c557ab58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77a7e150ece8840338f80a20ceae8ada

SHA1
1476b9540930a6706b7d27f19126f72a6cd310f8

SHA256
3b0f31ad1504bb4b55580631268d4d9e2fa34d77c4eef7df8d6d453de2d54660

SHA512
45399531b156acf81ffa958bae2dcd2d55ec4639ac270205ab4a754a677cfaf171e20bb2e9e8dbb4285eb4ee2573d199025c5c5658e99786f91b75b794eb932f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df2774762f92fecf00d2ff69b801db7d

SHA1
835f47f9844029ff808752e4a2adc5c072494d77

SHA256
b44a6245929c627d688e0c3ab0255c9e81f4ef973b17e84aa1a4d0c358f1e6a6

SHA512
97d2c28982f2c9f5992b451d5c5ca3760b19e2d7f24fd338be876833dec1a79be8c9cb1a374f2c89347bde53793be900c3077b8c51223df9277175bb6a82cf2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d03838017417d5e11f7e38ff9d094ad7

SHA1
6df893ce3980dd81c5ea0cb5df6a5dabceec8e81

SHA256
e6f784e29a64a3d57adc5fb39bb66bec955768a28b38e9ccb1dde835f10730e8

SHA512
27210d65440ab84cee3316c3c908394f46a62916c1d357107afea13d19db4f3bdfa639a941d4bf1adcd4fcffdfa41ad5e385f2b8284febd117df625fc07dec38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04ff317079e048b9553e77d0dee13508

SHA1
51091f166558344622813516293b23e36fa02028

SHA256
a109b7a345155f549d1f75aa05efd61e7eb49b119732e3230666eab1a1f4a982

SHA512
a9d11dafb8b4baa6940fedb4e0ba74b79cd6cde4490a1b233938683b641cccff5e1329525bfc0de0282230ea00761e0a2b771dfe51b6bcde7c4bde42ce0298a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f792aa492b07eb230c6d03c70bb9aece

SHA1
d6bdd1649707142baba1bb5cb775103bdac8cfa7

SHA256
016db96d8d8d0f935c26ac4c15f06993ad4728d68d6b798457496942d89c0b6e

SHA512
0ccee4ed364414d6183eb4a642614452484415af4f0565417805b13ce960dcffbaf9f7a8cc08578875d1ee745fbded0c2fcf5073b1db5b634afcf73d1cb2c1cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab48cad4bb38c03d91dc37296a5ddf8f

SHA1
23d091ee2ee9fe8169fb4685e732527ad0f1f0c9

SHA256
559e82dacb7abae70e886cb6c35f05267144119fbfbfd61ccb34ebcd7c02e561

SHA512
0b53ffda602fa9db9a4fd33a7e83204f89a143a26140c2120a554bcd17ff9f930f9d3ba07c4c24172a595abbc62fcda4d844e899b5b78ddffd5d8de6c48a1bf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89d13df979e3f9ded2a95974d7591574

SHA1
2b3d9d712880fde3af4b05b4a961023f48599539

SHA256
7ca5514150dc6d107dbefc502720cb0605299e07fbaf97d3432ff3dfb0c2b2c0

SHA512
6817f4a3f38552a072f3c3a563b1a3c652f8e6bff020497165b06aa753e495b9e63efab477006f934ad3794ece928e2954fde8d215746d0df4936dbbc322fa34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8534dab4481be9d75fa33e432e6d6b5b

SHA1
8299376d6d20bf240e2affd0408be2860398ad76

SHA256
d3add0e166e1cf9788c75c1e8ca5e80c5c9f0dae93185178c1e6504a43d173fe

SHA512
2ecdaee3836c27618892f3908eb9ae81039f002993f47181472cc01e240a8a548def1eed62eb6a85c0d610f907f6e03c42cf4b77ccbdf47140cdeb797121bb85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd5d0e962b2195e598e27696c995d3be

SHA1
f981a1d0bac8d67573d5d0d26c3c82eafca50cf5

SHA256
29668f8982d60278226ddc7f0369536efaac65a52ef70176d18b193dbf809711

SHA512
1777e1880d04273161b92688d20e07c0c2208f63d414819c638be4d516325481bbea63782b16482aa316abbeaa979b81e3438a2345697f9c520043e772b572fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be4c432decdd1b7d1220fe4db3a60eb4

SHA1
bd7f404565203fa310fef5d283923103bcbfa52e

SHA256
5d8f08ed4d794da6e9c5802ac8548c960ecdf98b57de5be3b290395edb3ce830

SHA512
6efd49da5ccc8c35ac65c84f508f69d5771856fc29f6ebb48495c2fb87f824bfe9638695dd035c15cf34b1a9bca3c805120392f5c3dd6a74d394508e2bfbf402

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
485e38e605b40916a1d03fc1e5757101

SHA1
ad9fb4abea133c0a19bacd654720d0885c1a16e9

SHA256
e01bc9a6d1d5e33851b4ac41986c2c5ad59e4defe61872ccd052f8627eb2b800

SHA512
01879e2e8cc905b053570215b5cc07b31f7e2fa52696e5528f66aa9c96c19529195cf2ef2474093e3df3c638d6942d18f512392850e5add2c01a9d938e8a7258

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9705fb68d2aa8c5ddbce79e16c7aeb10

SHA1
4ea3a2d8e37ceadb7ec57d297ce9ec258ec3b9dc

SHA256
d25be9fd34e3f4f3f08ba0356958602b8583fa1ae01e03a9c378b8a1d31b7549

SHA512
91234a332dc6291c569b0766d52deb8f2f066856b30ac2f072fc9f5fb7bd0c03a5da12736dc883123fbd74f442f99f5ccbf694be5f50f1f37b7367aa4c7f9178

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef3efec49686b69c813cf5bb773a90ea

SHA1
9cfee3e75b35cd153a460360f75e555bd27cf023

SHA256
75f3925cd8c58f571f9b2f00f9645d6f4d4176d75b4d7c38af64da4c631db156

SHA512
6a3bdded55bb65fb0b892104f9f0460d8b70b5e6b476714ee23d452fa3ba6b8673a02f45e235552b47620a4f1dc1296bd6a4ab41156dcd0313264c7b3f972326

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1297.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1376.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit