e4162456e8fd76786390daa42406b65f9528af7458ea60ed4f92bd09c3d01c97

Analysis

max time kernel
67s
max time network
128s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf675f9b4184c330027346d571ebc749_JaffaCakes118.html
Size

460KB
MD5

bf675f9b4184c330027346d571ebc749
SHA1

2b8b8e0978178ea80120378ebb78f51f675d1b9c
SHA256

e4162456e8fd76786390daa42406b65f9528af7458ea60ed4f92bd09c3d01c97
SHA512

95d884b6cd6db2924bcda8f97cc1fb40da8fec66768eadf323f17bf5fc79222a834dfbf41c74697b454fc477961e9a78ebd710013ed1821714d422ccfbfd5070
SSDEEP

6144:SRsMYod+X3oI+YLsMYod+X3oI+YSsMYod+X3oI+YLsMYod+X3oI+YQ:o5d+X3R5d+X3a5d+X315d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{266C1EE1-625C-11EF-B231-72E661693B4A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c92000000000200000000001066000000010000200000002ac83f7d6580a6a88a1d273d2ebfa50332fd5d5d500fbc7fdfe24e5cad071a67000000000e80000000020000200000001df8fb50d690a57102e9333c5135d93a5c695e1cfc4f894f006077f3f8121bee2000000071b0fb6d3289df1890066eb5fa3a61b8a54aa209a8c920c8d8bb8240899db51b400000001c7e4e6684f73878d6ebd706ff61b70b1f9c00ca990a0c46717f05ba3c8ea4738896e26501ae86e8d16bfe31a03ff5831c14586f542811db32ee928582e87b58	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c92000000000200000000001066000000010000200000004419a910ad82681091efa9a42249a505daaae47da13d3c07f861ee4ba9b06b36000000000e8000000002000020000000dcfaa2c1afbc121aae7238a7f16560c69cf776ababc1735ddb9d6754af7c5a05900000008b1578d16106212615e03126469a8ba66bd2fe80a42ed57a994cb3f4616393f2097b603e197bd52504938796afbcf41774ac831973a36f72c91b809d26a014f544136536332020d81395170015cf202c5deaf5bb21fc6f241e7f3ec05ace96f28c884b7695b8ae2fba6cd65841d61badd2f91234b63f99437778d33689df81ebf959873b1e21145c9c2e3c812748483140000000d2345e5f9ec2a4bf41df80c32a818fe966aff2b012b0c3293556d7c2ac5abf1487b8d46ece9d26c1fef3ff931cf4587e0984bef885d9fdc35734bf2d4e5d3746	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430695207"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10348aff68f6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1344	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1344	iexplore.exe
1344	iexplore.exe
688	IEXPLORE.EXE
688	IEXPLORE.EXE
688	IEXPLORE.EXE
688	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 688	1344	iexplore.exe	29
PID 1344 wrote to memory of 688	1344	iexplore.exe	29
PID 1344 wrote to memory of 688	1344	iexplore.exe	29
PID 1344 wrote to memory of 688	1344	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bf675f9b4184c330027346d571ebc749_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1344 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c4966e5ab97d904e3e9d12399cace03

SHA1
12ff74d352fd1edd1ece4277af1b7d8e3c51aa77

SHA256
275e10a1967d51b67cb9e6fd32879144bcf50d56254ad09068cae488e5c56e80

SHA512
3ccdd5500dec71898d68175abb100e51a88542bc3fc006e4017619804a15af99de0a419723e2adfaedf6b023a4c025158c4fef883ef084bb046db8769f5e2207

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46e5c3ddc7c8e551d9d2b9995b660505

SHA1
d7dcdaa7182e88c6fd4be307849b4c4523c80754

SHA256
e67b2a624c420d1a0f41568076b9afc2a6737fac9140f1214d7015ae268130d9

SHA512
c99050dfd38a162bec201281b9a844addd37bb6e20c519f1504a2055ac06e1a18a400967ea24dcc82464dc23bd9060df781f213e989e357778aa1c16ebef6f8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f18bf87cfa1d0482d00cb30c846d1d45

SHA1
796be381cd6ccb5f71d792591f81b67ca61fb7ea

SHA256
09055651caada8c446e46b2873983c4e59eb6acad19e252b22d27396cafcaf6d

SHA512
05a985ce8615cd96dbd651136e25bd69e15dbadbe42b42687890e26e24fe264168d8f2d052959a7acc3a2e3d1e3e2e173b03ee68442d0da18a2745c2704e428c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f98685cc8f7c81e0e4806db4272bcd66

SHA1
0c6d290148e4405a7f4093b2435f39d7bcbec46f

SHA256
359afd5b8e9719303c9b7ee8ce1ad68dca443aa69431e7f46406f6df091ff3f8

SHA512
e2ce3de782d0e5f3bbcbfc07cccac3ed04a9148383a5d1a8b00462cbf03048340313680ff0923cdb5b43e4cd555fd18c1eb502d1de735e77176309d2c0d1bc5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06a9f9a95b6847c677d29b0108965319

SHA1
0c20e9a468d79dcdc83126cbb3460fa3d17fd3c7

SHA256
d91228b10b83ead17477153d18847c5f4d1a57b247808f5fd92bc9e33134eb3e

SHA512
cd1f63fba28201e0229d174d0bde9c36605fee73ad3de00cd1d55f7d302829d4fd40801ebc5cc5de0ed618066cd0dfa0ea1f936bf5e3cb340d0495f064654663

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62df2efe8fd3b98d8c1a9a87f0ba1380

SHA1
9fe20838159784215cec39a83c9c896cec88f847

SHA256
e721f6a2e22bbf6422bceb09e36e476f5be7f7781e589bd202b2e8730b20264c

SHA512
7cec56659042db505d416ec5094b10a73130b275b33d2e4419fbe36d8945f1a2b9cc333f11542725981826c758468c98f9abbec44d0f37412b6a6d5139950da2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5093d0d0f7859ba0958ffaac9509d706

SHA1
8c968a80a57e10908d5f0ac169d4a85cff7a8ed6

SHA256
c715eb6e70d992f55e3c90ea1cee787795ec80417f5b1ce3b502d579a66aea7f

SHA512
b14379632587f6000896fde99ff214fa5463be8334be1dd90b12e5082faf439ecb866af2a8f1383dc7617313561697b307e89d1bfcd1145d44db974c6149d615

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efbc87ec8969a931a865106d6024a394

SHA1
223d07683c245fdfc5520fcd3f98bb6dfd8f0b14

SHA256
0eb96b0fb42fe9abcff03c9ccba39380a798e05899f63c57fc54d619066f7b0c

SHA512
22daea4a17f71c506c6bc62ac6c05d6a4bc3af23c0ba9f2a536eb079b67ac5da2e7d776e94f90f7b6ba0975d4981bbbf455f88fe00b301325cc347325e0c48a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfb0f91fb2898e3ad1bbb893c718fa7c

SHA1
7439e290eb1155c64466bac6bf3a4ebfbe124544

SHA256
94a1cf701b61ef8a9d3e483503062348b90b1870bf65f27d8c3fb4982b54c69b

SHA512
529761c2972fe7d0c5fd6b91cdcf604bb63ebb7969c91a61bc8429973da281869c47ea746516d5a7501b18fd0c4bb2b22848fadf06a548455ec577e78953c22a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1418d8b7c6807980c5d2cb087ee4f861

SHA1
3034002f1e9085e8166b324d6b7d4c984e111ec1

SHA256
783ecc0f310650862c4f25eed7a5da932b83a47a6ad320ce989e9b2c5dc6c22a

SHA512
e41f5a9f4a8a956945919f8629e0d865b0bc6a835eaf5512b430ec1a4a6b9713dd4b930a08d4faa6f8717b773a5d3b29203ce7449b972bd5ed87d80b8b54e9a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14d317f8673d3df792b804f21187b057

SHA1
ef710f0c01b6eb7420488c8f80a4c27af4309ea3

SHA256
d736efe93b2bed8bece8ab51742b81e1683fb2c15d7c2397f020d6e4bff6962e

SHA512
4dbb8470d4c524dad3cd7491dd0c93d2096abb25594088a8a744eeb5ebb338088ef8c360a95426054c6fdc99ec75a42d95a0a2b01711e5efe3d118692a0a5810

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddc870c4f9f5c6cd501dff113103c157

SHA1
dcc6fbae44a528d623c52d9f37e00720b01a6a86

SHA256
17c72fe3202391585de7adecb3c89eb064a72f76378edd705fe6686156ae649c

SHA512
bdd9d85917accd218ff4101f773475629f447d5bdbe87b899a970150faeef8ea5701084e34f1a7ba6096569371062399f11ac70200eadf1822509018fe02d140

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
475bbc9be488e7b60b26aaf119a01319

SHA1
71b9cb168458aa406a0d71022a8705c7909a0e85

SHA256
ccd811c150cf695edd1f710aaa74ab9d9d48fcf79077ccfebd29509e7a2ae31f

SHA512
6cc3ed9fcb120e44e5589209ebd5dfb08386ce8dbd6b15d78f25e02e5ac22ec771d27b28c2d508e6a005804a41b65a53d72fa4f62ed38c46a205ca15f90ff438

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebe4e7ea21b6a5308b67603a861f5df8

SHA1
cbeddd0410f19c74fb21909deae3c7184f87161d

SHA256
4a4f83459379b463befdd313b6bb89ce02209d04f91a0b5ddbf79000a2b106af

SHA512
b8737b64ecf2efbbdfc7c8f78a04fb826d6ee5efba52fedd3350fcff1f4d28a14463b2a73263a65d3ba9fa7c2ec5bcdd386f6bfb3f1ce2909b1c24db725c7aa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3F83.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3FE4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit