109e7c2f10db321ee97b83bc8b7a4b7cea96112d7f6c927412897e2b42da60fd

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 21:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1ad99cdf00d0c107136f39142375238_JaffaCakes118.html
Size

18KB
MD5

c1ad99cdf00d0c107136f39142375238
SHA1

649d632e3b6d9ebc20db5df3c770ca400ebcc9cc
SHA256

109e7c2f10db321ee97b83bc8b7a4b7cea96112d7f6c927412897e2b42da60fd
SHA512

14e9bd4cbe77fdc04910434cfc29e3b6f31d4107a8cfc37f140124a07b8bbca02809b12c9674b4b576a0687e5f12baacdc1a9e68856305eb6acf6925a8c7df7b
SSDEEP

384:I8A3nFjIqGG7wA+wtBT/m3V6Connezw13ut3/D10wsLdgLmPhLUhMyMEAwYZ1Bs2:IhVjIqGOCMeZ5zpR2p

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2AAE12C1-632D-11EF-A432-EE88FE214989} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0f9da023af7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000b12e5a4e35e04eca52cec5f15961a2901ff677cf3e133d4936e898bbc5bb66eb000000000e800000000200002000000043ea08cf913225fa4c4cd2c36bf98b0c525ba20b6aa090cddd6833d11491ff922000000085723be4be2eb85b1452992da0acbf0b8d27f1c48a510e31a1b194307ad59a8740000000c91731136695ced9a106d4cbe6df30931c688af9016d7a9a7ae041ef12daf2a4146f0af72b6d5c040610c65bb79073868d10e8a0f7839a479b412b0a7a7a5955	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000f3b73b8ad2352a15aabdfe5a80e18d4b5dc41245b3f2889ece893c6f28f884c9000000000e8000000002000020000000baf5b0f4cd7c40fe2f86026a505dff66aee96a4918fc29d80b9c787fc71f49e7900000007dc3ae931ab7a8fec3583d6181b27fd025fc80c173f18e7e4f2905724a0a45bb68c8e08d4e15c3bbc09bac49c497e51a551d50bbfc5af59f7b03a85d420349ca783bdbf5b7c7c206593c113797f37d66aa67c41b520090404b6c26a2ebc07387d4a2b218e8ffb710c89ae265abbf451b702db71c37f3f32b7ee48ba11f64bd48c5d14c644105674abf67b09786c365db400000001d5ccba39d0d6ac8ade70dc567fcae9837d396134acb92281b76d0943f2d490227d5186c99e8b437926c9e8f318f26fd9d3c4cc1a39501add9f21cefe1174836	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430784979"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1752	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1752	iexplore.exe
1752	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2172	1752	iexplore.exe	29
PID 1752 wrote to memory of 2172	1752	iexplore.exe	29
PID 1752 wrote to memory of 2172	1752	iexplore.exe	29
PID 1752 wrote to memory of 2172	1752	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1ad99cdf00d0c107136f39142375238_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
405aacdfcf44fe16755bfacb39c5055d

SHA1
7b2cfec43105d50fedd6aab4fa50c0e4560116ed

SHA256
767fb1a61306d3fe4051178786ff2b3747e7c56df1688492abec8fc63f81277f

SHA512
ffbe011621b416249386596316e2881c4634e96e01dae5a288656705d590017d6ffb195de30de7a6d3eaacab59ecb175e37059b3293703e76d787f417013f738

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b7bfc51f98b97cd7eebd7da1406e869e

SHA1
d5fe3ce2a7eaf41e4269abd9bf5be417b12deb2d

SHA256
5d3bcda880a32fa08d81e9240f9708bd589b1293e7fc585713b5549324ba66a8

SHA512
b08d3aed77409bcd2f03f0208e729b8cc1e5082dc0742e7b3b0c88213c578cb3708f1a579df5dcdf50e4db2efcb747cb4a7a3b4bb7dd5b71165df613ab711794

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e581c090fdf6709ae56ed3adf72ce161

SHA1
203f16026fc42837c13b7c98fc77f0b5ff967034

SHA256
fe02a56cec68190cffe0f6428932f44fff370b2714af738f673769f2f69cdcf6

SHA512
31076867b31580a423c8fb7d7743066a410301aaeb823ec985498a963318c525cf60ad2da614b835c03afa4a6b8d2bc4a6331cecaa984130e8e54d78040dd48b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c534ba8405cd341fd843cd42459ea779

SHA1
a0a4d99aecf2f0d71de5f1db5821586e80864064

SHA256
cc542816b3e9ac364d1b77eddcddab973b7d27a08a7c937f4051627c882bbcdc

SHA512
9e7f588c2f93cefa477ef8dfb3a75641e5ed0230fabf14bcf32f13bfb837260f73ece9c6115931cd69ecde68b02ea80b5ea41cec8e3864ecf7466527bb18c52f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e3ae66166c297d17c714a1c1d8dec4e

SHA1
0bf5222fa3e9126b8aadf56fc83d614437ca9a52

SHA256
8d06146fd8ccd15cb75eda4e2744dbf132f80082d826af1358c70e04ecd837bd

SHA512
e7a4b52855e946bfe8fa9fcdad6408e212eba3e0f6be672c2c4068232434112c3fc342a7cfbcda88bb9cab062451d107954cfdbc313483290cd39f18aa3c8e09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b4080192bcc3c6f77bed613978ec77e

SHA1
7b182074ebd4c88bb256d939a4540da01b7a5982

SHA256
f7032a0b24e65a29f63873e593312be8318c18b8ad1f9703cfb962f02e73d072

SHA512
35a9261b04ac4e6e08f2144ecc1746d3a9e5f49e230d75fa5c8d5896ee121dbabc7dec4159e3afaa3afbfad5dfcb0e4ca864c1aea6fc5bc890785baed4554bfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fdb5c265134ed00c657c7a7fd3eb61b

SHA1
943bce33b3268e5c45a1ab6d295b6472928c48b0

SHA256
0e698b9b0317fe579c0739d785c406836f67ab85daaf0ab13f42d3da86111fec

SHA512
57390c62bd9bd406a5cb5347f52bfbb26fa4671573d2b4d194386ab25649399c15ec01fd9249578fd20cd8405dd27c9a3af2e13122be96b5b993ffe440088b94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5823e02e82a8caf2dbf96b6a304c5e59

SHA1
8906512fc0c5a746277ca921a7e02eccfa598bda

SHA256
964c6b9dc39733ad9923bafad61511b031b190615514d6e8c25350d8b49dc23f

SHA512
30aee9226033cc99dd5a079d3182ca68d2a72d23865104bb16fa05f34c96fca14322235d9f2ff345ee95075346124e0518d55a1c353aff9fd98ed296af0a67e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53f424cc2085a9f1d1a3ed705b15c447

SHA1
44288d974aa3a62958faa3b6a75f5b1be224ba8a

SHA256
226ad144d61d952c27294a6b94d32e2c6cce56ad50e3a0ec4064c07b25a7b9c0

SHA512
d6b119f3846c8b3a15fa73acac39edf5e836aeb97799c9a0a6a092e9cb0fc419f1b77373dc624137638c74df985992467becc5cb6e57d32c5aaa372d19e1ab69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e95a6e921622e0b3b7932b15110451b0

SHA1
64ffbe40c5c758ab6a279e68aab72cd8f2aaeae5

SHA256
43f646d6d00f29889327f4ce0e0586bfc926659973fb75b92dc9fa1d34663785

SHA512
b72765c2884d836273f0ac5e4f8f34799bbf53e53b8b70fbc70b98e4e00d7abadf1ede66ab336249c936829a693681dd8c7c46544e7c7543eadee0e13f2cb46c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
758685d64296592f9c10519c679a069d

SHA1
9faaf120fe50adb194fda496d5c53e1ca1c87498

SHA256
a8db1aefc46ab7f71f24404f21a150b7d1f39acf85c552fd6f72709ea86010d6

SHA512
f291f08119481330ebdbf0ecfc19f70f571a058b85640a32d4281bb71cb0ed2ca81cc2e59fad4cbe082b8683e03521ef497c86260aa80e7e61b2ac8cb912006e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db1e216c2900309ccf1c4c1fe6771cce

SHA1
190d7d3f7a8e1a44ac758aa0ded6b3db2028ee61

SHA256
459dbd37971cff982eb288fd42ba6e8998be2fe2bce4a4f6b4ef74f1c14bfe78

SHA512
2708ccc1d1ac6198132ed5acb9e6f15e6ff43b385b2740b918a614eaf0ff4cc960ad0ab70a8f67787a68009d579ac78b11ab80b8aaaa3985e644b78a83041d7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae873781209005bae057fa26fda82405

SHA1
8b98238da2159ad785ca42aaca079f9b574e2077

SHA256
fa1cd4bd8e1112e41bdfd7416bc2390e21f3dcccae6946739641d13f8910ea95

SHA512
eef9ae5df5dd2d50a08bc655839115a8d9d02d019ac96bebc99075cd418ba606efdb279211fef4d0614082b8fd35c481df53c9bc4a55c3af4260e0449e66a26c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
7e6bb3af1a6ce5e00f3c1cc957bf3cf7

SHA1
dae60c88a50e3c4f7bf01e4edf0cc68da882f304

SHA256
c19473b943ede5078344c2982e2d110e50b486d23a277d4109952c1c89d1b68f

SHA512
0039279e5ad42289512c36071b19272d30b4d1a40c5092c181048c8ac271037d11d09c86f2513cfa9555139ee934857933707d23132fd0e647eaa25f79781b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7216.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7218.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit