43e6ab6e15daed24c4cd0f466f4b6a0247f5c0b2923855a917f56d8399adb995

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 01:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

bfda7ef5121f1439347df16281853e7c_JaffaCakes118.html
Size

137KB
MD5

bfda7ef5121f1439347df16281853e7c
SHA1

4e91f79fb6d8d13189f005fba6f2bcf41b947111
SHA256

43e6ab6e15daed24c4cd0f466f4b6a0247f5c0b2923855a917f56d8399adb995
SHA512

a583800696514d0fab14065bfff70cfa1d0a89bf061095c4aa4cfe029331f99bb2fb87e123b9a025fe75f28d031caad43df5fdab6019cb84fc19c119aa734924
SSDEEP

3072:q6otU2Cdk7e45I5r2KnXWPjWcmiM2ihPhw:HEU2Cdk7D5IN2cOjWcmiM2ic

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 38 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3E05A011-6281-11EF-B856-666B6675A85F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000005d7928df78f51c079268b3b25cdb1b51fa3e7488d0819c201bb218320926a13f000000000e8000000002000020000000a2b7117e34367b29885901fede38930b89e0d262bb23ea27d980a19651870b1920000000bd9016c1d18ce5ff3045ed4e5a170cc43845ee57bf1f197f9af626f596bcc01840000000a283bf2b3c0bfec365599693c2b9878388aa44beb2fdff40a83c887a953ea5a541950e45bf05f01ffe87ef44ac77962258936f16e41869c8a0ce79139c9969a8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8030fd138ef6da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430711137"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000c5bf50f8b19690bc9cae257daed70bbcb091ccd2b98151c0c4c747ef13679f12000000000e80000000020000200000004309e7a8379d064f038516142619d94b521d794c2654693c2763398f38354d3390000000805fe67a384d52f9337a251ac30ee30344dc891d165d846bad07bffc8922eabb74afa71a510d01c54fa19171005a9856c06eefa62bc5e353cfd3902c94ed623188d189082f92b22a1003a10f6a7c57d6c05db7955cb67af6d853c6f8030ff5b79cc53c607fb3ea425bb5318f591887f2fd6c1b248fbbe4c9d748e5debe964089041704e03bbb7894ffea674956c662504000000048312f41c09f1ca6399682bc0c215f5a0065f0d473c90ac67d5dbdaba280539af151f46ed80db6d92ca8dce9d5952c43bc591742d82248fa78030f5c522dc709	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1744	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1744	iexplore.exe
1744	iexplore.exe
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE
2304	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 2304	1744	iexplore.exe	29
PID 1744 wrote to memory of 2304	1744	iexplore.exe	29
PID 1744 wrote to memory of 2304	1744	iexplore.exe	29
PID 1744 wrote to memory of 2304	1744	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bfda7ef5121f1439347df16281853e7c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6cb1b871d06e120b35648ac7fb2d1b91

SHA1
acf35ae43a9c553c030d7c5314c8d77b1725e72e

SHA256
25427c9e30b7f05f7e1eb394cffbeaa132b8557c1b623528d6f3658ddd8cd58b

SHA512
41f7c12e130ee4d8732094e6f7bab5fee3b97a29cb1425988aa254d92d55bc6af3dfda001b5dc764965b7e34b3a7e66733b7a41451481b5941675b2bbb0cd0a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
332fa102a6eaffcef2dbc9eca2c7384f

SHA1
a053334a3fb7d54d1b7124af1aaaa5f3fbde5038

SHA256
c163a384b27d88a23d78153c4c911bd49629420c7abccb27d4144f31ef0e2a4d

SHA512
c9071ec830cfb2f9ab78c2ee53ab76982f2dddc4ec9e6205815097b09c6c29ad222e8cc1780b48eb0f984e6069f8e1827ea336e99f39913e62e6a6a6acd0b0e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5dc227f762bf8242499b6618cf30d706

SHA1
d1849849710b35dd070b3d1607b6c89e88085508

SHA256
acdf85bb025eda23cc07e3148a7fc5d97402b594c60f1ef607ce04dbb757ceb0

SHA512
0966b467df9313e433891abb190c7e6741b269f5b0fac468d3e0d9e69f3eaa5e1ae08ec8464b8cd7fd529c4a10c3f88a3ecd6b58af1cf79d12e63a64c57bea14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4463c9195a218af2ee1b691f498bf24a

SHA1
6184fc4454af1ee40c78b7be069181fc6c462d35

SHA256
46a8f27178dfcf79708b4de6148d0eeced4dbf0f81d099dca68ee6a33ee252d4

SHA512
e69697ecd0e5df350456047dbf8d14a6c9be57d72ed0e1e4d78a5b829f81daef1bf6477abbdcf5b69196abafc494fb9970e00f2cba92f642346fedb3f035bbd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
def94eaa139515189e5bc8b9b57a8136

SHA1
91f02e335e738dca884c8d9d6396b8eb48aa6d42

SHA256
2e369ae2065725eef0084fce73dafb8ccf16d1996122fb16f5af0c2525121493

SHA512
fa571d79c832d0dfe9a804e3c0c6163cdf1ca3f64428cba80a96e8a7148fcd1d500102ad5970186dcc3345bcd1cc683833bb6317b5bf3981d79c352511f22c31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f654f0dc273c73675febf930b067196c

SHA1
53428288896fd915c1b8c638274ff84c836f7365

SHA256
1e4f51a9c89c08df12a5849b22a6247334490ba48fe5d28034f90ecbc3b3d10c

SHA512
c610d569979dcd4116b75a9d3447cb86e3f8e33794914dee1d86b83b080242e68a40446a9ccb8f025c66afde12c742c1e07ff3f411dae99458f5e8e593cab24f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36752cc5f25ed4a9f3f72493e53666d1

SHA1
e08f119c132d49571b379ec62b1ccb7cc3f17251

SHA256
dc15d42e6bcae7ea1c18b639f7adeefc66291323ddf82bea72af1f303378579f

SHA512
3a56beae58d44e9ce6f5ce66838ca985abac45ab19918bbac379948f607629c436d600bfb29b68a6edef07fa9e6b7d21b3ff843b77de6a60c40b39cac01f61e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a90b7a53ab5cebb57c8dd788b2b07a1

SHA1
339a58092aa74be4abe8dc29ee37cf8ddbb6abde

SHA256
e071e41e8bc2cdf4b008bde41570a6d873485c6a9995c256c6667ceacba7e08e

SHA512
298ab0537a232ee007d8e71c40758262e91d891cdaecb1b746d7fd3fc0fb7d8640c919edf7d718d3495c9ddb188fb8098bc22a62f4518cb42ad81bc999770ab2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7653ed8e730776075724a70a490ba44b

SHA1
6e2f13ab6c5c2bcb6c3b266bd1497a4bb331e532

SHA256
2df68a942921cb9428336df34d0e531f59100dfb62b2d4347887eeed9eb07cbb

SHA512
d0eee63449f18031d9ed4a9d2e89a333c52f915634d5050bfbfb10939fd68341b5ec42d8734fe3c0fcfd83b0af02d2d3460c07119ca0cbc80f718b107a0a5595

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30372945e5dc69a574a3499e6960923b

SHA1
12560ae1bbb6d76ca5d90e5a21a8bcb0155d4b74

SHA256
534f9b9f77c88a2be888d57817e87d62c314ec44ae771de26b2a76f9ebb88ef2

SHA512
affaf3033f346e548bd7de990d0b413867ab0e16b1cabe0d00cfa3c3c3f39e52eb467b56b03b98be610ce26be92bdfc9d2f60bf7462462467e8c5a8511a3e7d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43c9ca31d2abea86386fb85331770598

SHA1
8efd10af57419c45cbf62e2ed5ea41494771403a

SHA256
6cc3cd73291d49333df42539c768c875af44eb6ea8d971bde8ffdb9b908b423c

SHA512
5b1b0693e2bf0c72b559fb90bdcf8a47ef022ec80f1f095e21d07a23f274d2481ebef9d19d0fd54b91e9bed8c09481a8b67701bff86a0c4c940d97b37d317dbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
739a2542ef188658fedbad7bb32356c9

SHA1
35258fedd81866ed5626809e127d77221ae738fc

SHA256
f22e81284072bf00c6fcaf4a23a39f96651c1f57f04529d20e346cf9325d5330

SHA512
abf3dc05f58be8ee36190524203dc3853fa1f616573baf76030821d089f319c82ae39a18532f7890808fb9ed02acd0ec925c42cfc0d20a5425072cc819d9dbbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fff32cb66e434189fc3a92256444778

SHA1
de8dc1964055fbfacf818f20c204ab9a50838d4f

SHA256
1099e229ad5e456756fe68ab6e5b2804ec2090e56ffb109e22d7ef0ba3bbf2cf

SHA512
acc0768155c8dc030fc768dfafe7741c1f431b11ac54d40ad46ff12e44ed2b4d30a0da910bc9240a6bb34bbf721ae7ba38f835c168cb1a986394020fb12d7754

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b748979714e8cb243b39bb11acc965e2

SHA1
1e68bb80e69024fbdef884fb7fb873b329482d45

SHA256
9b4f5efdf5a08b141bf80afe0be4e7e5b5f367161231d7305d449d2eee432456

SHA512
067cd54e597945a4407be15e432b148bc19615b219f55edcbf030819a181df40bd0b7dc13165270106c3224567280066a0abb020e216f6eefaa78ea542caae2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55011d653ddebd389fc07abb7c6be2b8

SHA1
c2a8b8d8b4f599e9766a73ee1c0ef313b768318f

SHA256
b030c6f162bf8bd5350ca961dc229472576b9641e124e2bd231c9106cbedbdd9

SHA512
6fcca5461d7bb2b0b2a0f89671e29d96ea4c34790a2b60475beece18e9e297d000504a02d315870051cf980b9405ae650e71f2aa0ff00e513148683959ad4a3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
842c1a4d3296e77eeea8b408fe5e426b

SHA1
003f0a0e48cad60b543c0f24a3dafccb987152cf

SHA256
6093b4e1e481961455c346d7771dcd43e0e9a931c0cdffe960282bebebcfbc32

SHA512
ab0a2d7fdf50694e17be22e22f45e0b73e533658859be3f22d9038bbe10078a33057b167b630c585dd202d60a4fe67f53b66a3225d1130d1c08a07a7231d2516

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEC06.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEC76.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit