ed2b1a2c7047e9f100af317d82cbccd0f1c103da3a33fbe15b9b8f019c7f18fb

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bff71c8f866b07ef7636815ef0cb4db9_JaffaCakes118.html
Size

19KB
MD5

bff71c8f866b07ef7636815ef0cb4db9
SHA1

a29d1cbe22f4dd5bf3acf94dc22cc3af143d6ff2
SHA256

ed2b1a2c7047e9f100af317d82cbccd0f1c103da3a33fbe15b9b8f019c7f18fb
SHA512

f0daad115db1171bf18ac9fb461d8747f2d3b70a0b35ba9bd526a16f4f0ba0964902f18f4b1df2674b5288bb6ccf5dbd63a4fd9ecf3a7f6002319adb1e31352c
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoA8i4IzUnjBhUu82qDB8:SIMd0I5nvHJsvUdxDB8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0c6ffa6a8f6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB646531-629B-11EF-853E-4605CC5911A3} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f035510000000002000000000010660000000100002000000015a1b923ab511f318c9e90fe0886bd83a3b4cab98018df3bbddffae732c6439a000000000e8000000002000020000000845c87f0a0c9dddee0c88bdddcacd201b54d42a2e62d07158c2b60358070d129900000002db9e5dbdd6b1b65f788cc79985bd7b172baa9abb37bce8d587ae718f5906854588343c55d787077f7986c2441a940e4401b8abeeed2e28aa6c4b3baf915a1e8cb6c1232594b89dade4dadd5c27139cd33085e90199bf5cf52d02f3b474931da0f3db9662ae34c68f2bb8e315a5008494a2fd27cbeb8d1b34928978668d9cda79f0411ce334d493e7dece7df17d3f592400000003c963150613b8ffef419565210414749c8fd40efe6cdaa3656186ca287c3e2ad61e5f99c10cd5f48264f35d64bbedfeea13aa91d1ea28e5e94c1a21c2fa588e7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000000aedcc31d2c383ac573a99d1095b69f69b7160b14ae40a18bb564799df2bca3d000000000e80000000020000200000006f80b2742690707d5bc5056f87ebc025efcfaa2f285abf1fcb5afe74d166495520000000a3fb9cc33db77761f0bfe9daea44685f0feca52e5b192fb04a3fb065a202193740000000f6d317ba255fb330b1bea5a6641b2e876d2d035c134299e3c65507db7699bcd3af0dc4d82759c1022132fa85dc537fb83d7f6efd219c7b0db17f2afd84941666	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2392	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2392	iexplore.exe
2392	iexplore.exe
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2688	2392	iexplore.exe	30
PID 2392 wrote to memory of 2688	2392	iexplore.exe	30
PID 2392 wrote to memory of 2688	2392	iexplore.exe	30
PID 2392 wrote to memory of 2688	2392	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bff71c8f866b07ef7636815ef0cb4db9_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0179dd7d3c42b7a5bb8503b3eea0f3b8

SHA1
598648962aabd087a09d468255219c5be837cd46

SHA256
5351c3aaac7a9a2e187590b069f5cc7cfae2cc11d32f8e04034437f9fc03cd43

SHA512
d8089bb0af08626393b57889c05d0ee5491561401d24386697e440292e233f131d3bdde51e4a613e3e5f7e024521fcf294b5f951f04fa055352b304209ecfe31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e6b87e97d49da7b53675989c1369868

SHA1
0c6e54f1906ad02dea7ed8f178c13329541bd6b8

SHA256
84ae1353d6113d3ff85ddf8641eaf3d60a93b5dad5584e44ecbac32fe10a4fd9

SHA512
b27d08dc89dc7209bed9940ab44dbbfe4ad482a3874b52bc6fa0ce0d6cd656073f08e87678e116b80dac77526dd01986357c87ca51d78c0cb136c51fc760b09e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5e91c0bc11edc4e589171112b4a3bc6

SHA1
5876f0f193b0fae7f7121a2b2d3c2b7d89e38498

SHA256
389bf08a0750a46ae3122282ae540d1278c1bd19403e8c9f3ebd12b2362b2cb0

SHA512
7048224fb6aa536417da2b44e9b9664996acd90a019e80ba3aeb7bdbd6525f7d7fb0088ec3952b500d63bc0a791f4e2e88dc33f0ac729a5ea193b851b30e06e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dee9cc00cda7ff8878b8ff36af1aa1f5

SHA1
afd45c428adc6c51fc7b2295bffa99551b88f3b1

SHA256
84a47f82a532b5db5b502277dc5ae30f6385b114bdda9faa7253611330fbb465

SHA512
4a16f6a0430c517829def8bd1467ddf66a4527fb8f98063a92dbe215d68c63957aa52c28cc2bf071b10266b3a817aaf05d6b96a688b826f14f040d291705d005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
453795366faff2952a0d49b309341a51

SHA1
94063c927d45caf9c4942400ef1aac5f1cf5b916

SHA256
385a18dd8840fca017392b7a9a35213f6f1a9b9017f0f1655879d86a8ed89e9f

SHA512
1db452ca7c01f52dabd3faaa4dff24df1cc11838b67c5bd39dd81331581571d3e7d640a149e1d6543a2e44d0c442e6312096516a93cbda1386c89158efde1fbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90ae838d16df8df280080e1a32bf4ba7

SHA1
68d8b1a88b5afd4d7be2c7513f4390dd543215c2

SHA256
4530e04d5ce741bb068d34f0335312ded883571e16a6a017476ee129098826c0

SHA512
9d944854da811d3f2efcf46f169f2a0acde266e084708cbfcfa255512da37099bc1b29dd0161416acd511424983196da60d2ed3c10462bebfebad753ba1b6de9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99ff43603ec182eb1185667a857695c6

SHA1
aee2a73d4341ced1f3037ba0383aec99703ff997

SHA256
3145ca4ccd848bc804adbeef61c8d1aa93d88b4bc1e3e3bb4ce1bde6ffea66b2

SHA512
65ac8cc06f50685e3686d15717b819eca270c51bc12c81c66d799466dbe0c006a1a08a7634ec9d09bf437558b60f46f3f327ab32baf0a1fd489507371dfb5e0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4cc8d5a615257b6afeab3334465f4fe

SHA1
b1582e34642bfdaf02404877b2096f327610d9f7

SHA256
ad112dc46b4a4eb29ae15b2132489688ed41056d70fcb5c7fb6e3cfaec8ce391

SHA512
c45916ad9f5e0a3b4bbb36e32255b15d90b3aae6726c7345f3a20e477b0d579f77956c08f37ab756407a4cc4c8a662c49c097bb3f1e3a4fd097114654e3a1c5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ad745430e08ec1b2e4a85ea9d9167e4

SHA1
1fdb46d74d905bc7b33d10da1b636cb4d12484e4

SHA256
66def7e5a12da84bf008ae8b2dcac6a34256701d0b7c826174188d172ac532e0

SHA512
869d37b3f04a4254a047260da83faadb66331a46c619158d0d8743485e058c384fc5d226e95182e2826045fd4e1586b214ef4853e280bbf07b35482c4f66d57e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da719839d9dafb361d1a25e7d11cffea

SHA1
e8f48e13c774609e028b4658bd4b312b4914d8be

SHA256
81a7c862c17e8903df71804b89b218edab88e04d6504c84a57232a05c0c9e320

SHA512
e9b0433aae94d5116e22a7832669f684c8b03d245c18a6abce4532f66fe65e958e2b6f46fc742e038928fc7e61c3278f692639f92263c584aca3058f32cf888a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4764fd6a43e91916945b6584338a87f7

SHA1
98a1412501e2fcc8cd4a833504416cb6ca14e4da

SHA256
6eda237c78b1b30a9f5c2640f66c0a2e4342f64374ad14b2e1ac82f9dbfac935

SHA512
30c46c2da76733f8f78ad5d145af76b485704cee5f855b14b54e31b5a8b01d45d122ebc2d2370fd76b19c6f29c9fd7e9a1f8546dd76d2f6201b5cd73a624a6d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4581ca5a671db312f79e4b017e2c6a80

SHA1
76d3b4ce0e1ab6d797bee8cd07e8c95e9eb45395

SHA256
30e7c5919325ada040028d732d2807236a5596493bd2300076bf53ff62825407

SHA512
ae41abd70e2d47d93472e63feb41c05c90a65955decd7cbe44aa5f09297d766c58e309332057ea4f0530cffaec8fb2c30c2e50b6aa89c9401439b45257a194a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba4370b3e40a188eeb9676ccb573318b

SHA1
e17d5b0a2c7fc5ad800683499af24dcafbc87c7a

SHA256
d75105a0e5f739c104b153a19c960f0ae66f3295e0a541930aeb3f9856c6566f

SHA512
41a6f7a0c640a72a9d09f1a5448707a4665f591f66326fe877a69b3e0952bcf54570989144b5f240d6dff731952de7fdd4c52daaf0c8671d05c989e0b42d8d16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bf46ac4a13b15364af55f1b3766697e

SHA1
e0fb4376dd2d6da1b874f3eab266deb6d15823b4

SHA256
8ae0a6b33dd4b3e6212ece3c49bef89fcc1f102dffea6e3e55cf4955ebc9dff0

SHA512
61c9c89d9b5d522cbd91361807408bbc363a03b04a2cd91e08a27fa4ce3b6f540258dc6ad8abfa9d63625b30ecb297d46cae63d2cb60946e4f157b2d5754d728

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEC93.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF157.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit