fe61c5076a2c44bdfa9803b70f01cc3c55c69d6fdc160d11b31c06794c060f5d

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 11:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c09b764950eb95c3189f3b9dcb72eff7_JaffaCakes118.html
Size

461KB
MD5

c09b764950eb95c3189f3b9dcb72eff7
SHA1

d67d9f3ed2ff553caff9a30ae8d297792b9d07a2
SHA256

fe61c5076a2c44bdfa9803b70f01cc3c55c69d6fdc160d11b31c06794c060f5d
SHA512

8b8c51bf020a56cdac7f7a4d6ad35206d2e1c9db00491bc35b312a79199009d5644b7e1df51959ea1b3af57f8f20fa7b5983da69b80a641ce63a24421fc57eab
SSDEEP

6144:SLsMYod+X3oI+YC4QeQdsMYod+X3oI+Y5sMYod+X3oI+YLsMYod+X3oI+YQ:y5d+X3E5d+X3X5d+X315d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0ccda12dff6da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430745923"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c0000000002000000000010660000000100002000000073a7b00b38c7e5c1dcc20d5081d0165ba4422b641097515a5978bf9fb52eb2e6000000000e80000000020000200000005217191bddc27895317cbe239409c833f07f8c70548e30cec135a9de89af67612000000002abbdb2e983d2ac91de79d9d49efe5b481d022b6319582974bf6b7e0a6d76a840000000d96fb0aa00996961924599c44cee9022bcb9a2b3e3cd1c20aadc8b6cc4cdddc7407b924f223e3b6ded71ae30330c647ebaf4b26e6b70d5bbd9bbf193ffcf0f17	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c00000000020000000000106600000001000020000000735599e9ce76093943ea91c54a54779fe414fbec4c8cb77c23b2c6c459f2dc29000000000e80000000020000200000003f4f0b85b2309c27811607bea23f704b118d5f0560bea162953cb84b899aff4d90000000fe34cf353c308e6f2db17e377fd8b6e2347352546e6b0e425f42323362b04f2b938e4057cac3b8fdf3219c8c4c172b75e49796585d88befa472a205e1e52ff15f8684004e506aeff2b6f9f36004a44a4b6da3d1223ea39b558e311791ef73078dc4a901e720b46f3aa3e62430a8394857b5399958479ec0276ca680f969f9c4af06d6e1bb4533389f82b1f79a80fb578400000005e10666ece0c0bb00f3424f6e9929ecdba91e6cfe3026084331cee0e9f6f5165c913f7c99edbf271ec678f7398defeb645e1e7979d46ce8cf814cd52c0672aac	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3A4E7811-62D2-11EF-B161-F296DB73ED53} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2564	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2564	iexplore.exe
2564	iexplore.exe
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE
2856	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2856	2564	iexplore.exe	30
PID 2564 wrote to memory of 2856	2564	iexplore.exe	30
PID 2564 wrote to memory of 2856	2564	iexplore.exe	30
PID 2564 wrote to memory of 2856	2564	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c09b764950eb95c3189f3b9dcb72eff7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
d859907a4acd8e89901ff60376f8d95b

SHA1
af2f14060ff887ce8c0472bb8194bdee97204a37

SHA256
c8b0ab00730f9e515ce3ace85bc8e130309f8c30611638cb826ee13031e4905a

SHA512
17542e941973bcfe73cfc47a276a6e122cbb01010b070b786c43c013fe1588af1a516a91c6a9f7e3eb38ba8b0b882fff2cfee6d15dc0f838a0316c89bfb9b731

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c099c75ab5e2b733e085da7886f7967e

SHA1
e3be307f7b00b7fe1ef44f8247e1d84e26cac043

SHA256
0437735fe0eeae828106e070c7e804d3bc79a9f7adb7d3daa054a1e64e2188d9

SHA512
9e60c611baa29f8553cf460fadc7c2ca08dc73152f4f886f1e0edfd703be0b128754da43839d7f7b0be986d190546aaf05d1d67df2836ffdac8f2c0493759c9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4197b5295d149c916bba12ba90feac9f

SHA1
fcb4f6db04e8bc8627a4eaae6470bea57db27c0e

SHA256
d4b6a86231a4888bc2dbf801721cda849827057985a7041ef13f4bdd3e769533

SHA512
c884701c39197b777606a531642c9507dd1c6a62fe8a5deded26a74c87b9abff145f3d037b71105e9af671415c14377ba65576f43329878891c4952232f3ce68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
b5d8c86b9354509a6daee6a25afe10c2

SHA1
90ffcb3828764e9eb60bf5953250c0a70f4b91cc

SHA256
839500fdf074bcf9cb62e4904acbf4e241097fa88a7425c083f900229e85b629

SHA512
4e9b9dd83c406df7636f47d9098dae0759ed1cdc1d71c3570373a88b73915b01c2c8f3a9f5efbfa464b1b862d99b674458caab5fc50c84969cd58dc3cf6bcafe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
c3f6b0b9ef085ea9c2368fe8c00ba87c

SHA1
51f084bd7095fb3156d38de6e70e6da72d00f572

SHA256
d27700f18b717dd10266a966e91c77a45e3d1e527e770ca09c1cae39a26e0cc8

SHA512
f1032f76ae28cbb10f6edbad02840f819133e8c1164204cfd93fd87095a88e28209e7ffd3b96c6b94a95a34ff21ab635d92cd3474dcb8e80624fb3ca14943b80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
2bf18ea344ae2c8d192819870be0fd54

SHA1
19af1b39e3a50a0d7f6dddbd99d3c86ff46a7523

SHA256
7e8eaaee871269f869d8e630d5c0a2fc774cb2a81a4b795c0716cb74a293a069

SHA512
1010d07808e7cff865d3ff9748057beb80222f921597dea141a4b1cb1dc8ac7352cef4027fecb4d396226a1b21daa2dec3dd12207358c751f0008b9758841273

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
35d6e88274161b0d2fd2abfe48d5630d

SHA1
a03e3a1aa40ecd0a541ab8994dca79a9a7bd0557

SHA256
0c3e07e9d86c58bec69c963c603c063678a59c629652c5099fb02e054f8b70f0

SHA512
67002e8eb4ce8e4e7a745ebe8fa167819e637320e225d4a372a80197d268341b4e1d96c25d289d6fad66e0df57bb239f6f9760191224caaf281232dfbb8d1625

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
ed984b76c8520af385f9fb0621597942

SHA1
56b232bc92c88743fd5bfea1c6c8f80ea447606d

SHA256
48fc49eba9e2e7d19df43509c099ba9585fef3bb34c9b85088c7292e166ae4d9

SHA512
3141618602de39ce0ab4fefb392a11b5e5791f0b3a7c554a68772503e7bc58c00490aafb167e51005221292d96b8d0c1d2ccee289e38dffa734fde92a1e81050

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4eb412c55932eda813ab6e36d4ca6109

SHA1
71f886d927a172f29b0b4e0826551b09e71f0fde

SHA256
8383a534b2a06d6f0bda8e6394f5d4be67b5894980cea282976592571f221487

SHA512
50983e2c9cc90c282e9a886d68b5bc56460d9531ecb217606b5f7d0d9c2a467282773d37dfac1312c578da1f5354890a470132916b20db63d32461c227f35d98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
65f76ea570b8e90777146ae9fd7dbb99

SHA1
82746211dba6d38c7eb916816349000021c3bfc4

SHA256
745b3b30ff8d7bf18630819812351c3688dea1b024d13791c1a5c8b019522a04

SHA512
1ca003f060ebe11e563d37af680b3222a9aca17a73877747970e6f8ebe17a37929a439f865ef98b2c0ff9e4b6be220202c93620c7bd0dd580ddbbba086ca7ae1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
28e20714479686d38b4ab11d52166101

SHA1
dc4d30ea0f5a9df5c27f42994b5758b484ba71db

SHA256
d985bd0ddeee00f9b9f10acc3dcd2da26bc8e438a4b0da736a024af3ea5d4737

SHA512
156fcdb34248fabcec5a04ba3d48559ece5b732e9c61c68ecfc77c9acb4c1dcd6b761480d04e5400f120ddf97e8c8c5e78634641acccfa81d587bd3afd64c0a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
4de6f2128b7be8717450f271d0d0d7b8

SHA1
da36c06e4d3cdef514448ac9c54a6f4ff00dd9d3

SHA256
9cd9f707f29a2a508980920944becacd3fcc7ab3272e5c02d9f246a0e44704f9

SHA512
7792b3ef7d18d357bdda24faed043352543963d72f4c492733d97a93d38954f0d15d888c90b076f83ae885d24a06dbf0d60481d2deeb86b6d39c289e645ca510

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
9b4446b71c7b7e04f9efacc24d72effd

SHA1
0d3017ed3d579e77e6b72757aee284a633b05c29

SHA256
747931470930def1780ef6bfa00522b2319025329b670c4a522c44613abcc223

SHA512
74ec633126c978d157dca8f15a11f3b7e1b85a25ee942ea2ecf337f66958120e6fc5befc874788c82b23f8c1dd10f81727e1f1755dee5dba605af93954ec98d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
543c993b7f1d8e71b07b581aa1f499b7

SHA1
f6c57603aa28e1aac192cc79eb81c65b4a04654b

SHA256
5a2d82ca0a31d807d0d1bd4f93ce32b853bc9de4c5b427fc762a053f6ce0c08b

SHA512
d189913e3b12dbf429b05d2ad394e9beb6fbfba2677508666a32776007406d832dea7d7d412cee004ec834a5ee2578f06c26e0fe60407110916166ec95b28054

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
3128e2da48501256132fd8cfb92e11a9

SHA1
f4d66757d465ec25e800c49a4759cfaab91843a9

SHA256
69ce1af35d46bae28f374e308772e7c5055cc58e882879ca5f35105310cf2f8a

SHA512
9286d62f8865755d45b62b08e0e5ea210dc4a66898f58b195d8c4810df9853412bb0338e1a730f284571d46df9fd1a6e4a8240ac947d48569f9ec69929193a3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f4411689b63ede1d8622d858b4560fa7

SHA1
c31e002877ac01b23075e1d6c159bd8ed424bf77

SHA256
5237a5a33241f21ecb18fb6d08d5ad691dce8bd0ad8b38d9e60a7a2ee45c55f5

SHA512
d3f1556df8f0c0a6b5e9f5d4b7b2891f7c7674906fc04bc863e26af1fd689b15b16a1b3fbf16ca7d2b4f148859328052a3ad44f1e7d0743e7ae1b72adbd9de5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAA56.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAAF5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit