8c7de23755aa19abea43f7a0c86c7ee2b2ae2a9972a4bae794a12d677c9d7ea3

Analysis

max time kernel
69s
max time network
133s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 11:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c09b9b97c98e8e830afeefb118d3e41b_JaffaCakes118.html
Size

4KB
MD5

c09b9b97c98e8e830afeefb118d3e41b
SHA1

83a567f820a078bdc507356bfa17dc696d480415
SHA256

8c7de23755aa19abea43f7a0c86c7ee2b2ae2a9972a4bae794a12d677c9d7ea3
SHA512

e0e950ea9590210d0ec29a3fb4b488403a4c3641653c4c659848f182ef906f3248bc47c581efa735251d42bf72c0112e5603afd4468aef7477dc411f1c2cf914
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8o7TGEEwI:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDz

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000002fa588278defc467a7cf4695d790373301a42ead43fd10fbb90fe0aa38b279ab000000000e8000000002000020000000b35792789e57678ead40eaae923c8bbfbec096077bceff097d239f656189b806200000007eff26ee5ed7f7e7bb2820797b253c495f69f5b5cb1820f50524b5a66b8453c24000000080866f70d5bd395d7812fec30334c02884b22c13a769f69611df018e2021f768877bd08de0c49702588922e0957d9bc8b6400fe5b61fe509ed53c5b1f7177ced	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 807ebb15dff6da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000006e6d96f24a952c84203b3e622c2d8cdce7c8fe7e57b5c860b12ab55095b3b64000000000e8000000002000020000000f963b46aa17bcaa5eae4d4d3b7ce10cb9d9bf0e71a7931c9f38da9f0d66983f8900000004b58fc14cb57399a26dd39d48582e5b4328f462b5eb161eac38ed2c1365ba391552e4241e79a69b37c06602531ccfd8e1b7db224e100c7a5863daf46d3ddaa5a255b1652df8a906d5a9b26b862c54f0452b89c4a2c74d52ba2bb6265ed557fcf8e77e31fcbc87317569a8e689656cc358b06e2b2f769952b5dc824a36cb14ba3cbe84fdcca5d4fd11092b8d6b7dad83c4000000034b4940d307168c2d7a759e88602b0143ba48163e2dc96b227b5d01ef243b0191d842de976326fe4f7a2103a57a9240cd09c0201340dcd74b6dc629bd1201624	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430745933"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{40AEA401-62D2-11EF-B99E-46A49AEEEEC8} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1996	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1996	iexplore.exe
1996	iexplore.exe
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE
2488	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2488	1996	iexplore.exe	29
PID 1996 wrote to memory of 2488	1996	iexplore.exe	29
PID 1996 wrote to memory of 2488	1996	iexplore.exe	29
PID 1996 wrote to memory of 2488	1996	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c09b9b97c98e8e830afeefb118d3e41b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d2922dcf8183180eea509d07d2349484

SHA1
3b6ff8cf99f65884d06f03491017810721eddd40

SHA256
a4c5a66aed97afce47609bc8079d64d6c3a9f360c8cdb0edd1b1189347126aa4

SHA512
9ff8240d4524fe2830eeaa3418eef87e67e7c60a46b62b0d2bf10779925047ffb5ac17fe438c1b386e49a98d1922929da3ae12b5d835a97af1964601a8b6db7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4f17e6df6a96dc4c4a59e3b816333d5

SHA1
48bef3d393adfec04181409a2d5a8f409ab5baa6

SHA256
5fee15048aa106dfe4192fd5bc69b8c8c86295975a5dd414cdbe37230ea119f8

SHA512
224f3f1744f0372d8e81d258560ca3ca4e9eda35d34b28e89b2e921874ec980c2fb2f0fc58ab82b5a845381e4a12ba5b81f745e92cd5672f35a9bd725f72c166

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73af3c3182536c1a27f43cd548d130ca

SHA1
313eaafb576ad776a8af4a5c867b16ddb5fe7565

SHA256
9c971eb29d8ac7982dd141dec4c593c7dd31f4be207c19bbadf22c663369db00

SHA512
9203cf4e71e925177647aa2558d9a6eab0be719f94ad6c33a6cfaf453b3f98dc3f56fc210b28274620d86611262d2c86786183df883dff5a3d3714b8d3bfc03c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4cbbd1dd5402b2f95b2334e8dd24f6f5

SHA1
1d8165f55799dff4ed8a1ed21abbcb11eb826205

SHA256
68bbafc394c80b505eeff30b3e9d52f38036953f8f4428f3f761aeca6be320e5

SHA512
cb7cb95f5a49a10cd7ed841feddad4d6dc539a84fcef47cd6eea6f1b37dbaba9cf64f4c1508c429e6f9a4249566cb32af237cbec8dc5da3660f30e3f7c818f43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6bcd8e7f98dfe424096cbcda466f0b3

SHA1
924f0b6e22c4cb3c0dec7e09331529ba11f72ac4

SHA256
03d34be5ffa8dee1974c01c27623d9ef5d7447b7f21290603c9c91926a398ea5

SHA512
62a8bfd3d58f561ea5de0cb9304955ca0b4d07439a07c72b26a6cbee98d6303e88bd0e788476f04d8595bec5a30108dcf8b6b88c2ac636a23e33468916516de8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f0e62e654f1f76391839a5e707eaf64

SHA1
45c03c4ddd1af53fbb93f0ce4ed4dc7ffc0919ff

SHA256
edf0d675f757bd035d191e26107d23b1be546c877054e61a6348be0917bd825d

SHA512
8d3832b34d61c0b58667495feddef3fa5bf36e073a42fbf03c84c090389bf935ca8c271d04128545dfe69e4365590af1878ec334c6e362f83d751ba8ea21fd8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06832a090a0911a1166c113dd64c5a07

SHA1
e405783c6bdea7e3d00b786d888ba85644a98f1a

SHA256
23842b76523d119196307caf49b0d415bc99968c20ea5d9d374676b267a78371

SHA512
d9cded4b4da13546a9c4a795302ba694a08a0ba3e3a4ed5190e175ca9679ffafae10d8988922441d58335ea2ed50016adda66b5e26a2df580762c79e983f2c9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7dd430cad6c20e9ef2dd87621e57dc49

SHA1
24b116737be44db2b8232e7081f052f5e6554ecb

SHA256
6f454c03a7a267d8faeaa03903b12fe74cad46cd1bcbee7b478b557f1cc96a2a

SHA512
7d552a1dc3e4f0d42d8a863351a5e7e7e6cd49b3799ad3ce2a45be2abf5e3e7430514f73313a992d5f4bcac201b994846eb96c05ffcb624e20339843a23b534d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f542603645eee86586485e10cc9195b3

SHA1
feec6bdd7e5f728f946451807836bc80346ef02b

SHA256
572b317204d67fd0d3ca10e51ba8757717e997b252f97b4624be834fbe55a390

SHA512
0945217865a7899cb8c63443e8a4d00c153f4609a66b29609efe644e888a99fbccd487d7731e563830cbeec59c17c2f02f8ff0231c0445663b5ae33eeb0ba8df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8c950de34e7778c8ffff86c01e97f5c

SHA1
a99954f0242f09e07bd988300b17ad7fc4720785

SHA256
7bb25b09a206ada93e31a558f05f464bac9c53311ccc5591a67d8e32eaac148f

SHA512
11ddc5faa740f414d0fc5b342e2d592b2f7a5c96827931d55f7a0410145f0ca60807656261bf754d694906cbe1e4dc5dad660e071e1016bcabf176132509305e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0a606b5b25c2c08610027ac2b7a99cd

SHA1
f37d46e1ae0b2a72aeede799668492d2634d8908

SHA256
b31326755eb82c5d8ecfb9b9fd83c484c1843bcef54600eaff6622c2e7a8bd77

SHA512
60589ec5eef6208c31dc10476d01aeb3ef9d17405a0cea17d66c5f384d1409211a4d8ebadbca8ef4a93ce41670858ef2b0cd280778c5077f0e8c89eb8b02d612

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26c3f066ba2a1b7b8448b2cc5c1aac23

SHA1
c8dd33d75b58cc222f087944a7c450330f1eb649

SHA256
e5b7e677ec684c85426790a2dfe47f2c0e9246624184a2a6309d2d096371ac6b

SHA512
7f84d24641d0dada7d81213876bbb0c2cbfcd28af3b5a23cf635cfb6bd0533482e77e43237b533ffd05bd53908767c8d9105900fe07b2d5c47de2604948a2660

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41fbe276486e9ff938415afa08ed6a58

SHA1
77da6f619593556e7343522955d31d5fd4d9a635

SHA256
47b1ff0c5590d420bb5351cf0bf494deeb7f83849adfa33881bf2b6e2e8dc3fe

SHA512
516022c470c1ad7cfc32d0e7f6d78fc3dd39b7b93a5650071501a43b4dc9cc44b3d09d398b67a5213ea0e3b9f2f578a76f88de42ad17196a19fd4105392ba9c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb8ef5489d7ad4e0a446ad8dadbd12ac

SHA1
3e042d8387605c6cf666ef02a922745e886d5333

SHA256
7e7cc2bc51862b95135299a7122f7c93c42e1ed3da685ecb69c5634bfdc72383

SHA512
ef9f3dbd39fa7ced489903f53752988ed6d022bf67d164bbd08cb6faeecd0abd0ef578a9d1764d0ecba6895a54440ed19d8af9426e6927dd554aaabeaf7e72a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
403491cb0a705f6f1c25b78c9b41fb60

SHA1
10c0db34dd28fe850692352501cfd92eee20c8a3

SHA256
fafa6315514dac39ff4c0335b3b82612947be761688cbf7b7baa7ed202b7ef94

SHA512
4d667a068a9ccbc4d4ed1c02b0c7c1e05b412ff8b3c9cd7a38972a77b766f7d3eb4a409482436e2f8c0e54f1cb1b69666cf5fee93838c02063fe4a81a00de946

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3565.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3614.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit