07bcbbfce71c1491f002068b4de891f59e228d03b6a7f20f873a3e0c2be9c339

Analysis

max time kernel
67s
max time network
127s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0d75127b984cbd307139faa168f2eaf_JaffaCakes118.html
Size

890B
MD5

c0d75127b984cbd307139faa168f2eaf
SHA1

513c6b54c1e1543653bea1352d1d84842ab3f4e7
SHA256

07bcbbfce71c1491f002068b4de891f59e228d03b6a7f20f873a3e0c2be9c339
SHA512

3690db81518667d21bce1bb150cc5e56bf96fdfd46fc9af1c97e66dd84851ac6fe176bc815b19e9cffcc4d7d97bd54a01d123a2d540c66abaec34f0990ae5f9e

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000eb524b2b7507f86e7eabc43069a868e3796ecf74de9b2d283ff3954ea9f1a75a000000000e80000000020000200000006d8426cddf1bc7bc0e2094bfb2928ca6504963aca433688ffa2f520307107130200000009ce9adad95603a382084f65d78608963a6ad57146894b70d05185bbb4e901ada40000000b242ec4529cc38304947b83532c5327316f94a3dacfb2a8e4ed3da6a55526aca221b75b938fd7e3ec444c94addf721dd63141acb0819057415dbd6ecf669d4e6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40763f76f2f6da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb9000000000200000000001066000000010000200000007fe1444944249e1f6b0d93fec5e24672b1fc60de7d3f00ce52c7bca20555a1a7000000000e8000000002000020000000192ad41f242598f108a6ffc80b984fa9e51d2815145ad67123caad5e313b91019000000017cc870d29e4327dac09d3c6f506c297a7004eb1a881408367f9c0059e5ff3bb688009d683de2280d8d53244ae52f297d9237ae0f36c4722b2f3a3acf626ce300b77b8b25f1c3ced336d72231b4c86ee142e032c4354f5da664e39eb48f85c7604b1586da1f2ac065de27cbbf60cca9b2d7914b560f5127cdc82d718ca1af4d88fff125ff53cc9120c7454190fca6d594000000075de6a994ae2cb4839bc0e4fd074618e73d2122dd7680437bbeca79f6a0870a71b32433dd8f2b7676d36c3cc905ff9f64704a996ff78394320f121a7669676f2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430754255"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A1C0CA31-62E5-11EF-A4F8-F6F033B50202} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2544	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2544	iexplore.exe
2544	iexplore.exe
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE
2300	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 2300	2544	iexplore.exe	29
PID 2544 wrote to memory of 2300	2544	iexplore.exe	29
PID 2544 wrote to memory of 2300	2544	iexplore.exe	29
PID 2544 wrote to memory of 2300	2544	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0d75127b984cbd307139faa168f2eaf_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2544 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8f6cdde2d656861ab2f7b2426a9936d

SHA1
ece77fc1dac01211f7af165012205e61b3969bb8

SHA256
712dd60b8e50dba80ce4cb0f0c4ac1fc54e9334c52fbb865936b9c26753feb1b

SHA512
d6c2fd43dde37021d4e7656fbf9517ba66a0c07b1714a8178ef985245dfa6ca5160379db48566995d702e81b870632ea09fc55208240fd10e32defd2efaea58b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9f1ca489362381d6e3d5e72f1aba64f

SHA1
69687f2bd258da7efc7775d08d2999d5c1376e36

SHA256
a1c75f003d0e3ca6eece3bd6eaeb15a5876c8a651444570bc5536232fad00b25

SHA512
2a8d011ac8dbc36da327bd610ffb81d4d0384eab13018eac05688cd63e044efc6a6807111aeb6dcc7069bac40e2f7a04c190d8db487c2fd0eec79bc1a90f9f80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6735f2d2cf00952318c0875878aafa7e

SHA1
1c783f239138d95dae1c4763037f0d0c75ffcbcb

SHA256
c239a57c0781671db51b3018fca613d76a7ccc408bade8c036c39827b96cfab5

SHA512
feb43b624dbd20393a575fca146179f01d59956f122bac8d2fcee052d4ce62cea4992f2454c97259bb5e1cfd4e170a1e26b332101c2128a95489bf3983aa96e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe6410fe743c1a484afe1bd68af89820

SHA1
04f176affd9215d2cc3f1ab237d2a1398fd8b5dd

SHA256
f2076d1e12057ed0690beed8130e366e76c3b8b2d1b9601eb743886d620c2c50

SHA512
6a1259a52e5964882995a0c5c52830865d7fcce62ca080d47650f0555a6f80fcc4a993159940816029d94f422ae6586b001abace46600d1e2223b8cde6699ab3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
648392ada2808eecbeb9cc6839ff0cc5

SHA1
6a17a7277979aa8d3b73890e7615344aca7ed623

SHA256
546e286b2310b0200b2cd62d9504fbaf243be36fbc5140aa9b14a3cb44bca4b0

SHA512
189d1e419f1245e8f96b036beecb4496e6900f54ae3eeb1350dec0305b2badc22e8f9736c5cef985a9cc6725bef4bbe813756d9d625f3fa843e5c2e4a639bc50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8bea1cfc3d39075cc9651a058763a8d

SHA1
8b31f83cd0410e0a421c5183eb6dd767c6642626

SHA256
569035b41c874e718d91c2a717ee5dc7433a46b4bd5b89aff34ed2716027e7d7

SHA512
da31390d7216c4ac0f93630cc086b73404986d8ece03586ab61e34f967cbbfcdcbdc2d0179a5e22917d130f925fd37306b1617b735eeb806a1d31b86c865ce7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3484f1784df1102b01f9bf51c109b3c7

SHA1
95b69c327947c07034517a23be68df31d56b4276

SHA256
27ebbd44a556d1bd5ebc7451e0b7f23bde231ae1c1abf67e3923807dde75584b

SHA512
49b7bff1c656ae91008389e8614200673b4b153be3e4d2e19c9a3bf415781522ba3a1afbe29c8b3a55e0cd696fbe16b627a1c7cf0b06bf5ca1d5dfb49374ce73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6d1242af8b8357c008568841f334277

SHA1
89d7ce5b66957981a140c75a05bf9d03d8bf5682

SHA256
66d615b540265510e18042ecc50ed679a10e94f659e8047d88ebc29fa9c29ba8

SHA512
d54212011252d7c7d86c7e531587f65cf9e88efa1b83765329df9cc914f2fab68d8699d9c8e49bdc0ba9cb74c511fc91098a0b301f1f2777b430a76a2f435934

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
570cbaf32e7b4c79aef938dfd8d883a2

SHA1
762c56572e9e6b9f45be15190d273e4538b7f789

SHA256
a076e4743a752df986b6633e67ab6894296b5762bcdb255ee2a35011270312fc

SHA512
ddb4a80bd4031af74d949d1c9bc3009a90f1a459384ce17bd7d078b595c06afebaad2f871ce058c9f5c7c2a5cc3ce07748ccbf3dd164409f023823c48197ca39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ccbe4fbf6477968edd3f24fecc4b00b2

SHA1
fe453138fb77e415ab34d10e0569ec3f036b24f8

SHA256
cbc6a7ecdf2a99cc7a16f48779fff0a28a6ce5ff362670b611c64ed6e24b455f

SHA512
c882ca02aa94570ad8265520a6667bcbc6b743f0629b28b748633967bf11d671172ba51434bee90f01066f0af2715dc847a578037283f0a7960c197d35f06b9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3373864e7cfc96ba6bf9df76b40e68a0

SHA1
ce89cbaf0a74827a4042746457c1b932a81f94f9

SHA256
fcf0665cd2ec79aa4c1b74c56cdfbf3e4e4505b9b2681ecc81bb7ca049aff08c

SHA512
3394e5bcb0c9660fe62a36d91ed6dc70ee98d984f734535a9d329dbacf7a948ba25f7079398812a7c703dc8b07d0df500a0ef7b7e8478f204fcff81ccf300626

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4566b901084b6030a554c621e6189cb6

SHA1
54197f1ece37960b0e338118113476427ba26bf4

SHA256
2d7ac755659104bd96699218ded8975a99273775d10048ccb5d36e22a12e4041

SHA512
a96f7dc12282237a6cc2a39aeb25b5420f3e1c29d445c1003acf2bcf457e4ed42042a9f97315aafc5330e330e3b532fa8a4d3e418aed4779a0d1af232b4af1ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bb1e8f9c6d7738461c53f9dfc817a29

SHA1
30ceb2bec5fb31181352c0a4897d0a9e643e7aed

SHA256
4c7ae032aa636c2372f04344c1d3c69e009d7cb26cf446e84c053168807415ae

SHA512
1717a69f14ecacb5d03b68b98ed3bdc4ab59c44111d37d38b0536e9b2a3144f264c4ee15d92351635612b7755bda1d5cc76e84b6896c8132e7e45168585aa082

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca73d2884c47f77749b7bdc217d59665

SHA1
b0d940de51795f6618d830e5ac56294f549572db

SHA256
b3b43dcebb97982b67e4c498b20acbfb70bc345631b69356cbb85da5ebab709c

SHA512
a8de7c79633e6bf66433ae982a27ae0af783fa28c5eb3dc400cad42ca9dac0cc575de92928bf4730f3226dd56a6f98e56c042b07a296ccb4c26d0f71da23bca3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5862e75e2d79ead888d7adc1471797a

SHA1
5dc7d715c8808099e194b2af2fa0ea03a7f290f4

SHA256
93c729b38695a85b7c5e026321a340680013512aafee118b15b03ae1ea3d9ce1

SHA512
0884649edccc8105738139875753864eda96cafc3c661ffad334c5a8571d34e20666d713f34c92a888ca13c93b558f6bee891e6dfc88a9da58eda251481f40d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2deb0a2da72ed3fc4d31068414df814b

SHA1
46f9da63c01c53f1c6d67b69e32c43b68c5f3b67

SHA256
3d4e6617bba27d7cfbd60c6b73423a713262a0783c289cd718de44e6d975de6d

SHA512
82274e8267a960d4c088cff8d3f4a49efbe91ac06db0cd425876f82535e5c34cc9cb57ebd5fda76d82d5a7047b685c94dc9ed56d59cc28c4e7a6843edbfb0de9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb552b76936528eb39e238c7ddde187f

SHA1
a4324fb6dc33656f7c56e013f579c43f62f4fcbf

SHA256
cd4d8d8ff97c526ca69eeddd905c0e81169aa074db62286e47f475a3ce6bf3e2

SHA512
95a33ed808a1cd34a745c3348b821511ddcee2ab737bc78d208e412c5be8e3c130b22e211e5adbfa15b25a166604a0b9d4145505714ac4767974b46793384b5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF605.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF676.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit