b79d9deb1661573267cf0e5fca47c46c73015255e131021bcfd5e924bc0cf742

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c127026cbb6ddde767ae7054d5620a32_JaffaCakes118.html
Size

461KB
MD5

c127026cbb6ddde767ae7054d5620a32
SHA1

efb092869960d88b96b855106e08e1980349d7e6
SHA256

b79d9deb1661573267cf0e5fca47c46c73015255e131021bcfd5e924bc0cf742
SHA512

4f06536ac9b9fa80ea651c378847afee237218a306cd68c0bfa4a9f1c4c759be7381ef7bdf08d841dd3c9ad78b2bdafb645e0846b7003a74e63546b40b08586a
SSDEEP

6144:SAsMYod+X3oI+YscFsMYod+X3oI+YonsMYod+X3oI+YLsMYod+X3oI+YQ:75d+X3T5d+X3o5d+X315d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000b17e67dee5ed1dfc5f862e46b86b0ef3686e9ba415b6879bc21657f5bfdf7574000000000e80000000020000200000003551eb61c807d9b5a4279f82e523add2495ec1d225d5ee1ee7599b938f0ac0ac90000000c55a2999d57ff5801e575a4b5940ac1d3e0b269b327e44a7a23928bee820416d5af0fd4a9e4c15af1bcca8e403073c4b08dab616b20cad929aed4232b7d805e3815e194f881e475e8380ef3b4aa573a180075a418f6b481338ebf0d9a7cbf4dc0968a06fee13b1c47b0eabd153059a5e71ab6505280f4172bb0e2974fc0d6a3fb4d856da88f9009127164fd3eeb544a74000000047577a723e69df5fa92e3383648bdf0bca49d58e0760a5b8137ca6aefeea8159238b6fec21794cd37d911245bb93c35d7a7544fd6ff1df1a8791d080e1a48d22	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430765909"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C385BBB1-6300-11EF-9E5F-7A7F57CBBBB1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000b6f5bc48d128daa114b5aae6a89217686a59223cef3f71afb7ac07ce4ae05575000000000e8000000002000020000000944c37c202805c77ca5829c27dee9797cd413db3b6594e4f4ec9600cb5fdb3582000000045d4e448e56aad6f142c6c942de12ad648d1da8ce1fe4c4fc55374c79e78216440000000ef900d14e075873d6968d234f1d401780b57ca1f94515e8f6811d5daa496b65c89e69a5f33e49eeea2d8772cdc027da056874693465fe8ed32eddf8549e963cc	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60a9379c0df7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1792	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1792	iexplore.exe
1792	iexplore.exe
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 2764	1792	iexplore.exe	30
PID 1792 wrote to memory of 2764	1792	iexplore.exe	30
PID 1792 wrote to memory of 2764	1792	iexplore.exe	30
PID 1792 wrote to memory of 2764	1792	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c127026cbb6ddde767ae7054d5620a32_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d4755b2f519d0487f6b137af4770955

SHA1
f4844798ee90da5c78c7cdce6b8d522a77243078

SHA256
f727148258b32857491c06156e567b350f6057f83fc9df3ea06a4c00c3715fed

SHA512
e1914498bd3b38df88be5d35ec2684c7c0ac1a597ad79face2ecfa2db30ccc0b97caa5d56be51bbe369c58aabd79bcaa266e9517a2211c3a505b2edb5c542b47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fa371f2433813290a801a02f8255d18

SHA1
798ef097841390bdb0c3c22b08fb80bf4459a58b

SHA256
f86bded85ee5e3318ccd440effd2898e7330f35529caffc8c5a49ea99a29635f

SHA512
3e51adc27e3131e2edc812e2348d1e31900b77a981d93f418a329cf5fe2228d719e8fb38795fc1d08cf061d41cb444c5ee4abacbd438ec7b37d7aec7f88ed92d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bbc2dc3dcbf66cdfb8a6d84c1f312ba3

SHA1
c9e52ee76c7545010d46c13340a10475988f53dc

SHA256
6375358f7f1302e7496db88db98135ed652505c22e498b11b58338deca404039

SHA512
a99e3618a8e3802809ec3299e0e9bd03f9ee3f95495e35074a9b195842c9e5625b8fd22d32d384680a44fa8e73b68bc1bb000c10291bcc2e3e5b0a311b2b68ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
993056329610d7a5b028ad3786218e5f

SHA1
0bb41c98d3e1bf1fe2958e155c39d91d28e024e6

SHA256
658534008674805626d48c275a982d493bab513c719e4d8ce2c372dbc84d9942

SHA512
7154ec00ae53a41c2f4e3601b5a031444ffd7dcdfa47ec8628cd90778a27d2c7bd83b2a14c9280d30b07f1deee33bdcf549a448bc331e0e5e3ab3a4a8d772017

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
463dfbf39384346958be5daa36035d13

SHA1
5167162cc249ce2b698944cf245d15d069aba66e

SHA256
478054d52b90c9275e727b7084e312bf8711629e675a25f42c6726d31e9c3696

SHA512
21e1fd28a1e381c18f7c0d572ec2bcbff13ba8757703e8df560f81f86c4f191261b5d188efffd89e8e81a8e452c79e2fcfe4d6dbb001ce3f5f57ceea90bd7ee2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f8348dffd61afb2e9900ad4e6b2be1c

SHA1
31bbd81a8010e153bbb7eb2c71eafb5b2e97a99a

SHA256
8c5ef1474bf78bf97b855d5247f4b73d8f08c080392c9c52c634a17cc7d7e42b

SHA512
e5f589074ccd64f508464f6cc08af727c51ab4ebd2da9d33f1f2ba2a0b90aa5f870f57704b073f9c75044113c6d329fcc0d90988076495dd4dc36cd9b531ddfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fc16eaa38dcbac71973dd8be05fddf5

SHA1
3a8768a1a15a37ebcf8d659799e83e546e06e7b4

SHA256
820a97b5707b5d8068b13edd8cdc8ad313b38f099f1b1a1b70e4d1ce31f38902

SHA512
95311cb36e78e4428c86453f16184eef89affdd054b94a9ec1296472e0356c85b361f7079f430e10884d31b76f58ee10ac81538e66c4a0a1713243a60f07b288

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
080def661eae8dd87310c45d236558c4

SHA1
c0fdb33c659cf01b4a16d7654c41df0d2f5eafaa

SHA256
4e32d99be097d870f50eeb9f5037dd8f1844bfc132898faa9ff1c16e852c5b2a

SHA512
4a218cf8804ccf8101202acfda6b7df10cc183ea69903dca7358db7604f7ef73026fc26bbdbbf78995a0fa3248ee69f120b749c52297ca42a86f34640b654888

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c317ea78c56f09c092bd54813fb47f32

SHA1
b268a5cf38c8b30ccaff082aa331e7c1ba87726f

SHA256
6242a132df45ebb2e35a9190395d07ee3aedb5c87386855362bbcd2fdd92d5b0

SHA512
6ab2cae550c39be46f8550a4d02a7f3b4e9ffd7d1130a314d5b7878b378852e479f8850d8b4d053b985693bf242bc5558212a74e53b510bc5359760c37bc81d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df0c400b8320da597212c39ff5e717b5

SHA1
c064111fc5b1edd30bde4bf50393d43148f8c4c9

SHA256
50bf09cd99d770e332aaf378c7b8daecf2b6b1afb56decb28c362fb269e27cfc

SHA512
ce9f3ef69910dc9d7756106b2443fd62a17922b43b27ea88031b944a7f142ef550850e8d673bb2038eeb02e270bbc3fb16d7bdf4ce63a3e95f0ed5084234a2d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5b84c57b3a78d5b000de5f53666f549

SHA1
5726c4c82f0f194a955e3e627f4f6d4ba11cc9dc

SHA256
78eda6f5f8fdc0b02e61ca73f0f30e4074affb658637209191365d502f68e873

SHA512
32932871144d1f21bcecd2746a8f9399ec9a3756d67ce890b3a7f82c50ac4432a791e2a79d723500d363541dbc0b8d548b7d4ed5bcc1fd5e7315effda0f031c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5491159fa23a3d21f1f61bdd86d9ff16

SHA1
d94b14cd8d1905a52c2c46df0e7f7e02367aaa03

SHA256
286c0205de894b184c6a6145fbe59ff4c4b29af19b178832e91d409cf7930463

SHA512
07c76e1d6e2be9438efc146a81f53c871b4eca61a6e516a669e762feef99cbe85235da2f9935980e31609a4dce5c43ce2da21871e63216f9c74d970170d4d115

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab77C2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar77D5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit