bd676378a8790ac191d6513aa434a4f20d74bf26f4d3bb7a63b463173940f338

Analysis

max time kernel
75s
max time network
139s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c14267b0146e26e6ce402b48c16b6542_JaffaCakes118.html
Size

185KB
MD5

c14267b0146e26e6ce402b48c16b6542
SHA1

c8125a59f41397a866d526ac9932dcdee5e86e53
SHA256

bd676378a8790ac191d6513aa434a4f20d74bf26f4d3bb7a63b463173940f338
SHA512

815c4ca04627e2df47fb191ffe36d551a363091d9ff9b3e2e28de570767e79fdcd32ff2d987fc7d51296ec2fc6f192c4471979711c6e4fbb673bbfa0cc9245c7
SSDEEP

3072:C8cYYyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:C8cYVsMYod+X3oI+YS1tA8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7ECDBD11-630A-11EF-B39C-C278C12D1CB0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b700000000002000000000010660000000100002000000060da2ebb6c312b2a8c9469c8a960afd2dd410eae2617f3d31c37c6432064bf36000000000e80000000020000200000009b7726722ef81abb006e4be258330ddacbc2d963768918ffb5c8ebfb688140c290000000959494bd48c19f432ab32050f3c4edf1eb2c9585b6475501d9ae3769e02eb37590b1eb5f85e04427450ce54e38dff92d6cf79d6cc27bc96b8407b187cfa0f828d64ba5b4a38064c567eefe5caece87e20d93234cc486f9fee4ebd3ec8af7ccb78a9bd4e59b5eef1dc014aca573b19a523199272bd0a43d07436cc238897f9a4299fad96a95569ca1395a3d15e37cc6d1400000000896bc2fa067430002d657fd7c15f349afddd340324827e1d73fac5c8ab63e57a0467ad79ca2eb9868aeb6c93d9a1fb8e931325d808be64c4b6b3a574de437a4	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000002c03fca94bd612c87e414ecfa2d68fa2cff1c2fcb92eaf6fc3bdddd7de6ff826000000000e80000000020000200000003d4c7159296a8cb3fc1c6d2a36be62ec082ba1286be64ba104643d80b5eb2c4b20000000b720870d240828817eb3a6895977b08818e02e2121a77b0441eb38c6d50accac40000000193b3a9b5d3d7389efeb32104065786102645d19adc4f42b8f365f258b89fde826c03ebd11a2ea998f56c698b5805f8aec0a6a883a3941d676e4d0c8176a964d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 908f055417f7da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430770095"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2904	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2904	iexplore.exe
2904	iexplore.exe
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2432	2904	iexplore.exe	29
PID 2904 wrote to memory of 2432	2904	iexplore.exe	29
PID 2904 wrote to memory of 2432	2904	iexplore.exe	29
PID 2904 wrote to memory of 2432	2904	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c14267b0146e26e6ce402b48c16b6542_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fa29c79d6a19d6730621f15d136eac9

SHA1
ec704fc54bbc93d17d8d04de0e88101dbdbb90b1

SHA256
8359081d81b8cf4751b7c79f87003dacdcaca434da52e07d6d1171f90c91036a

SHA512
dc7b1d5beba1bc146296a31dc588c62f858409e491e6122908af66c463d214ec017936444ea26c1410384ad851d212d9e0e67f565e22504779627abdbbb9cfce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cf04aeedd5a835d7b8ed8a905a805aa

SHA1
de023598435b790c78cd969dd662aa809554a54c

SHA256
d1dc444c37ed580887109e360ceabcf32ce3c28dc66b750d90daf3f41d4e1959

SHA512
b2f0a477addbcefbf45a2389eb7f6a7c0db79c0275733eccb5606e95d534f03332be15d5b7361615451ea05a944df8574a5d528392e2b0dde04a9576b8ff77fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dc4c65af96c5b73a185ad196080ada3

SHA1
8a6f761d0f64fc0faece3e9383126f5ae6517b37

SHA256
4f298b2abc4311408ad3afbcac9217f13dc2aced6b260eb4185e2d5e390c8266

SHA512
b7d8c8ba61493c67b96a016af1f8164bfdcff6e8d2699f39156a357fe0e1a1614b42753e7eca33e655f73c0ad9237cd1ed3161adba290992372e05713f8084de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe04b8adfc3fc1ebc0c0c54e79ae53c9

SHA1
747d4a77952f0d96faa4930ede5152d135e62d88

SHA256
7edcf7b429ea477bb4b7e0049df1f9796c393a8a3f05dff81dc4cd3de3afa151

SHA512
049e360ade28c1bab9c469a7c1b5150b7cbd8d1b6269831840a461d0287e9c726819d54069b2f528afd1d45a0256553cad2cd56796f10df66e51330a5d791440

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
557791811c66918c69b869dfca95482c

SHA1
d8a9a42ee699d3880f182db16289705008455c80

SHA256
2ffa8db3e439cd3ca841dbccef33d1368b61d4caa22e8dedc42a2472bfaf6420

SHA512
c913be123082b9b358ecf24bee4e1e0d314e203a0f8b54e996a90abc9cb2c01f55575e123addd6d636ea24b15a4f90c4e228f11551de548b07e821079c646d92

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89cd598d7f26683ab8e8555cd401c7c5

SHA1
a0f0ad3adf03285a3f25dd7aed6f483888f3bd08

SHA256
22e97acf548b5783e099c30200d1425013ed7c24646b4617332808cab6e9974c

SHA512
9926e05abaa05e4687325fd6e53c12b4b70905613d2a9bc01892c929c4ea42cbcb1bfd8a80317b76e3a2b842056548146334188568eebc1bfeb8bc2447c86e8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
806fc9d7a31eb57036a9cfd49b6fe54e

SHA1
aa7571c1bb5bc75068fe135819396a035645751f

SHA256
29dc25b926ee7bb0e29dd5fca0700bcb210dda81d52cd497c7de0e614775857b

SHA512
c305bf4e3b27ad58ebeaa0e9304c272ffbfc95daaf03e70bbe348e2321005b9f3809f905ca7eccc7fcd1c4785ac64312a742a3a8deec7137a120d3a63976c894

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b350cbc2bb45b877b10fa26487530dd

SHA1
38f2d5719b075cae1267fb15093d2616b5fe64ab

SHA256
b78630edf83d8cac2193ccc5f54e3fae431b7e6dc230a6c2a371ecf4a5692211

SHA512
eedb3365e04320bcbcf867cbe2a8b217ce1ab66d5b89add49ba1795fb4341c033cdaa29972fb77d4e59f859f452dafe7046e2386ab84bdbf592edc119d8de7d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
743bf081000014734646ab9c295138c1

SHA1
244c40c31cbddb0f75b5ea2c7226864eb52d3f94

SHA256
cd99329dc8a05678ebaab67919b112d97726a46c0059b5774a3bc73fab910f60

SHA512
822a93a69411a79a84ecd7d36bbdc14916dd1cd1de7a35173e8a69bfa35eee6d824cdea42ccaa6d8b40a40aa6905bdde1bfb863ed2e1ee1adcc977169e0fe6a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2329380eeb9e6e6baf05f473f1187cce

SHA1
427d30d2832e13e45d2e06a2cea25b6beaeb87ab

SHA256
75fd8b12c8323ff2adedfcc5a9208ac1d71034403bafabe0a40be50c0b1871e9

SHA512
7120b73dde34b1c2b5dcaa6ac3646effe0ecb231d68b049d57d168bca59102415e267dcb12cd0010c6921a1ae8d72c5abf5f608fef6b8918bd70c368b9642325

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3204d6ecdf615e9c14e14fc0f13ac7ff

SHA1
4c87a501f98da8cbe3c7dda3c57cc1efbb433277

SHA256
697bfda04e4fcd4801546733bf8831c62d1d2da73c1be7c1fcf4b97e61e70a5f

SHA512
380a91b75ac8eddd0cfa20f15f1f63e5aa190daf1bbc1bcc9c47c99552310d8540a7879905d8091165367921d681e5b71c25aa7ae4f9229647771ad1a62cc92e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82d39e2ce5aaab73a539ad69458e22c0

SHA1
332fa190eae88b09bc11cee99c09d82e4c49d5a0

SHA256
9b17049d45a321a285834c5ed5c81f9cd856fc5d6bb3913a9fec2108a47b80e1

SHA512
71995c1e106df7754e91c0850bced0a4f52b3aad2e3ae600de7a5757a045713febb49f05be1f838f238f9151619f858521b0094191ff5f5ace339255220fe328

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89a6535ff95ff11f0a9a49125def680f

SHA1
e6cb2c9c1e8a80d92742cf09b3f63a23e3618abe

SHA256
47b7167150fd96a8b3707705c633924ed98e5d10a211b39e6db6127230b40edf

SHA512
c233162c27b115b5cbfd115a60708a940df124911dee2e8575629324645b1b56935a54c3fbb39be0fbccd631c7b676947c930208bb214891f7faa0b897a73670

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f957446a25b1c88185d6c493d5c8d9f

SHA1
a5f6bca8f5683bbd08012b28082b5630ec67051d

SHA256
be117607acf87c6ef72c1b12d0ac5a73238a288cd7927b9b4994c7144a5ccf0c

SHA512
1d36f4a0ac155a44c21d36f5f9dde87c82142906c1c6fbb79f90ae17e0fedfb882be54cefdcad9a4b7562ee33246b15260adacf5b704df1a6de3a90d084f81b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e09b6388586b804e8e64692c965ef8e

SHA1
3f82a4738bdcadce9634a6e5398b68ea79744394

SHA256
2f45c8f30cef215ce175ebeae05c2ad198c18a45978ab04d9912caa33a286c83

SHA512
02e7c7bdb0fda1155b09612ef05e301595ad38e63402a89596cc6c97408ccf495ee03b3cfeffad0002d3a09d45b3c31f8b4fed90b865dc07648bdaa361408423

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48a29405adda21bb1a525f840602651e

SHA1
1fe8cb0b753042b945bed49c7ee16de7eb48d468

SHA256
bed05dd3a58f8528a22f207f7d931974cf1ffc2ac874cfb6338fdc3b2a098fb7

SHA512
ec41a167dca7f786feec7c9881019c91df226c6f2231e85290d11cf61a879e2dab5232a5191874f75e47b90514708e4b558a125051fc079318dc0c8f05bb93fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabACD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB9B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit