d4990cf8a76b8a09f12bd000cae61c5ea021731cd230f8980e38c8ea482a5f46

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/08/2024, 00:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c1edd27ba28dbbb54d03bcd76a79e731_JaffaCakes118.html
Size

460KB
MD5

c1edd27ba28dbbb54d03bcd76a79e731
SHA1

2a3c7fb97d061d4d0b0a1b406d7ca54dabbfdfb2
SHA256

d4990cf8a76b8a09f12bd000cae61c5ea021731cd230f8980e38c8ea482a5f46
SHA512

b60ea612c688eb6c71fe0520480f7b144c838542665520985bcc6a90cc8f59d1cc29ce95c4a3dc1487e9eb7c984a74a8d4eb650f5611a0676d5a664aca82acbf
SSDEEP

6144:SDsMYod+X3oI+YCsMYod+X3oI+YHsMYod+X3oI+YLsMYod+X3oI+YQ:Y5d+X3i5d+X315d+X315d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B3D9F8A1-6343-11EF-A2BA-566676D6F1CF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430794657"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c70000000002000000000010660000000100002000000014a5a1afa34e7b99f739947525a045c38f02139658188c4ce8e86aebd36b40dd000000000e80000000020000200000000b9086127df1836fac3bc875f27dd35033564ae623d27aa5cc7ab665cad161c7900000004ff1dfc9009d5a125f30218aa80e8697ece699af0e1d97621a7afe22b561a0cb8010661d25c5d0582eb10ed790c4aada8b87acb2b111bec62195adc6b6597d09dc63c60241e22ad7fbd3b2e965691a239333351abfb3500e43efdc2603958ab223e5f46ac124927ace4847498b0cd6ff57eba55ec3f9c666b5a98df9e0f9704818ad3e8b8612b7cdbd288456e2519daf40000000a3dd35643094d67fb25ddfbc2481d286357957aef2b1c587365d85d06d1ef94b0591b03f6fef28d7e5b2098cd292b310c6e51e1c5a47cf5e5d2312d36edfc507	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0735d8c50f7da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c700000000020000000000106600000001000020000000a1a1129efe0ae756fd7759694fee298e508c3f39bc264942974fe2b9c6343e7c000000000e800000000200002000000068e15f63763d6ccf98dc0fa9b2fa464e270cb47f7d3cfc2dd57d689cbc69259f20000000375753cbd0fbdaa9890830e8d686c71233a82d2932eb54c16cd3dac4661d7929400000003ea84e98aeda05ff6c43c4f195fb3429995bd03ec897bc2cdc2fa56f17edf6608ed844aea1285a7302ac709ffd0c1be3a6482714a1e73607e1152517ed8384b5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1832	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1832	iexplore.exe
1832	iexplore.exe
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE
2780	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 2780	1832	iexplore.exe	30
PID 1832 wrote to memory of 2780	1832	iexplore.exe	30
PID 1832 wrote to memory of 2780	1832	iexplore.exe	30
PID 1832 wrote to memory of 2780	1832	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c1edd27ba28dbbb54d03bcd76a79e731_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a569fb5be361cdf95870f5149d223231

SHA1
fb2ccfe34d56aa038578b560befa011d2895de00

SHA256
a0fb865de1adb09dac47829fcc71045bf722eb85b5fd993fc0803592cb415d6c

SHA512
10843f86abaf1dea48d23d83ae3d9dd15d8a8e1ee065df9419c3eb092d0b08476cabcaa4aa11dbb4ef6dbda226528b3189bb4b82646907cd147f98fe9e0cf754

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e752a332ef787729382295f7689f389e

SHA1
dcfd457209f9d0de00406df55302c020766024d0

SHA256
c266f113693ea990d9e278fd69be3a9e8f0ba891667beeffa9f8742f255bed9b

SHA512
096fdbaab631836c48471616a88facabd37e27ec2b22a6da08524547ae66fbfbe2fdcaeb97b097b638caf368b22b0e673e01b648038288343eeb8878281d2429

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06516026a8a985284f850eba7380e504

SHA1
909c7ec8968ed60c3348dba27aa16c883cb7dc77

SHA256
d7628964773fb94363b34b94a61427e64c65e5983010c5fda81c3f3de90b53be

SHA512
9f74eeccb47ecb79b8da8479dd6424270c78195bd09fcb638751f0d2dfdbca4c0f896777adfdddaf80f8f1bded72deba6c4784f5fe50c07dbbd5ccd9a2bb37d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d5c60bfbf577a1ac6452cc45bc8b871

SHA1
7a1dfb33492aa8460e843e958f4485a0317a5883

SHA256
1ce1fb0b973c69dd2536333447d04bc4654af353e26bd6741c7a09302710886f

SHA512
e4ead3ea83a230941a62bf6b3ecb0ddd129b138f90ceca73410fb7a2bb816243b8cd18ef622c211fcc1919b46540f2f1ca8c671de3172f83d7d0fcfe30881e50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
941fc4db170cfcf66833e658b18c87a5

SHA1
5108763a931990778f56c0eaad155a2f5e6c021d

SHA256
cc7c3d6efd79c36fa54e2d2a1380a63e6073c662b170989f9f219de60f2613e4

SHA512
3ae7a66aafcdd3ccc899527e37e520f8fce3172c4692b7f006e61653832b4bee05c1ec2899664dbac68e717e5b7cbe1fd4aedded251442ba7d75c823e3b36b16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad20a50b16b2f09bc8412778b5516b55

SHA1
d9e5a38728079d9480e0eaef032ed788fb9cc30a

SHA256
76cb69b0aa0775dee19bfdc80acac0bad25e64ced72bc37b415d00c70e8e5be7

SHA512
a8742acfd4c6f04cc7cd8a402bd02855d7feec15e3d5a1ea932533e75117d5109fffcd366e968069e6e1f3351508b685f6ae5c435f058db681534d69d2e3ecef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a63a715352f78c664196eaa951a47e7

SHA1
3417a930bab6d878803275d927885b545414e04f

SHA256
db9d9e86aaa6d76d56cfa8814ee62fcff3037a7a895145d49fbb3e84cfc86b7c

SHA512
26c4bb5eed1594f4c09a3d392038f95fc5ee2a65007c95bd73ef6a9c7274f3933f1da8a878cec4931e29861ecd8ee0515d451e363490563d1b0554723961d19f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5d93a8d9ebed440cf31cb71257aa954

SHA1
3feb142ff6b45803b434a1321c2eb202de37113b

SHA256
2d3bcdad94743016810f71ecdf568eb383b006d3148cfbc5d6fdf2d091b8e3c6

SHA512
0a82d2685b5dd20723a98a794ebeaf867e0bbf25641a8003af601a3be67eef2d58b18485a701fa4503a4711515d6834ba6c69c60865ba6f398466837a5a7d015

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46428e272885f19b779210dc298c7561

SHA1
da6b3bb83df48e645d7c28f927642d76e6643d69

SHA256
e883b6b892fadf98dcdbdb9b256d13ca4753efcac49f95947b030edfeda2f752

SHA512
7cb789a1b1d76abf367b913797899b7bd82d5937ac9845fb663c77029f6da66b05efdb709baf9e942d37d117dfe85fead0371b026f215441de4ff2c76cb2ab81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c7e8f0b3d3df329dde265fb4956b6f3

SHA1
c70fb145b9b2ce1cb8b46abbc9893253bf060391

SHA256
cd2aad348a543da9ce26b7e98227ad705ba74068d5886e29901892fa3727689d

SHA512
9a700d062f528edd0a6eecb6af3a0abe44a0ba48fcc698443e04f2f4cd286bb26e94cee35f2aedc89193e786d2d95d547e94a591e0a57c04dad374732be120c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02a21429d448a103700ed7be2c9b9964

SHA1
c0b9ff697dd43c9c7e87bf5a2a36abe81045bf71

SHA256
a2ca9adbc8b0c61b92951afbc5724b964ae047c91e28ae86115cee40ab97675b

SHA512
a34547873ad31544029316cf4524a2974e543bfff0b9327cd0517bf3d3f0035f5d4efcc2f1b4bf62fd5d19338240a4844154c3b6ec407175121ea9c62db0c437

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b3ad608c0fe56a2d14bf8592bf1f16e

SHA1
bc84d9f04f1ad6169c09ff47a7447e2167898451

SHA256
e57b5db5acc85bcfea6c4554840071a1f867e9ecf9ea6488dc8d1517d17ff750

SHA512
4cfc60c00a412b9d6def84042a570f677eaffe21dc1099bd4446d7da89c76d80edf46e6e5ccd2ddc5ddea5c31519cbffc7978008a9b4aaf9d13475d095c6130b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5002c35ec0dde9a62f8efcb9e47242dc

SHA1
8fc0b4935bc2daec5fcb1e7c3f075aba60d099e1

SHA256
bc98820396ff60b7389a44a9637ff60767328115a5e57ec191682052a44546f1

SHA512
92535eedbe3e7cdcbc68a2513129ab76aaed61e5bc84436ff172a776750327721213f3c7c2a5d93344cae8cb08c40dab2f3b0cb10a6592ce6e66256da8e151b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53388af488b0603978929db6df574797

SHA1
a0373c7eafd5186c49cb028531dd40bd885aee2c

SHA256
a3c17a868f713091f8bc38842e74311f84c7c00b4531eb849d2372216fff3b31

SHA512
96e8b6ed301fea770964f836f4c50f492002ba1b8b028ea25b31e62e8e93f10a907025a89e107a60658e5c6e951f288e6376c14a43520ff11631d03118fa145e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4821c5f1af1f141a26f290713e10b822

SHA1
b74751b6d327d12b43e7c18b39f42228a9544d36

SHA256
b04b2cc635337e1a085b4fb6a44d7a80a5cba651e439a73f5f06807985381044

SHA512
853aa2535d45aeb5d903c105905db6a5e86f26ad38fd8c22cd1797f23946781be731a70e1030fcb44ebc0a190827daa82d894c619d34407e0eb6087ba6f4cdca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1E6C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1EDC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit