9ee5618df1f44b33a31a84fa7bd25c960e53fc6bf983f065ad9368215f1c81cd

Analysis

max time kernel
134s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/08/2024, 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c236e78e2ca44c7f905c04a41b12fec7_JaffaCakes118.html
Size

350KB
MD5

c236e78e2ca44c7f905c04a41b12fec7
SHA1

85c17bc170c64612768c7e03327063fa9256631d
SHA256

9ee5618df1f44b33a31a84fa7bd25c960e53fc6bf983f065ad9368215f1c81cd
SHA512

2149d8f01b174b779591bc1d15c523f543420ab5ee7356f23d0db1999434aac7ae6fd975288a4e837f7df23ecb73131350ed51ecad31e49c97fc13b0aeb1c1a2
SSDEEP

6144:SRsMYod+X3oI+Y4MsMYod+X3oI+YAsMYod+X3oI+YQ:Q5d+X3H5d+X3Y5d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000d3ec843233bedac759baa6ae98c60fc5cdacf9b67fc3b8d7a24a3ef4b7a48960000000000e80000000020000200000005550b1827d5b191c8b87aceb71ee8cde8ed00a6bf96c664147598964fae5f79e20000000869686c245a4286ff2bbb6ae98a7b94f545208927f51feacb080ddb7f0221cfe4000000020d1afcba825ca4432ae8987b1c01bf464438a1f9e1d7429875bfa604cbc3273f2b1fa47b50eede41e83e8607e1212c32ae9ceb2fa4173f15b5ab4977de32624	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3F13F6A1-635D-11EF-A14F-CEBD2182E735} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000b789e404348784557fe0b19f2f24c8b41fa9f30837c6c258dad1046367eba29f000000000e80000000020000200000006ff1688892bae7aad61db777b3e692c9172579f0dd709e019bfa31a4c6a542cf9000000010471d3cbeec7ad72a465d2f570f664bc6e5e4b3745c7c0473caaec822051bed0803b4e383c9215f9668ddf6d8522a84abf5c72c5f526f6963783289679746c972b0c67c9ec6f2e7e71946971f9d7ffb03a1949166ee9467b985c8ccda0508fccd862b9c18c0ad93cac0e29ca543cbadd56ec09fbc56e1ffb9518b716465f0c77b07316436d2e50eddda2766dbcfb3c340000000bcf8e62052aa5d90f415916b4d1edbd083b5dcc014620a5e0c4669455a290568ee31f02026647acf002ecb1662f051f84dfa1e7cea2da30b52032876afd9c2a7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430805629"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1005e5176af7da01	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2704	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2756	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2756	iexplore.exe
2756	iexplore.exe
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2704	2756	iexplore.exe	30
PID 2756 wrote to memory of 2704	2756	iexplore.exe	30
PID 2756 wrote to memory of 2704	2756	iexplore.exe	30
PID 2756 wrote to memory of 2704	2756	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c236e78e2ca44c7f905c04a41b12fec7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea519d9be25a9690d27de7585fb65704

SHA1
5d45e777424e12a0a95bb3f2aea508d57467bd41

SHA256
687746f1bdad56c56b8b34829e1a9a4d5dac1595f93551ac9b5b12b8e13c3dfb

SHA512
4c9df357469cca70a7cd2e013460f78c3c5a52040e719ba1fac9d5dd29733bc395b63e33a7a0d289c29e1d1ba81a71d1f77a66fe4ccd7ab57b9875f176a2ad8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
268176682ac37d8d51835f2ff6213c45

SHA1
728ba00e2eba8fb4cefb932e120c6248c53619cc

SHA256
d0c96bd69c07eced4e8783a0eef0c0c87947666317784ceb46dcb5f48e00ece6

SHA512
0aa03d013c6386192bed1c9d6d3ec00f0b2f6044d67495e4b49cf6c62b0552445a46c60cbe64e4e608394895a982012651cf3582660b1c6a10a3894f96e98cb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d1f97fe0e642b4c22029b76f0bbbb0d

SHA1
a4c6d2dc966e4ac82533d40885115b2e24180a03

SHA256
bdb297cdc4be498a8f8422b4770a9d539fe718ee31b4bd4a189068cfb882ca41

SHA512
1e010ebe5d7789fa9fbb5f032c9eb35c4763159cd3b5886d4fc23f1a342b57a3d542ea36a58b6851a7961a1ed7ea39ce779308647d02dd2b68387c8d81f876b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90a2821e39dbeee18bd0ad98ef1e4798

SHA1
e89de97690577f3cf628c4277e42e189dfae7a17

SHA256
8d5e5cf3d6e5ea71b6c31a61b9b718c0bde09e05486b37824d0e1c55102abc76

SHA512
e240ac50cc67172a561295a1d6efeeab816615e5b3646ece0e0f72d258edd5bc1c4c8475f156eebc1eb434caa5f2925637cc1721c10faca77bc9d0e959c89127

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
191830b6689f3d182f739dc1c6c5360e

SHA1
1511af5145a6da0198d634eef67c68a37698d6f1

SHA256
d45271543ed1b05fabbe361ebe5933af7d75e526d7980a0402a066d4487c3c2a

SHA512
e58a159ae44aed37d7c37f72f0058a7afce23fedb5cc5f0cc88ed2ce7bcf35cdc0d1e5188f05fd12921668e868d19b6f5b9b1f3c5cfaa72d5af67a323e5254dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3949ff353dd266edde91fee94489a815

SHA1
7ace0259ce54b0cf965e83c7d6252891d0a87570

SHA256
25efe0e3a579f7632b3269d28b183bbf6d1a91b41668fa65f9e928d6583ca0f8

SHA512
17d968c6988b7ad9a672d7e618ae7a2ac4a9bb1b358060a5ce7b6e15aa88f28ad6a1b4233fb48b2b0058c78da2c38cbb17c29b1135ced71b754fb2ec3ff7ca5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8335b558ca7fe680c82280f7b851e9d8

SHA1
df23e7dcd69e467fb15e1d4a50ed25d52cc6438d

SHA256
fb840da682925fa4ffe42468a06822f030ea365b4a9ccf447b9f016c4d92dd70

SHA512
20789f630f69ca6e03928dff4a513fdf3eacbc469bc021da4241d330ff2750956942a6cc7941e8c147269007bb1f0e2f4f0e2488d054d3acfeac556ba2856cf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8216c9f0d88b50c0d813eae5f6c5b0e3

SHA1
6b41e070644095b875ec3b2a1b64fd845d4b5ed2

SHA256
6ec241df8f1712807526f660347ada877848582fd69639a7a3ff0b1567305323

SHA512
352c7a748b14278f935bb8cc7be276288ccece8c97aab243dd99ec962037053b711f1388ca11ab6bbf3ad484fc2b92289f7b498e056f5ccdd65b733c844b2572

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d127eeb7c672c183bfc2087de0d234c2

SHA1
e5492f58cca674ac540b159b34ad4db41765e0ab

SHA256
5221ac40535e08bd9546af65c01eda71e11fd8cba3a1f34b83742f17761852aa

SHA512
42be1b9a7419865d839be0e1342071918db71be3e1c4d6f8907f5e85a1fc57ad06696bec06a08685a6fa34d1d6ea14c608133ce1e7b674875572e0bc6d3e8027

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0e28738c7468c688e693cea21814f52

SHA1
2d5fb602c79cabc92a7805b8dcaebdb75605b806

SHA256
e0d74ee9c1366dc207d5664192c7bfab48026d14cbd6e81db74f98ec0bb5aac4

SHA512
3c131676bfeb2b77bfbd240d674e386fd8e8f9cc3bfd6b374bf36cdcd303316ce1907ebec38a1e32f4231aaa85118de1d1735ac12ff74aa8dce3fc16a83f34f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8eb7671978332b4f5e0879268ebb91cb

SHA1
82b6176db78e689510916142f139e6105cf7fc73

SHA256
24a36cb41d7fc2fdb407194a57cb8da91997960c07235054a5a701154012d616

SHA512
17d89c1a102539701f280a8506dde11137b9f81a423a3144f83e937aa81aa6bb8f515114fe9029f4bfab5df4ed639c5b897c9541a779b1d45845a35297468ba8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03d04257a8bdb7309692d3129d3c3115

SHA1
0175ef424363e9c57687874c2ec71fdd027028be

SHA256
0c91b9576c8527527edf7dfec8953e5aaa05865c08323a4e4db602ec08c065b8

SHA512
9b2288ea03b5c753a7a5c59f633092ed87b13410ab55f601048027510e4111baf5f3072d47fe43a159b800e3691c6f80a24f79486503c2be64a8e0a4f9451313

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e6b5dff27939a45f02f6ea74973b472f

SHA1
152b91b80458feef1b303d8ee79fb0dbf17bc88d

SHA256
433798df7d8adc3c820fbf0ec09e7d520d323c962b4d9b0277dbcb9be60ab90e

SHA512
0b39f1c60d65a9b7d2079a1f36fe390cd0d6f586a40238b908e0371421c82b90178c7ff4dee22d5955d5bbbe9d8b341d0fcce1b29f7627a1c34caa3427dee368

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
696874789aafe3511c36cde879258c79

SHA1
eb495a2e0373396b457b644160d973cf4f18810b

SHA256
eeec336799862f16d5bf928b6717cbc494aacc57dbdcd6aa00040f0141fa728f

SHA512
7072437b8a607951d301217d7d3ff63855bd9196cb9b348bc07d008cdbbd654ddd6b635d11ce23ab5fecbbe5d482ac47bcabf3a0bb3a3c0b1c91e92360ddbe59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af1678a1a5f237d6cfb3c6216c6f6c8a

SHA1
b6963d96909440569205fc66edd83e1c0c9d9fe9

SHA256
c23ccbe3948811484b0363f3ae61106ee867bca5f97f747a596f4816e896377b

SHA512
311716a1a5e22ea5c3685cee02b8e6252dfc3643ab0a8f057442c7312871286f295100f1f4912450e206557a0c7ad441a9a14d93811eba751e4891498bb2c20e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4a275db317b422e1fd24399e6b8ade9

SHA1
ceb3e4fa2feaed9008ce2a6230a1a1ec7fe120a2

SHA256
6df1f362fbce0abb9960138d8dd908ff5090b1b64ddf75a97b8cf6294d85799d

SHA512
3e41078c2143b0bc90fcc8cf734bda0ed4b3491a32d8408db0d7ddf6801120f62adc0bb59594fa6d6743b47624cdfe628d0b8d70d66f9d846cb5c1f035d1e5a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA788.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA847.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit