ac13da16c8d5778d8e1640d2a51d186b626672f96a05218142333346df6d67ba

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28/08/2024, 22:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7c22b55fd47599913af0841cfba1cc0_JaffaCakes118.html
Size

464KB
MD5

c7c22b55fd47599913af0841cfba1cc0
SHA1

50d64713fb2c5f2354ca4e639f679847dfeb3575
SHA256

ac13da16c8d5778d8e1640d2a51d186b626672f96a05218142333346df6d67ba
SHA512

d625ba95a5abeebee4f865de6522648a26b2dc35159826b8eeacbca834968c252faeaa826bfaddb77db2a9529a62100e9a2cc7990cded7dae2cab8b51c9c665f
SSDEEP

6144:1sMYod+X3oI+Y+LsMYod+X3oI+Y/sMYod+X3oI+Y7sMYod+X3oI+YW:h5d+X3If5d+X3V5d+X315d+X3c

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000006ea548d70134af4b7fc0a61e44fe4968eea525f10e8b1d09eaeccbfae236d6f2000000000e8000000002000020000000954daca3ce21a6496325f6b58b2e8f6d03e1a03e9f306d5e9a9255b5e2a524d2900000000439d7415f8df1fb1630004c45badcda15e08db88ea5a2fdb0af9cc24d8edd8b548b43557ac7519a56ba5c384e590947bfe9eb3a19397f53cbd709806b05c57054945b2eb14ec87f3e7eace37bc7b696906a5f92762a3d9faac5e67ec23fcd15bae457209981aaf3e0162f8a38d9ab7a04e5849d576de71f84b684f394367ce5d861b0a8c34bb7f2003c7778b26fbd30400000002946330a101256fd603e12f2dbc184d4fc6edf44c34239e13301dd69c783eacf42333c4efbc20f3cd8b1d995c5a3ce7ffc4ab9abbfd530b1ca98a673ad7960a2	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd000000000200000000001066000000010000200000003f33f69dff6f6d3e2181e599fede0e19ac6a8a71dc905ca308a655ac479948a1000000000e800000000200002000000037a4e052c4b239f1e5672647e334e5f7d6b485aa49a8266a4cd50c8952844560200000005d6153a11e0c51652eb1dd518c014b18e5fdf8f5606fbe8c052e4e04bce0861d4000000049087c19e5db4420f854ed98ec2099bacc41b4fdddde93645b2a2f15009d6597af900aa6bc4230635acde2b9c8de0b8df4c45f0fa744e2165dfcba3cec49d10b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431045856"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{905030C1-658C-11EF-B4D0-D238DC34531D} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8059ed6499f9da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2116	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2116	iexplore.exe
2116	iexplore.exe
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2336	2116	iexplore.exe	31
PID 2116 wrote to memory of 2336	2116	iexplore.exe	31
PID 2116 wrote to memory of 2336	2116	iexplore.exe	31
PID 2116 wrote to memory of 2336	2116	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c7c22b55fd47599913af0841cfba1cc0_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2116 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b564918438b17d96c02bea0a1c1591e

SHA1
009947c5f8012779a0c2ae0f7d0f03a40186bcff

SHA256
1ef9c8cca331c00cfbda17e8e074f7ad2977e65b0a8f9803e5ece9ce8e8cf4f4

SHA512
3518640589c99d5c5e521294587d9b772b9862705628473f8156b40c3a490274fccd24e6b354207d0e3e4b7b0cf07457971b7296c84aa163d47a3ac651c49ea4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7aaef3b41bdaba8e3685e580d063cd09

SHA1
5d3c40299d29069d9653a8921dc6b6c205b20925

SHA256
128f25ad5aa3dfc78f6776d1a1595d1e1dcda947215b9ae17ea79a6f0bc5e58b

SHA512
2d15f8a34aeea4027bfa0b6d17df13421170ab92d59889aa539faabcc39ff2fbb94adbf58f4da45faeeedeb14db7f865c66e53e08941e657f740c4a92361c2ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
022f3b17a3948a8c15fd9355070471e4

SHA1
7d85d6ae5355678ac794c9ec85b8ce00c8018e86

SHA256
4c2b87664dccca96af88eeb661e4e3364060d359e288def20f8ca57d4a842d5f

SHA512
104b7f007b5440b6790ad71467323b48d1d6b6561eb3f9907f6b0ad47600e0b37abf0b0ad7b8f1ff138c77b08f24c97be168af0fd6aacb7906c9f35b01192f3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f86e4bcb546b76e1e07a9b6776ee80b7

SHA1
f246cee7bf3928151e00c0ba153202151e440329

SHA256
474a9e95c851439c30ee3c09eba246b121968c6aa7f848145c90de00a95869c3

SHA512
f2ee67fa774f1ec0c411140df91b5b907b2d3a73c19062e8d5b422e29b99a87350e202858cb7360139fd2f23faa029b19c8dfac6db0bfa75929401c7fe855f5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82e33c334e46594814cac126fe7a6293

SHA1
f5dac4f3b65c3bb9dadb0fcfc0a157bf84924f69

SHA256
142eb811a41a37d98f1f449ed85c2defc13af6e94d584f8d25b52808cbcebd02

SHA512
f0a04336a554976dcd14235cace2e54665d345673c2ef6d15d2b48ba965177b698b958ea3d0e504aaf1e227aadc7e0a9dbd3fd03895cb7426bc07f64372dc741

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
867424045b495bfadafbe5581a129587

SHA1
ba82f03abbcc4386ee984e9ff5f1f09bf9902059

SHA256
7e149ce6b4e3cddacb9369f84331c54bb3c402a95356e7ea745c91cf0cf39653

SHA512
7067d7d353c2341e1605d774f1b10d82085a08f7cd9313cb684b7bdc94be13206eefc89db4f446f70c2eb9779d1c471940e438ad6eec21c16eb42c049be3e677

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d23377416d025bdf44c623852006dd6b

SHA1
b876c06afa222f960117b019167e0eb895142296

SHA256
c5ed816b5669cfee20b6d1dce1e10a078c9fb7c5283f189a4e35d0b4dccf4a67

SHA512
5763538e62246698a659b7b84ce1194dd8d60e89e4505c5d4574237b5436a8b8ff298c57c6f902dd007d7442397832aa12cda60abf637f4bfecc27bfab265adc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6eba1d9998ff3ffacfd9d5620d72a878

SHA1
1b907262c87d4bee4a9f8d4c6716722c5f4819b6

SHA256
826536d4724ca9ef1d37ad59611a9cfb29175020e5b831e526cf14cc5b674c99

SHA512
376476285c4aea2bbd0b38b1174277ed9c399f630c63f947fb17bbd7d52d6e051e7cee1dff4cc5c6b85a80b3cb02849a8d6e0fbe44002181d6431acf235a210e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2480d7a7b6c23669b642d2cd0849a03b

SHA1
02290f58080ea8a466eb33c676869ecce8914e13

SHA256
8641bb59d672c2eb6d328838e1ea225c39e564cb33aaf6fc8387dbcf6e6de2ba

SHA512
4cb849291ff11c8af3379291b230815eb6cf1aa724cad6a477c88c28fa6f3c0bfd27eeebbfacc607d3acae2dfc0b3d8b2a412376563cc698c21752e0f86f5ed7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
974c55dea8b7ce7e11f4dbfdf2bb374a

SHA1
73b190d03db0b080979d81c92c88cadd809ac9db

SHA256
8da693408fc1481dcc01497cca7315f7a96a60f8d7788ddeedc6835a000fd28a

SHA512
31a67745fabdd2f0a0743a42e291c8e3c91b4242660599c18b6775f33a19761518de8a14c590797157d1b36a4ce65fd823571c098f5b4fdf206fb520cb301a2c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd6ebb7d523ac18907b64f0e6cdf940a

SHA1
7aa9761bda2cc0799bf1ba2b131c51bec0c7a3ed

SHA256
22ae02623e9e177abcfe0700cc37d481bff9d660b7f14607dd77355338479841

SHA512
f1c98e937e063af60e1db19c70ab37661ddb0465eb8c04bfacebd53a34de95934cd9dbb06a3dca391435c222601e587e2152995f9be55275ac51811fd4e8d3bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
860cda6f67f568a17d99842704bcd1b8

SHA1
24dd69b47b7c459bbcded68e2b62a90e42edf76d

SHA256
b4a81d7f081ca87797d3887ffc3421ac8427526588b38b7badb2520f9a2fd416

SHA512
38efad27a8fad86ae440dd30c240355daa278dad03661da90d8c9c5816394871474dcde22dc9672c268068e3228541aded924a334a6d550d979e257fcc329cc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89eee352abd34c1d161035921b42deed

SHA1
7937bbcdf72fa291b16048b668cd528cc0cd77aa

SHA256
18a3fd774017aaf0d2bc163e86bd05be3f8384979e82dd2b10ba7a833257e39f

SHA512
96ba90ca0e7f7d7aab03738e89bb316b3f5d5c87a2cd6f08080223c134ecc4fac49bce458e2665add018f94a0df8187cdf2b9f8eb75b49668c546d9df20be4ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b43d535c91d794a94758db6896c8f7eb

SHA1
668267132b2f57f4a13896d9cc77f3054a61d538

SHA256
c32c63796f8d30024d762a5490283370f49e918612bbdc8a82bc9c88f30bc5ed

SHA512
c1c6e0ce65dc494d5e185fe2058d4dbe3c36cb295255c70301ba04ccbb62ec7017da73de11063d4e07c754f594a309680191e49809a1a5023ca8d2caf6510f6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd88369c7572755bf50be543e71ee97b

SHA1
88a972992ca80b79c5c6df44fdd0d5289749a0c1

SHA256
b17ea9425195543921f622ba7b5576ccf6ad78faec4b59d4376ba0086e72b73a

SHA512
b04d7bba8957505269b9ee8b3c3be17d198129980f3c864c9ab69d13c108fb7646d87f56f0a5a5651f8991a981a33c1aea851ded62be2df82c6366b9abc3ae6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8C9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar94A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit