9d9ddb77315db836e51471800dbfd017811d4504396b37b6908d81e3ba8ef981

Analysis

max time kernel
143s
max time network
143s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7fa7f7b1a1f6f3b37ec3ee3066a7343_JaffaCakes118.html
Size

21KB
MD5

c7fa7f7b1a1f6f3b37ec3ee3066a7343
SHA1

66c1b590fde6a4344b1f34c7b228895c1ddc653b
SHA256

9d9ddb77315db836e51471800dbfd017811d4504396b37b6908d81e3ba8ef981
SHA512

86a4550f50ea8737c4e621f21cea059babd77a62c5ab258acd5e134e51006657998af01b473ed1eb4970eb4706ff300db99120b55a6179927dadb33f185f16c6
SSDEEP

192:Hqvl596UDYvWfWYsEEn95vo2UQB7w09Vea95MSdNVMjP0kuCN:Kd59GuqEEn7w2RUa7MRP0kuCN

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000934706de960df2bad316439812ce1d272beb0144e64e2f8d597492251c8d702b000000000e800000000200002000000093e446b1b1dc02ad861ef3c244c6f84d06c41b1f85565e12782db05147713e4790000000c9a003d408b05aa721d180e889e4a2f7c72005273746cddcfb029933e18f107aba4284074b01572809609adadc1cbadc06eb5a8f512a940e536cb8a239ff673facde6d2db2e078e7bfbb508d1db4d61403ee22f3c025d3cc26d81e384f2ab671094fa2b6745b02ec40559f37cef2fc0c9a66ee2bae67553ad2d8eefeb302ba12c363ee2b68907612537d78434c264d3940000000ab6a09405f8b777d9446fea4039f61543204b2a0d30375cd8289239a173fb3e59a1d2a5a440492f9f6ce90499d86387255dfc41790bafdb37189127f9f308f67	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ED09C5D1-65A3-11EF-A372-5E92D6109A20} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431055888"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f0000000002000000000010660000000100002000000020d82963782c97a169c40f0a82bf2725f770a79be5ea91758d622890bf6b9a47000000000e80000000020000200000001ade1e3a3080e8250365c817e4fc90e8c225abaeccb4128e7fa95959eda4ce22200000007852defd4870071e00eb932ad10205d449e348bf79c06342833049e333d0622240000000a98d6b4d7b6c811e7e60142e70777a5d85172e61af9f2776c5e1f1763da31f5b5bf311390cb708bbeef14c9e40479e390dd3fdd05d914b0fba50a9749415369a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70db22c4b0f9da01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2352	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2352	iexplore.exe
2352	iexplore.exe
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE
1984	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 1984	2352	iexplore.exe	30
PID 2352 wrote to memory of 1984	2352	iexplore.exe	30
PID 2352 wrote to memory of 1984	2352	iexplore.exe	30
PID 2352 wrote to memory of 1984	2352	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c7fa7f7b1a1f6f3b37ec3ee3066a7343_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae2bfc7f687a15ec22d2b78759b5baf6

SHA1
ec543552d45c34da473ff599c4b050d1d231fa44

SHA256
8ed9df2df0a6a13f121eb92d1d61db8626296c464cbc557c662743afd3fbb491

SHA512
7a127a42af6b977200847c7be416444b8092b84f446d2c5f96d2a690de2ec32578149e71ae797a4382e0adc16b1f130192042e48b20b68b7bf5f0b4cafdb4c9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
652c68ef6f3e108aecad5490d2d4ef19

SHA1
b3d2dbba563b2a1e0e770eadac30d80034082c01

SHA256
e9a70ceca9f09bf4f286132cc0f34f159af076fab6207410b448b5134cdc611a

SHA512
65bf3ac0ae95f974e9d580bed595fd25a4e274bc8ad8875852934bcb355fbe3a73185c931f039e03a58137309420ae2ba71f4f4a30941e92429e87d9cda7a454

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a69b391046656d4a81d993c049e1cb8

SHA1
c9ca8adc9481547226e7889cd31f19c2348fae82

SHA256
6582daaa4f2974e13bca3f8eb84d3c462cd4dfde2e91d561db56368170a2766a

SHA512
f0fabef3c3c49b4d8af92c1109b4e95ea080411535e64e6c8d0da0911d82af7e4dea1a7d2d2821ae8618677baf24062652fba5834bdc31fc559737c6d9d63c51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f33347b7fc44b311d1dfd16e34c017fe

SHA1
42c75e31505a720bf262b6a5b465821b0c3a1cfe

SHA256
33e2200e29b2bfebda50ca4d43266342fd936e29ff728b298512c5d91711bf10

SHA512
a788f85939ab7e624eec5f8d096fe2a0d9f605044549a5226ab26c0aa3288d1770a1ac6dcb4cd92b59f936c6bd27e4dec79793b20a3f1d29282cdc6b47a49fb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
491dbfa922cb8c611c64fd999c977d49

SHA1
c1ab79bfea03d16a4512b51d6b2ec55393b0a0e4

SHA256
c34a12ad7da2a1ac5a7000c0bcd163266bda2d5c6093c1475f1229947bf665b2

SHA512
e5280516bad3e8544794ac0549ef2183982f849858867e6ce1eb6fc6384ecc4a2e392ed921941fa421c50796c9024e9667ab3a0df5bea8da450dfc8ca4839b55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b404320da615391b0c7798c9c5226f1f

SHA1
bb046b0cf5e1e6ac86efd91be501641b83c1af58

SHA256
53ddeea3e2fbc78d7ae589f2221de6073a3c89f4619856280237c0638cf88ec0

SHA512
93225d4be256d49b85d863b7af647d5277f08cd02c40886fa15d31436ec63136350ef565ee28ca86bc8c2ba2902e0f01062e8daaa67f7db999707403fc85e669

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c683269f49b9ee59fe037e7abfbf24a6

SHA1
de69b4c50e87de46d518989d8abab1ab3cb446ca

SHA256
145cfc241e55885ad9abf60568ab79722f17682c438b74ede640652dbb609904

SHA512
321ac4b1b41980e6aafed2858bf3488db677e406ca87d53b7e75ac4ef256db7b1d10ad11d2eb7fe2e377e73c4d3b966f540a455886848886e4ed36b1996c0c5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87e34821d88cc8685540d5e9c2415db3

SHA1
5a3fba1fe7c15875fab1946dd5491a110fd58f32

SHA256
6c68f62c3b45295f5c33da863ac39641f2dd47a7b04448d29cf7517332a22b56

SHA512
5b092349125dd0a9e8b69be4f79abe53262be4325405fdff9c3f8ccc90644d30025b12c1cb678b066dc675b540a312079840c87eaa5009749d9192b06751ed06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b51b4e365c12564e0be21f76f9a6e4fd

SHA1
89f74d46bdb33efd91b3dfb267f2fba17df86a54

SHA256
f2d9459596383715126258d7a9a687bca9366ef142f32da7224ae7f4b5484522

SHA512
a5e787153ae7610f157eddf49923be14e89ccd74f79baabbcd6e548ba7a291a276970fb08e0582f42d314d5628f15d916bcbba051df64d2639ad9ddc0b0b5021

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0a52e4c4491ec99f7fdbfc6fa58c59a

SHA1
b951ce484c6272ca243a88d04117fe236af3723b

SHA256
dda75a3dda23f1301e19a54c45b63ef6d78e0a811feff4ac1d93b52aaf7da2b1

SHA512
f9a258818d7608587d84d292c3e3e02f8bae62863b55347c2291b88fbb4463a82fd42d9ad7b395e8fbe14fd292ebc46d14ba4df136fd5f56dbc2f8769e73b454

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d096301ac5377aabfb58f8f27bb4606e

SHA1
442bd3cc1f10ebf90959d167f7158853a9c6f0fc

SHA256
670303650a79cdd5506298eca10a411b57e1272726db2a5720ca4aa4a9b38818

SHA512
04044ae722ead54136ceaccfe67488dbd79cd71606038da869fb4e174a6c9de4a649f831c0dc2ff8cbfaf57036cea724596e2fb5080bedf6ca90b9a2f485e56b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68a25c45af57fa5145a7061375bff2c6

SHA1
c9616c82982cc79e49617404219dc94fe8b4a26e

SHA256
073f4b740e03c59239008e605f58dfbf6ec17225ab9964a85152de67ed16dcfb

SHA512
cc25609c2cf51a8cbc735b17034e4ccaf73612e35f7a5034056753cc4bfd5c4289fe6d54cf1f8cea8bbda479d619740bd1bae6861b8f2d12102c32c07248bf25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4dd20bde847bd774374d9b5f3c14a4a

SHA1
6aaa46a388bef642b9ee57534ce7273330bb943d

SHA256
270aeb26916377f8893038e27275b83b634ba85682afe94ffc7741b93fa6acbf

SHA512
3517ae05f9821d2462db26852b48c866ea102d23b99b1c59ebd845b2ff696598c3849e64ac4d1312411337a81dbb8481aea46b7d082cc2f20993a76ecabcfaa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
756364cb625c07e55a6268f4f30bde09

SHA1
12a67ce57dce6306f235bb3655e77e3ffeede632

SHA256
1ce466de23ac8646d7d0c9905a2cbb547dd8e4048685158d2ffdfd65976285ec

SHA512
35cecbe8010899ddfd896834b4fc8831f63e626a88e89a64b1471a36349194dfda01815d98b1303b0acb4316ab1d6ae4455ed2bcc7ea157e55bafb11940d4ad8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f58a11efc95a80789dbba366a0864f8

SHA1
fcfc35967fd8120b552998e298f3dead6b4d47a7

SHA256
b7de8f897877fee6965bc88240612dd99effe436a142a319c7b4075eb59019e6

SHA512
bc2aad5fb6d0a3e14f86ddf5a54f4ece22c12a6a49c90512811e6f5da1d2a634b1ac19b6cbfbc75daa1e081ace332347ffdf9674fa52378c0d6b1d6d0f06ada2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d84760ac551716f94c3871c47d5ec11c

SHA1
c7cd3bc78434b8022540860481de48ea70525683

SHA256
2167a2f96ba74e7dd01ada4b4000061b76202a7edce39e20e64e5060dfd90ed6

SHA512
b41aba8a8e328d6e55a99c175202970f7bf3eee128723f87271b9abcde066ef5c52adc27292d5fc3bd107bb971bb45c02f864b785bdb9c5f9317b102a2e499df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5437474ad57da31ab21498a521b1cb6

SHA1
8983aa51230198924045701507ee68e2bf6cacb9

SHA256
04298e12d135ddbbda963fecbc282e434c18a7cd2ce5d21eb4d6f710b44a71d2

SHA512
fa849fb3a242c321862bedd55df8acca4d048dcf804d8d7fe103982bc68e1c655654a973c59a239e39f3e5fa40a7b804cb2816d8d0814dede1f480360bfe9460

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCF91.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD040.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit