6c876af2c1e447aa32fd435e7baf9c6cc6607c672b5bbc68ab1623ac80a96f2a

Analysis

max time kernel
143s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c89f02367b8c7bf5262cacaca64906e7_JaffaCakes118.html
Size

15KB
MD5

c89f02367b8c7bf5262cacaca64906e7
SHA1

22ffd95648ce823f6b688ac22c7d0f0b1aebd194
SHA256

6c876af2c1e447aa32fd435e7baf9c6cc6607c672b5bbc68ab1623ac80a96f2a
SHA512

1df982e919da9d105bfcc0d4ae183ddefb11ea553708d1edbc537878691f544a0cb880ad46daaba4c47f98d5c87598ac8ad8133e2e63a4a019c904f409c5d76e
SSDEEP

192:S1RO9xzUObfa+6Nhm71Mf9RD50ppCXMX4pg6//PN3C78CVWSBXNHUAhMPWb9kVmP:S1Rmpr6nU1Ml1apcW6//PN3CHUjw

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000fbd88e6f1e17ddff89eb551b18a998e7e6c93b48167873614dd0a3aaefeac7ff000000000e8000000002000020000000507e126dd1dcdcaf7de398c816aad05555b613034b372ff7c246e8722319d993200000008f32606301844ec8820a981f277a025cd872fe44329c5ae2194d1c235b38d6004000000036249796bd6f31803920e3a1d299972c5a8ab7bb252e373ca919844ae409a3738183fa0f2f58683a434f76772272c463a8458446b7d3ccfbb5a40c47535fc991	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60a278fdfbf9da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E5CAB681-65EE-11EF-8650-76B5B9884319} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000fa0b95495056a78af816a66de5306cab9b398605cd62755f1610defaff2c38d4000000000e8000000002000020000000cd1f461be6681c2c5bf041613dc7a7528fc97a0553da20409fa2a77ef464e7199000000078e27076995b38b848e4675b052a4125f0e6a5852c6883b76f48e3fe87a90a806f260c2aaf241278220be41bc1fbb6e9eabd8dc449f05dedc1ccbb9bf80410daf73df900e1b5d4fd53874bac7a1d166d4429155022363891a1307635aedf5eba25c74d00ac71704a9ace989b8c1798a8e689dee24b189e58da783c95e962f67abb9e9767b3220fc6ea62d1bf03a90c774000000049e4ecba70439efa78e08d7869b38c1772d5ed9e8d9f68946cc36b5a72a8abd6382d8b4348b99a00232c53c164b94f8a087a54f4598fec588fd4a8cb403b0fcb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431088092"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3060	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3060	iexplore.exe
3060	iexplore.exe
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2560	3060	iexplore.exe	30
PID 3060 wrote to memory of 2560	3060	iexplore.exe	30
PID 3060 wrote to memory of 2560	3060	iexplore.exe	30
PID 3060 wrote to memory of 2560	3060	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c89f02367b8c7bf5262cacaca64906e7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3060 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d15f962b65daef35f4dbefb31d22aa4

SHA1
b0b1a83a304bb809c9da013848608ba0e4697b5e

SHA256
83108833ec778730a20944d9eb8fde9a5f2be53e97981bc8146ae0e1c0218357

SHA512
b50469fc88ff4a0b4242950f7bdb8c62c3feeb7b1a28777acc158b398c68360d2f7fc223dcb9cc567e81b515ce881322b7f6c2cbf898a571f559c86c6b2623f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c45bcb5bd18b17aaa5b6048fb917c23

SHA1
7fa99398e7fbeec7ed3f5c3d66a66709a066eb8c

SHA256
69b931ab3b78f9139d5d29859cc3e22bc43d5f0597780ac2aaee6c6ce2c974ac

SHA512
018e47cfe4c77ac9dcbc2ee6942481d5e4c269bc8872d363ec0ff49b7178dd379bbf95efe630e6e04570f6b30f46524b8d966edbad1c4449fd26aeb5a74573a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b54b3167858dc9cecefd79bc504d2203

SHA1
33bb60a9a0e30fce7f803f22544945450c328965

SHA256
410c9ffeb98ec67df4de5ba486978dba8fcfad259ae1cf061454a753a1f17c5c

SHA512
7549a0bdc883f6925223e708c11e4e867f37093bdebc001b20ba0889c008325d312f666b81c804f2d349aaaf085f7412d65a58a4d0e4e4823e2616e94e8a0d13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20b53c979b3bd3f6c3382ebe7e2c8331

SHA1
55ba2ce7287be1de837e358de8445c620cda483f

SHA256
dfe7730383c3fe408fdd19d35f429d499cbfecaba10b9f90ff3697af2ba79a31

SHA512
22f9301676a4f472efc5fb527c63cebb60211719cc0d6006b24f0a1f19176f96ebde6658b04dc3d315814467010476fc200bfa429509dae763a620f07f108aa8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
786036c73b6064c951749ac41388c6ad

SHA1
b3eb0115d742a6b00dace4f1ae3c26c17964428f

SHA256
bb7c959a12a0e48d5c23c88189d2c9b745d27ccc024b79c8d081fd00c6479cae

SHA512
086283be152565941b43e73b4cedc63e7710ed4cc2a9246f46a7cc5887cb9e73aebc2290db92b984dc7cbe6c8e9564a6b815a266b59c991c752a23483e0a1251

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4254bd5995715006205acb2ccfafdbd8

SHA1
f1069e98177d7ca601152abfc1573663fa8c2cd9

SHA256
e83fe033fbbb7858447ca9bf4d68a978fd2958fd517ff3500e5c3848b1d2e0b4

SHA512
aeccb1da2b271be0b5e9ad6c87ac5c8aaa24a621932e1be342d63bf1df6096576cb8ea3364f8fabc372248334df0fc15738bffd68b3ebfb4665af9274b65735e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
697ea8379831a4200de092b4c8493202

SHA1
01be1c7b5c4a14d65e837c2c76f43290c3391633

SHA256
0690bd2fa534c4b0df549e8a3dd32f6ae63b52dbf3c945b33a52445c99203f64

SHA512
09ff337d305b72462172b57fc83760fd2ac16f1872f3afc733ea86bfcc1687686e58678abf9b597e9cd7fca8565da56093ced035941d911c9fc9a01aa664fd83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e11d665eca6e53a9e4a16822cf99523c

SHA1
396d82cc304ab700d29e27cee6ecf6be84391037

SHA256
6fae206270e111bf0a72797fb9bd69345bee7058ac9ba299dd1551d2d51f6add

SHA512
3341c121b3d3de5a40923a53ce6d2933ecd410870f020ba77b0e88a7d2f543625dcfd82d640997aac7d32b19b21678cc4c624f5bbf67694cd820d06091a45d4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5abb6ce5e20afd8728c09bfbf4ece74

SHA1
62b716d43a8169f7b2bb0ecb0a6238a53d1b5388

SHA256
87c239ef4943516ce813be1af8e649cf136c408334238ce279de60bcdd926481

SHA512
dbf5f14389a3c79f447a65c352e6957b95089353eb96819800f7b2ccc784e9550cd37bf80f8e639aae1dfede271902b2ee7d1af8912afe8937d504ce39651f43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4f6cf2928254368995dc90fd4a52932

SHA1
6a182e681b43a02278ef953ddd8654b4e8ece2d8

SHA256
8fd9ae9b6fd6ed10a941e61bcb886800403ece8986173cc6f5866069542e31db

SHA512
09873a125b39284ed7270024d260ca16e393ab8814a5478b9c10a42f094dc26e65f2314f8995c0d17308577ca8a720e71a7e8907c4ee65d4ad10b6d6298a48ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c524535b89715a6822f51db701ae4260

SHA1
c2493d79e35fcda2671a82d5545d5c33bdc70b88

SHA256
df7b41da71dacbc97f8400aa8110c17187167d178795c2a5d537da298878a308

SHA512
be0ddd666ecdd4a21d4e745586c46181ae189c6dafe2d1ba9c3fd996caeed344732047df10d1152c72fb4e35a93105931c62cfd02aca2b1777c5945ec33a4065

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2db7a690820d07f705b33dc59d0697f3

SHA1
2358e4c73af84864a1eeb34ded3223be54f9c4f7

SHA256
278f6b63890ca020f9bd764839a82482e0bfded523ffff760141df6570c44295

SHA512
a855ab469bdec2919353c2129913e4a98d273a205edafae4edcd291dece6a4aded3e05de969e902a39bbd4f60e089bd7a92c554be6a8c48d9b82c00ec7d0df61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d493155e24cfd331052599a2775c612

SHA1
e6bb8efb66f7d136026f3ab7752c8b3271fa5240

SHA256
19c6e002c71307972c44eab40cb0f8ace77cea93ededb7748661e1424f4f2cab

SHA512
43841a36308892a918ebae4b5caf52e0b9755634b60d9636f1e777b05c674ed9a1bd0af8e402098259888c8c877114b4c17955e2472d5c49f8552e1caaf7d360

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f98e84ecd1df4ec465ac46c4005a7fe

SHA1
baa091d3768cad7329f8f0428281fbf2336c4629

SHA256
5b9b234dfc536e4960eba7779b3621b7b8cab2ad3b0efd505c3598d9798f23c4

SHA512
1a85d3ce1f25aca6fdaccee8c1ba29aba87581c2c381d4964e40255c7b621365a108132a031c48c0eec20ca43b65c25e90a169e6d9f5b476a9a3927d18a0f089

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72c68e0e3bb28dbe426dd4d98e4a5d54

SHA1
9f1d95b74600ded5c0f9c9c19f2ba5bb26882066

SHA256
69bce31b880833df26de3fbc70f179c23b23d6a454dbc6721232e23fd7db1828

SHA512
1ee3b85ad8ffcb74d12656786b982afa1e5ef71e52cb6b0881e2e06fbac5a5517e0ae9467704c1aa69b04198024970921aebadd200a27995ea07ea77e7b21090

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f330de7af622739ddfde25f11f7660b

SHA1
20ba4f8b11e70f86bdba6cdd3016c0a5b06e3091

SHA256
83592fcd2c75aefe901482f1917c7d6bc0fe97e2456b51287891f40a8cb78485

SHA512
d4adb1a9f7e933212d8f4fca685676c15bd57cf8323c1d8e83cce9ff351674fd0a28346a677c08f97322401dddbd9c371c7a3ac2b34321d479796e361602ec01

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB8C4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB994.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit