7f75b3f4f8c637875927689a355d740050b0b50f514d9c82440057478966fd6a

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8a239a225ad1f3cfc64dee402bfa312_JaffaCakes118.html
Size

13KB
MD5

c8a239a225ad1f3cfc64dee402bfa312
SHA1

39dd9a9657b2c52e16debabd0119b20fe1cf3cb2
SHA256

7f75b3f4f8c637875927689a355d740050b0b50f514d9c82440057478966fd6a
SHA512

22f9293a869ac3291d09801403b4ac5f659f3728bd4237963b9c8ac21a1b21fe5ba7859fd7577176bd7aa71bf0759fdc05c63e49148d7c6d7589c45582bce9d9
SSDEEP

384:l2tD6ZXvakstmXw48xAMUNisXHbvSIcK0nK:l2tG4komA48acK0K

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{603FB131-65F0-11EF-96B0-E6BAD4272658} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 303c5c59fdf9da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000dbea4042067f257eee19e00bfab1fd5bdee891d8124d01c7ea81ede74e3252a9000000000e8000000002000020000000972166c493f7f357732ba430139a99cc140735740289805f451fcf37ac0942a8200000001eabd445aca9cc0cea3e22fb6e43f6fe40333fa3facb86c3942cabf1a9e97b22400000000415aa03311ec6368b2ad8c3ff873b371b613d732a663424c5c31badac5cbab6e696fab235819acde1c0684b6a98db20549cf912afb6d1e0e569e58cca34b3eb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb78000000000200000000001066000000010000200000006d95f534711f8ff015018205c37998ab45735b70277edf9b29a331125e50b547000000000e80000000020000200000004e915a1f4c483cb8bd6621d5adb9629c44dc835dcc95a23fc798ce78bd97884490000000fcea4bdcdb99810f2d6c0179eb910e6b5341f115bfa005cfdd005bec62ca58824de08f842ac4e76355b3ec3f58f62a6459b9eed54f83c53d43ba807ce74c0fde55c9de696bb45ea83f28707ce0ab8ea7bc4b2ac6e1d62c23da51d18747c9d060d78571cc0da6c5cf7385ababdc89f88a9fecb8302a8f652156b495b8c5ccdc765eec31016021bf7b50ce99760f1e6b6f4000000005ecbcf7d6df750d85bc0b2987d25e051a1e75743eedfb969e00ae04b06fa8d29d6397d1139095c20ca659613384a2a31610219b35d2d3f57d76ecda97488ddd	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431088726"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2420	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2420	iexplore.exe
2420	iexplore.exe
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE
2188	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 2188	2420	iexplore.exe	30
PID 2420 wrote to memory of 2188	2420	iexplore.exe	30
PID 2420 wrote to memory of 2188	2420	iexplore.exe	30
PID 2420 wrote to memory of 2188	2420	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c8a239a225ad1f3cfc64dee402bfa312_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2420 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa8b860a26054b6c8355142c87f992c9

SHA1
7c6a9a3993f7774f66a6c0e64980cf44b888474c

SHA256
42ce97e87054de3e8d96ce720c0418f8fcde3a18cc57353de7f042e1f9eb044f

SHA512
efea92fa8cacce8dfeac72af59d187d80639612ed2407c93d760356da9e0da5dfe5e75f837c660ed036d69e03a835f1579a7a11ae3ce2f9cf4d5d3aa62b6f4f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0e8cd9c93d724f8b3adbaff4e8da253

SHA1
999bc4abbcdb935184486a90d0adb29f0d4ba975

SHA256
71f1a1bc690e1daa8166e82ef8809f51b227c5d3bc7a6e42552ffb3d59ccb3c8

SHA512
198b6e86ec5043beca03b64868a4b625e9abc545743c6f675fac7e13fef394bce8557928c4c03ec8220fd6f68f1f5ab1d7a032a1fc726a47a27cd28a83a3ac52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3012d40d50f724c44db56a41d950fe08

SHA1
40a9437c1ab22e0aec5cf1069036c4bb275c97d4

SHA256
2ebaed9a77d753acef3bd03816c54cbf84dac107f63805593d6de9666e1283d2

SHA512
b89ece2490273371767250a03197a03d069ce41f43ad323d11250a2dd09f72f2c532d7789fa01575faa55e24c7f0bbbd3c42b2b448060d26bedf37d575041c5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0c3c8e70989fde4a071767a41e32713

SHA1
8969ee945f72aca9ec9f86c960ca588dcfc28ab4

SHA256
7900721ecd1118cdf55011b6cc7ec11acb2677f4c38c43c6ad486bce6c393bf5

SHA512
047e1e9c1ecdae190eef89f25323a13c01330cfe3b2cdab103e3c7a1323038cb4747f2e6f41eefd25ac85cc55571c75df9df4d2d30269b0f6788920793007afa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84b9c29e95f0fda73964fcb8b10d3eb1

SHA1
2f7c28ab9723641ad25a1ae07c4fed64bb4c227b

SHA256
1e576e8ed1468cc500bde3ba85ed0616a7584a535226cc1252554ae572c2c8c9

SHA512
466b914ae3504d695d96f2fbf222b8c311f2caec55f70ec66018d865fdc9a9b10bec4ff6109a1bf57c5bf7004c7d7fcde3188c6c5921d2e2f57a647c48780484

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
68c77bba137e7d0ed7bff92d1ac5ad1d

SHA1
2aa20aadf38b5c5fd51affc108796613c5545b56

SHA256
8add38a864034dd1858a3f93ceda53a73f5896f276ef172639dd9684587044ec

SHA512
8a536a96e84b7b555326623ba8656f79f4d24b4bda133755d57e9af4cbc658c89aa07d05b1508d8d840b97f7cc37b92cb8bb3aaec15a3be7926a857705af9a2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a030d0ddf5a0866ed1ed33ad96860fc

SHA1
bfb43e4bd73735d1e2ff9c94e8817368ff5479e7

SHA256
d4d39ec21e83b8d12c0e7f3e58a108b4454860133fda96cda092b765b7ebacb4

SHA512
25a807fff943a180f172c33e44a487568a8228587c455229621e8917f0217a89a3d3f4cd581b5dfc5a28692a4fcfab7bffa5e795d32e357e79de3998a7c0da90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd1cf24a9eb929205c1f4ea733794822

SHA1
2165391443a7ae42dcafb88b9bb7d0fe6a1f95d1

SHA256
6eca72570b688b08e1a43d718166a33c4403fb22cff6dc7a45cadecbf1cc6189

SHA512
a75b72ff3e39c4b99e909f5015ff86dd0bdabf67c6e19844d35ce088160ecde1c1c8628177e763b678bb3220a9d773cbe6306856ba429b0bd4f9463851b81a54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1723d057643b12103e9d6b5bcd483adc

SHA1
14beb84a0f67041b4e29f5f3851cd087453b8e4e

SHA256
2556d32e8cc0cd0c506a44cb10fbec41c32294ffef228a22c0c5d3e967a61754

SHA512
92566d1a9833ec9ecaedbe85b955cb4e93e209ebef0c1728b57cc560506f297c0b055e749bba392bff38822f8ca9063648090595bd3ba843e3b9d06a674a19db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2694516d6a209892e4675941cd9519b1

SHA1
92c0cf90cd0869c0b653963b3da3f780085e539a

SHA256
8768b46e4392a5997910c2a79eef702693cdb07c50a50120be87f3e9d997e2d5

SHA512
c2a4d25d85c79ed78d5516ccae8136a32ffa10a48a14ee4943cc5fc54b01c95d36a850448c3e27d06b7eaea2c786c5bcb2f362f02d84c8deeb4b6bb968103403

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05577f25dbed2ec580bc0edc34342416

SHA1
2c98d8dd9cb61b4332b66a351c4ceb9d921a03f4

SHA256
1c116564dd893475991bf66bb392dc615f375532d705a7a4c7abbb682aee9796

SHA512
c4acec85944cdeac2b9c94fba207d5221b62f150597e5635778a64494f4bb8139d418c1813645942f13d5eb77d5875be05d1c47ca719e0d769ae5c18814be6a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
684143ba1b7d9d003fa62dafe6605093

SHA1
25ac54f0485d422c71eeb62719b8a326c0538765

SHA256
dd677aca71bc8d28b5c1dcfbffa1e64c449933f33b26aea18b6088d71f67e66b

SHA512
b7fe6036d75be2c370e8fdc990a657326e70239bb5435e43c2af770862e58f177561908ce3c5fae0f2d8cd4dfd8c99dfc93b576e7f9af06d664d3f7774e21e44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfd189dd2511d2a00fe0982e066864ab

SHA1
9cd377aa49c7d45e37d9970675613c20001f5c8e

SHA256
75853fbef25e1cc4ee4a12054bd4fcb9a623eb98531cf59096e17eb917ad6327

SHA512
95d60fac18497272f1a1e0a257af563b6eb6a08ecb649ba9ebe901f9d73731825b20f462d0229bac6029aef7112f277f403688ea17d9ef3d3e6b48c497017a4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12f5db3b2eb9ecddc17587245396d0ec

SHA1
f37601aceb32a0df8c89b2cf4baa0258d45bd3ea

SHA256
7054727fe62af6678329f5697d984c3e7aeeac3cccc784c5a335da42f924c8f0

SHA512
3bfeccb08270e993c7a922412b3ae20a20303b1d2248b8acbb6b64de7f9106267121c3499b7f67bd50d4781a115878c9bddfe1dc2dc067df4d8d278adfb97d53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1e0deddf4f4338ce2019ecabe5cc764

SHA1
7aa12fb95b7270981faa98e5239e8c2d48ddea46

SHA256
7d8842500d2830b579e87ed1d1f9808450740f75ea0326190b18bebc6578c7b7

SHA512
b53445057f0891583fe97ad6e26fbb80d15c2d4f17ca17f9a5a26836db703c656d46479d612a62688257a9898d8f4efdbc7118fe83ce99a6005e3f7ccd3ac77c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29b4710ba7ddd067c057ff31add3c623

SHA1
a5b609dfafd1ad7a437ea3ac559410b441a892d2

SHA256
bceebffb6073ed654f7b27b8e661da466e0f99b8dfa4af4bf795d23baa176496

SHA512
0a8fd94a7501bfaba763ffd73645b05b434194ba0053b5ec4a3b2464ed45144e0723197bf06f82e6b73efa884d52d410144cc78c2d7a5bf011c2b37f7c20ab1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
09fdb08ef6608be5864ca5a9daed09b8

SHA1
bd0399057cdcf5f338339d8c16489dd88dcac35e

SHA256
9732d0feb8a09ef1db5e705b1a3dd88714f3efb135a62409dcfd93cdaeaaa09f

SHA512
b6d5087895fb8da2d2bc2f1d998617c3f8671ca6a236bd5a3361401912d695d09bc17906915f5f893c7a3c5e3b907de06fb7200f0d06aa68c47e5f0b15361616

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD1B4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD225.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit