0424c9ff41cbc4ad0653f0661250937ed9de0c3d7acba12530c3b23c073fc1d8

Analysis

max time kernel
121s
max time network
146s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8a38e76298f7efb405b0ecf0d74dcfa_JaffaCakes118.html
Size

36KB
MD5

c8a38e76298f7efb405b0ecf0d74dcfa
SHA1

82127176a2e0498f7d1c2eeeaac0679221a7d305
SHA256

0424c9ff41cbc4ad0653f0661250937ed9de0c3d7acba12530c3b23c073fc1d8
SHA512

34a2f2a4f79fffe15705d7fefdd76f116d4099ad62d0044663f509d48004e7d64af75e86df2d3f40eaae1e490103561ea401c31a655d32654453598dad3cdb69
SSDEEP

768:zwx/MDTHdV88hARZZPXkE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6ThZOg6f9U56lLRB:Q//bJxNVNufSM/P84K

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000bbb98db80f0f20c5ffd01825f448067cf2499e5ece9a4d12ef11f501321f8cd2000000000e80000000020000200000007b74db6de262def48dba694923de377bbc33f9e906a4655a705c4f932792490b20000000885119d05b8314cf1d6ef9f2763c0419db8f11f37370e56a24f724561a7fcd4740000000bb4d17418ac9fb70bc0a511bd7e8c98667dc1e487cbc26b5be267bd083d11f380f034d718ae5cadb454e9756ac006239e7cb85f9b6bbcf7bbf374fee0bdd53f7	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0d31facfdf9da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CC22DD01-65F0-11EF-8419-5E235017FF15} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb780000000002000000000010660000000100002000000025902b40fe7ed49b4a974133ffa9a9452886dde0227184a8ef4618491bf8fbed000000000e80000000020000200000009ea9bd4056005b890c2122ce99110f5207f60069087a5caa9a1fd6e30df078829000000015871a86adf4eeef80ded1bb03635775e10c4c6a9d7b5656bddfee70dc2de478472cc563d52b77baf2daef2ff1180da9c9ca916bfd43a72f231716c210ac282790007f053d0fd6ce927d341f761a43051649ebd228160bf0c26014d6988c101fbb57d4ae10bb73dfa1730da2aee0dc47259a6411673aecba9ee39a2e5f44d862ed11ef3348fc8b199e1daf75da369ae64000000031a0182ea268fb30a2dd7f8b2bf1badaecdca1629d2b4ad789d3d04f597ecb1d6637772fcafacac19c70a907e746fe43662d06b00c1b3173a1a231d80986290a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431088923"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2104	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2104	iexplore.exe
2104	iexplore.exe
1544	IEXPLORE.EXE
1544	IEXPLORE.EXE
1544	IEXPLORE.EXE
1544	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 1544	2104	iexplore.exe	30
PID 2104 wrote to memory of 1544	2104	iexplore.exe	30
PID 2104 wrote to memory of 1544	2104	iexplore.exe	30
PID 2104 wrote to memory of 1544	2104	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c8a38e76298f7efb405b0ecf0d74dcfa_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2104 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
c02c54eba25d38d8d5891ddbcb279bc4

SHA1
acacde29f6fd840f07e3b2dab4aed5a3aa11eb58

SHA256
8122366fcecc1fa9a1cd37c3a98f977f919dfa44f5245dde09cb34bf12044332

SHA512
98380be226e0874b7598325e6026cef93a857b154947a073d42d70f398b42040b6e51d5f075a942fe68e12e8b9795d7ad1065ed264f9da5e692b7f6d3b29276c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e43210144f788b1c4232652348c2806b

SHA1
b9373f1713de956cf7aa181cc7279631621a6018

SHA256
be02d173db8214c1adcb15346fd1f860d902ce49f3367469827fb1a46b7e328f

SHA512
876152e95d1475571566434746221e2e16d4c4dcd9eddf08c33565165fe4290061529171d69b6e186ac8feee567d82a7e2a3eaeeecf78517291765d12be08cc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f3dec3b21d056fc6241917a1860f5cd

SHA1
7dee3fc2c0b96ed2deb7afb8e0cbc57df1229c98

SHA256
2119d243207de16ecc514be9a9bf9c0d115b7ec413a7797d86a9fd4331dea25a

SHA512
fdaa7ce96315465dfcf7eb00065cd3b501dbcfda35dfc68e68056c99e35076e526d4d933fb3f25594bac114488b446ea38cd32a310f282ada1741d8bc06b5888

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
779c28fbec217e8a5d5b2cf3f6a5c3b7

SHA1
60fe4616f021a3dddc6bf2080a1f55bb0c7f7537

SHA256
5b31f2e4d73a4f645ad9e4380a56bb71b182788a234fd3ce9c1337d768baf128

SHA512
d1e3d37f04598d1ae397e86fd4924ea4df3d4c5286010739397a4cecdc5e4a11a882c701c7363ffb01a615b8d21cdfc9295f6d8ecfcc18f5ef31573937ab964c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d573164c70fc51f077d2856373644ed1

SHA1
8a4c06a12c82b7bab4c8810dab1b4511c2621420

SHA256
9d036c994a993d7ec8027f2a8f5d78941342addaf653d709064a9866ab7a5a51

SHA512
e6bcde86fdb6f42c2e4c490a2b2960e24da0726311f6d7a636cdbb45ff7225aff2862c1944e3fdbc37b3868d7b7ca0d41b5576194098d5a584916a60a498a138

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a6444ed000fe8bb5b2fdf3b9d8b3184

SHA1
f5190a79dacd63cf20bf17f229886e89a0894f61

SHA256
4c262d12656999a5ed582fffbea2c31611c2836b9e3deeee18fa3c44523e81cc

SHA512
76715e87730d02c93dc2e45ce28737ce625c88dab8fa3994a0d4d9bc0d399e20aafabf1bc938969530e779fc587e376421110cfa3403458063392516c3abe457

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfa520b0e0101f298089dbc1a17d6069

SHA1
33d2d924c05bf109327fe38d27d2e6be68fb06e9

SHA256
8b0e9d9750c41949631ec9ca54bbbbf50ffbc9c4d637b3373ed835ac561fc1e2

SHA512
6b6dfd9f8ee46aeab07741fd597b490eef92682ec2540fd3cb544b5af3b85d2c396eb9a58d5a32c3fda31208dd9ee6c1da0b84ee2f4f16039720f92273396a5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d850bcb9a5fb2416e2f149e447c44734

SHA1
2ef0a3ba7683218755bd6984e30a416b0e73d261

SHA256
813098cdaca836ed99a8aed32cb301bb47d448bb9edfa137b423a7b361664f9b

SHA512
ee142ccdff17e3e897c9740a6a5cc973d3cef040f4f969c080fa61815544f4c1b2fbc9c6cedbc621062ffcae7cdae54d5861d2ecb41f2fdd131f5b1fa9d9324c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8be6563b9fc4740e8ee530939d9009be

SHA1
98ba55329d1b4e8d833ef071ba885a698b498905

SHA256
a876a6eff2d30ab7e8fe8fe493020f4376f4bc12a8d161f272ff4f97b062dd83

SHA512
de71023e38dc847f1034a922d5b5083d6b0c95f756a9df85880e87f16bffaf5cb311e6ac7098aa896142db00b523694f80565d409594b767b6189e1eed142be2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb4d82dfe7e58078e5f12a25f01ba670

SHA1
af1b9b31779dd0592a3349ffae9e2148687cff5e

SHA256
4fd07a451da5074ecd15007c6d1277ecd8bfdbe17f723e6ab4248695a93f1560

SHA512
d82d32465c01224ec481f88843ea9a010ee82325bb6a92c8a00186c34ac8b0cc6a1b3699aa8bb156dc130b59de783fb9d2928a1768afa5b3c5b2dc514e4cea03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25fb0ee7336bec2ec88b42682e5b500a

SHA1
5954559389ae5cb841aeb0cc4d03a07216b12490

SHA256
3247b29cd7bb9b4793039d84ae1ce3ea23438689bd5c1362347b0c698cbfcdbb

SHA512
446f3810162d6efe1bf49017540dab2d2de6625cb502302d0dd1b7204caa66bfb26017df7c205ca9be63022b38d8f873170233e8a1a4f2049b19a02996e42b1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2c44fb7848e5ea8eb6a197b7811593b

SHA1
96ed3f4cdb2011fd5173536a9d3de28b5680fa5f

SHA256
e4cd763d99a05002e6a0151ede48568673da1b67bcb93b57b386b31fa1304f2e

SHA512
d34a46e5fc65eeabd99d567dad68fcd9071325a23d0de8c6a9ab21688230a5c274a743375fe21ef99cd23531eee6a43302250f2196fc6ca2dfb8a767ca765ea8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
9da8b8b729bfa189846db8a8544d2dd8

SHA1
7d0b61b33e9df9be45b161921b82f9d39bef5dfd

SHA256
279e2d084a42c33ad65e0a775fd05a42f9938e2d7e67376d26157ccdbdf9d46b

SHA512
e77987be8335843ecc9444a920737f90565bd027e9872fbe1565ccf69678f8c0f996d20f1410eb1709c4d282c6dd4b159d10f1e23282624692fecfcccf350e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDA79.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDA8E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit