d42cf64b502c0c62b178463a8a519134d227afec31c5509b4237b5c9074bd529

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 13:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c8f4ebb1dc75efa2adda45e7ec768fe4_JaffaCakes118.html
Size

4KB
MD5

c8f4ebb1dc75efa2adda45e7ec768fe4
SHA1

b9569b7acb408295095bba1e67138cbd7ec87a56
SHA256

d42cf64b502c0c62b178463a8a519134d227afec31c5509b4237b5c9074bd529
SHA512

dcf79cf804919ad2ad38331c97d84873f2730b0e33363ce214a8b32f5fd045c879268672ae4a1830fc69585081b79512dd310c79f76f1ac179558eac636ecac0
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8ojCyd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDE

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000064451760172a22370ab28571e0ce3a1a7326fd004785d33be0058c51f2fabdde000000000e800000000200002000000063fe62bfaef76d9c9e1b3291a4cdfbaafa2d9e792a1736beda8a18064dbef49a900000000f81b9c4971e22c2a3a2e8004261787ffebe2d4e4956a46354b9a438ca51747d892ffeeeeceff2965f5534b31e73a18c30b41c367bea86628f756c45ce849691e6b1bf3c32277ab508a7176527a5a77a847ef524067508a9b77091aa71eba64c153ba17d66c2a27e146081598b7a0d9220c8ab20b58d75d2922816958d97c4a0807e62e7c6b704c4fb6ffa51b07c31c240000000b47db986ae406ad44b6987363b20dca8ce2d4d2e8ba41a521e1db399d3a661127f0ccaee4feb7d1e9fa489e5125a9303a7e2f4578dc86912c01d34402499051c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000000cade2c75e98894bbe6510d69f9db88b02304d95c9552685e91107ac0b8af5e1000000000e80000000020000200000004461f901491a6cb5f3aaef7188f1022d929a94fbad3a282f116bef2492a35a9620000000bd921dce46bcd9a8074fdb2421dabc69a44b4ae49ebab9085fe1b15c34a84e3d40000000b7f52afedc6ae1939d27d3271a00420d3aabb14a08d380c8c6a466bbffd9bc267fb700fb229468e757b4873b1bb727a705456bcc0b19e049d82196ef5881400d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 401880671bfada01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93024EC1-660E-11EF-A1A6-7AEB201C29E3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431101693"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2764	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2764	iexplore.exe
2764	iexplore.exe
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE
2972	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2764 wrote to memory of 2972	2764	iexplore.exe	30
PID 2764 wrote to memory of 2972	2764	iexplore.exe	30
PID 2764 wrote to memory of 2972	2764	iexplore.exe	30
PID 2764 wrote to memory of 2972	2764	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c8f4ebb1dc75efa2adda45e7ec768fe4_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2764 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6142a64710f46d848492f017e107bbe

SHA1
d2a1ae85c80d741739aea8d7a61867283dc3517f

SHA256
8614a04f2f05fb67390734643d8874f70cbd0a9abbfab3f7273739f399a89b40

SHA512
a47cc9fc91d54c81e5841bf5b993f337639d42dd4ffb154f36a6c91508accee5aa3561317c72cc040b71919608b4c64be81b528476bd1a5d8d782367b91bcc79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e5089c3d7bc35235975541d5a3d606e

SHA1
8be0923760f4ad3a3ec5fc890c35127a7eb1904f

SHA256
7276b326d2ad8b313eb1f35f0863ea9da1866a9b209cefc7ac3f37691c36342c

SHA512
23a6965c1bb6d8ce28cfcea3f42ef2eff58c2ab1f023fd111495ec7a1dbd904df9a4faf0a32208ca26b0d6d1ec6513f3b7ad9aeaffb9248845323ce1462c14ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9694fff11c91687403a8f5fbd1bd0d5d

SHA1
8d295fbe80f7bbad39a2e623a38e0686fa632712

SHA256
96d41ebca8c15534d609aa30e9b14aa522cb3b387e02bb8f157431a0757972e2

SHA512
f74fbeac4c7856b7913832ef06b3232b51d4847e94c26b2b4ffef231bd8e56cb6bc903fd61342977d0721e36f34b2c835b3e260b826b213336505d3059ceab21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5464eebe572e00e48642c9c1af903499

SHA1
13a52636e923991b60b05c0b9ab987685fcc4f0e

SHA256
8ad090817b949a6d4b5fad1d5c37bf19ce9bab88df7d4cf628a7d9ae3021331a

SHA512
84308b1371caf046c9ba2b76a60d31a2ed84a52b52ff20d9744e4f94b467b2fa2f109ec5e6a25ddb4130ac0cd24bac55814a06212898982e4521d5dd8e3b511c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6862528acbc985cddc692d820f10a814

SHA1
05c51ddee179c53c2567bb21eac619316bc8198a

SHA256
fc1734692c29520b53166e2ae12d722037b81464c030e5b5ab8ef1288cad57f4

SHA512
d3bfad634a9e104edf5ffe478051a555d96187d3121d06d2ba9c5feadd11f0e7e2d5af2d4c40f42613e2ada74a2213af28ba7550a9db71b4ab7f080fad6ab5f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6722f85bbb6ae791a5d3db47db0b5e8

SHA1
88635707e40ccd22fe02d2e29e381b0c56d33e72

SHA256
3f00ca03d2e4a8726ae2271f94dbe683171f7471f3b2eb683f43275958133a22

SHA512
33a46fc57595c95c5b7b27942f9ae31765f186d28236d797a3debf1e6943b06f10afc3185ec3074d800ea521b60f6f1da44728a14a527dede11321dbd3db8c8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78c26291c431b398f116859cb3de1f45

SHA1
6f40aefe04d6216fa0a60bf98e3d5143151a275f

SHA256
59d63b90ab3916821bc30ced14a798a40c23597138eef052195bd03e151d05fd

SHA512
95aa99d1b3901044ea6c18c5a81b98e51b0c8d41e4a2bbda6a6d49de92cc17eec785ff95e0880c25016fe5463d74f1cf667e2260d206c9871668d5efe250dff9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db8be6ee7fda7dc4e6c2466bf933b295

SHA1
44612e4e18ce7e8b0ec22a687d5095be25a3c4fb

SHA256
78f8704c3c710ccd3478024d692a7c9d8f4e06fe35201b62ab9651203a44ecd0

SHA512
449fd53049538f39048a61892f3f59a54691acf924f82575741b7f6aa96b8282d1455019d4ba4d2196d55d296906e95144fa048b68a3c428f2fd14afcff828d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
163e7574554e87d8e6cf1f8c9d62dba7

SHA1
2c31f804ad31cf9d6f7b35ce5e14a484bfe80036

SHA256
3d462b763e96268392c37c43145bc2083fe55c58a3490a10d43c27403dc2c884

SHA512
1ecb8d0b0bdd3c38fb6e1ae6756c1358e454094da53aa87ae24e310ffa0769cf8d9a2ee2c33149f97c099c50423425e23fbadf29cfd57c0a63b73c7755620959

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c24e10547accc4d615261a2fc958e6ed

SHA1
463a8cc7aade4362441836b31e51bea1f21d4dcc

SHA256
0b55c328744945a363c84fd4ad39aec4812dd4172cc38ae71332aa36ddefbef1

SHA512
da50484b9ea60fff3c71bec4c2e799b81414bed10d348e3bbcffc7087d1dd131f7832d4507da16e1fb8876ba944a110ca66e09fb832186312946e43fe38a3bb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c76189c9b5123b1a0a61cd664d50c928

SHA1
2db972aa3ba25bd9d7d754827e7e415115ec9446

SHA256
042285e07531df516dcc919666f1bb96faaa4789116f418ab03fc4cde1b92f55

SHA512
ad22300d027729c75eafc769ab0feb3a917db3a48bb75ae8267a382d59647901cfe24bb92f7ee9f667d261774b0d9df2f21fc7bdda38c655c1d2e890a134f3a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d8f9dc5a2ae93feb0d52f5ce580a400

SHA1
c12e617afc51f4b2b548563957b5b1d4a5629629

SHA256
d9f6c65c7daf2d80fc23cc2c5088f467a674eb83753df529535e49e0218b7401

SHA512
488940bc79c678cc68f946a6db4c0d50637b11051579307ba594b270b1370cb47b4abea0f3f5fbd53338bdef4eea5d39f57d3b6c9e9359b1de8571d82df0ad42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14e87db7051fc0e70ac2953dcaffa6a1

SHA1
e0aa2c8fc99f59f77495982001e61958670c26c2

SHA256
562824190707b90f639a43555a98f2c65775747f4755eab39e1f408690d6db2a

SHA512
ebebed317ec4342dd5413dcd3289a4a8a58da87e24f308a746a8ed34fbb6ff660759aff2968367d119345865b7f8783f0d884f073b0911514a7b1574940cd200

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c65e0a8221744d8875c47eae0d581590

SHA1
8f2c7f9cda434b1461450a7f2937b67f3097237d

SHA256
1211890027aec408fea6b2498bd95c17f80db5b9a3daa2857ef5c290e52f2750

SHA512
36bbca094e266648486b7d50158472008f90a530d7e7f7aae9477b055e4384368e6be7fb9eb6d7571944390f43f9e807bf2aee60b0b647822d5ac6ee893b9e2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ff783e6731068f1a7806a292b0ed31bc

SHA1
20078b78dd54238a5199c62ce7a0967d83b557cb

SHA256
b2506b1577d79f0830198c899c8d5ee9d3131b15d15605624d762486a71f45d8

SHA512
8afacadd4180ef3fdf68783e9386a5b54398ed0fdd81d29af5d9174808daeece3af234909db9f71e2de9d867f2e6e167341fff714c1b2fe90c0ec9456e41e5ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1ea8dce247f9bb8c17f55827cfd61cd

SHA1
3a456622e4f19a6bdb0e9c7ae12ded1e104926c5

SHA256
840c76fdcca87d8edf32e25dd482a507dd8daff85d5d3f2a073fba8c10cb85a9

SHA512
5593c466fbce0e98359c3bdea9438e43f3c83556332bfc240c202807b00d90058fa46f185a055f61ddbccc7259daf6086863feee057744501fde7ddd94bf4c48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab428F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar42FF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit