39428973a14b9928108e983ce9b47f5342727449e78cf23816d9a7a24814ebbf

Analysis

max time kernel
66s
max time network
127s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 00:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cde9e003d05cbcde320c6c3fff91fd04_JaffaCakes118.html
Size

402B
MD5

cde9e003d05cbcde320c6c3fff91fd04
SHA1

866ba22c9293945aaac8928298b9ef5a2db1cf9d
SHA256

39428973a14b9928108e983ce9b47f5342727449e78cf23816d9a7a24814ebbf
SHA512

a3a1de2905521291646d2bef1e1f267c96d1318baaff4cf9ca27463971d737082a923dc70ead61c577bd5a10833d7d92ed084a2ce791d831dc2fe17bc2b0e210

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000061439b8e934d46499a1f675b4694293a9766a740232a5fc0a0b8ffe8bd01b9d5000000000e80000000020000200000001498ecb1b7416e14b5d4f00c79d4f73460060459b726c86ce0fff18860bb3ec820000000f1917a7777f25165b74997d351bb40b2c3537e9bab19e6f2bb4235af7971810e40000000371d793e66d329d8b5986f01c6a0017755fda16fce269d3f616c0d1fae178612d59423e14c41cce1d47cf01ec7ee811e4b8a705375d8619d29f7693fab17f5a5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3C067651-67FD-11EF-A4F3-F6314D1D8E10} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 504da1100afcda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000005ea1474c6b95b5396c1cb68a48693cb71f311bc1f77f165a4a1cfbe8ed649ff2000000000e8000000002000020000000f4466440c601d3f8a8f9e4645fd9f1b6438ac00606f65618eeb830963a248add900000001ade14e4f81a4eddaa34a7207b088e5c62a8d0fbc423b1b696c23ed680aed683ac06a1448866299612bdd3c6dd7af80fe90368e4e49e5fef089baf6f32916b6fd1555751c54c87bf7450dc9a813e512dabbe97655da4c1bdcdb023eeb825d236204feef81d5e24bbb62db257ec607ec4f58dbb45ce712459d8b6d13d5b3cd26b2706f4a7f6be4bdfd0af4b1b907206b340000000e11e2c599ac9e3679694cbdae94089c67da41af032cde2e43106ead3d45661ebe9e1a7d06e108d36a5138307eebef8db5458b8d4a92afb6797f8d3e899a748ee	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431314147"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1872	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1872	iexplore.exe
1872	iexplore.exe
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE
2136	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2136	1872	iexplore.exe	30
PID 1872 wrote to memory of 2136	1872	iexplore.exe	30
PID 1872 wrote to memory of 2136	1872	iexplore.exe	30
PID 1872 wrote to memory of 2136	1872	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cde9e003d05cbcde320c6c3fff91fd04_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1872 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41f295b5b8d5b4c56205f42521c4243d

SHA1
b7b461442d1756d0df31356096636d7c4a48cc7b

SHA256
61b45bce5eace97fd5b7021fc10ce8dc1888689b2ee632b55bd8b67ec2d39382

SHA512
cd9af69cc6cf5328cec96b8bdee9270ccb94aa32465e791ed3f2747435eb3500712d1942abfe1240ff1df80267f7ae650e3e122eb1ce81f0de4db0863db6768f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4c0063b8bad2981219b605b352c7fa7

SHA1
58c2823db19e43c2d1cd09552c372501099b6f2e

SHA256
0a2530a9a78e2bf33bed7a7ce5a176c0b4625cb7a3a020b1696068420c4382d3

SHA512
55c0513f093ea499d46479106a020546176489e8233675ecb1f2d4b51c1b28b563b643fb9df3f2930e96bc43002dba10dd479674900221482050e3106e635b86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47a038475c4a8535fb91892782626912

SHA1
ee29dffad778b1e755d3e0bcd70772f23515c0aa

SHA256
0243b4a6649fa0ccb1a2b5f61cafaff2268fe113c380a76b5863947fbc9d0dc7

SHA512
80b3aa66690604d9ab7c7537cdc2c1309ab062a2d28ae7155b926aeacad88ad0a47b75e32a2c3307138c6bccebc7e434f500655559472216d7775824e099ecb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a8abde2d8ee9b402ea9af603a8d3ae3

SHA1
a5ef6c062da94239af3a1f547e6285c59ea9c12f

SHA256
189d4dc7bb22c35230b900a2b4ec90703d3248a068087d6a96b0dd687cbbc28c

SHA512
6330e5562802ad930b26f01b56793cbf8e1bd90e7c4fb18a693e505096c96d78537db1537ca44a435744c134da7b35d940bb5a6f8b70952d26f9c52f754ee36a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5561896fe5e253665a03533666d2443d

SHA1
1c9b2ae141542c6bcfeff8ca638fcf9aaa631513

SHA256
5dbefca9976ae3a57407c064c6c0081815581ec11c616cc480a06dd0a5bd04ba

SHA512
fc1342be09203c521091d54f456a9217dd5cce5940696a91ed65baf588a81e2dfd22c27cfb44766fcd5dfc78d16a953b4e283ff05ec8d0c69d8bf1632bfc215f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18292e7d9fa228f3969cbdd1a4ee6be0

SHA1
c6f4fac6639d839a011f9cc55728bc49afd1b84a

SHA256
00bdf2c08ffdd855b9a0a509368e729efcb23ed7e421cc26d90ecd408f20bb3e

SHA512
c41dcc1938e8d28a3879d373e0a055b279d4c95be99549810954198914f5fd6b8267bc789e0501b0e20363fdc2811784958499a277f1af4ae3a6c85be8976d2b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e45eee6c1fd224c882999d88200230e

SHA1
33a90f4b392bc3513b48889d7d385cb76c12a795

SHA256
fa90a03360ba9dbc1bcb9ae0b16a42a5b3bcb55c60fd27cb9c57e8298ea20ef5

SHA512
06397b9fb963dbc53cbc895d9345279243fd9c48178fee1d3b111a83a3aa19e9b88898dd84f4da2284b274435fd4bafbbada38a47ba20a13f668afb5f132adcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
326b9b1bc1452f2f6f17213b9bbb5ed2

SHA1
41ee17b60d1220d70bbbdbf3fb84fa3005df3001

SHA256
00566101c66ad303a92727f3edba1c7c2b4b52fbaa113b47c0eda765163749bb

SHA512
82a5a026cbb2b7f777c9a92763c2da2551cde5d0987496b8d9ed4f2534014a1a67a4d8c7b7e767c422d2cb00bed0123bba2b13bb6c126e71cc7ca15e8d314f53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70064d7877349d32e847583f2bc99dd5

SHA1
0c3d1271053c5be0dae28b26c41c4bc722570dea

SHA256
e3b7fae2c92ab7c64466db087df2900637d04e059d82732748b538d08b6a97bd

SHA512
bb8a6506c2fabc779bb940b05d6100221720d02b128d81debedb93f7e53362a7c7fba2b56e36b762dc5ea098eec43d581e85d06391db8fb3e67dbe86632c176c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30b8de87ae5c6175da836086a3cd1abb

SHA1
388586600d168402cf46ed1e382c0062acea8dfe

SHA256
1489f14b55e9743c89a1e79750a4eafecdcb737015da6e53bb4e0735259551b4

SHA512
cfe87ef913c6cdb4d9fc074e2b9ca96e157a50a29dda61a5f93b4af6eb6133b6c951a9060e70df57e3e895bcbe75844583f93c667e399718b76a931c54e7c2e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a6419090949baa35a6bb5d1bb68f6a48

SHA1
c5d5f5f1d002561d8cb81f8fa31c23f6de7c7820

SHA256
be5b0948cbfb4e3a2ba20efe5a472519ac7f8a43897ef6923965d0ad79b1d5f7

SHA512
4e78e70599e57eb9871794bec55f61479ef6a7eb7dfb139c3f814d64a3c2848889b77b30c26dfb52e3085025966ff6341f01b49d3894cdcb5c1737f721118c0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
111cbde233cc6bd61a61f23b71612109

SHA1
79aabe8df7fdc0228935c269765194c5d69f8c4d

SHA256
62448554eac009990faf56359c910a198b5d575cd224bf70a0b9ca45917924a8

SHA512
db540a294773d79905dc18c5da66ce066e00ba50ec98785c7e37fe8fdf479ec0805da3e3c0ed921785c661028ec483c648c99fa1bf63d1ba35d9c4930cec04a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
293d7b5f73815718f01f6043a35f82e6

SHA1
0c08e7fe331b65b5dea0a9a6948c06482f4e562f

SHA256
a1543c6ffdb82ad9802e305aa9e9a33f575137552f195113a07838fe8311deeb

SHA512
c3dc5218f9f26776e31beed07db7bbf8c96265be91fb14ffb59e6ce2bde755925cfd06fe9897545986f811d975550039e11eec3c8e4392f6e7007de715d1c3ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
390f32549e323adcadee7a4979619a20

SHA1
53e3d3cddf5da49850e3d0067d380ad6ebc011f3

SHA256
7f22d02b7532920a7d65493a1e91ecf3b6a8ccac285c3910c7fb6d94803ce177

SHA512
0afaca243e91ca30800dbf032de9f97647af603d9836347a2285ec834eb906c9b7438a79bd1f2a79f89c2e6c59a1fc96a6cfe8cd777c43ba7fe04b31ca3223d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2e854f66d13606380ab37e63f316b67

SHA1
e5913cb1ec4a078a747450729171e79a2ff486f5

SHA256
7d3334d150de6374cb2d12b40fbeb0857064a9962cee0c1e226e68101a851d99

SHA512
d50f9a8e998c36821ffb0745afe35a3a19be4205506abd087909b2b4e6b1ee3d5829507be7879d3d1aef84071cfd05009173f358e58ab8c1805a19e36d9325dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b7b3cedb0f2a86a634be9b797f55b2d

SHA1
e45c50de819d49772b5b9968b4f7938d9fe7bebd

SHA256
df914540c203908cca0107f1947b85cab92a4f05c4f02e30bc4c6569f888df71

SHA512
a27a4dacda6aec24895be60d0c9d0299681ec3affa9a58ad70e20cc8a704477ed637f472efb89178f677e11bea5ffc0c41aa0ca9d69ffb6e96904af857804f84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec97234f4514bd286564f56e49d030e6

SHA1
c93854732559a17de2a59d5d4360f74d0c8f52ed

SHA256
2e99760dd119e7ad8a7d7bb630f35b713d7444ea4a17df0245d4da04fb8db063

SHA512
83b4b4a4ed9b72d763c03f8978f5d3cca4c1226ba64c429f9f31eea3ecddadf6078f284ece137096474fa3aba34001f2550b5fc1a5345761dc0def44fcc9ee4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA631.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA6A1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit