54355c63b22773be3318f9d586b6417347b06b63a5ef5b31e7dd1ba97d4e62dc

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-09-2024 07:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cef8db12fed7862fce99eae1f0355a15_JaffaCakes118.html
Size

11KB
MD5

cef8db12fed7862fce99eae1f0355a15
SHA1

354485f46304ecb59412ff02aaf514967ce3c047
SHA256

54355c63b22773be3318f9d586b6417347b06b63a5ef5b31e7dd1ba97d4e62dc
SHA512

4befea98fffacac560fc436297f9d67e7c031e759a3982c91b129cde7e4ec5fd2b967b4a6baf97e1672ae8dedab7e5244a787898e4d89bc7d8ca51e74336b513
SSDEEP

96:uzVs+ux71KLLY1k9o84d12ef7CSTU/GT/k1+pEooYPiTe4nsjuFsrlVHcEZ7ru7f:csz71KAYS/+2nATeau88PHb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000004b1e722c43ad77570f26f09f74df27b0bb4f77ee736e31ed91582d3838ebaa10000000000e800000000200002000000021ec9a663e60ebb9b44fa5ea41d3f8673f00a40d12882286e90f3847234215b520000000cf2c0b89e0a868d1a2c026f77561970a95f324f96e6e69f25fc7fb17498f96ae4000000053602c25924529526454b4f63f6d1f74ce0f7845c6a4b3d743df9594d2efe682a2229230d5645812cdb07a7b9e66e9a7fcf47c7b2fcac81fda4c1dbdc1532ca2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000002edf7b575028138a6783281a3874fab121620243d170b6e314b832d8cbef424a000000000e800000000200002000000076ffc0584839c470b3b465eae997b1d2d8fcdd9b44c5abf2e7c47f56c4bd4287900000005b595c771d2333a184736446fb74fc3d42f5552e995ed79ee71c6cdfdbaad753267f4904a21158896ee48019cbd63e459babcd172f9a6978523bee46cf698062b7343b48b4f3add329fc20a07807ccdf06dd096786ed646d500076b72095de159bb8358f7ccb769483cbba48e3f94de1b7d3c011afd18935bb7f4c101bb0d9160c7ffe84f65fc1e64fb13cf2320cae3b400000005e8be100f526df30f554d028d3205ea515003af5943c8b50cccd81d49985ca0ef6f01dc9b0b61f54fc50b83b2b0066cc95523c74e62842a2025b60171c8af07d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e047cf8b2c00db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B5475E51-6C1F-11EF-9C44-E61828AB23DD} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431768778"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1184	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1184	iexplore.exe
1184	iexplore.exe
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 2116	1184	iexplore.exe	30
PID 1184 wrote to memory of 2116	1184	iexplore.exe	30
PID 1184 wrote to memory of 2116	1184	iexplore.exe	30
PID 1184 wrote to memory of 2116	1184	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cef8db12fed7862fce99eae1f0355a15_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1184 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81da0a6fc40f9fbd19c7ae79d12ea2d5

SHA1
eba9b66a3bc7a33421bc936403ed5f27507d8f08

SHA256
d0f7e90f7f3884939b426259aff0ecfa2f1849962625fe9cb7eb458a56bf8b6e

SHA512
22feb0efc5db380df486bbc807f95508e127c88c1687679dfc2685da789cd0a76302a0820da8838775bcff217d41f47478f70b475d796f6da5c17ab739f4fdab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f81efea3b833252ca7ee317cbf2aaf4

SHA1
1925798f1f295b757269462750fb7b19c47a8ce7

SHA256
cc8710c9157498400164e694284aa06770e266d934b3c3f4f0ab9b5a031e3810

SHA512
9bfa5374e712754aadc3c7491da69170405906783bcbae3700cc86de0041beb8d76b1edf1f2920b90fdac84fb4c38f1ed8819713734b0a71b5154bbdfb15c146

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc07fae3ee4495db33ee0eac3a77a9db

SHA1
0f25c7f7bd749f4dc4df7440f867e455ea0f553c

SHA256
dd4b189d4eabe834573616a0b90c93ee7536ec72eeb826716288d64f0c7552b0

SHA512
9f7b4c234f4ce3c4e4c12bac459ea73d40ce876fb7a85314b8d2c84de152ad147da019c28212231c51a2856c7d09f937ae4ff7953656cf2ae61c49006c16b884

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0f47b27dc40d63beefe273d9adee7c0

SHA1
93f211627966f392cbf2f20ecd8ecd98e540a872

SHA256
32c1a5e5b1cb4b89032df56c72b47bf08a2f4a2846d468014347d16839b1fbfb

SHA512
a62d1a227acfe1c3d37f515f8b3b77cea28ff771aaf80e30baae737beea39daa632b70e71e638044b9e0988bdc0b6c5f0742fbc9d9237bfdbff74601dd4b3e20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a939c59666028688a21ead9caf86826f

SHA1
3aa31ecfe99a7dd925eb1db916cffccd45e803fb

SHA256
456e9b72a056f5bbf672701c8eba221e34a8c9bc834cc74584cc3297eb33015b

SHA512
581984d9ca07297b5b53ad0c9a93bfcbb94ae6074dc4c873d5fb41872c339cad621d902a9dae1d3f325be008dbe59d0b751dc4e4813d4dba41b4619c9930b368

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f22192e5fb757846a00efaeb244e9c79

SHA1
3ef5b70fbbdd09031bfcd077cd631a8db96b2b13

SHA256
f33e4e7339e4101ab49c07d2296bed21cb4ff4f593bd9e1f98d4cdde726f707e

SHA512
5492fa1acd3286b38433b3d6671979753dacd434d3ead545649209a5bd14cf270de55e0b509681ef099d6e16efe3cb649274e1097f47c1d1eba90e1e83a75d9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be7bf4f21f5eab04991684b34321a382

SHA1
6131b46837e4eb94eab8767afc9c251616ce1bc9

SHA256
d6305cec862e18bf3910f1ced760288a2df389919454c143ae1b7818cadaf60c

SHA512
26e562f38b277136f476d9728805dd9b8e8cdd421509ad3d1fdaa588868bc99e38c5ddb6608619f963e0d785116e6b827368761f11e8a039c849238d601733c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc656c0a44dd18d1f71d77e5cac0dcec

SHA1
9d4d68b133cba6f363c8dda590e63602627f10b7

SHA256
2dc084f110ba67721ac7874d3eaa2cf2f22ce0003184693594cb3b7dffafafeb

SHA512
c1949c9e2e4cb1525bf82b0be53f1b99902692337cee1a7a5296382a48cee2e2b88ba5aef3aef5fc3527adf1f3c1874d0ae9e61de4e802f500dbcffdb81ece67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c60116e16b3c82335ab1f74a0cd8be12

SHA1
cafe30b8a56766da158d2de11996e2762809d405

SHA256
18b2e74a744561bc9fe70ee957895b1e421060177805355e0f05f992f3913372

SHA512
5d5060cd00c168bae41870b9f6385e47987569a0e403285865fec263c72de864e0edbaf079830a099ebfbd914f53fd813840390c4f4a4783f86b24deac882c11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7550a8c244b70bdbe2b3e35ada4d40a8

SHA1
a1ed9a7b65bb972f64a60ab830acbbfae8c8bf9e

SHA256
22ef7a83182a1c67399866db7aaeb2ba13b4e90f94a3a3fa5a7b1b26beb867d4

SHA512
d6daea24d6fdc02c23d70a17308399737977ea01bcce92d499eca2bd4f5f9c0a84f3b08f7d83080d1734420b1e1e95f53c9cdf27cead946cacd3072f238d4b7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e00d82bc58ab571e72c46ab05994cc6

SHA1
77ee4e22d467a7d508c71d72a98a359e5dc73727

SHA256
83786f92442ee03fd8f4fdf2c8bf27d834395329ae0187bb7e82a7b06ba44c8e

SHA512
6e07bec9608b0f39c32dd2448030a06b309ec28095af97ca29406e32470c61ffa974d70a78dd4c71821197a9a023ce73f01e1ea2b20f3bb6034ffba01d1f75f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a1d401b401f5e4d4c013a0fd9a10703

SHA1
b51d4005431aa0963936d0785728f221f47f1368

SHA256
1a97e532a80f6f273717ffaec9dda722cb83807dc96bc913f1af85218c3f10a3

SHA512
f4efa3411f9eedd7b18ea9c69af51a9a7605fd4df2ab0687a4d35e9719cbfc8bc7d7dc5aab4d3859c7de610c281b3c76f66705e77584bd4056f6eda546d16d45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33933a642cc5f16276195f99fc241798

SHA1
c01eb58b2b56795485025949012f5f2a5aedbe0e

SHA256
9a2bca28d42218b24bfa49226c61de9769107bacd21f8ab19c2acd4c94a44038

SHA512
bb09ac669f5642fa2713d18351d41e5354aa06f7b590955df02161f441d222715580d07bb63f144384507912e87a234233c4ddf90c4f28ada646cb2eef762420

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
334a57dee804e410efaded0b40f62f4a

SHA1
fcfe90493764fbe8d0975ecc1f1c5483b63d59fb

SHA256
049ec78d0fa946e9e9dfafcfb98132bb12ba3023dc59fe725cb687aac715daa2

SHA512
1de0eae228ed3552bf1c647a5f2aa2c38b571d332238f2a8e3fdb80fd13222374f1f65fb24129a57e220f299343aea3514645d0786bb14b177f134e0ab95a00c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8ca47c95c0382b0e6438e42e34cf03c

SHA1
7a7c0b5f169d93d07ca56f788c1de94c82cc475e

SHA256
e6fc7e0ecacf220f5652cefdf1ba98f49738dbc484934c588988fce7dece5ff7

SHA512
256f2e9929c2944dc9202c3d758002b52ee66a27a9fff91743c916ab0512cb05921c2bfa4a33976dfa4e9598344336f1b76e5b1c47c8aa996692e4ffd1edad97

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC287.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC336.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit