aebc57450fde543494d42730e0ff0628cb6f2c8de5444340e181fd87e432322e

Analysis

max time kernel
122s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06-09-2024 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0059d6f3d67a5e6f92fa9f6e6a44802_JaffaCakes118.html
Size

982B
MD5

d0059d6f3d67a5e6f92fa9f6e6a44802
SHA1

c355de9b401a0af6aeacbf1d197a31bc2ea3344e
SHA256

aebc57450fde543494d42730e0ff0628cb6f2c8de5444340e181fd87e432322e
SHA512

876c0a7956f2a8148ad7c77ebd578a022993bfbba3c31de2184fdb52f18858092afabdb713bf371e8ce28f51051e8da0e1a81ebc89b8d659513489623a514768

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431803926"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000f9f079c1479284ef0394246d340a44799534641db3ec4435490392a717e99894000000000e800000000200002000000011057d5f328795f51e7351913594ecd03e1e36e01a3251e54b8293b299a9d89d90000000c590e1420540be040c06d97bab65d8f3470120ac3bde4c1706bd8e51b4fde689cb713c6e7371863d4d36c27dbb91d45a19fb2b0c6f728e045422a903d6e7e66a5dc9ded2d37b5e124c91fdbefae9a45b3cd3fe2ce59a206b057a24686d40657233856df5492eb0bbfc6079ee38c4996087a293409ac30c4db0cead06a4991a1b90214b318eed5554424c7c6890250f1040000000c4403133dbdb281b3831613a40185420006f4329a56c09e5c98b0902a5260b8ca568e718333a3c53fc4de0d8c0a0047fbcba90d7f4bd27d9d77376be4205e4ef	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9541BB81-6C71-11EF-80B1-FE6EB537C9A6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000d999e5ff45093fe20b91be1005cff7e28c7de7623ccc90b6e37da7a38a13e561000000000e800000000200002000000038691fe343a461a8b38942940a119f8d987c9ff426a586e7a218cbc3b4c7b3ab200000006e21934f0633a40f2f0c8636d52002202128725fc7a2cd771dd08bf5ed0ac0ff40000000437354d91f7f06942a7561a31ad94f4351347bbd2ce294b0d9824e16a65fa63f36a424ad4eadd55b4378d0a6add7e825066974a9458a1c8b546b752aa21e54ff	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c5b3697e00db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2668	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2668	iexplore.exe
2668	iexplore.exe
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2844	2668	iexplore.exe	31
PID 2668 wrote to memory of 2844	2668	iexplore.exe	31
PID 2668 wrote to memory of 2844	2668	iexplore.exe	31
PID 2668 wrote to memory of 2844	2668	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d0059d6f3d67a5e6f92fa9f6e6a44802_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e27f4714e739961dd599d75019273aea

SHA1
15baaa6dd143eac0e4bcc630e3b32cd623dc023b

SHA256
0aa2dea08dcc8a29279e99d2447e61ad5cddf4e15b685c0ab15114ed4da2a1b7

SHA512
9c80dcc5f5059e89ecf6e119556082de347b1896b0c6098c0088ca888dcdced9df10996606a5902246b040e7089896362a75f3d440677f416ce951e0e82cfdc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8093c588b0c6b7ca763c0fa36dd3228c

SHA1
62bd1292ccd399a1cf3538d1f4354186612bcff8

SHA256
cb3eca0a189faa5fe932494919e7b9151938bdefede85ba4cef3c5f4adf48e60

SHA512
5b8728be56fce2558fdd026bd2671c82e6206e5e91b07366dabd9f6e756207db6ab05c3213f7bceed128cd086c75971c041d334433a5ccd95961a3d9654795cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2dbd1d671918d2b892794ca22e262aad

SHA1
7e2dc04684faff66a306b00047582370c2bfa14c

SHA256
282e5e569e68d00c04d97376ef75423d44057063e80e6617576f2f8f18bd585f

SHA512
8223f3e6498a7facf0dc473b720ae482ddd5be0c8d2369e5d0cc79eab1ea156357768bf726d96b2d8490c9bfbbe2a01557247579650078b05abc49a709446984

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bb504c68ab173a0874185a8e4a88086

SHA1
c5dbf13b2c5a078760cd0c4fcabb15b5bb8d1550

SHA256
24a97a733e1941855162e5fd392056c6a80b28875c6bba76c52408cfc4b95bc8

SHA512
ae2851623dbe01cd91f60502746c1e6ea5cf64fa3285e2c8f2e5f3b2bcf7c2761ac5aa52fa18b2cddf43976ed2adb89677ce2166f30d046d8cbf6a3c8d3dcbd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
951b2040459717309d8463318b69616e

SHA1
42c15cdb046ee5380418860b68d082833af3218a

SHA256
aa123aecafc31152d701f3bfa277ea0187cb7e332829af9b5e564f8e4ea01794

SHA512
a13a27e8d352e7bed913d26059a65e546da5b8e3f4466c0cf2fc76ecb1f19c87ef51ad97c8f4eed56fab64b62711a46e8425c31d1cf4fd9969a904622ea0d66f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9f45a4a196eb14c23f5e9c16c5a5394

SHA1
519e5f5c8d6f1af79f214f2b03671725c69a40fe

SHA256
7ad0afbcfe4265f5eb03695bbdd96a501d8ec28b36826ffed27a379b6158a310

SHA512
ea3faf64dc3bb86e6a42662b060ddeeb5de4a9a8a84f150bd0041107ce3159b24ca557920f51d4cba2fdbe605b1f363f6d87b73c41d67edd4a337a2e50b35c0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9bbdecfcd81850e58ae7e8ab61be4cd

SHA1
fdc1b406dd19819044b789ff24246b984f5c5268

SHA256
d81bb0c1120d65b83226071faae4b7a2dea460e3c01404df61ed610dbbee5d20

SHA512
0ce802851c74bfb7f94d35475d66c519b98b7fa5265d3c599ef88568fb4fe54f837bd975f302f816279167737efb61541bc2a64e56848abb218f054155426d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c12811bf68d9342a8cd090e74adc40b2

SHA1
962083c20ac2d6e0d98802165ee082212ba483e9

SHA256
587fa659755e2e4595c648dfec28becdbfb2599a5acd5f55fca8ad5fe6477965

SHA512
9c5d1216f31535e564ee322bebece633b3aa989b2687228ee3032500cfb34626f51c8fb65bddd9dd118464acd4ab413546947d22406a8679373419b2d5370f37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bae98586f9242cb1841dcf8ca43c4cd

SHA1
23becde62c30224bdd7aa48cc35e231573a21ca2

SHA256
ca04fea533e221c0d507bd4f67eedad5de9d9b5bce3c4451268189afca0dc268

SHA512
8298414e368200dc9877119709d5cad8ce140284a488fb7f7e26dd67a9b6b2ed008d9d042615970c15aa624abab29ef2aac6cc583ad6476fce9c4e1449bc7a37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b647a95a9f5dbfa14978039bd2b18f4

SHA1
003629f8cd90991308852efd87b6c538f33de6c8

SHA256
cce4318f168bc4c831a78af01022c830e3e72e1ae019131188df595f6c127c19

SHA512
6343f72b79f39f2ddc13aff1e87064facc819d13f43707b407a7fa9614d9944cd4febf27d605a67960d22cf622c47b553d31318d3ec6f6f1a245b25251b4426c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b316bd2f3b53a53b5d593af3cae90aa8

SHA1
aa0aa309d210d7bf27e54bd1866f0f95a885a014

SHA256
b83ecf506ef1267528b09c796079ba349bff356f05a27b4f354d9c251adb01f9

SHA512
8b2f3e0ceec04623b619beac8a3abe9e675bfe6bc69565005df2b3f875b9286c607c48be477c47a2f7aaaf76e1e576178dea405499fc768e1c47d76cc613feaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0546298867d9813e2e567abd3607dccb

SHA1
f0c313ba6b84e2552ea8ff781d7549f02009627d

SHA256
5295ff92f5810a96f52c97556223145230885319d73282c88b016d911bd4d8d5

SHA512
a3acf8e8f2287cc9273c5933b81e10531e16551b9a644956ef1b9763b50608b3388090bb442b636d550929a574fcb4ef0f84bf5ff814f54e28718f05f60f5f47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3b16fe464dd9383981cc54238538099

SHA1
a2b3fc212508f140e8b634c25920b17abd514870

SHA256
941848ee80769fa571b66bccc2c1d77833265bde894c783d15d0768bee6ced03

SHA512
2ffc598f01675a5627f1ac1a10e2dc3b6460892334d182cee4bc0b210810d194a1dbf7c04c4e44ccdb7b5119da87dda85ecdfe67aa62e38f42a007814796b245

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3bd3df73e1b484e5d102eb39bb5e9aca

SHA1
12af59a34a1864517555609a29d94aa4c8dc9c71

SHA256
00e0de41bbf67f55be9d15d3649234d9d287e93626215a4c08e0390d87f9ee0e

SHA512
5b38f8b9d32999bf9568367798bada8f0c3ecc9d5f29ed300bd350963eb4c8c80dcdc5fa118f7aef41ffa5e003abce74d83aabf5e67f9731f2b88778e1c36a6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdb4614625e8d1d9192889a032b2cd8b

SHA1
1c7c676b36d9c5218a1fd31a5779eac57eced594

SHA256
24e3828e1b1d67be597a60d3b2abd29e8d6a85a185a29c084fec164b409d14eb

SHA512
275a049a8d8ae38e2807bb6e75f41807d894531d413bf245ed55cd935ab5139294c5e5127e04a434e7f7f1aa47c9de7521cc16c8fb3e091d0b989dd143ea8976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05e1afc8ea760f661b6ac9c2260ece7a

SHA1
2c201103a3ea4a098e0d3dc372498650a86e0b01

SHA256
192a995fb944d35f2fced1120ab50838fc5a6ce5c756a5080688e5d036b1c281

SHA512
45cf11fe1d8e01e291f85ddb56f577b77b7ff09a6eff30b8ff170ee47af9ddb077445875f3d7cc22596dc6ea8eabcdfc881c748e98b8252d886f82917aadda57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab234.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar68C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit