7e1e477ce40c9b8fd5543ff8073cc58a096dd2bbb8dfc8e2011291f6ee5f8774

Analysis

max time kernel
117s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d14acc06d629c98a86da6393c5b48cc0_JaffaCakes118.html
Size

1KB
MD5

d14acc06d629c98a86da6393c5b48cc0
SHA1

9482a5710cd1ece49f34a422105c400d21443015
SHA256

7e1e477ce40c9b8fd5543ff8073cc58a096dd2bbb8dfc8e2011291f6ee5f8774
SHA512

04e50ca6c40b09b154dec6b1396adb66d2914f93318ad420703b7c5f093ff6267c37d034e499ed8ff0639db11a0e8488124ae0145bec506349095c1320325a85

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000002e270a3c42029b85a9cd37e44dc44608859a047a39edbae2f79851c03b929ce0000000000e8000000002000020000000a27bd5be424daf23caa5e81fb2a06afd697926054ed26b26d205c3973e3510cd200000004be4c2438b34fb6349c68e536f1432618542c2a48f42927b135a5d76a1f6ffed4000000059b442f9f4921de44e6a8666cbc108a2618959289b4eecae751650c53f8714033efd168f62d46b0d183b00a4be0b79a290a4b5ab3bc831f2a2bf141ec0f7e28a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431852704"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000004444ab7ccf4b3f9a4503506d16fc19238f8acc849f28504dfbd1964bdbbcc583000000000e80000000020000200000004619ad98c4e689bb881899c265bad5b82dea4b7a69d0a61ea2bb00aaa140bdad9000000027967673d3b656d1141a62fae2a1158af70bd85acdaae6dcaf7c515a5f6b553841e729dac64014d027d1a27248fe6bc8f98632325ac93690a401865b476a6e7fdafde0a4458967b6cfa70beb126e61bd9b7d20b5a3d9be7ae9e312eba33fe1d11c8470c263ea4892b13a8dbe5c5d4b4dfd4749a35a93bcfc52945b2fd029828f54e5972ed908b3988dd00136a2c0d1364000000016741d2c96a2b18a7e3eed07abe2e13c4aa74c9a9f2c0dd2d82468ae27b5360a5b7880912330afe7e1390cf9201ee128cd154ef22a46b46b3308c0e722a1dd72	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0dbadf4ef00db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DAC7C51-6CE3-11EF-8250-E62D5E492327} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2384	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2384	iexplore.exe
2384	iexplore.exe
2376	IEXPLORE.EXE
2376	IEXPLORE.EXE
2376	IEXPLORE.EXE
2376	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2376	2384	iexplore.exe	30
PID 2384 wrote to memory of 2376	2384	iexplore.exe	30
PID 2384 wrote to memory of 2376	2384	iexplore.exe	30
PID 2384 wrote to memory of 2376	2384	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d14acc06d629c98a86da6393c5b48cc0_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
108e6f8725e6b1b41ab94515c571a386

SHA1
6db0ae04a1730a3bd9df016a8a65f761c067f1f8

SHA256
2f34417340c07ebc8ffcf194d09889c9ce8e03296be5342fb6a244a25751c5c7

SHA512
60ea1f2f73d4c957e4152ee68d737ca06a3c5cd7fa54425d7f8c6ee87e733f23e684fc38ad3f805bf4c9cd17acd9da6e80aa5a052d061bfc5908fd13ded7d737

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81c86c22f713f4458543bac6ab9d4ac5

SHA1
02ba68b0a25891c2e9cc4451e37188e7eed48abe

SHA256
4046189627f6931be4ed51769e27b2b5140a7017cd70c57bb9860658853baf0d

SHA512
4e80fa3c6bfa2a5b625a022e659344ac1a5fc47416a0d7cf048a51c9360bc434ab1ff54e92e188af930f437a98ad0965be601a33617beee4502a4ffe5628c05f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
572a272216268ed1093ee5b3c153375f

SHA1
4662e66f2476daeda9974d432d8bb51a047367d7

SHA256
31c21877bfd80baccedd94ae4dff4ecbfaf1a584f879fd1b36285fef76e26657

SHA512
9192f1787fd92e3b955f1eaa865038b769757eab72216be270c4860ba49c0da508a4b3a1c9df39716cfe275799a724e217e1d0ec89b7352d66b6045acef45451

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a36e6950df5311cdaaef9baaf283cdeb

SHA1
7461261ab983d59cc74efd29d67d1cf20b846e13

SHA256
bddf8fdcfcce16e251d20b1f9fcddc27bca23e5d3653088875c3c0bfea855e92

SHA512
2ed2d822259e66a8fd7d6bcad7fc7c27771093c7ddd94bf8cbe5aa46ce724e390c23d361146f38a851d5dffb6b438c4022ad7e70281654e83e899cdc2a81d6fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afca191bc2c9221aa4497baecbb1dce8

SHA1
6a50d6a8dd36ec8e9e92f92010b5daf2a293e7a5

SHA256
7393dba47a3a8fc08699e1e8bd4f1fed109af8685687ecee04178baf587fa0c0

SHA512
603fa22a3deb00457f614be8954d601fc5996af88bb3eed629277869cb60a9f682ed4789f6e603ffaa5bf23210e9e72dea15ac459ee35e66cf12330b2d1c7654

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ced46343b4359622aea62a0ba62eeb9b

SHA1
77a41fb1ce05fce37971bd58456d38ad52fb2ddf

SHA256
b2163ab1848ec9722b32d5ee8addaedf2b8f5c9439a1a993165541c642a5f3ab

SHA512
9ca009435a32fc08f4d8fbd6f23392d64cafeba3aa103dc71080f2bd4158e4f5a9ae81fedeb761917b9c4a6ca0463c95047e5e13bedaa9c90a988c326cf96b20

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
339922e4fb41dabdbf497cb1579bfa41

SHA1
f4a79815f4bd00769316db8f33482c84c789cda4

SHA256
3d2fa80b2f47601bd200d6063aa1f06012ac52b05b234083b9d091979c86aef2

SHA512
a59ef8a72ce2385f698eb0a3afa3f578360c5ca782e0458a67e31b6c4055a4699b6822c2e0ecf0e81c6338356611039a5700e3916a0677ff9950c867d0145c5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d669ea843e00c9c4d0c86f0fd5f5e31

SHA1
e30cde2dd800dd418ca46562f1b497eb6735095c

SHA256
01a7ee25dce03a24502f34f402f786141b2196ae531c2bc486a327701944736d

SHA512
90386b4fee038000931ca8bf3fb83d28cb17d7e98a168f2b4a181d7839033ac59882f88b174741bfabcd118fe5d277db792cb2236eaa21a87df87b1d635d7d4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33e8367fb3ca5e48f5b5e4fe46654680

SHA1
f9fc1aad179a52c532a25fdb00558948c5594896

SHA256
4c88b88c4d9bdfe8cca92a01b879b270037fb836908dd94a42ff5b8dbce63782

SHA512
0d093d4509db58a9d9136dba49afc72a616544a462ab6cad1dfb66f28116cac8d36f6b3466e3ef9ad735711334a26badc4dfc8b47959adfd50b5573ab87564a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5a3940c987a13fbd1a8bd610af90281

SHA1
0eb55a197137182e40b0a0e3fde90ebed5513821

SHA256
19cc5840d43906dfc93089db910a0302ad32d23736e900f46389f2efeea9701f

SHA512
57acde16487ccabd57b4afdc336c66a375ddfbedf9632d42c43b85a17053b810c413d3de478ce6a14bd8eee595878375a22817864bf179593f07f173f7cacc52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3abcc486e14778bad89c2db572cd4ae7

SHA1
9a58675d5505230d77908f29189e64edb6da1dbf

SHA256
2701567416b0ed122aabfe533a6e8e3e104327a1df2db6c02598eaa4dbcead79

SHA512
78a5f3d0eef1f1af2f75a1a17f8c6525728074524f05ceb7cd0030641adb936a6dff24a1fe700f663c548680bacefde41651f396d148c44e9b8f38667d3763ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9eeaa2e649b4bd61e711fc00bf990cbd

SHA1
61ba62757a5fed7ce0e834bc6cc91740edade84f

SHA256
2348d46f9570215a1cef77cefb307a815d5704509a8b2f1fa618ddb334b39466

SHA512
1865447d01abeec8f304ae96c3d273d016f5892c8ff3b52c11bcd59fbdbade5374accf028d763a475e27525baa4b593f6253c5d1347ab14a22029d933fee3c6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ab0dfc35c387efc9623ea6f20bd3124

SHA1
e362cb865a28b5528217461cdf92dc35e5da9e99

SHA256
155079ca4d38f4130a29e0155d6dcef8fd02c02213bb56f4ae990ed8d5c39c29

SHA512
4e1086d01eb528787f6a8cbfc4d55b01858099b977dd5795507ea779a7bc7d071f39bea523145a6e85fe728c94cca5159a13c75f97684f583b02fb59345ed19c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67a1ab92b0fe07d96f3bd70ac7ae6022

SHA1
71e3a19aea3e05e84ed8b208b9700201fb7a84e2

SHA256
2b4310e441657eabb23cb22d2e1aa8b20427338f60608fba8f9a78eb5d1ab2ed

SHA512
1c4e36fe117a32c69c653507c73f4db8f9e90b5555a9d0f37b5aa32b5092f1c234d069b1ede1ad2716ae997309833ba6092ecb6a8dab6171e68716417ec73e9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42644dbc761d9c995544dfb75d002b4d

SHA1
887cbd0a0616d7b8bad6c4b937008cef487c6a5b

SHA256
40b5dfa3981c1fc7123849537becb2927bce9260eb6a688c1ea0abc3f551680b

SHA512
53db0908da2814283209c6ff7ddba6e4f1eb63ea26f689e80d2cd3f64216f12f02e0e51e5b3fb09eceb5d5b1250e1b38b8b6c4d91540220596d3f15da7f83d29

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF3B5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF3C7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit