40b06db83773e405caaf480e39628d5554b0466433379abf7648df3fad91ccf1

Analysis

max time kernel
117s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 09:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d19d24b06b059b33910893f208d43a4f_JaffaCakes118.html
Size

150KB
MD5

d19d24b06b059b33910893f208d43a4f
SHA1

ad717bc581d4727468dc60c3abe745d17616ed4e
SHA256

40b06db83773e405caaf480e39628d5554b0466433379abf7648df3fad91ccf1
SHA512

de33c26e51de1e71e672d911281b167de961851d5ec89abaff98c9f9d0b9f534b10473c693ada8fb298989afec0bb1b7d077f701607530f79d6d8d1e7279bd1b
SSDEEP

1536:43kyUiLvuePaoEnfl8xLAf+NFu6OgPz6JZ6uOKm4M14M04MQLyhBS2OXlDqZpK+q:40iPxy6W3W3r2hmLoKT+7uD5

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7039226c0801db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000002615280e3b859bf1ba5fe682a4ac576c2aa20c137f7c45faec6ca599ddce1f82000000000e8000000002000020000000292040772f805b7e3c452e77153767c038bb54bf0af111734ee5d305c509cff690000000740c6b7a3cc5563a4018153b98e8eff35c93801418e6e020ec6d805ba6b604229e98bbccccba2461d395647a6d4c10520d5be892036d2082ba21e42eaab6bd1869ab16500e0934a196918bbdc5ec196c553ddea2a1d69de46baad7b4b2ebaa6ba479e1b5eb5fc8c157681e12d3e2a190d34efb2ff6998587fef3525c061091c3c80f8c567a8ec1bc400905f92c0e5bfb400000006a1d182a6e3f50cf027c17de6cadc1f96bb065317ff5f53d6d38d1e29772d17aec94d9e92ac61280d352b2f4c5f1939b719f801c29dbd6ac90b790c5f13a7a9f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8C972711-6CFB-11EF-8250-E62D5E492327} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000612186a81c818e8bcb5a4e75b051bf4c2188a0082e6ddc4c89ec16975d50fe5f000000000e8000000002000020000000b6f52b3f9ba4b544b82b62bfc8c730039a240ce93bad5a19f4952ae4a5e6b4a62000000094c7bf0275379ffb7b1d22ec3a83f45c6f96851534eca0fd04a7224177b0cea840000000a7ec24bed90f2afb15cf1be85435d970df16f3dbe28819b9d3ceabcfd0dc99f1b426d75394a384063f1c6dc832684e373f447b55d65a9d2de679abef0f1d72ab	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431863200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2348	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2348	iexplore.exe
2348	iexplore.exe
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2336	2348	iexplore.exe	30
PID 2348 wrote to memory of 2336	2348	iexplore.exe	30
PID 2348 wrote to memory of 2336	2348	iexplore.exe	30
PID 2348 wrote to memory of 2336	2348	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d19d24b06b059b33910893f208d43a4f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
40b152e68bd06420fbcc319c5f0a87df

SHA1
ac88464c5cc26e3adff83a5b827d2aeea87d5a93

SHA256
1b87fbcbb61e7f95a71b5020568e5d8d153d9bcbd21d1a6234fbb34a4584c665

SHA512
331e2dd7b0ca9faf0577fb137f3f391683dcfaecea586e755ae92fc647b6add88510d338d1e646dfc2ea1ad583a7977b8fd1895709e63c1316e8b3dec1f9bc1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
471B

MD5
7e39ff496edfe3dfdb85dcd49da2a777

SHA1
32e828e1df87c0e0626525ea6614cb5cde671069

SHA256
5b443aa82793c5f4ce5ff89a5547b54a2a49d7d7babc473b8f0e6ba224c6d21c

SHA512
38b427b15103458361af67d3c2b4098d65cdb5272e52ead50f6a8dca319b05aa7c8cca2ddbbe10820caf2c55d9f9fe99a62d38fe38e9acbcabef857c74e338c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
817fbe0db95423900c55a9eea48bb7a7

SHA1
5e75c0f6dd2cb5a4986c68d33a6feca77cc2d54b

SHA256
7d0b117a05c12b9e33260d5ef20f0324b305f4dd87e41d91b7173ff92030f3c7

SHA512
7080b1ea66b51f1aec418d777fa4d59d1ef3865c79abf826bb5f2c8f6026ac1f8ff6ebb62bbc6148aac6456655eb07d6e32f2d81c45cdca2ff64034bf7d006c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
ef280809fddd707a2fbd24fa45711434

SHA1
3c565a42ed3e3e5cc4b455a8f5f5350fa97fbc44

SHA256
fc01d27cf8e39cdaeecd46caa6ec170975f3791d4b2950b2ac7be3285f7dccfa

SHA512
97359a6b202aeeff2d7245bf7ecc0caedae8bcf468d0c94f692b8975e6a28e291f962117ee722ff27700de29892c275f0dcf174991e831d0a4abf2d840757cea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
859b7d0d7270caf3420995524528772f

SHA1
be76288d3c7b5a868c750891b20d17f2ed431176

SHA256
f4c9c7a007ea9fed41f59130c190f6d9833ad751bc4dba776796c63c856c1612

SHA512
4d9b28b0369fb33b13c8794ce211a7e4ba26ba9fc4045d1607d5c6f381319b15d0c37ed4e3ba22172d9c1c1a34999e13bb2f168af6637f99ae4d099a5e5eb5fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20b2117261b0ab1aff2e0fc5d96a93a0

SHA1
a73d2d2aabaf6a7dc0174d48e93e15b63f5cec24

SHA256
cabcce48605f2147f645407851246de290c16b9891a5eab71a9e76349321ece3

SHA512
ab410a16da25d38aa7dc3a604e4fffd66e889bbffca42cc560520d3a8b47472b72e926c978e8a0f7c46a0e3fba64e9bf4ebb1882b44feb27a5d1569101bc3236

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98b0effaa1d2b8c0f16f0161e75de1e9

SHA1
59dfca771bdede054b8298947675ce302347fe29

SHA256
7e13b01d64bc3db1209758cca9b81c7c540210494c4f21925dbae12de37ebbc2

SHA512
63412d81d0503efb472bf2803b26b96844aa81f16fb8080dd47a747298690f08be26e83e424f059ae41e0d15c9007cf94c2dea05d464fcc6ce7a11279422a59a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e4ed9a92d4c924f93a258c6af2f245c

SHA1
9d4c9db6176a1c7ce1a99d927feb7d9cfbfc8dd5

SHA256
76ee0c6aa7b43f0650f3599b04d9483cf94c4e86871ba0c39f13a9d4977b457e

SHA512
157058d6b6b729bb89cc8b9daa474f66d6165eb2cceee8a20e5570e14d92212ccc2690dbcc2211994714b1b99fe56d395f1ab012dec82f452b811d19bc44f830

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4482df04546a74512d787a16ad6407fa

SHA1
414b7720e158b0acca4f5fde57ff7a9b7cf70a7e

SHA256
ee406355f71f6aa6ac27e78b4291d82e44747b72463507731a2f52133de33750

SHA512
6afa2de87a4fc230b6c279ddc6a1c3b4028bc88acde207442e9d2547f2210cb89ae0d260417bd01c3c873a8b77a6ea1d1670d698764e4740520b8d6a94a1d760

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3a1153eb7c4fe3199a66ec810cf4e21

SHA1
a572cb304c84697c84860834f341359b97fec72c

SHA256
b9d487515bd04f37c9c670ea1e8db5eaf92d3fa0560acfe08c2145aa99f053db

SHA512
f272f7ec9d095e638fe503972798ab827ba64214533b1c462e1741874e298150864547999bced76894dc0102992efd01f24964ee19938e9eeac8399c9256c25c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4dbd0d7072ae835f7ce2a83340b19b21

SHA1
6eba7ceba9f082c9f2e3936b9e8149ed800d55f0

SHA256
62d6b6b49aa750d13cbd0ae28ce28de889632f119617f165e5cd714dab405feb

SHA512
1028651b81cd5b6fdcaf4598e57f16ff51f23b02054421163ba2d98b98f683ce6bfb1dc4af97dbfe36e25ee7303bb1eb80e783d1e88ffc084afac36396a87be8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c69aa8450c0dde1383e851e23378d113

SHA1
684d20a91759192c7cbd4969e517548d3e275850

SHA256
bcfa8c99c0ebaeaf3d7d99ef0640d64ea169c0cc27429c6f91879a90a0ff4596

SHA512
da648d6a3fbc520cfeacd78c4f4190e27ed8872b7b3f6849451e6a4e890afd5bb0a029bad3b07ab5e67904a7bcd421ba8a01a896332e0c63ea5d4c4cca8fdcf0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98b90e852c394ba1f13809180efbe2da

SHA1
d8d32520c3c27c4a3ba383db5cbc4ff9078653c3

SHA256
f4ab334e107205db5183890c2e4998c8cbb3d525a6dbd0ee34bfb20eb1876957

SHA512
82a2c772cf5c2897aea7de2ad069563a2b9991babd74d19bdaf7c5e4c2327977af1cee759516d2886704c0251dc44b59b2d19fbd225c2db198bf2057603502c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f14ca7486e6c1bfa90d3a4b92699e676

SHA1
6566e5c81515214706620d6ab7fca3b2e9d8f89e

SHA256
34bda30f021933346badeba18254121cc9914ae2b41cac0930cd79285aae3a70

SHA512
2a3800bd66adbe15e2745f0447480b975be82b1eb221666c5624026a8e0e7ef7320a6ec2a4a3ab0cfa6603d0cd0f0baf7fb4180a32af02faea86a75764d6acc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1E3D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1E3C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit