b5d1aa15bd89f8052ccc8d9009f3490be3b071deb6364ad01d5ffadb428ad63b

Analysis

max time kernel
131s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-09-2024 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d29c73cdf692a72e5c68fc6f58ff039e_JaffaCakes118.html
Size

23KB
MD5

d29c73cdf692a72e5c68fc6f58ff039e
SHA1

cd0f8387c81011ad15e45659ebb153cf7145d822
SHA256

b5d1aa15bd89f8052ccc8d9009f3490be3b071deb6364ad01d5ffadb428ad63b
SHA512

34c38e50394c2d0a71f650ccd5a9067e10734b9e6c6b33932735c5c14d9dbca7bee8d2a584d30b9a50bc139d4dc400e9459e668bd627fdbbd38d90ef546e9437
SSDEEP

192:uWjcb5nX8xYnQjxn5Q/bnQieaNnRnQOkEntJ9nQTbnhnQoCnQtIwMB6qnYnQ7tnG:LQ/94

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431896890"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 608790e95601db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FB951391-6D49-11EF-8B78-465533733A50} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000a202147951e539ed3c69f1338c0c70617ccdccee143bb9ccd327c30e009ab5d3000000000e800000000200002000000098c08db85823408f7194f6d0f2ccaa985a446769b36cc63e9fb7e6994a4916c2200000004a8b8847f97ad3b53730366fac595b239ba138eac0555aaa1e0ff99964d9413a40000000a49ee518e4eae509eaea9d065d38cbf05eeafe3486e219826c12e47ea8b8f0ecd58ce6f0a9347d7c63c9e7577d4f1a0e84f38ba9e6561f9b0764225eb84341a0	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc500000000002000000000010660000000100002000000070e62f1993f9b2ff6619204482e0fd1d1e051ae74c05631e1d33c46a9194c6fd000000000e8000000002000020000000e9ce29397e0835b0576629f3f76208302cb03acfb4cfcb2bbb28d4d62ae15ff590000000542a1b8130dcddbb88422ccfbbdcd60bd873dad6ae30f44cd59ef5db427fb358f047f7af6c14899d14b31236a7eda98413b016f29e3ad2c81b019382369c87352429fea68a9f1e6a356058e228ab1bf39f69e9f296116e3c5d9dc5de92c3a069d5857e089bc577467ce13ad4a84fccfd0b24efa7e062e8787d5945b572987ab1dd4cec8fd5e20e522f1a6e8a0ff4972040000000c313d5fd48826cf578437e4e0b9fce4f4905ab43aa622d1538f058b069fbb2e7fa32ab8f6fe71d58673c6ffcdbe90a1e55b971dc53c5fac5da136a49aa916478	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2496	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2496	iexplore.exe
2496	iexplore.exe
2500	IEXPLORE.EXE
2500	IEXPLORE.EXE
2500	IEXPLORE.EXE
2500	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 2500	2496	iexplore.exe	31
PID 2496 wrote to memory of 2500	2496	iexplore.exe	31
PID 2496 wrote to memory of 2500	2496	iexplore.exe	31
PID 2496 wrote to memory of 2500	2496	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d29c73cdf692a72e5c68fc6f58ff039e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2496 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af484c7af4beb8ddbfa66b4bf2208308

SHA1
2b4b61dd073fc66ef3de07cef927b2f3162e723e

SHA256
2e709c60efb4fda440461ca4019900cc1cffd4b885d9fc1b56d92157b7aca666

SHA512
8bda39d61f6053fdc007744aa493548d88561f2ee7d222229d2c4e6db0027c4c3445cbf4dee9465c970b1f2ad86022299f975c07f8d22b078ddd881161723bde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51527e41afb50a87017a195efc1bae98

SHA1
51cf6e0a92c62b63bc823d74c0514b65658ebbce

SHA256
74efea9197012d79206660ac84f82fa994b0955541c07bd3d4ee45c7b605e62c

SHA512
43be42c2530e91063281a3a848cac049c0379326614220374374591fba25b9cc3f6527b5cac80c59488a0d1f8a764035f120aeeb098809f1e758764e0e987b89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ab0330f70a50e58dbfa8cd7c741f6f8b

SHA1
3990eea34cfea2177db6fc46d38ac6f0f65c3497

SHA256
5ea492ffc82d9dac67656e05825968e158e8a019222da477f2f7a42f6aa92c06

SHA512
51c3adcd57c614b37efa8c7cad98bb49697110206ab0f5b8c6cb600548e569a3e4e42617e362c90ae0b3c133251b478810314e3d88150ce093eb3141c224c0c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63b7061f9e84037edeca95248a6adf27

SHA1
9df9d354121f7f2a4e04207f500dd36b87ef01a3

SHA256
7585e9d05863b05eb160646597e74e36b760ce7844ce0558ae218d620a7de6fc

SHA512
53d0beeffd5742ad59e94e8e85a563f6eb8855988aa8db3d1893936505f75abeddc765f4eb046576f0ecd92d6e3437052532eabec5dd5c105e3d683451ce0505

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8967db4df54a8f7b31cd2dc919209332

SHA1
6bdc7df01f88228e53ee54d82ab4f7d3f531562b

SHA256
0fb7c836f858c1146cef282b9266fa8a106768e43e54f51f3b9b889cf9d0aefb

SHA512
95fd9c85d333d9df45a9507d0ebe3827a9fb0cd44cfc1abb1c6fbd59496c6a2be268320a61ca04a1a3ea8d9a6c69c02c37a0c828bcefd3f1ca88dc7dc5d3da13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3674c1b08887ce9a28ec5938ffb00a2

SHA1
d9a05edbe7c146e52fcfb5404e39520aaa1b57ba

SHA256
f9f9977b96cf83572ef417d15b3d2fad636cad159e8d8abddc003bf31d2b3f26

SHA512
9c62cdfb46a87f393c297cb16c1096903dd70ef8ae2229e9141f079662689bb48fe6dcc520d499c575ff66fc60f635694791c9456656e589e5143ca8fdf6eedd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a62dfce83a5b0ae562dc2e23fd381121

SHA1
10f503cde8cc0d682c9a7c7a611dbf6ff077d16a

SHA256
10ea66670da834a56406a29769eb4746dc40d09ce325227fa781c0a67c598c60

SHA512
1e0068051693a1b63e8623d31852f3840d6650039b968211b2cfd32e9ef3bc714302034791e04e761b8eddb4e261cbf79bfd13d751311b962076efc7c3234436

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a25eae5f10bb73f70f9480ebec7c83fd

SHA1
968fa6901113ee9de2d582ace4d2914b72344e81

SHA256
d91d64ea92c5ea00e94f9943477a5450ddc40c1128e2921c8eedb86aa1a948dc

SHA512
cf6d9d572d1426582fcfddf06b369a432ce9fc34ff65487d7fa70dd3055b54559f412f853bfd39c043b7dee4a95a476ae307ff42cdca20a46850499c357019c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86469b2117b653538b664622dcbba50c

SHA1
09a336a211e94cf31e3d52cf2e382572d46b2bef

SHA256
260cc4ebccd49ea8fefdbf69db31d3be985f8c8f2bba31a1b3a8de895ed3b953

SHA512
ec3e4b42d863d592057f06c26979ce8d128b600758aee5404d2ab66ca5e520789ee270fa7124264325c1527305f169b4b4d29eef785ce00cf201ae6515b568a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1beb3fb99f12f6e322a62b9bc291bf9e

SHA1
912d9acdad777468bdfd0b4142d2483575510cbf

SHA256
16ab444f56adf60e6036ad1f57a3ef03c145c286c898bac726402a585bc4fa2f

SHA512
96c9da086d1e940740378760b10d482fa78208f401cbd24b61c63c4aa80fa3a62fb3b419f930382c4764ac3cc5b49a780548338f43378fae2e4e2b25ce4bd76e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9982.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9E39.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit