28adda702d4949f0d6c3a6ab753df9f30d001c59ce2145d56bb2ac1ecde42def

Analysis

max time kernel
118s
max time network
142s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 08:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3f2d2f50aaba1eae3de83540f4b3eb7_JaffaCakes118.html
Size

46KB
MD5

d3f2d2f50aaba1eae3de83540f4b3eb7
SHA1

b2b4e9502faf422a18ef8d9394e26b9c77d92344
SHA256

28adda702d4949f0d6c3a6ab753df9f30d001c59ce2145d56bb2ac1ecde42def
SHA512

eea10797c9f7c2d0a75aa05e178f6237934aeb1a2c989d9b6f55bd0815eea037999057da2fa94603e63149d3c0af8732bd80f9d0e4495c6522a4b0e53359f973
SSDEEP

384:ZyiHEyiH7yiHQuHmrf2VglTslGhlBOJle3l1HlkdlL/SKlGOlRlWs9yiHS:gCt7uGzigNsYh/4Q3zH6dh/SKFvcskB

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{83244C01-6DBC-11EF-B59A-E61828AB23DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000002fa974fbd662f1bb0f2582633f18bb5aa1af4623b74ea5d7d3f23dc21b1529eb000000000e8000000002000020000000fa2b2bdb7b1186171ef464faeaca4298e19c9e609d801688c0e2247fdb3136e790000000c6acf3750c2cfc19bae06f1625606caaae0c178510be4984b4c23c4914913e045c82011d84b5cd41601e28ce8868a73609147abde42a90f465fc3497c6aa882de0052a9acf8d2b5bb7634052622452f2db9618f3ce0aa91838ba35fe92fae0f98d83766abb6b0858870e96559bae0d6a225f59239ad87146a28d4c0aa1cc59f6c666c9f0c1148a716c21a928347bc3dc4000000049a958ef022a8b843ed2597e21cffcf3f9f41590f3270739e1bd085e4b5ad46e45d1e362d3f30a49ed9819e411a250dbd9202a39dfa1d30b4cefdbbcd7a2df28	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000021e8c64d47cf12e460ed603b96616ab043ee20385eefa1bcce523e6f626fe67000000000e80000000020000200000005d6a9477b38b52b6461370865dc052513dc222cb8266ffd55be298a755bb4f7f20000000ad5bc50f1b98f31101b631c3ad986ab2901a0c79cf3ec653b58c2d5ba9946e5b40000000b7c618c6ef16833c3c92df24b1afc04e28c46760cd6a5c236a420bacc0b5890cdbc011b63b1b73c9976dbafc123072e2945cc72236efda8de4b3801510689c68	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 504a5059c901db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431946068"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2324	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2324	iexplore.exe
2324	iexplore.exe
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE
1336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 1336	2324	iexplore.exe	31
PID 2324 wrote to memory of 1336	2324	iexplore.exe	31
PID 2324 wrote to memory of 1336	2324	iexplore.exe	31
PID 2324 wrote to memory of 1336	2324	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d3f2d2f50aaba1eae3de83540f4b3eb7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f8a15c7cc08128bab588f877fd289e4

SHA1
08a9038f6a90ba2fe58218cdb0697ba40aaffbb0

SHA256
24de2aee4f671e9278a106bfdc592fb84f50c698c0ca425c7ea91b77253f8416

SHA512
dab6cc58a3b2bc57aa8ea2b3830ad876728c74e728602b531dc1a8642a15024604ddf6fd871ceef03be15e14246652ac65459fba1c24c794893d7d2b7623d871

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0549bf35980a7245877707216410a91

SHA1
e6acc53a630b443b0267cfe08050ca69fe59fe34

SHA256
7c6adde71850b0b61f0550c95669c2ee5c678863c7e710d8d24d9e6158dce3d2

SHA512
9c6297623116bd3d3e7fc52221b324b750f32950258725042a3247bbd5303c74280dbfe263c4a4f4889df4d034c4ecec6e2177177d2b58eb4337d5a8cecfd28f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
354a4f9072f1044a3e7f99908df90c50

SHA1
60af91b4d93ebaebe623d6ddacc9601b1a08c5dc

SHA256
5287fa264fdd55fcc6fe5c3de10a5730aab5c3d36369fe73fb3ad56e16104af7

SHA512
c02aa9e44774a79ccaaaafd8a1419c54e5a907f9be0158c8217ac9ac6b84ad252c81d34af1011e32abde6fa2ebf6b3a2b95b7dc8a74c50accce89e562a3ff99f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16cc83d1e8d12b5a181fc5ee94c5178d

SHA1
d26f996393418a7fc58fbcc33cbe9dc79bd05d1c

SHA256
1e5437a1ff32389ed3acf9839fcf1fdfb3c75682cc536c55759c2b02f6e6dc77

SHA512
cb50c7aa3f3984b31e7f113f47b1821e9cf4460ff15559891c687340754090717f139f2688754958773df03ad695fd3e1fbb028a865c1411978015a7e7cc9c7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1bd93dec2a23720190d82c36a42c733

SHA1
9dc9c675034de2b94fb5c68516c85f2cc53a6916

SHA256
cf4de7061c8b0207c97012a08f4de22094a351eb30c6f961a27385071fe15ce5

SHA512
dd465bcf2d408c65bc1a9e203ad16969a433764d80600292869a9ac80f46d083680833084b1ce60cfda2a934fa5786b1ff9f712397dfbd398165e0b1362d031e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
491261de650bd857e126b16e323aeaf4

SHA1
0603d4adb2c11643f0b87efe2654713f18d507d6

SHA256
96729ce486e5a3e3d95e0d67a9b6da2ec54e66e71ba6448c1bb225ae2e243292

SHA512
6aa5099abe05d28fdd15b5147d278989ca42ec3a9bb734b4b5630be3d641aea213c479e3268dff02b8a00437e4f5424c9e97dbf105c905f13192bac88c6c368c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8bc9230edbf489a33820caafd826de3

SHA1
469b5e7cde8f7d890d7562c31041d984a6d6724b

SHA256
ccb9c638e7afcb263062b3731df218087e31b1aaa51be5df1f85894c82e205ee

SHA512
805077ecc41ebcc6415c716697f504c357949af2805d43d9f17e642ee37a023a608bd1fd9e68d809b8cd344e16d9989f81555bfd7c68b3d8481af2b8d8465e51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa1db98a506402a890cd3a7edd3ca36b

SHA1
1534c50d2d8168d34290a2937952fbf7fb728b2b

SHA256
65b5946e345edabfc6b568230f90c3047b22477fba8ee2224a2b5b3fb54f08d5

SHA512
4315f07a837e9df491a9051560ab78e8e71269ed3860189db11fa93d36399ab7e60b9465bfed1b9bf03b62aaaafb26bb075a5d019fca33e06ad3a4bcd1df6c22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
807735b51a44a652584ecf815b61f8c7

SHA1
ab6441a6e9346ba031cf88da61a102e30fbd7e43

SHA256
623f0ffd56a7b90fc9bc0839cadd7263b81814bc815863c2171eb9be7ad59015

SHA512
d9b5799eabb4d6285f2fc20c432977bfa42868a3fa22baa7eeb751e689b0fe0eedfcd989d2471e677d8ee751f758af03b54e1d98fb63519962bbc3ef0aa76a77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a1d1c1eb2cbc286cdb7d02fd22dcca4

SHA1
7cc26888f7e8a7e25f0aedaf21ec5521019b10b3

SHA256
dcebb6b0b98a2f8c8bf705598468ddbdf74c4376c1a8c6f8b62be753a33fccd4

SHA512
9e7ce5d48ca0ce29b2c5fa109466bb273b03127bb853fb300eb553f50bdc3092688eabc0cd1539faf471a169604a38e62b250d5b2930175556da33f9aef25a5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
266c4d63cd8f67e07e3a4ee98429abef

SHA1
9edf0380c7a65efc15cfa6107adc49464126ffb4

SHA256
e80147488c2a456a9dc6ec827dc471fa7ad8fd790df30d2a596ebc4517d0b1ef

SHA512
2c6477ca94183da5ea3581ff042cfa48d8a6b87079abfe13df2106a9ca113955119184ce641ebdf57d8372d35499f61fe77a33040de326b17d21d55ab6452bee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8db7f911422b309d6cbb3f71bfbe7ae

SHA1
be7c28ded97393c0225313b12be2a87690c55009

SHA256
661ab6ccecf2b30e1f996db9232437c5b0e1c2d9684fa992bc91ebc2348e221f

SHA512
4aace76bceed9f77e8e614b2e9effae7bdba98d8086e20dda1f18a6f7f45b3bb6927673bf0399b2f3558b644fe28ef43da8f5adf2a6d0ba697c39ad424603232

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF6B0.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF9D0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit