ee9068a23127dcca3b733c1515703539976e2ab02d3760a6648670d02d76e59a

Analysis

max time kernel
143s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3fcfafe53030c5b0521250f62dca5b1_JaffaCakes118.html
Size

30KB
MD5

d3fcfafe53030c5b0521250f62dca5b1
SHA1

e702f3285268fb0190c696395d3b53966a659589
SHA256

ee9068a23127dcca3b733c1515703539976e2ab02d3760a6648670d02d76e59a
SHA512

4349ae40e7cb87bc8ca69cf908b4598b05ed923776ccda8cc37f4bb23d2a1847eaa02747a2d52f8c3aa006bbcef4ebbfbd08cfa5bfacfb1db31173bb41619ff9
SSDEEP

192:uwTab5nganQjxn5Q/CnQieJNnXnQOkEntOInQTbnlnQmSYx/VI+OtoWX7UASupjZ:1Q/4vx/VINBoSCk

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6D0F2C11-6DC0-11EF-ADF2-46BBF83CD43C} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000009cb4b002408049b528f30d897fa3af0f71d2eadb0d70979610d9219fa0f2cabd000000000e8000000002000020000000b48b61e4130ca59f17af3bba67318391cf911061b6c0847169afc1716071187620000000944128c80f25b459f095334acdf1499250b3ecb6f8037b97fb6ac86c4621b4e9400000002c5258de5b88b34942534783cd694dde3f052eabe300ace75dea5dc20bf6dcdea140663bb04110fad2ec3e4f6e5c2bfdfbefad920dd924f0e2935c4bffe297d9	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000e68db50aca628c5cb6b9ed28513de46e7402e71da4037204b9b25fc20120af46000000000e80000000020000200000005cabb9ea9d2913232bf984bf15368b215e433f2248267b5aca3483d25dd2475990000000ccec8d3108f96ac63bf89ed43e64618fc2f0b8df27a29c2e5ab104f61be7277cf90bd933f46fc5df3224934e5073c1cb5c8f6d3c5a3d22c5ff3627ceaaab212817c6ed701fde6f77fc0f95a155b09a40a4f634f522c127ec5dec5c2e4df2dfd56607e70f18c1823db79750271fe10325061cb9714aeb08a17ae326171c518dae6acf17008a789cdc1299b7de2191ebf9400000006ca556a04e7b4b2a965386cd85b98da7d8774ec91b1585de505d74b62b94922c6c07927cf78bddaad4c0fd4c4d3accf0d92a0556ec4d845e398a8dd935c045e2	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431947744"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 401ec369cd01db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2388	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2388	iexplore.exe
2388	iexplore.exe
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE
3040	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 3040	2388	iexplore.exe	30
PID 2388 wrote to memory of 3040	2388	iexplore.exe	30
PID 2388 wrote to memory of 3040	2388	iexplore.exe	30
PID 2388 wrote to memory of 3040	2388	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d3fcfafe53030c5b0521250f62dca5b1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6e82302ccca89dfa37e30fb9779d28f0

SHA1
ecc7d0bf1e075662fe50174a4ccefab7e5ebba78

SHA256
e02c8479a548e885a43c84037f3a242bddfeea42ea67f849efad7fea4b794176

SHA512
537c4721b204cd56b248575f0732d859468d0d7001b41e231d2102f803addaaf35c3f31ae0057d0605c87d3b1935d1be6a30857db2cf824482470cc4ba5cc534

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a417a981ded7827a26394160d85ed63

SHA1
7d2fcacbea7dbb19e48ca06edc4d7fcd771536e7

SHA256
a071e54a5e7bd1d07bbf8bfbb1a09846514b23ad76a1a52e09686b0aa5376309

SHA512
609fc7e712741adc1f8f741d9533d67d442a800f44767d8478461712d2979ddd705fe1f4e568a942450fd41073927c9a76282412f401e66fd06b2a2aa8d314d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5dd3a77e7b45d7246523daaaf0bcbc0d

SHA1
cb2bfed39c4e001d37c8e8b02d6dece706a3411e

SHA256
067ca29de8bc5c5b9d4b5b0f2adf7cc074f66e768bf1734e7b00d44c309961fd

SHA512
89d9b9c8f1d419c5b02f1c3e5c9195bc42f491041f5bf610ed5862be142d3d3a7ba17f37ddb52bc1808ddd26356220b0c31f26a1ef249a3a71173bfd13ba0c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bc790690a6cc1f2a126a4628c8b85ae

SHA1
bffe99cbcbcbefae8a17cdd9972c19260f5c2fc2

SHA256
7ed2983bd7f77dd61b2829246bdbffe273c3614bb98e79fb0b1272d63751f534

SHA512
a37196f73b25bf8b08cd9aaafe9714ba08a3368b348b8de7885b6048ea62fe2b5017896cfcaa95d9c7961a998c2fcc98e9312f91294a8fac276379d10d53c6eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
283da3074ac23fced0d389a6108c517a

SHA1
d3128391b53233fd4af707dd7ad2704ab63ad76b

SHA256
a1700f189b069637de305fb61a12ca848932ab2ace011838911d7f6175a30927

SHA512
6fa7e74166c872b70f51eb88a37383dd73cfeddecaacf461fc724e19aff9b56d6269ac608eab94d96e2df25f7d5e79f1c5309fd5debf19b0ead3e5c1b8d4130a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2baddbb35f6ef70f78a4a5a0694649db

SHA1
07ace100eecd14d2b85009df1001d58790b56eea

SHA256
fbc760427527fb7019e66f54684a3a6365b42f5ba67350a7eae1a566ddf903a6

SHA512
d8a7d5ddb6fc9afcbf1f96b7778459bead156b94f5bb0aa3960a3f9e058ce4c1bb3bb960d21998de0535d82e427e637712e995f218a3128082bdeeb36c71611d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
234058f454737e5b2421dcc0bc51dd42

SHA1
9b6d23d1c4c98e1647ccfa3b6c0f58527003f236

SHA256
f39c88fc20e76b89f392c052a4a2bf86d0a0b66a081a6ad22549da1ec17e13c8

SHA512
b416ec2d72c469e2a4f1a70ac6a52c98b4b0a0a071d57e94790233a912d26e6de796f460500aa63b23d02fa7f05f573335e1f5b6c362a4076716afc6f6e08079

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83816322f845978e7b637b5ed36fde63

SHA1
ae4a8c677b3005aaecc1ae0e24c4529b31c85001

SHA256
42b36bb1d4d27f74119766a5673d2f7791e0f6cb1c490610956a9061428d3476

SHA512
2815cd427d2bfebc13b49c465bc62e4b1187b2dcef2930326b41a363041f7c823594e233937b4bd4a31988c2160c85326d24ad4cc4e7abb2d477f8c468415552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37c3cfb8ea98bfe5d7d2a98ecb358ed9

SHA1
65734faf70d1f5278fec3ebf376f546dde3b8f4f

SHA256
68e55e6c0451f5035217761ab05190480215a03fe594a0148a8495f827294f4d

SHA512
62ffa23c07290082b607d8c468f51615fdab0e1766e53407a724063685a17a4b6583af668c4cb054db8ebc6d62eed56e9a154fde645c02c95ea0ef068bbd834f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7b0fca71e7fdabcc4b24c2ce7c5decc

SHA1
06b5d0fa0c2ebd50ff7af0b62f90835c336b076d

SHA256
b24e8547dd487cde063103a04f56c0cdcf3d26678d9e421f5ce8e2f70c320c6a

SHA512
83aa509f1ebb594c5ad95dd6370a110d82ea4a852396d6c4df4c6cd762dd077fa670bebcf35e164388e8c9cc77f46eb512066ea6fea52a1ba79b82eda5673fcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61143c4a5c306892c42f33243a7cc1d2

SHA1
de694ee5810e77db0c8e5684da9a646715fd88e8

SHA256
1c88f773a014ff56194d6ea223e28afdca9a7abab3aa0d45c9cef2542e622d93

SHA512
51afde3a2d37b280d89c7604037f3b8575c55b95ceb0988795ff3b80a35693c0c013285967b0beecf798cd195175ba759f9708badf9dae489b6a2548d4be5e31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b969a6c6b6102db662ef6237a868ebe

SHA1
be61c30facb788ea7d4a1c4d4700382487331bdd

SHA256
85aac27767485d0053939441d981cc169975e33395a6e44bb605c17435060831

SHA512
9d1c13ad42031727496eb59ae658f3fd91546ead1e868ef0478b7008843aaa374ad4a57c05a287dda007067ef2302822ff19b4f50c727b33ffc0649687473bcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
007461a4a574863252ed15c67ac80fb6

SHA1
46682f565860700807ed2a1ddf45c1e53172b20e

SHA256
77592a9f923353ea7388e7408dc78a2511d9ad4b0913b0cae7398fa4adee38c7

SHA512
c33c681687df7d270cf409e00f54870e134fdb392bfee52af36d302d59a533761fb15ae25408249383164932af00920c477c47fd11cccaac76c01ffe19034bfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90ddc62fcc33ae1db7fd780c9051ffc7

SHA1
8cba057d16bd78633bb2d46eba150278c47fd989

SHA256
92597598976540ea16859e20c58c3185f5fc9e570d4b2d32e19e33cb044bb4ab

SHA512
0807a4e5e1525d6b2f39304dd588f40cefc6b0440f2583622a31d8c0867b9797726cb0b4d1725688096ab8a0a00d5b391432f71c0c3a3437e67db70733f75d3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
725ef0d6c1852ef8f3df61bcb5793252

SHA1
77df71d3a6cae37e0d22d87740821261313d7558

SHA256
d77f5f38d52b34ce6ff24a12ffa79e0691e27ca6bede5ba13458cf5c1fc846dd

SHA512
ede230b202a62b2aed1971947aef81e0c41b93588e156dcd04b331696e580cc27dce3f98754209da202cc6881889c66f5aafdc94794f22d97e34e71d86281869

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB4C1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB80E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit