44445cfee65a24da1901175959d7c6c4441bbc8328e123a15494592954a0604e

Analysis

max time kernel
138s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d49db49332d603b329a979e17e2044db_JaffaCakes118.html
Size

67KB
MD5

d49db49332d603b329a979e17e2044db
SHA1

26a0a2d805dd27111105313280f641766ddc1b97
SHA256

44445cfee65a24da1901175959d7c6c4441bbc8328e123a15494592954a0604e
SHA512

570fd5e049b3d28c32fcd02b745d94b2633bb8476a2ede14fbb3abcf9c06c939a8e6b4f3cb706b44a8ed21cf97a4b8d55e050d9e9efb3163dffaca988341d4b9
SSDEEP

768:JingcMiR3sI2PDDnX0g6Zi6YQONoTyXqwCZkoTyMdtbBnfBgN8/lboi2hcpQFVGo:JJPXqT04en0tbrga94hcuNnQC

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000003474bf4dc5811bf4b1a64cdfbccbca439f6346aa5a8e29bebde568fe55157042000000000e800000000200002000000085b3847016d73253410237665536245196c73f183c29da0c74a0c7c33c0cd95e9000000047ca7422eb067f7bed6c6288a2e80c1591a7cfcb40e80a0e7c6dbd68f93ffac15ac879f75655a88d2cd20b611ccc2a33c981410b7984fe30702d112b4568d4fb69468f904e28620bb1e24a20cb841a9c0cb70f526e6d2ebce662acac4bb19f7e00de20d3a564b3a0486313fffa942ed036e17492faf41b033ff840511f4ca2a27566f5c5405087cae82bb6120003bc0940000000206682fd4c5452aea84c6662248cbdc24e4facf0116c0d1fc4c64cd675337180489d587268fd3c7e5657c3fb91855ea61f9600d077f449042cb280451e9e6115	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ACE2CA41-6DF2-11EF-B0DA-FA59FB4FA467} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 809eb287ff01db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000055f55eec79e0ba6f933aa57cac39b443e03ad6e42b4569784cf47482095fc54d000000000e8000000002000020000000e8153a8dd87cfa964acec66f0c7d76bb5f21ed9611b6fcdecd5a288407c0a751200000005cd6533fe36cd068e6fae6406e82865da21a8f2855cefb009c13d90b4cb124c34000000082d9d6379967f7caf6a3d17dedb5fae6a1233a7a0f4f91454d56fe14c9b7188179edd95c3c8714d6be38792f295f7e1254de98d3268d2e6f97e3bcc8f9863123	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431969323"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1652	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1652	iexplore.exe
1652	iexplore.exe
1804	IEXPLORE.EXE
1804	IEXPLORE.EXE
1804	IEXPLORE.EXE
1804	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 1804	1652	iexplore.exe	29
PID 1652 wrote to memory of 1804	1652	iexplore.exe	29
PID 1652 wrote to memory of 1804	1652	iexplore.exe	29
PID 1652 wrote to memory of 1804	1652	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d49db49332d603b329a979e17e2044db_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1652 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7deaf64f8325007b3c7f5856e44e8efd

SHA1
3798e43ec60ccaafd192e22ddba9cf2e6f6cf6fb

SHA256
cc8e91b1433ceca0b490a9ccd6ab9455c85f2d359d558986222985bc78a38ee3

SHA512
ba8fd6f76f63d3b9f2095d806656fedc6f7f95e95cc6fa45e64e7b11b46de2dfeee599d67f9df691db14c819bb7f0906509b1406eb97e3306fb0bf7386d65c19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72698a3d8496c1efeb42316171341db2

SHA1
db1c9847e9ed9b73829b523f13431909fdbee00c

SHA256
5e79a3dc427ab2d8d103843eb11db0a7b50561d3ebd70df88ae0a0a2ac8b4e95

SHA512
529e92c4d037266142a42614138ddc32e238ddb5c5865d903f901714db080a534b589ee5afdf647121bfe5f53f4dc80643547722647a966be6ecf05b84566817

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0bb52a9fbe05471e75762418136fea8

SHA1
502c72586d04097f4073c200d046d1f707f0d4a2

SHA256
a73032f12fb555af8d9d0323499b89fa06da1640dcc25be540c10b24bc818b6b

SHA512
a1d573d663448d697408ed1ce8e707546820e432ceb8cf3c5cf5449adbcac7599f6be233fbaebb6e139535b0f8b796a9e9b9577876fd3984f59160458f42694a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddfb95ac769f59611b896e7d271b04be

SHA1
a400c7d68ea839852c76f13dbd6123901152f51a

SHA256
55cd8ae598c8fa1fe6860bd6587c4f06265b855c145ba4feca490e0f18bbd543

SHA512
fb31365d6993999471b9bedc6f875b076f7cb051f486a42804df58028ec902633d2b65064c5edcdee2a648c7514e250ff6ffb3128dc2f8285d823e014743c5a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
473e94720bea97503568c6377d4b3ec0

SHA1
e2dabec588d961928dcd94a6b90b8fc3921250b9

SHA256
bd22a2394279c79ba93117a166aed09cc9270e741ea2ebb03c969035da0e22f8

SHA512
17995afdf3f4b5688846bd15896766a10bb2635578d17a15514ac0f45eff5c4da7b2473c724d48fca15107e71811e265d27ed17743a2d88937e1db522a481bf9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41f8d5a5cf7f0c37b14b7f743b0987f5

SHA1
0e155fb23e2f78bfb1ae952080e7d2bab2cbc9ab

SHA256
8ccbf5c27b1e86b8db3169780111e4c51c60cb9e5ce28f4f574db4e043f85d8a

SHA512
1d5f2666ed0daa349594b52a1bfb27c7a8b6e497dd6f994c4f7d14816ab30e7881ae3fa2ee72df035133b1ad089486a6c35219b668a435aec929d269409de4d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b64b2a1a6dafa42bafead15a110cce1

SHA1
39f0b583699cca105f0972a7781800c495b64984

SHA256
6eeae289863076f9160f978a88f461a20ea8c42e57abb473c16beba4e5df2765

SHA512
388ce90e8de343f62e2a3acdc531f06588fb18f3e0256fde3b40bd705f28d41c0050da8c51fcc325a462b8f85e396767de1dbd58c2e48acf382814080c7b33fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
110dd20817550fa044ef93f31f98c07f

SHA1
dc9de6c590016da455ef07069af6d519f63af6e0

SHA256
9441a3fddc024f3ccbd1deb8a68a57e07f17524c29e8e9478f6ef7d93b401ec5

SHA512
23a0fc24d1b41aef52cf38dbc5350e92af5c95bd6bd3fb64fde2b0701d0465a0e97e84bb42064667e7ceedc67e7ec60a79f801bed8e299feb4a2bdc0b30f728a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
741e416e6bcb1eba0aca27e9084c7f17

SHA1
e76695333d62b15766cdfdce010e3f39532ccea2

SHA256
abc27ff1f3ae76dba29e1e6186490cdba90fa586b0b55f0d8139d3a96d1ba572

SHA512
de3f512f522117ea98572f4171ad56b7cffce7a01b22d6a49990f7ac48566c5c15df5faccd543844bb6e34f0cd2f72645dbb6ccd66a20075eb422c7812f79c87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fd9f5f31ee442e75e9c5a005ca0b981

SHA1
787719bf23f0fd26a52d976ee43d077818aaa288

SHA256
271d5bb647a7b96eae6eabd781cf4a72651f79f9a5b4a2b85a640d7c3f53634c

SHA512
73ec146cdbd0c7cf18aa98fe87976755e0c0743e4c53fffba5ffe3e50de9219fd562db7f5c93b360a2d4330cce1ce694889f9bc4cd777876fb7a8e07fc99035e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c9a24e64d0b74cd3e598ae8cb58e2a8

SHA1
be8aaaf3cad7c781aa310ede1d4e28f33d1f3f5b

SHA256
93810311620a5984f8b1277320bb76e0c2736adb0f4ac9ae21f9738aa86a861f

SHA512
87210f0a7d657174b9f796a41274a7463bb9cf4ddb385891b3b80520d1622e855d8cb0b03266889b23659e1cb5339b5f0b61c753b48ec51ea31985ef46dc02f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31b95fc2f64f3d9faf93c63d3295ff1e

SHA1
61b67a63dad209e467050802ec3b473c0f4ab9a2

SHA256
35172d99819f7613936550c616d09c905c2bb39c24726f0218a5c9a0e53b99f5

SHA512
2021e3ae70075537cd02b7ed106e18141c9fc8602116cfd63b6aa544ddac4e361b68740a325c67aca9f45f99d7173a4580a0168b3340ed192d3b1549ab11e92c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d181425229f9b31f7857fa36c58c570

SHA1
9de1b891a5a981c56dbb7c85e269f1aea5f5167c

SHA256
114ef9097f63c58f6960d5893ebf4070b72d35f5b018c969da61ffefde1a4957

SHA512
520218bed9ff460ae244744e2d6b902da37e7ed6a319db2bf708ce1830623556640132bcae6bf22dce7254e0a97e16213ad4b39687422ca574837d2ea0c06c14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
058701a8672e476a788751297422a0b2

SHA1
d3c2bf05c69bf9e4186079f45286fbfa56a14297

SHA256
d9e05496b60a97f1b903e56b9f285c3b587d877178b00adb01be2c4e66b6a966

SHA512
9a10ac6583964286cfbf14484262523e7eb3754c01d0b2d570ebde8e2ae8f992b3c74df5d41a05ca0bc804c88e308a88c22f17d6e3de47b08d7cad8e4b2980a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c633889b09ee24786a12d112db239864

SHA1
124e9757f89b3f63e079463079a43b39497a9f3b

SHA256
890bc7dd32f83d05aaa912f79f597bdf8e53381c7d4855d201bf4bb6b6842270

SHA512
8bbea19d1a3f5a8173d757e11ea053d1229a4076b49330dc7d818dabb7325797d4f0f4736b6913ca1b43578efc650ad2d61e40fcd0b72e79858a7ecd46145d3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57a3fe326182c78d13f9b46a7ed01049

SHA1
fef8be853e6d9c29177b2d8e27c16cf54569127a

SHA256
0e05d1e41f548f879e674e86e521cbfd3d1aee75f02d6fe07f22c30459b27c22

SHA512
af2b1b6240828d2085533cdf0e7c05fbdcbaa4443798c9bde4eb219266743a4968c5e210dbf79014b3606a6fe435f947c7b3f516415dba9ed3fa36e6c193e18d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB2FB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB3BB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit