642c4ece6843d9d553688e290385d5f9cae7b62843b9ba973332804bfd42eeff

Analysis

max time kernel
105s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4e5ad08788aea31eeddc3de6bd872e3_JaffaCakes118.html
Size

26KB
MD5

d4e5ad08788aea31eeddc3de6bd872e3
SHA1

9e825c266fe1dc5a35aff89fa0d93474ce81d7f3
SHA256

642c4ece6843d9d553688e290385d5f9cae7b62843b9ba973332804bfd42eeff
SHA512

d6e45f0900d0739b08906a4ace1bebaa0eb1c13d3aaf1f0213e5c4aea6cbb37739c8ea0b693d6f8ff7e96d7853c4bd1b69c39d43e15bac71466d1bcdcaef8761
SSDEEP

768:k0tZRsV2+66kPENbyJZYDN4n+Gy1JlQ/PQ7b+o:zZRsV2+66k8FyJyN4nh/Kh

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000005807ad6f3badc312efb8e289562f26b3278051de2cf2083fbcb37dbca8e62492000000000e80000000020000200000004da413715d4df2fc8499c56c879ecd2277ed8296c1a6126e21445ccde25b0d51200000002420d4a590d687a599cba2a6dfb2871c4c1d45fcc82a53a39cff4e7c965d16ff4000000001c5c6e58a3fcc06bfb724f83b8fea47aa3b8399903ede1b4ff964bafa457bb7bc8f85088cc6a64f98b801e7612d777da4496c27d5ebb8e6cd0e2b325719005f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0c053931502db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000008734e2c8bd8540749c1f3887aa9a209a62229b414b12343ae81f1d2a841dc270000000000e800000000200002000000042a168e99c0f9344897efc31772a3c08ea1025b191c8e07e4c56a6a56b90dba190000000a43f922214723eceaad1c8dc401ce7e4a005c50d8289fb6be91d471b2b941964304ac4b091e223cbeab130c08827bccfa659860758640b2e387c7532b0ef661492bd57d3ce689944915314ed11886f8210ff6a8425f26fc8c679828b83085fed99b5fd1aa82e8109573f52a7b403bca66586e810ae4172e508ed33882f06dc15f6685040ecc24dc28275c28670b0f24c40000000a61306a787c015aae46e94a1d816ee2897148c3e9411415b53ddff9ff15220d6a0c012d4099bc5c4fb1a4fc70ba7d0a64124c0c0fe270eeaec7d58a68d198e9e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AF743121-6E08-11EF-9704-E62D5E492327} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431978780"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1620	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1620	iexplore.exe
1620	iexplore.exe
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE
2760	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2760	1620	iexplore.exe	30
PID 1620 wrote to memory of 2760	1620	iexplore.exe	30
PID 1620 wrote to memory of 2760	1620	iexplore.exe	30
PID 1620 wrote to memory of 2760	1620	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d4e5ad08788aea31eeddc3de6bd872e3_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1620 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8adeedb3d0d8e995eb311209e5baacaa

SHA1
cacf441826023f36037c307b83d6c5c9f9edb76d

SHA256
1db43d4ad0e3975a6e709a37c47899fdcf20aa07755bc05caeafd396d3308127

SHA512
54bf74ad5ae37f98061497f633eccc8330f27ad1bc002f63a24853b0d5d845b04710e3b8e1d7dc384cdf970c0b83114bcd2602bbae6e6391d2c98da1672ebae4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e88174528fcd1240668298d3681d769

SHA1
7f0e3c185a2506abccea6019c8f74563da57f73c

SHA256
aecc3261c61bcb2c63ecaa3eb570c127c00283459bd3af3ecb6bcd7a290cf343

SHA512
4ff1575cfa208aa0c3cdde9534cb7d0c1854c60052d2ddcf1edcd0976ab2b82d9a3deb3e2e775eb23e40576c8a5f9b080fc369e27946b491f84f248846240024

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46c99f977914a586586ad971ecb17ee4

SHA1
4a7cace56e389b463140902257f66651f57b3ef6

SHA256
1d7bc864999ab7f0fa3efb323097f8903587915c0ed0ffc047f279390721aed0

SHA512
44c1c3c3b5059575e9ceff0ed590be2d590ef200dab9c4997182e2d340fdfc463e96a49e150949e5c8f35817c9282049824303d491b1ecae1d61de253be7d768

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc143ab346cef5464e55690e933f37ce

SHA1
2ed60810bbe4f4d6aede17eac2a81f14a9bcabb2

SHA256
e58322d1baa23c6e6273d441d3149e7124f46518d62c08e3d7aada40f744ad59

SHA512
0f3b50b2e9e28c7c8a685014646a9580d1acf4248f3365de83460c423c618b131ce7d453fa0b811edcdd4d24ccaf139a5621e55c5d6ab969bedbed7b2c9a4c95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d28c5e8e6c51153df2b80e9c98f874dc

SHA1
caeff4d8223aadad722e9211e3aabbfd3d0dba4c

SHA256
78ae70affbc0404505a18fed2ac2af62a947b166d8083aad5c8b0e121f3057c3

SHA512
c517cfe0ef18626c3bb61fc1d146d7177211d6f1151c93f2d14a134e145bc885a58afd2551a1f058411779ad8ecfbec60140e1b8024adc862c8018a4934ca9c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
127a9ceeb222de39cb39e8599639e38c

SHA1
2a6533a3958588e249e14ea9fbe41066c74f86bf

SHA256
4a0e2bc78cb27a2452f9f6cfdfbaef12838fc8a419dab40de1f63c13b3b09c4b

SHA512
f5f6c13cb4bae1ea91b6340f5e0e7a7aae3cbeb4a59393e397dcd3c3245ebdbeaef50b35172721621bc8c3e81d1d22d0dec3388a8735eeede515f5b45653f939

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01632cca97c4c93b8b8e5535418d50f2

SHA1
cab2a62ead601f4fc901456528bc3d7884f21172

SHA256
8e8fc9cab3fd2ed3fcac66fdf31e31361b243491e53b34f2c1d6c96e5f688151

SHA512
35060756ca4c31a373828483671dc141502c2ac7d37dddf81a84acd403dc2c9c193a9bdd5c813b04593d25c855922b659cb6581a1cecfe414f39ec4a4a6385bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98e8c26fddbb04cdfcf5af23ce750aa1

SHA1
21d08bb21ad029aed347cd79ad5861c2e5d0e85d

SHA256
77ef266810fd6c2ba7256977782303e83a9c0c005c0230d8c1f0838f6adf79c7

SHA512
4dc24663e35b52ea71fe4802d10c694d2fba3ad4ec2c72a41c402f121d6d36a0e87097d4c83cc71fadc3afbb70c9e5ed579b2a3cd060c37d675011a72aceb738

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d220be7922677d6c938986389744345

SHA1
a2db5428417e24965429ef5b556d62fadf6c78a2

SHA256
6666ecf3b68e027563b93dc3f4a59b61177e2be8b3cd92ca1396f9492c780017

SHA512
b02451b06c694804c252335bf337791a856673bf19409b2c9aa1e37056c585817cf031921ab4eb310442c9a918c2b65cfab74637079d83e463b91f656a178b56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7881efff425c86936f8b1999b643b66

SHA1
2a0b35f0449318fbf707a8b42e232105b75b2348

SHA256
d8e3b1876c1c5393cfdf3f20c047dde6d57dc2a4386026f88522b5f267dda7cf

SHA512
bfa61ed1f7886e805c95a2b5333e5c09a8970faa9536168a87c4993716c642046f841fe71b51e09cb2c1663af18a5ca9b14a048d6903979f036f82716fcf8929

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8b6f14b9b928c50bc177468b8e75683

SHA1
09ea216f6dbd933f9fd0079099b840c04d8880fc

SHA256
822b8b0313086eccc61847b25cd5562031c0dda7d8cfb8774165d6d8b8771987

SHA512
76c0d6c98097ee991211aee603cb214b2dd89a00f163f2dac6353789f077434eaab40b3f4a1ddde521339565f4287ea6d17cdd4fc6c97eb0cf3cd33ec7752c14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3f3c09458f535f198edc1760b476d45

SHA1
9721cbb0a5306cd2fea057a4e0f22b2b20917795

SHA256
7e965e1e06e14eca38fa5cac3e8a975c7a1d629eba152b3a98c1eefbd93ca9b3

SHA512
cc1a76f3f9c8f9cbd056da55738bb2969d1bb5fc4639e0eb568de383ea07334f7cf760edb84f3683d26287e6f3de3021183fb57ef06bae76d46d723fac570f91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bf15227b2e416abd99fbfed253c0a5b

SHA1
1bdf6b1ebd29c7e593cf21c7b22b1712cb16986a

SHA256
e0c89ccf6b670a05eeac193b857c46286547bf899fbc3c5fa04a7522bbc839f9

SHA512
7c09b0740adde188a3b301891e366065e16ae5669b9ce1749a62cf175f0cba36224956daf6317e04db9d018f82fb294853f51979e0bd37aa8d133ea5edb468f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b322a64ae44dbec9ca8b1cff6345e2e2

SHA1
476852acf694112bcfe2b543564eafe16fd8d6d4

SHA256
ead436798b4ec390af5c5f5f0742666f33ce5f42ce6c2ceb07300512e2a8b1c7

SHA512
1cebef93cb17228464f2b0cb4fe477f18a2cd121a74bc95f216f30c2aa21b98b6e3e17753b10e5c1bb1b4dd4176b7beed5b86dbe0fa29b928d985c96d23783f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0eba04bdf79ac12f8fc19db245384157

SHA1
a2209d22759ff084ecd3b754495346328ba98537

SHA256
817c4f3326f9385654a843b2d6dbc213d4bd3af2f473ce7f6932d1c526baecab

SHA512
5789a1b41a1841c7bee1781ff234fc8d49e13b62f3f2efd9c87624a00d0a7e220d79aa21ac1c80969c3e0d8e1a44e7ee3a5bae0c868907c047f07facd652a1fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84a20256ae5cfb9d58294e300e073474

SHA1
46a641d9c96411e914582549179b65fb0c7f7b50

SHA256
6770d56633676dbf3af9ae9ef36eec44c824b90fde3dd143735bfb8abcc18822

SHA512
b1ff965b5d5b0619773bd834652de78df5535fd8aa87f3cc1b3745f086a7416b05ad2c8fff06cf502750e9c5f6c31235c7fa2f1e590cd61406e547dd6a227d83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3AFF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3B01.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit