c0957a23f26054d1573797aca93d8d8800eee6b9a18340e50efe0103350e41cc

Analysis

max time kernel
119s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4d35b4523df855dab37dc126bf1cabd_JaffaCakes118.html
Size

14KB
MD5

d4d35b4523df855dab37dc126bf1cabd
SHA1

fff3c15b389aca7897ef18de97278f6f4a21b348
SHA256

c0957a23f26054d1573797aca93d8d8800eee6b9a18340e50efe0103350e41cc
SHA512

8b8586fff830f5ddd21fe71e74a46053ab4b3e94a3c74425dada0e2d4f730326389725396b3993896508cc661cead96d9b25f11003255084521311c08e052bf9
SSDEEP

192:MgLkJkDOUCVGgBIi3A4nUYg43fd4gFtdjVFI8HIn7310qaQzoDpJE5oHoKo4:V5qUCq6XUj414gFvjVFOb17aoOpC5u3t

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000004c03860d8201292cb1d1b9ce14ef8cf6d9e231083ffdea68a17e89fe9296dbf7000000000e80000000020000200000001fc5a1ccb4029e7b36b6bcf2ab198bbb2651371fb5e98e2066e49b0b143fd2d62000000075851199ef957bf4d6f02d593b0bd6966a81f2ed3acf096d9d29ecc7a77ad8314000000014d1e01c43cb7b2407f2436e65a194b834b970a94d8bb9362dc0ad90a98c9c203e40a260adfdb6806d72d039a162a1d7eb30adfdaeb248ea663809b57cc1d881	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0e83b620f02db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000045f126f929f74087f2674cad8a442f5da98643009386161bd622a95f651a4885000000000e800000000200002000000059a9fa124b564ad6906f3516792496910cab03bd45cafee97a7351dd0dd9fc2590000000da0263758f0fbcf778dd4b491df94103ef9f120186dd2293a7d8895dc28af2d99228bca672ac3b4ba9cabbf7f8da87ca161cfbd978c38eb135ece432a6565ab0de78b880876c9febb2dfe474d73f7acc23791efa1e4f3edbcfc2964a2187db1e00d19f0f6a48e2e6868b0597147d78a7aad47bfa33aa1356c442da89f8d4bd2775ba82fdf982566e0c37c66063caec6640000000dd806a5fdad1f2d08d3e1ce876414ca6d4931fae1ed5f85fb5e7171f20c2902a21cb68d28ebb1b11a3d27eb7be6432474683703f66da6502819fdf8bb57f682e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{745C8891-6E02-11EF-B913-D2C9064578DD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431976098"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2380	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2380	iexplore.exe
2380	iexplore.exe
1920	IEXPLORE.EXE
1920	IEXPLORE.EXE
1920	IEXPLORE.EXE
1920	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 1920	2380	iexplore.exe	30
PID 2380 wrote to memory of 1920	2380	iexplore.exe	30
PID 2380 wrote to memory of 1920	2380	iexplore.exe	30
PID 2380 wrote to memory of 1920	2380	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d4d35b4523df855dab37dc126bf1cabd_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57ee8c9366f916c84a5da5ca9596b6a3

SHA1
e6b74a4b6e3bac439ec34cfdf21b9bbed21a0360

SHA256
9c95b022f8b527b1f0ba02c2ed0f220e664809f0146da853eda2b00ee006d626

SHA512
2c12d70669dc7527328537fa28f40b6db78c7797dc3e45e8810d74a355dbd19e1fa47d47bf0cbb662f20e745e4d939dfccc862177641832d57eb7f4a15f7c705

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b89bc0481c890e6b2b268626334e9812

SHA1
302bc7e0828f779a093f4148de5e58e1a7e5e6bc

SHA256
73103af39e56878d6cbdfdc561b6ed22df3947973a7f31a404ff3077d52e7e7d

SHA512
cb2e3b1df4709b245273da8cb5456c70afe80bfb18b5cb4c087f511488333ededb3a5dc7a91fdb6756dc45802e043bb71b5170bb09c37d29440afd28347a34dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d353d7763cbc03a5212d81576db8fea

SHA1
e0b06d5e8e0bf74b181a36a1d22e7b493ee7af12

SHA256
2f603787bc0a1525d5f44a5427e5cc196c497a8da6a52ded3d794e21508591b3

SHA512
ab7d540bb074b05c60bde085c3c42a4f011e0c402da2b5effc13007a961d3053f0492e30b8be86e5a5c598c07ce118bdf37fa47e10f26b0db53321c23c3a763e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9090f37dab4339ce197b16984b54482e

SHA1
8d9ffd18423d54b65dcca6eebd83d25c9eae646b

SHA256
c18039ce46001ba841dbb00b8df81a3875d0128853f202ef348c0bf70ba118d3

SHA512
8fd31b6ea22027d84b94348cb29330c082002fb1320f0399e0e82e792198dcd642aa655fcdbf719218f591725ce49b2f3afb6cc577d43e4e6d03809941aafd2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecb2a6fc5ff9f195006a1b99c71527d4

SHA1
070cae9636a8974235a090cfc657322778321f7a

SHA256
2e49085f62fcf59d2c6975db5c3a0dd46cb1e54d2d8b24f3cc3eb9eb387b11ae

SHA512
607031ce46a3350384817562ec1582986fc9dca2e71c3493afc55e312905153935cbbb90a899a15b5764b409447f511f347f4c6bcf687ef2c257b444a1a631e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d112c55fe61b79215d5876e6a239ea5

SHA1
ffb57b150712d666c196c773cd60815c69035b02

SHA256
302d8e9c86e80d460a9a10dee3916089a1f4fa6fc415a1b0e3d3e8df02c0425c

SHA512
113aadb4afc23602a479eaf25ee45715a90804bd4370e1cc4e90b6ea7da3f1dacf02e381ddbc2c068f620459a8a4ca3928d908ebb134302cb047224fa6bc0a99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78261b05f6ec5373994ab67083ecfd89

SHA1
07af5da38e2929cdc86c19108995509d943ab6fb

SHA256
c9bad1a9b72b34a603d2b98971fd715013833a2c7366020e85a69977f54ec8a8

SHA512
b15c71a10777969dc64b3abf4cfa16d563b7e847df79f1be411b4267590d6414c337d28fd618ba2f7b7d960d568d1215fccef8831b13383377f6b68eb25adbcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ac9d7971f04f873c47f2c2e3d010b97

SHA1
ca2f311c410141a703c953149ab396224340b133

SHA256
bc1f75e5176105046b1fea39789d1d167f11ae64f6d316e5bdff2ce44124ca17

SHA512
beaf73d63ae9547142589035cffb348dfd7dc01bd917adb0da333fe34ada9c3b19c655d606a850f8b0b2d5ff1c51da87ca7e2301b898050fd3d7a82183ab66f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ed5db9720829e2382898f1ca570130c

SHA1
278f276f58aaf93b66d20ebae487c32cc9713d6e

SHA256
48fb8aa7420833f1f178640b7860b76a174d4baf920cf8461dfd14318199d36d

SHA512
3a1077732f82113478aa3e487af57a95edc27570184b9d1922549ae37086174ecdac0cc9e04432a43c86c05375cc0fb047dead94e1ad2ea84861464ecb2d373f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45751ebde273b8a9f0c0cb2fcd6b6405

SHA1
ec7168037e5639d3dac00c46d915e449cf973f9d

SHA256
d4a00fee0a897becccf4c6c6fee383fa8e2aca956f2e87c5f6cd9e03de57be8e

SHA512
6ea4642a17c2a50d87a5d09a4a4dd2e285d4a1239ad9a73fddcce49e00984ba8bbea1e79a9a48e52c4f0413bbcf5f85556293860e3f55912a2e2a67cf996d6d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4d5e7da5a919c4e6a7e9fb6362d346e

SHA1
add32ab3aaadc816ac24ddbd9c98bf3f8d6932e6

SHA256
d9d3b2fba80ad8a1bce9b9ce23f0071a392b9b553c2bce99654a6e802372fc23

SHA512
6cb0f70a77cbe5aafc46b0d93216ed08363701273979926f22107c44362979de2625971030fe65b588d387d3857d2fdccdce7378078437d29d7773a3b9495e1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52aaf69c247b29b412bf490aa2080981

SHA1
ac8d7ee657850fa9f8e7fe4b921f854c07fe49f8

SHA256
0f85fa215e724e04290e15887a54ae8017a45cf04d9995b6188750c98a61f162

SHA512
3a496c560e506ec3d0e27a093b7dd6b30bdffcac73d5ca9f14b7ccc5175e0b247d5cd5e72ced4b3760334a632f1812ca68c9f33a0ef5210984265d25e90adfc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4450a58b2049552e07993c997fef26d2

SHA1
170134e68fd5c5347a8d3347ea04f72e318663f4

SHA256
38a0a9aabff7cad38eac89c0dca07b2107002b9821609940c0170f0b53398784

SHA512
a69a1066634a3c556e4551c177dc85ca97467a1818ca5c5e19257687beb0ec5cd63cb423eadcc25c9e8404aee6113a0e38c270f8a0459695a56ef472e1a46106

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c5c71c55effc2eb8dcdb6861c3b6cfa

SHA1
a9e0337b9663f3572f8e94b5d97d0b6d7ef11124

SHA256
12334fab34061f42612516d35a957acbe107dce28a8337d93a005d5ddce75790

SHA512
5f363d09d5e03f60512e0ff2d2affc53263830711938ed055b5026cd8bb5ab3fdac3f879f007efe6effeb3d8ef5d86c653b8e5e4992edd642702e8b4038982bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d67dbf9329dab05cf23e7d21c178317

SHA1
8af38e0380bea942119fc8f1aa86bc02461c463d

SHA256
9db9aa4f5a9a49a5b0227112690f1fbcbc13846928a425843942872ff9b5ec09

SHA512
59fd31fdf365fbb5053c68417706844ffbaccdfae980ac4496838fa3a747bd8e7de415eab4d3c8fac4b840c9cdc3a00072ff9c2e8be9722a9dfe53eb5b701104

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0813967df43265e6290e903cd839e099

SHA1
5ecf7e8664ced5a11c903a33791858ce6eb79860

SHA256
440087f2c48820dbe50cb17cde334976f51807161954eb27f44fac1adb25bf7e

SHA512
695ae20f6064f8556910b62bd1e4a459158a829666ec4070212121b790306c210e81cfebc7cf3e807f70da450b282df0d64fc38f37d3028e1754735c2074b4c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab74F4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar74F5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit