312b89f503bf2261c3c7d03178c77e92ed91e0a41af6c888da4d171efd20299b

Analysis

max time kernel
137s
max time network
140s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d61232972d77b9dd44c942b9273a4281_JaffaCakes118.html
Size

139KB
MD5

d61232972d77b9dd44c942b9273a4281
SHA1

84652f58c6aca6b37f5d1aa0b5d2335310c3e771
SHA256

312b89f503bf2261c3c7d03178c77e92ed91e0a41af6c888da4d171efd20299b
SHA512

b0f439efd3c7cbc941c2158122c0fc50790361bcfef0f521fdd4f8ffef38ae625263f027eac9e22aca6c8890fd5a1b21b64c8fdbc170b3cbb1c8fd7d2e6a2998
SSDEEP

1536:SBV6A4NeFlgLyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:SBExLyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432037190"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AE6E1291-6E90-11EF-BD41-DEC97E11E4FF} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2432	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2432	iexplore.exe
2432	iexplore.exe
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE
2764	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2764	2432	iexplore.exe	30
PID 2432 wrote to memory of 2764	2432	iexplore.exe	30
PID 2432 wrote to memory of 2764	2432	iexplore.exe	30
PID 2432 wrote to memory of 2764	2432	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d61232972d77b9dd44c942b9273a4281_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f68b20e3bd6f96d2db60d0d633e6c89b

SHA1
173ef4e0590c14aceb7ba15d55b0073e348fcbfe

SHA256
e80078245b5266933edb5aec2e4da82acb96eb3ad82ffd3b210d41643ec22f2d

SHA512
b537cb032bfd9b81a09e27e6097db4b57293a014aadcd836c1a705aafeeef0895d12ca8600b99e0cb4e29cbd7053d4a40ba36901032e9b5acf8691eaf4c70df1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
821c5895c4258c7d25e394775fec6bff

SHA1
9230285b559c1f4567217fc84ae41e7e0d26de8d

SHA256
f9838e46066350cbaddd0cf3041ea97268dd43406712039cdb2d1d53b2e375d7

SHA512
ba51e43b58d546aa321a9bf5c719c1d65c3bbe622d9cb83c4333d54ff38755066caf577fd7a856c57e11954b1ab0a92673e229f21f05094d53c129c226deb126

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7090c6df9a928345b59332df1761eb8e

SHA1
38f16a1d36c0790c868bf22a04a487472a8a404f

SHA256
ae1eaf355063803ea3828f8e475ca4d2b3d3b4b672e631b59a7864237dc240f6

SHA512
f1d2e7e867fe182cb62f133ecc1b0ff18978d7eb1ea8855c35eb81aa175f8d8c98c7c799ca80be830eb3499673b3421f1e013e373682d6d2afd590fef120098a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
639f067a443e984cf78eae801e01a262

SHA1
b7b000bcad2407a53ba3799809d07a6ef862f495

SHA256
36f8e80e0016adabd328bf804d18395ac13ce93c1c21512cccb64bf650454b0e

SHA512
7631b391d3d1ae87cd1c3d563b5ae682e08c3cb9569141f24282edb4deabd836549b9fbe5fa8967cd1ef602a3cbac9e6ac1861bc514ddea9bf805e8e50ee7537

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f98793c804958aef09f5120c12d227d8

SHA1
a0c12446f92462402ec44e78bcf2668bf5cda12c

SHA256
31ec6b8229ef69acb44592b63277583d092f4c55f015015ff4bcf553c976e943

SHA512
8acfc1bff7d8ff7335dc1d9b50cdb76afecad30fe8286cae6baa367b4246a9f6dd6f6c6ee08f0d24e3b60076a74a0411afc620fbdd8ae68bb9108b3920e52cbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83533f736379efb932d0795dcb857da1

SHA1
a5e741ef94f10decb12320a95dab691dd0ceef19

SHA256
23d0ec58d761cf9eb9951f0aacf1c6d2b3915e378333d383e9b86d1bb6f3a862

SHA512
b7decefdeb71cd7ec774b6e8256de23ab62f5dce81fa97988465f02ee7dc7c4bfd6e1c898aad0f3248e87655652f82acf42166716fd7dccb1120d4ef1762df0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
369c0d5d55417d266c3eca0a4d969d50

SHA1
7d687a8ff6276eb16e73194fb06d30f9cd6ad553

SHA256
510f6f81fbc99a3dd896455374f7e4a3a4532093c6c0b3cb6282bb49a24d350d

SHA512
776a09dd75d2bfa202bd5f4bdd40f8c0a6c13cfc27a727e1ceeae2c97ae2dad4676e99f5aa0a8b6680e7791ed410329b8755b46315c6007f6abc20a84d0ea1d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1cd9f5bcad9129d3b33c8ed898f46aa

SHA1
c1b687157c9512a5e1818ff8caf248a6c4c5f920

SHA256
114299f54a21ca658bc9d0df1ecb36ca3058e353cf409316c7e236a8d167a3bf

SHA512
d84034e38f63918c9596cb16295ae9b009cb0dc7f8e2f91ffa88985cc16c25377f8f4dc73d5fa6201cbf94c88f6fae198f5aef390b183e957f6c28a3f5f590fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
699910c6767445bb20b9598379a178ff

SHA1
e195967b20552a7e33f9e35020d6209ae3566d5f

SHA256
c7b5155bf6b7f5b7b368ad665db39593c28853b5a91c38334f55a5547c316e55

SHA512
d273e27c9803197f2d8769f7d8504f1a49d7b6ca7e54df12e2cb4de653f7095e3d814194c114419668bb8e10ced5efc2ba930e9ab079cacc57c8949c17c3e616

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0f9b2fd80fd418f25ce23e87ddd5748

SHA1
a42846a5f15aeb772ec4e8ec4fc6c90ece60ab15

SHA256
2f80375cc69ebd6defe567674e10a7ec894a8570adafdaa475deb364e38fecbc

SHA512
e087b8bb8d5f38fa7b6455534fe0bc8cc5b1ff3fc2b96891c507a72a7d40ad8828002588b5616766d6b762340eeab9ff2295737e7ad8e44f02ebbd97e2dcedf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d99f92c587711c49873ed1b726e8d66

SHA1
e0763e6bac703daace3e0623f97307875a4e0711

SHA256
01c8e8786970142015eb7f9e47b43a9ff175613c7ce237ac9397a01a7f9209e1

SHA512
8ab4e4914380a8b7f59b57527cc6d4e6882b70df3bc4680b1629fd21566e9760dda86b936c3cc938f97672e2e72b7db134c283f963a0d8135d9e16dbb08973ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0056ecffde0e89eff9ac7bebe364da48

SHA1
8356316f312315208a43155086c4902490c0b0ac

SHA256
bb8e43d8d16365fab2f115f821e4c9dcafc026c34b7ad4ef362534a44b4e49ae

SHA512
726bb6313afd0ae956d3772f49fe3c5697c5b044b087390bcb3c8b61a567d105b044dfeaeac18c510a92aad29cbf362091d04dc27b09765150b6f0516dab35ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44365903be8a4dc5fae407412ebbd61b

SHA1
d92379702718bec78825de9521b592bbfe341d46

SHA256
8f9914bdfdc1498034ef3b261d60275ed07b60eb8a9ea60b8222af633199165f

SHA512
a189552555981734058763caad2e315f7f473c6770ed786e01b71b0f4c60d5e47c1d8890643190d4153f2b20373e1ade1aff4fedbff41159427357f85a5a854f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5e7bf11ed9e88816f4c73b1ccbb98ce

SHA1
855bfe675f0d6a5e3f72d5d18d090a4cdc4d96fa

SHA256
17c3d3bcb5d537f458884487df8f7aba412817a01c6f46bc8dfb9139d7c031a4

SHA512
0bf2533e8da6c844b2b9f572ddea69170e422004d26918533e7def37f5b92157ff09b9c59c3888cebaa6ac5542fd3b9c4e5165c5a4feeddbe3c805853c308f6e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8c61460037edccfe4b366155af04ade

SHA1
9651b0c5f5f8c80fa41f619454060c64e2ff39d9

SHA256
30aa7156e512777953dd80093b193be80d7974792e0041a873870f3cc4f0377a

SHA512
c3ce019fede661b3d68c0b2ec594eaecd9da00411fbd9e6adf51c89460e1bcf69e9741df1c9b38769b16ca981ffa0dc46fb01ee6ab4588ed95fd7d16fbd876c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
129aa4d9c8cb41f930a92fea49edf124

SHA1
bd34b446f4f9b15316dafc9bfe7864a6937c3aaa

SHA256
0c1630fc66f944d275400712c96acb366bbace306515b9450f74e6e4b281598b

SHA512
cf11d627b64f5bcfb46a735dcb4d8e0e6feeaa8280536329fcc6829d8726f0be96e62ed70e1e5af0ec4bed872ab4d2606669c2894c365227db94ee5ad837c67e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4866db476f27a621f1827ccc99443162

SHA1
b836e2793cbcb954ed98f53c85360bc0ca305514

SHA256
dd6bd377e90de4c971cacd61442ee81f60a014d70df0a052616a622f62b6116f

SHA512
2a4e6adf3095a4b0f227481e94f912c3b9dd1dc47aa5a2f1ea04df4cd5019bef9b775c622c1c8d4faea7817b95e49448fd794c3664cab58ee9465b31a6a5dbd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d0e93615508341b92db6ac03721e387

SHA1
cf04dad97830f641280055ca6c1e1318456a407d

SHA256
9a9824bff65aebe438f227f7fd4006c06dc24956c8edae27571effddade89ffc

SHA512
8cdd4f6ec17a52cda881984451094aac742f48c8b0d210f230fd4ad908817e831036d9cd016ec8c3d9c9fb735cb057a39b653c36235935d0985cb89e4f467890

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4D28.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar58A0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit