1137bcea59fe29e8b85ae5d1fc5989a4d9a682c26f3ce3a6386b7ea1a5bd9d0d

Analysis

max time kernel
137s
max time network
140s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db71a785d94bf80c7b42330801c13adf_JaffaCakes118.html
Size

24KB
MD5

db71a785d94bf80c7b42330801c13adf
SHA1

5845bf5522a265f8f01484efeb9a8b0f10f14b6b
SHA256

1137bcea59fe29e8b85ae5d1fc5989a4d9a682c26f3ce3a6386b7ea1a5bd9d0d
SHA512

6dfe76ff62068f5bb5e4f4d3dad931e5d8f4d2130599097517c535045137dd4c454268a138d3f45ad6081df4d8de269d5af7268158464a0a0e74dd0dc8600081
SSDEEP

384:IDVc0/eDnrS31KJNE/nChV8RHznagpNp1q/bWInAaNBJVbi8BdqcPVHvM:Iy02Dn4wJei/bpnAaNBbbXCp

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000e9a6869bdacf1c8563fca64648dbc4c251f9f7c223fe561dd9461e5be6f4e3f0000000000e8000000002000020000000a6d2bae2ce454588bb1b8a2e209e9165261a22d5a00faaa713c38a53ac1d24d720000000cbc1645e2a09fefb0aa8d82203e8e55eb02150657523ee16d28c0893a5c965e9400000006ba237742e54a8da6a08670c0c32a979dba3f09dc812a1ef74f92811c8e632af223e720c538d207501e0a4bc6d223a847104a66bb5a0cd71c8dcd95bb0513e3f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C74E8331-7098-11EF-9107-E62D5E492327} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 00b1bb9da504db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000f041d7ea317c3bf9c62f24546b42f5fb9e9f1804488a2624dcc162edfd015b77000000000e8000000002000020000000faa1ecd12bc41c80a7fddce51c7ed69f9f19efac0c05b63c2233c6416c5e0a1f9000000004b72fb6886a69e36e679d95c572f10ecc26fbe44c03a2e3b4f4c3334bf27e0d500f051e6cf2671ce23f7a676483b849658c381949fd4e496b866ca9c406720adb831c0eff2a6e6b7eb53c1c4d29d6d6f4447ac7ef7992ae74533709743a65c1c653a6d186a7a39be9b0a370fc2ee8f9ada797c89ebb094c08f1d8e9effd1b76c4930a49d4515a44a7f362b2ad7043f440000000dbf0cea9d58dcd26ae0f11ff4803b39f3fbfa4458aaccf9039223c8f1d83987e1717f8f336b0504b91107deffd4a66e86f26e3ef95299ae28ec9598020995f6c	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432260566"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2260	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2260	iexplore.exe
2260	iexplore.exe
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE
2964	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 2964	2260	iexplore.exe	30
PID 2260 wrote to memory of 2964	2260	iexplore.exe	30
PID 2260 wrote to memory of 2964	2260	iexplore.exe	30
PID 2260 wrote to memory of 2964	2260	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\db71a785d94bf80c7b42330801c13adf_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2260 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93853f16dba45756bf6b0de521ace66c

SHA1
e147b8e203dc1428dc94535613ab09b250c3ba4d

SHA256
8556b3f3bee6acb1799b667eb62aa8d5dfd1dab736922766455813e1d75718dc

SHA512
aee94b73bc2d06e00951f81c962efcd9635a74c38058de92e48b216b7dd8676e50f00c7eb12557d880cdf6e2cbdd48483f229be1c2c27db5ff628f0615142780

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a978a583631f60a87e699c760a1f6c35

SHA1
43ca1daea3e1c0609739d8f4f7eecab30390ac05

SHA256
0fcc74f4f28273419bbbb34eebcf64951a608d98ee7bfb3f262288bf7f04c06a

SHA512
2774d690f6d2e3895d771ad0d2615827627a339a50b7de49557c45949ab804de04f7640cbdad075fbf86dd993fedc6fa81def37ddaadc5ede19bd7f7758b0550

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c22eccee3e3fe05f36a0de702a198a25

SHA1
e6f824b01ea58d41e2493cbd0044dafa1017b625

SHA256
bf536fb08a9029513f6da0f3babf8c66ca75a711f4444e4c4e5ce66cb3bfeed2

SHA512
e30171992d01dc1b41f4543ec01eafad9101ceaaa343bce3a88529d8229eee33168453e037467670c1b70cb1e3e05f89e63ec229140c9128f1679c04506be2eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2168309c7f39801816ed09660856b22

SHA1
b721464716a25d040135876b4bc1f887211a4ef1

SHA256
812b6d68bf088402ee24494bfbe3c1effe4375824c22ab08488adfe11161b720

SHA512
7101a6207b6f49a526823e6883f2c66b90a3391800ba429820d520fe5772a38065226492ed8e2faf5ccaf68dfa3f1477680ee4b3d2d8572f9baabf8ff0339e94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a445c0585c5593617350e10dfadf0e5c

SHA1
a03956e46bfb4620817b535ef3dd006d5f8ee6d6

SHA256
85a79d154e096be753d03868a79147cc3cef88371693312551d2ff69b617e2d9

SHA512
3bacf99f5832d58bf2338011939126dff9b7365f4e844c5d5cfa5080e3babfc67c95070c814f2b6f62db7156aad66b523fe958d0669138e9f77f84b5edbf800f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7515676694e223566c32449c2895ebda

SHA1
a66488c71761dfdae3854413580728bdbc99e8c5

SHA256
7de044bac05c8255804f7f7c584a5133826b8e318636818764ef751e49d878a5

SHA512
ef6d597a0d8a55f60b5cadb1b310bcd57ecce459dddadd9aed26159fb83a4fc1c4524b2cb06544c71e8d3f7adfcb2cd66116c64f4a376fa9f8cd8d6a458ae22d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6480817e799b39a0b09235bad5ac1ecf

SHA1
ca5d27bd342653e7d6be6b4fe24d4be49dcf06a8

SHA256
a1caa2f4b0307aa0bfe5c8c2210b3dbc42a29dfccac3687113a9c1648397ddc3

SHA512
4a689576109ea786e5b9cc0bcc39ea290b195459e2bf173ff8608b9e6cf91664e6082aafc5f509c35056f2f798563c766ae212f29ad25411db76a65fe37e6e6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b62377af3d67ba3b9f246088656cbae

SHA1
9b710c1f81270ac2257f0c3c34373e9572e9ff06

SHA256
c2c235912e3b02ed78e166759fcf7217a6771118082f85c989ec0bd5539f66ab

SHA512
901fd3ea2567418ded073249d2cf77e74b2daf9aa4ec223adab1ba81cf93a08b878656620b4b42d7c7af17cdb4c7c3772eba90bea64b7b3921eab84de00687fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba3f104e2d89b9f82bea92f111049a2a

SHA1
729e8b969b7860110a81e8d05e4fb282a9ea4ab1

SHA256
a16bb39c4460fefe620bc5ffe69977286b26d223fc5d006c55a2feefaf9ccdaa

SHA512
3e829202dfbe5166901a7d637e729bf9f7e7135ecfdf6cb6716b186c0ea928504f6e0733aa01ed7266632c88e0a1500c5e071e3217cfd8a06e6affd45a4f9707

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df4187e4887672b62739d2b8a05a9675

SHA1
6caee7a6b99cea85ac0616d8ceb922a7a58857f1

SHA256
d02b0c11dccfb30e8ce60dcfa2b456dcc6dc797e24f33f6e314bbfb8ecfca515

SHA512
6cd17dbcd4783accdf5bae980ab5e1adacdba692929e3904e510d82da185a1dfcc6f042a784655531475d37f24a9d849db77af5b7cb3656cd36330ed3d8807fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46e7573423de027a8fbb67e2b72bb617

SHA1
4538e73abb1b3f576d9ec472958fdee2b60bada9

SHA256
c493833874371df27bff4978db2ef79760518637010cac1f0461edd666b0854c

SHA512
b5dbe905e25bb7cdc20eae98cd109802e9ffae0d5f50697d61e4ee8a3684eca0581a5306758500bdf7c12d67d0e11b88ba8dad29d4c1f318d24af84eb27e18c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6187c6e1759ebf5d2be8a9d5d65b0af7

SHA1
c85549950111fd1a7f0a7d1a5d10363e928e2a48

SHA256
77e241cbdda010b237108f9c4bec8134683ee14b7325a5eeaf979299605daacf

SHA512
1975c45afaaecce8f1ae060abad9771e865b898849b00a6cbc67906e24979679322accf83fb6677280fcea6f1618b02f5d8ccc23f74998658bece4c0f9c11675

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
905174e7b382677c7b0dc5060d60de98

SHA1
1aca560303c9cf35b6c82580fcbf5f0d96d7bc37

SHA256
5228e5c91487f5d022c594d9124f39dc4975f2eef499c267bad1bc15408749c9

SHA512
a5cf25956083dd6ed646b12af4da718020f570a29b63f08cdd65421af069025534e21f51addc2aeb01633dae1a1b7db73889eac9b34cabe77bf4a942d735b68e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b7e6263b652cebc11a931c72cbaf72e

SHA1
a38239753ea15f867d33db5d21b7f263b3d3e7e1

SHA256
7ca8fc39394ead750aec376589cfcfdfc9298a5706a154581b67f998d29a45ef

SHA512
65506258434b459241b1dc1c0d7055d453a70d7008e18e88e15a3b4bc5d3d8755185a2e60d7a7ea87b774a7ca9a6a44f63276a770d5fee49843d494f8987be2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4370b42c78517bb6c81c5618f28a6cf7

SHA1
5b996cf83b3534a1877134a81d183148f792e779

SHA256
f0d5310c82512b35325e2cbbfdad978df3156d900921e091ff25dfceaeac1d00

SHA512
fadf44201e63e4964cd63182219476227eebec6de35d75e2a7f22d94cce93941135d67ec2ada488722c06d8304d858fea2ea74ecccf99f416e4cc4579e7c4b6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
059ccfe95fe0af8970f2177c351238e7

SHA1
5545d1b2a8ef4ed98a175247458d5272b72fade0

SHA256
2f544c80d815252beb93e54068d38c521ea123f8798e7eeafe8308591cad565c

SHA512
357b1d08dd21ec851826f4ed8c8f2de80e18b431802a06ab6cad086fd077e8a035a596c0fdcb3671ba46b969f43e6f9363cddcd06b641c7e704eb86c2f9690af

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDDA3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDE16.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit