ff26862c129c1bd03d3667a75b5e87f4f5a341d8619b562df1be4c3c7e292d7d

Analysis

max time kernel
136s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da64fb69e63319591b8b3dcf3de6984e_JaffaCakes118.html
Size

3KB
MD5

da64fb69e63319591b8b3dcf3de6984e
SHA1

9dcb07d3c1590b76748a13aa33727a87d0857b68
SHA256

ff26862c129c1bd03d3667a75b5e87f4f5a341d8619b562df1be4c3c7e292d7d
SHA512

85d5470e60b77dfc7394c170e1e17437f32f2992a4daccd4c5fa78a2e0f83571a251c079dee9df345ce90ee39004871a3022187a7543e8fba175e1e6ff7da736

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000be21db72c64186baea8349913cea2a97f6f6dd869895b881b8efa2770a29e2b8000000000e8000000002000020000000966ed611c0343b262146152b95281d694436765c39813c2ba2f2e50ee2282d9b20000000c7813e76440af51a87c9aef1437c686ea09dc81de6061e5887af589d2e581b83400000008b03e30110a0833e42f7cfe5270ceb49408c30333ab69d0dca8b33470d673b9bd781993634866f748c217ce6686288100bda56695974d92a1c646b6b188d2521	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a010bb454a04db01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{70347241-703D-11EF-87F4-7694D31B45CA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000b23e4e797d130c652e7aa965944468ef133a20a1025eb82fa423c7e82ecaa497000000000e80000000020000200000001fe09e37f8461be3c76fa2856be9b18c12dcf04da7f3fadc37e79325effec1d690000000665bba5583d04535341b7c2b71cd998f6a29a7470656ad18a900a221e0500c9d111794880858cff951e218d5fc826af77067cb69298489fc50994edbf9d6ab3ee92e6854f89065cc3f145cf4b87eee04e0e602aad4cee94a255e25699dc2f2bbfd3cd69280d784a44cdbe34945aa825c413cc976d32199f82b46f69eea5b0a5cffae89542714d076ebcb50dfba749f6540000000d04c2888d1c2801463bb14fbe2a6d0a4abe9b6e37c96a0a1e572a78afc41fde7bda50e789386ab84bb231da96845a5dd7f016fec976f9cf03d8eef0b6c791cce	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432221335"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2684	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2684	iexplore.exe
2684	iexplore.exe
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2684 wrote to memory of 2832	2684	iexplore.exe	30
PID 2684 wrote to memory of 2832	2684	iexplore.exe	30
PID 2684 wrote to memory of 2832	2684	iexplore.exe	30
PID 2684 wrote to memory of 2832	2684	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\da64fb69e63319591b8b3dcf3de6984e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec1ce6527cb786bbf72001ec4105b255

SHA1
d8315669bb4dc7dcdf0cad52618659096f1758b8

SHA256
9717cafee67724563223f9501d23410763e56fc8e5281db96f5144c5f56ad299

SHA512
c25672ddf9fd5090d5f462d9d0554c0875f4a9ec92d55f8dceeaa77bc57ee53a0c92e912732dabdac009a2b9dadc859bc867cb478e56580508eecc7ed1946a9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6328f34b7c6021f91fa15fb9e9797e77

SHA1
8edf0f79f13e4a2b34160d78df4cf7a11d5f802e

SHA256
62ea7af41d758525c4b537c8ec75cc1d26627a0e75bb4c5bfce79f2506c54dac

SHA512
57903e947afb76a5cd11a42bac051468ff327b0ef77fcba1f461f2f2dbf24ef7a31583a04701e12a13304aba65489c98881a3675a02dee69250c6906e0db31db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a20f4b89471d28aacd451f754304fa5

SHA1
9baffdabb756d1bb92330cef1d5ca613e7c7423f

SHA256
d014a7be2aff5b05c0d09bdf960cdeac3852a5afa69259c998437a616ea52af2

SHA512
10f0bbb5b8b0e12c9e6a082038c6e824e292dee0f2f73fdad0e7b82c200ab00b0b89e690064bf37c337dfacaab64acd307c359bf3e6cbf22c1c42ef1d1837cc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06f5ab717c3ccce1ac49f0bdfdc247e0

SHA1
7110c972f89041ba76a901c8144bffb18efa53fb

SHA256
8d04b5166bc1bcbffdc23ffd6a2fff74a126f713d55739e908efd5e00520fce6

SHA512
9270093a919c1773cd95112c6fa4db621615053a3e8fd9fda1e470facfa3833ecc9ffabd167947880ccf2f51c20c03dcf79c74f5a7dd8f89c1b59275e31facfd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84a6d4df52e3736a5a94d3c9b2d6a33f

SHA1
2ca2eda31ef2a1b0d19bd836050e5c56e47f7224

SHA256
5d03737e605a3d25cd9eaee6b258699e73e9dd964486e9021e8c6cd972b5c45c

SHA512
8548b35246430798f87c1d9e3fe3d7084e7f9857d9477cf77a1555abde832437534c7e8204233fc5228787c8a72f50ec6b8d7705ff547b41551f5ef91c90c2bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12bd7012efcd14789ef29ae70a9e4f8c

SHA1
23e371d2d72b962b0bec27011e1295dc24ccf92e

SHA256
2627da26b23eef342885e39ca3c9c4f52d0b5389ad37177e145c7dbc2e05999f

SHA512
84c4095a3e11b417d201c0a1aad95e91f36d9e93caa53aead3c40e8161e76f63360a55774e8e3af23d4a133661b44495a42793f4564729793e85fac76896650a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fab7bc18d4fc6bf49e5d572b885c99f7

SHA1
75b5a1ecb8c37e847bfa66fc036e562fcb83405f

SHA256
beb229d098392edf9298de456698281deb58df384bf5f648a1a464e6b3b0b639

SHA512
65da4a4b975a2a03a6c26cd27d0a47b958fa24377b7955667b60295517ff474c2dbfc032184518b277f905a6d66309c5809988341ba5882153d04babc01aa4e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b885d29ec443cfde6bb104ddca8b4c2

SHA1
019928ed880e019d75a13322cd73c381a5fb0722

SHA256
ffefe0fc688ec742577865b0a76b47b9df8600efe08edc38d3eaf7a6a7f03613

SHA512
5f2979536598cb8625be04def8a141901b75395a8b2f5dc9782a9655748d32430c0795015a7ceec25586eef04ae037d2a1b39cba0fc1fb56316bb49795d85e51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8f6de514814dd88f0e5453bd48821653

SHA1
e1db0c80782120916b57b602ce88aadd2786cb3a

SHA256
4f3e35e62361620ff418bb0607f93c140300b83df810f303c9ef6957f66a01b1

SHA512
c5a89e748c8fa57300915f1afc90a4ad53e4a49577c04b5205e6b5c18a33664301d8302998f8f083f51105375345d7ce45375e907d82a9240bce30847fc49bc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d56d79360e2b52e11923eb81749e5778

SHA1
ad53b6e9fe8b3cae48c93bc7da1c61b6706e8c2b

SHA256
84b494975f418cdbf6f259eb70725794b83365f35dc5fde30e4c94f1059dfa21

SHA512
90745e1c47a94ec6bf6ad811e4964deeaf2f5721a7087d824b864dd22499ec5079e2e6b30acff2dcecac942aa594e41b9a6cfaeb0f1c3d732df9068425ad6085

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af50d13c9774000540e86bc24976f028

SHA1
8a8083fd6ab98799c0ad225dfbf1a267f3b1fb0f

SHA256
a8c62953b8f0b3474fea8fee498ccfaac17fb6682344178df912f15ed8f89383

SHA512
56580a45a68b4b43b0457e54e57e201c32dfd7057f6080720cc6958c6a663758851bad160522169d0a42f845b05d1dff87ee36d11a335355414953bda8be9409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efa6f553664a4b6761944e17341de7fc

SHA1
7da832f9dee2e00228de8e363885851b941110e3

SHA256
195224448269b6d62bdf94a2002380dde2d1361366690b1d7894c8182763dc79

SHA512
12fca6175977bc1e8ffc78f7cb2c2097ac872fd882462058babf1a709d1f4be0145067cf6c40450cddffa4cd1f6d006499e958bf4d06a810e5bf308949de5468

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a6d2223b8cb2bd31ac8312ea805b734

SHA1
df7557d932b906cf54e0cac64d087fdd552e7440

SHA256
b88a1b3b71c258c991f03ded7e377cb1d7f6034aa39350072e05e9459dfa1206

SHA512
5ebd88869e3f87811d6883a99a53a25935f3da328b5d950f022c28a7a3907b1b286bf0ec195cdf0afadac02bd61ad161400229f1d15de54eb04ac502853a1881

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fd60078ef1fd6df5b0eab83c080fc66

SHA1
742be11c0a60389b4d72f8e12364333a8ec077f7

SHA256
7b07f0df7abbfd80bf1cf3aa2ff3e06dcd624f501c84992523a8d683361a0cdd

SHA512
bb90ceb7802f024238ad9460da5167ce2f007dcc36839602b4dc63011d8c175354dd11f1fbdadd9b17223978c59be532a50e46abd4fb6497fed7194978ab497a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc72b0def81ae777722e54f56d3db347

SHA1
d26202e952a7ae1bb92244083575dc490fd0318d

SHA256
6a43ad020a25d252ba5e84aae1990b380bc45c1adcf8baf0dae21a1bc73767f1

SHA512
46c9f7f01e03e163612fbb37f4e9712ab5d8db58d58091bf26cd4ce9cb2ea54134bd77a49316800274dc13ff441c8e66ad599f17af4fb6b6d6e080d0035d9ed0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
258784134532a59135c2f8878fda68eb

SHA1
b1e941e1f49800def031c708d0b4276b1a92bc4a

SHA256
6cf6760b81102e4d6aee90142deb3797bebbd9a1d5bc3cacc6580efc38affa13

SHA512
14414a295202caefdc1c36a1fd7ddd5aaf4ee57aed8ad04c67527faf7e87339ca8c84b54d1ce17867b1940ef3e51141f2ff548668673514cf5963dd40a9a40d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3d158ab215d663104c6c4bda4eeaf62

SHA1
70ee69a35f82f09ecb48ce6923b54607a0e52a0c

SHA256
9614ce3afda769b70c9db4fa5339a444c364b64cf10a8956e75f07044a718ad1

SHA512
a88476ab0fefc5c93f85b3bc40a6f6bb9d2276e1db615c437e0ac9ac6c56d0a325a634a3f4a8e2be1368c02ef3f184d37152f1443c927972f874dce56c81f357

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA65F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA74D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit