295700f9457ee1bbd7558df49cc949c9527da509879df523cf71d1b1ddde0847

Analysis

max time kernel
135s
max time network
129s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 20:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

db210fb4f5a4de3cb15ef40657ff981e_JaffaCakes118.html
Size

460KB
MD5

db210fb4f5a4de3cb15ef40657ff981e
SHA1

f27ec7d364fd8b9f24a2b4f08b41c0892a55adb1
SHA256

295700f9457ee1bbd7558df49cc949c9527da509879df523cf71d1b1ddde0847
SHA512

cfa43ec50c8dc2d0160d72a0777d63930f32f61b6311be3ba4f0149d8e296c1ca9f8e41beab1bbb35c2cbe0208372ffb5120559defdbf59d1fb4820e4246272f
SSDEEP

6144:S0sMYod+X3oI+Y5sMYod+X3oI+Y+sMYod+X3oI+YLsMYod+X3oI+YQ:z5d+X3j5d+X3q5d+X315d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80bbb8db8504db01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432246918"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000065a085a117d09ff9e79cd48ef33f7799cdac74e04f48e23275e02e7d7fff3c11000000000e80000000020000200000007c9bc49ae3cd166cf5d772c026fe4a5c4fe9e77371c0e0c93b4d662a7e93a8302000000087c276c95156084e1a73e13afaa0857f507a92a289277111f0b533a633fc33b740000000f78fa0db05d56588b13b739f5869fd0156cb57bdbd307aef86e5339abbf73f9a09470c62497b6ab2e4c224ff61b2c226c1db031af281f5d47876c8f6ad22a452	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000e72fa82389a71580001f844a837121479d9e3ec6545bd16b108b2b0931c655a8000000000e8000000002000020000000b6f53de6a9d1f4b1e139d9cc60c13a205a80ebeb7175de3b7d8701610477949090000000bb5f94c7caa6af146e5f5ebc83a4942598df5ac7e9fab1a220089390d61db1ed357f53de0fed9b910e14679134bb149a282b97a51f3f07447fa36a5ad3ac602e2d67f310bb29ebb26958ec251a857ca40bef11cb2c6a0a86b1b429c2e118b3bd23da15e5409a6420f86ae70c99e0f9f48d30f2afa29f4c2b79a57c12382fc58da55fcfa23c949184ff2bda600062a46f40000000160dd901542944a6e30c6e78914d5b3ddf13914b08e8f0224805144085037e4292236f9a51512ae4fe21c143f8805035e57fff94d11351932429dbac84a967f0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01A4B561-7079-11EF-A0B2-6AE4CEDF004B} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1392	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1392	iexplore.exe
1392	iexplore.exe
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 2572	1392	iexplore.exe	30
PID 1392 wrote to memory of 2572	1392	iexplore.exe	30
PID 1392 wrote to memory of 2572	1392	iexplore.exe	30
PID 1392 wrote to memory of 2572	1392	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\db210fb4f5a4de3cb15ef40657ff981e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1392 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c27b9e1a2c034365cf862fc87121d08

SHA1
c59651d939e3802e966b9faadf3df6a8e512310b

SHA256
2ec63b02863c4e8ab3adbbd0654a0dfcee6a72cbd1dbfccdb03ff519f23f3cfd

SHA512
d1b4fc82992c9b1785aa480fa96fb24b85f835c09ee35289787a69dedfa61e806ed963c9724fee83535f31b23ed8c711e292660e51a4c22ea02ef7cf7f8ea65e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62f881cad24ec2c5d2a050caecfc6425

SHA1
2c6f22c2838622178671643097c4a1d8aae056be

SHA256
6d2541b39b28cf5b0ee02bf892a0fbfbe91f8d02a70320ece62094a0f8cf6ffd

SHA512
ded042412d681de2c6dda3fed9f243d4d4911662cda4b993f2328a5dff6216cb7cd57a8944b4aee097962d164e8b26d7e2907138e6467f9d900301e900b3228f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78bf8e1b78782543f8aae16762f616e0

SHA1
c1d5824b9becf8c8ebdd1a29fc0330e7159d1687

SHA256
01997313693aeca32598b3067033ae0a8a3893d0db14158c34f3326da76c3193

SHA512
4d690ae037f79942f3025e598d0b27975b972294776e27ec40b4dae298ea21b00fa4175fb399d59e640d45d662d8274bc7adc7abca9ae5d707c97944ff812269

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4e71016fc45242892a117d850efbdab

SHA1
fc22913b55e809f90b4cbaed90cacc51e20e12ef

SHA256
b11cb6b9dfb78a79585faf836969418e6da0f15218bdc92256c459f4358bdce6

SHA512
0f7a300db29f24f297977dc4d4764c04d3143c36ce478c89634a89aae62a98b41bd765de6b590ff3a023f70df15a63126a0027e578aff55509043f6a595ffac9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c83c93531e098fee09451b7c3a6f29b8

SHA1
a148fc01e82803960c14522ba5d863f3ec2aa5cf

SHA256
1de5449781c548a06fb3c97964935d32a514e55b427379e67ce23e253ea057f8

SHA512
58d4ff654cbe222d4729e1f6fd3afb3cddc5d70c0faf1f31138b9faa51d52673a5ec4806929be7552428a7de0dd4f7458080b4cc5d30238d61d0e9d75d058d82

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef0a98e1644b1ff2b66e3a8342fea0f1

SHA1
ae15cf52923e4bf131a3e48646435ce5e4c6da23

SHA256
cfe8f09671ca486b7a885739ae80cfbece7042735f4b0e05a9e468ae074fe0d0

SHA512
1711e840980d8509c138b22b46c25f6f9202a7f03c800c8e8d8eda76324882b211429da0c7a1b61c910a7ca4615b0a0eb88d4bce1d0ea8f57d1cb94962288959

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57d218434e032834e485b5a31ce34d12

SHA1
2262f35a5e30d615db1f20a7682cb8342171eb9a

SHA256
0dbd68a338dca51abe08716193edb103b688d77735103dffe2c6d7c2399b6999

SHA512
dac818ef41204bf246c10d935cf6e60aa5bf4e6d06b4b45b60232009c0228202195c7377a39daee19206679ed6f2172b589b04320674f87c2a6270dc6f6efa79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ddb3d6db9d8bc398f3f8b5b93860ecb

SHA1
c9dec0f3f4bcf82e11685fc18b0dd6af8e13867e

SHA256
3accfd0f368d5a7ab30e4b22cf2333e23361ab033fd9fc644ad3a99ea3a03c23

SHA512
a755a630dedc3f74c6309926496639ec45bb20925b7f3653020f0bb3acac270ed52609499283a2458aa6910d3fe9ca5a8a6c3645e769fa9b8559c39d484aa08d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c49cdfd7f9889304f8b73bdba9fe5ec4

SHA1
e2ea7c2fede83367f7239b1dac1a76227524ef89

SHA256
6fe063bcd759572619d34996baeeddfb53ed2edd21f87dfbaca944386e24f6e5

SHA512
7b12ebacce3d100ec8aa1ce82a6bb0d3148c55832d350f4305e5ae544902eba298d946e22864508092ef22dbb82a810e9562e8dc980df95e71f05e65547aee19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a26bf8a57945edb8e721b4948610236b

SHA1
4888e95e21eaa06a1482d3a7914d3df00900acdc

SHA256
d6e6225a5de1f2e681773991f73b0176c10d76562747f16c5bde39a73f0da424

SHA512
17c8c9d8a8f68736bbab7fad17d4dfc5222906da77a3c32bbe5a7568576d73148de7ba8f2997ebf84992b0397e6c4b81fb56f432af4acca54662a210936fb35c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8bc3523e4d01fe45038079c4f5d60b8

SHA1
68cf5a8c04f35eeca56ae5e0c6dc59bd8bc62541

SHA256
1b04986017493a0a0673f0a5072076f92df589c3d56291cfc6b6d25ce8913500

SHA512
6bb4d17ee3337c0d2a1ca184d7cdaa525572479d94c1448fff13fab7e309f2a8a77a4f2c6ca73a9fbd81ee7e7148a526ffd5533922a678f2c0b4d0e2521f76c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7d53210150de4817b05d268c10dcbf3

SHA1
fdf7d31082736ce4d1c26b4820fe95b6775ba827

SHA256
115bf3c9174934e26f91373e7632e51210222c93635e6a1e1d2cda8856f48d86

SHA512
51df5c6be22f297fcfebd65eb6689a1f48e64a4ebe1fbc2d5814c12562381cbb7a444149d133f8c5ea2767d150978df3fb05d5383bdcafd3a582705be34495e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dae0e6617dd19297d8a9c351ad52e2b0

SHA1
9d55d4bf3b930351b4c656316ea744ccff89210c

SHA256
56f8f51e86215c05a6ed6736a8c754b2c2d5a46897493ce42496a19b9baf8af5

SHA512
5df5884e9b27e77046c084e64044f30bd50ba4603644e1567e7d433d7b1a6905d38daa5d8a0a4b1ebe882dffa2f4faea22117a4f9184b0e8ada5fbc3edd54087

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5884fa06c1b1af6fc00f381a08f1814

SHA1
02bc75f00d81bb2a9bb67439ef4eefa17b7b701d

SHA256
3d0a7a690411c2637a85266692aed60eb62e68a5875e54f498b0b566d702f2c5

SHA512
6b5e3cbd8fadfb6c23b4ba04b6b8dffe03aceb3f45177f7b3e3e00145f2c7b98adcb84cd11847e5a3aed34645f6398ed72b2a10e7bdd0fa451d6b868d5ac3edc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCA53.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCB03.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit