bd3c3a29faee04b291edbd121bcde0c1e8673966aa76f7bad3b6f471a17ec6b5

Analysis

max time kernel
79s
max time network
144s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12-09-2024 18:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dcc66741768678e6b2aa222ab5380535_JaffaCakes118.html
Size

23KB
MD5

dcc66741768678e6b2aa222ab5380535
SHA1

2fac4f0477b245d07446d9fa51e5abf60d343ab6
SHA256

bd3c3a29faee04b291edbd121bcde0c1e8673966aa76f7bad3b6f471a17ec6b5
SHA512

8402854f42154ca96e682e3085db99da5f57a9b8ad65cabc9e1b8098bc117b055715d6fd066556bf0d7ff044baa5d11c024b2f2ded3c692e04a9784010255109
SSDEEP

192:uwXCb5nv+nQjxn5Q/tAnQieNNnbnQOkEntnqYnQTbnhnQKdjBvMBtqnYnQ7tnEYe:gQ/wmvl

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000124a4de65f81854f13e9b50b07d5bf850c3ec5edc5b7673e4ba7501313d5f143000000000e800000000200002000000045ad72fb237deec7f850419aa37c37a2e7a5e7a57be7aea65900f04cd3b21cd8200000004567724c4bd3e7b99b6cde471b6979b67fcc0f1a65eb726f552e17dea240bb4840000000125ea4395b56762bba122aa9d21ba34056377dff4ac71890504334245c96ca114fe0a65407670cdecd0d7518b34a092cc6b679afdaaf8ef0f8e9d8207611bfe3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432326452"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0c66dfe3e05db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000be0f088d4352ff401dc8a12d6a7f5993fd27b3662130d02f000e703a2de0bcb1000000000e8000000002000020000000d7805532dc8908b63f228e30f1e00078157d27552c6bf54f1d1ca231655d2128900000006fd3bd895f25e2fa0a8113023547e2580d3c4fc8a2c8131d29f90e176bf645b570dc6710b95038593eed7bebee12c82f02fc90e89e59c9e09ad5e2405ddf48b3575f2754c5f34ad6ceebf3deadfd43ba88baecf80208c8b73577c53c0784ff4a11e030bb93319a4af191b4e47ba5f03f4ce3b0b049c2e8bf6fe1b1ee102879f9f2af97ac6ccaa80e1feef8666005238d400000009b9c8e50cccbae637846a92d09732e3a61121b48dab1688c936fe55120291ed028a5980ca7b0ac623204a5d674999b3c2a35645572a0dec33c8b828efe2a7c0a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{28F98781-7132-11EF-B0DA-FA59FB4FA467} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2160	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2160	iexplore.exe
2160	iexplore.exe
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE
2768	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2768	2160	iexplore.exe	29
PID 2160 wrote to memory of 2768	2160	iexplore.exe	29
PID 2160 wrote to memory of 2768	2160	iexplore.exe	29
PID 2160 wrote to memory of 2768	2160	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dcc66741768678e6b2aa222ab5380535_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2160 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1d6984b9a9fd4983beb41956776f9ed

SHA1
630e5a941211ac149fb2c2d5c1bbcc9f43636290

SHA256
ecfb69bf2c0eb2276cdf8d273006b4a8c904a04e480ee35bfc63d16bbc8c2c1b

SHA512
3b91655ad561702d9754312eff3bd4bd2f903fad28d2befd8debab47553113d15b25e9fc8ccbbbc5cb8ea97b9b62f490cb50da419c34592031101796b06ade2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a30c92cec37f87798d041e833ca065ec

SHA1
31bd0f02398307c2f385d82c46ca251a96e6cc86

SHA256
f25fe6a5ba65e8781e78896f333fd699c80bba1c195a830efe316a5955a12ee9

SHA512
bf6263e08c9b8cab77c273ebe9a90f988f1cc7ce7236d6aa513872e395b582dc6e8e5d1cf14b5a4a8c13c7e9cca4bb6050aea64b2f22e4b3d4df988e1df6fe53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13446196a25541de58ffca4b527596fb

SHA1
d35fcda8eec39d7f1babc13cb85b14a2fee70a36

SHA256
4e97b6a8cecdc973538a6915a5a3126776395d93ddbbbea7d052633d10340541

SHA512
aa7b89a9af98b9fa5a79fcdd21ac086126eaefb6cee097ff9f573c8c90057d43225be74838130e1fb82f14f4597a8cb02574cec62e50d0d5af66a8e5d8962444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6546ccb208b91cb932a04a16d3c7aa99

SHA1
1be7943b40b8a81d5f206416eb4b73c1e86f16b4

SHA256
2ac6eb13f66a2b9aa9a073db68fc92e22be16f8e561d9f94b2d06a19c40f54ad

SHA512
0fcff50d4da740c30d11cf892b06c127a10460f826c348a4329781e5c1c63acfffc3778dcf9b7f8a02a4f60a7717bcbfa212a8dec05d6e7350a0348f8358b36e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
be3916b84860a071d07fac3f59697106

SHA1
1050f06e1359c0b58575ab47ec9abaebd0329f91

SHA256
15fdc6347c58f981922b158d592408caee5d94b787173430cce7de79c4dd4f73

SHA512
89b9a78d56f1e4b0f76acee4aa01a6467a34b9cb22156272122c78e53bab6028d048c2d9572268a7cff5566ffb809c4ae71bf14356d906923d30fd21b29567ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30fe63a1fd815e7f434efbf14c964fac

SHA1
282ee4e82ee33e9a6e940c85f52388aadce8bd11

SHA256
dd5952853be4875dc34b4b5788fb8aa282b4a32ff9228b1cb32c7c589880955d

SHA512
7f18041588784f112939aed6a047964f781762e13869105b6de3b451a56e0effa0f49bc1cc4cb226bd6bd322d942cd0390703708695a0ce8fe6297afb30d56d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
079a5ab4d8a03b4871a77ac1324ede42

SHA1
2fc086f2658d9b76dca208046662e619b41f6e9e

SHA256
af67286fe2aa0eb44699466055411f48030f920c58b264b521597b1ae9a83d36

SHA512
a12b350cfd51615f0c23f15ca44359e3e4a88be736d27034f527656a355f335287e3625bdda2516d2f3df08863285d69e315f60cb951286b5512af06829d66cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57f25ecf1045413e61ae42d4c361ab13

SHA1
ca87b5f4abf25b8fc7bb4ab156416063edbf1490

SHA256
45723aec23e5a8793d62446e3c26e8fe157ebc7c0cc2a69158e2ae7edec20bb9

SHA512
bceec448a9f56680ca64c2f5db3d7c2c50fdc06ae5c6bdd899c5d26d404dd630a47b2a10dbe662c2e6f5af88a0e0b977a6ee0a67b418357550db4caf64b1f14e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8caeeb379e777a5ba1b122be83e69ab0

SHA1
157ddbee49596698bf15478d637ad0e1568197f2

SHA256
f9359d94041e39ffe9d88a8198b8da014d14085f79b08260da52102cc0ff641e

SHA512
e0f8d7373909c72850ad9553b37548f7df708cb8cadac6c607b59d935c3b92b6e483506b75f617b42361c51be4bad80d5868daa89583d7bf53fab14caef3d6df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3332aa614603da2293c15c55c391c559

SHA1
0cf36ef909d3ac103c3aa632baf0b8cdfd0fdcd7

SHA256
3ed6ac720e0f0e4134d363ba6703b55be2cfb7a38060ad5afb56a266f428df1d

SHA512
5c3f6c01b3f64aa2d782ecf9fa7f301558027f814acc530952fa41afaa78fd7c6ebd991db41f187bb3394e75c2552ff1452f83b6d919ef6cff0d284ad31abc17

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e26cecfbedef0e4db5a9383e5081a241

SHA1
dec1f8dab96e7fa8f1a5804bcc778641cd57b11a

SHA256
4bbf25c2c4be923acf001f3782de08881a67b2fa2ae6c2c71eaa1ed6864ab36f

SHA512
04ab48a0bff44ef5fa225c28508f7200fcc093fc3fa3b79a1c80e34fd223b6ae456c10c28f825ac6bfcdcad3b70c049f9810cf892a5f71419a6e774160e73f9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e24a8d16343e29158f46bfc59115ab53

SHA1
7fed988c7177a6ac41df2d0b161393c11d161c40

SHA256
115d2c176ec71662a6441455a52115b6041d6dc1ac61f9c5f90f1363c1ab1fb6

SHA512
8479e1ff402b178493c684292b962e044eced2b01d23dee8245f253e90558a800eb6016da4de0a5131f8a982e0647050bb338f3d73e17dc739d113805fe0dac8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
afb2c7bd75bad361e07ef1ead2df830a

SHA1
8481833787d3efb84509240e570013455fa5d096

SHA256
3a81ce466348038fa716f78adb56c46ad9b01231b63578ad7aca6821eb9b68fc

SHA512
09b6f9976e1621239ec45bc57e09a29bf32406a55aa83ff879dec61a77885bf53dbd6d8b8dc9fc73d8943ffa1560a50c78fae26ac80874ea108235e4ab1a4125

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab89F8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8AF7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit