30e7a8e35f9e50546b1cf064a8578b453583840c024b3878061c52dad7b3d099

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dcd9bf8f03ba1c3d13b7fbf1db64ccc8_JaffaCakes118.html
Size

37KB
MD5

dcd9bf8f03ba1c3d13b7fbf1db64ccc8
SHA1

5915044c9a3b1518fa91a32df3a271ca28b97f72
SHA256

30e7a8e35f9e50546b1cf064a8578b453583840c024b3878061c52dad7b3d099
SHA512

059f7378defc0affe4c386c20e244d299823b660fc1e23655b9479c0b69b90e444bab85fd554ba7bfb514818ac78aa96415dbd41af4ecd7a612ccdbdfd87ef32
SSDEEP

768:PA152HzZdeN/WCN0OEdcqVUDDkMCmoOla6VJ86Ia29uJu3UV:40zZdeN/WCN0OEdcqVUDDkMY6Vor3UV

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432329149"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000003da899dbc4dd33faed1ea6de72c7662d3fa971a026a39dc958feb2dd72e98b02000000000e800000000200002000000051f6af4c9dc4ac4515c9025c8f45e0c16b11a5367920157ac9633033afd0b89e900000008461d12fcb5aab30f890fe04c3054ac13603645572e247d46e7a0b3c1327b48987347ce3a67456e9780ee4943cfe57d9f2269f80ffc22ab85d63c56ceef928074a53e19ab505772765aa1993311bb00fcb26b118bded4f76d0a00b6c5c85ab0e85f05748d0f4532b619030a82a6ca5bff8a7bb6c5c33a88ed52c06b6816e4778aa3f1a8fd84354c4e801f474d9f850084000000029a637cb33df4fbad95fd7e134c5e03729322785b1c488635c8d709d0352f7fa9b2ec20120337fec66599fff71f35587c1f600c2a9c4f0cac38c83a32c4475c5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000b31b06b5c177c0300a403adf2e97676d7313f64f6a944517cf5090b62774c77b000000000e8000000002000020000000709766feb7437402ef20185e9d2a47d771c3e7ddc3e849a3c9477cb51a9fc677200000003f035508422198bb5beaa1726d5eca3384265f896d520aa2ef6b6ff943ae916f40000000b0090dd0f9a105375615c9d48d18a8fbeded47c20b8951aeb0e8dbada382a5426df9252076efa692352fd36575ba250834ac8db11775fe0a844cc73a4bd1aae3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 000de84c4505db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7691D231-7138-11EF-969B-D60C98DC526F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2648	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2648	iexplore.exe
2648	iexplore.exe
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE
2788	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2788	2648	iexplore.exe	30
PID 2648 wrote to memory of 2788	2648	iexplore.exe	30
PID 2648 wrote to memory of 2788	2648	iexplore.exe	30
PID 2648 wrote to memory of 2788	2648	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dcd9bf8f03ba1c3d13b7fbf1db64ccc8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
b52875d58de93c37e0122f6da22907de

SHA1
c5dd8d44af5cf03d85bafc9c80b820a4ee451287

SHA256
7f5832818fc73c5a80257770410aecbc828f42636699b851b6f0b045b24867fe

SHA512
7898796e069537c26bfbb3857e805ecb286ad55fad7ec46c9986c90c9587255acd1043f121633aeb65a63100bf771ea429f80cad3339080c9cf7cce10a2628ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
89eec858e08f8b4c4b3a51c35d80ec8e

SHA1
000e9fd58dc48d3eda5ca717d17ae58513d3fd71

SHA256
77c48700e87df3ed6cf9384d642e436d958554130b98744494684464a4934f1c

SHA512
cff2720b6bd71f0493993d637c506f538a447b51cef17a5e89fff97ea141bdab881bb129ee3613dc49e9963564a92ecbe371242d90d43f2eb24a769108c63574

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
231ac920b1da2037b3123169a29677fd

SHA1
d6348917ccced071662d25c5b57903cfb2f607e7

SHA256
a10812f940de69cf83597e0fd3a506fff81c2fa4b519d8fcd0d90d86b6e7f461

SHA512
874e8419099e4be0d50c9c9cee9f8c44c64051680d9e2811b946868a9e54db7e018f6cc9ce5b58271e1301af35259835ddb64cb889f350161a128eb572fdc289

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e96d342d0002bf43ff70a54e0fe0d081

SHA1
454f867013511c11fcb3074bdc1154fea709e749

SHA256
c69af4701509f594e15e4ff22d94168f62ed55320ffe0bacf95ddf3cc6bcb734

SHA512
1a388dbe1e7850a73305e2e54d76ecc4e4a828211b331fafe3244503ef381999fb11d2acba09ad1e5cc2de2d4c1bfa18103eba6abab2671476318305acde117b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5e7381b1c13a40cdc7bd1316d021e2e9

SHA1
38ea3868ddcab947e7a88de937ba222b067e4a90

SHA256
3fe3e0a7aac2668706092c59d93b5f381eec60c86178f480c34fce33ad83b19e

SHA512
1f009be046c2bf0444fd4c76d2d56ac6ed86dcd3ee5c2b99e553ae7777c5e09a9ee86075955a985d566d178aff1006582e92cafbf0c36a95ede8dda2b2d54473

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
664feaf6c740c5bd8e3846c2ab99e749

SHA1
bbca87a4c71f82d975bf1220731dd8a405dc1b38

SHA256
47c10cbad406d0e4cd99997730d92a604b21fd2d0b3643187994f79639757548

SHA512
cc871f0e8875f32c63ffa304b791ed72b2e4731c792e144d10b7e45b001dcc88ed4be65965780d86f086636c9227b35d5d09f362fb48fea2dc2da4983dc48518

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54890a4d7b5c532af5c40be702e99665

SHA1
c4103868f6c0cb99847f838bce956c1d2aa4b754

SHA256
8986006d2bb135929099a683af2a8ec52ab1f61e34ed7f474f1a2a83bb9c1c0b

SHA512
83d0604009f40373ee8c10999ab99dd81cebd71010a056f1818a958cb8dd80d781662a56995e7007e359687d968af280e07d8b17028bd641ef2f44d7201d6191

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3591c550e51bff5f2420256a22fedf1

SHA1
f790cc61381ab4feafb56cf49f9ae69c7094e0e3

SHA256
2bd57f3a5ff90667a122dfdd487491e1789b4b2130fb6b0452e2b0383b15f1c8

SHA512
2c534c217577adac29abe1ee5fb06f7577d2fb8f9aa71b59dcbe14a2670c759abbbff463f263e838988e60aee418130611945bbd277760e04f62174819fcc540

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa4a171034aa3053c7416c53982763c9

SHA1
8130f35d0c441cf395e6da859820e8239c41e428

SHA256
d0abe9ecabe160b798fe16412e8ce6ceb669ec80c51b5eeb079949d68c693648

SHA512
b404e31d52ded344d19c746821c839cb34d68112aa3db0d4f55f54249616d39b924247399f34c6046ef8603faa92b826c708e56477666acedfffb545193a61ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3fd40279addcec6344925aa13440a28

SHA1
b7539955974c46a4e8155666dc337f042016ba37

SHA256
ecc83be27c06ec5fe4ee3bc592bef16c7b58996d58adbfa49588da7de8e627c8

SHA512
21a130c58bddead34b13a0aef9b37589956740239bafbaf0af0119959fa2ea95577ef2f4a5717b43fd3774f73057a5449607eea567e49e135a5a4430af2fdba7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a72bce65836fba8f39392d29b44388c3

SHA1
93961252c34bd6df628637efab57baaf65be4146

SHA256
a4a489ba6c4c5a83d5db9fd1c560000ad39d516cdf1fe67e3f6969bb9a8e680f

SHA512
b30fcebe71cdabb0f27a5eaf986601dc02b40fd1236797b9dcea78702c70f128e66f700582e48ed2b8c155b0968407598a7bca6fbd53bdebfc2eabda24a1000a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9284ef99c0a133c6c557da3ff4ee4d97

SHA1
80d84bf8c3472db883d05869aad5235dc063aa43

SHA256
a85a5bd43ee79c70e22cca47067d6ac6e500bc9ddab61e09638cfabd765dacbb

SHA512
c9efe2b0e23e7911f0be4b6d069046689350f25cde99635fbc2ffd1801c5b023eba7f0577166dbaae8d830bf7d3804966ad4abc3723a2ea9a10a38aa13ea584c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f4dbf9dff39ab33914c3a064193f022

SHA1
191108efcf14cd4a84cf4b4437f04daba527a318

SHA256
a3fcaac6b17dccadd7cb9385a2dfd60378442039c6fe783db15a88f8671fed12

SHA512
536a14928a9427fc81ae9845370b1f0444bb45775eb03a98531d19ff0c280f02a9c223af2c1cc81657827be80ee71eea4df6eff01986dc4e60ae6b10512e4f03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4210d1035dc36fe468b9c1d2e0d6e2e9

SHA1
8259e58f8172fc8c5846bf70e97898caf8ea6b83

SHA256
7e52794b8947aa81954dfb712b94ed5028d11d29d92f22db5d3d730efac42682

SHA512
ce3f05bd3f612b96848649de0ebc6b4860e8b5cf8bd23bdb4c7beaa5b4bc8979ae9a07608f2f201ca7b9544cf0856b33ed3d1456c8abe307687dce4720453354

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0626bc894a5dab332941cf9d9bc8228a

SHA1
bbe563bda90b3f26158d6662c30194c9030ddefe

SHA256
84f8f5bee298f8b70dc2eb1f468e215845a91de47aff5d1b00906d38d4d3f5d4

SHA512
6f6fba594e278548f4e62d514ff0c858e10d9c658ab528273fe552ce7dc9a22a4e2de7bda4657cc055b26f24d489b83c719fe2ae197b80df34d2a297d0c9d1a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF0B7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF0CA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit