83a0bd0798d9ed0c79a420515702032af30cc5f2241b2068549281f3d6ef2fea

Analysis

max time kernel
120s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dcd9d0c44b613f3dd05b155ece8550a0_JaffaCakes118.html
Size

852B
MD5

dcd9d0c44b613f3dd05b155ece8550a0
SHA1

dc9a6ac3ad6ea3d645253c32a5cf16d0cc338247
SHA256

83a0bd0798d9ed0c79a420515702032af30cc5f2241b2068549281f3d6ef2fea
SHA512

9edae9f5d47fcf9c7b0d3080573856dc3b0a01f940a83d36bdea254abe5cfcac71308619892c559894da6024e7f1e1f80178c76f73f4416a7cf62780e1f0a965

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000c4572eb9e6e2243ece3c57ca1b64ad4f4d2ee546f74eec680587f5fa715a1fa6000000000e8000000002000020000000e09194c519c5893e166bf8b54f3ef1d294f413cda2d8b9751ff34715fd0977c520000000c30bb82dd153961751173a556f397164ae7ebef7f6662908474cfae47c61ff684000000095eeb4c426390b7b6e7ef8ce29c9b57b4b66aa999319fd3c9cfab3a768529215fd2401a6397a0cc5797a53cf887dbc8b1e62db03a023fe1dc38baf2a8cfae6ea	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432329162"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0d911424505db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7D18C001-7138-11EF-BF50-D686196AC2C0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000003f1d80860b04a84fa66619fa55e058af63f60eb849ea7784f7e046d6a74b45a6000000000e8000000002000020000000c1901bc998a5b4148c0512b7f951268f350a094ce688c29b5bf2ca12451d955090000000f9a416ce1f49f3bcd8c1d39e2aa70154e5d226e7f89bc517be0b2728344d6a51899d1be053d0bae132e23124f7fd56e0481b274a33bb184377f9f4d0690ab0e71d7cd6401d608552bd6aac27abe6ec54a8ed3d7469ffeca6cae7dedc654c515b1760e02b855b33b4fec745359f37f1cde60ef410e06d27dc782eeffc6fcce64355b87729db77d4d955bc8b124ae3ae514000000005e44e067794aca8f240bc0b228ac735873ef3ad23a2e7e9275d8fe15f5852627d20943be4253c8f53584387e1e0a458ea5b5c8d5dfd81a98daccf1d9cbb3798	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2444	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2444	iexplore.exe
2444	iexplore.exe
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE
3020	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 3020	2444	iexplore.exe	30
PID 2444 wrote to memory of 3020	2444	iexplore.exe	30
PID 2444 wrote to memory of 3020	2444	iexplore.exe	30
PID 2444 wrote to memory of 3020	2444	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dcd9d0c44b613f3dd05b155ece8550a0_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e724634fe1ccbcdbecc1192c4b2f0f06

SHA1
5df9b48f56a582582fa43c683495964be14c0e35

SHA256
79e24f42e4a89cd2e7bd1739a66e29d3e9cc6260fc7d875ab64f641b1f16b95d

SHA512
aebf122c50aca216b3066927fc843e21711d50bd958bd4770dcc89a8d2232dd9c6995889141c39f16ea38bf0b911e65d8a65a7b5f63403ebd5134c4ddf47df6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3cac8f050a3a8f5057e8ed85996d07f4

SHA1
ae8b470815ed4fcbc056981f91a7c3040c6425d7

SHA256
ba02da9f225e8c9e5815878ae71f0c467b2073dae9a296cab4583b1257ce543f

SHA512
4edf00bebb56e42eeaed947adb62732e51ea0fb20c477204abdd953f527cc712db41058323ffc4310adfe02c378b646ebfcdc818576eeaa08e0a6267e5adc780

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e72e97ff71b7468699f17cbf0184fb65

SHA1
abf6ba57091a5ec84c796e6ef722ee664e1acfa4

SHA256
7dfd9ef36b96bd6ffd10de0c664251a57bd1624cb7435eccbebf74ec921d81a3

SHA512
7e9ea3a71ad4148042fdc6ba531fa1fb989ca9335dbd3ef0b7f8a64b630d01ba63e3051d92f398b0d4630146a9a489db49ee2ae39dbe02428e26ee512c898ad5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a41f56ed8f8d928e261e772f6670819

SHA1
972e811977f4a05833c5f82a96294841a0b87bfe

SHA256
b03862dc2a8455e8d50ce5b89167ec4bb33da0d18ab405ffe3d992e315d9e451

SHA512
ea529b4b0b50ed5f176ee1979de09763312f52e3d1add15984b68857b54e3843a219559a988fe07202185cd208658cfda60211b318eb2b38b19644938896aec6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f0be32ef06c6d392a1a84a54a8502d3

SHA1
c1fb7125e63b47e817445149f0a730ab3b6e48d1

SHA256
2fdc3c12629b319d84eb10159bb7e5d62de2f27a12433c946908c83d6708b587

SHA512
3836e706571cef821bdaeeddc1974b82729b1b0528884db3ab53f22ca32c429ff5eb2f06ff9832fcdb605d40f6f5d4baffe7237dfafc34dda28209705f91f745

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24380faefa2ffea0cb97764ed17ba1e8

SHA1
e8df4508eb426876d9a0f240f8593fd2a79d81fd

SHA256
dca76e3ffd508136289a403c55b2aa4551161bda14186762cadd5a6498c0e717

SHA512
4ef24cf88d45bff559e1098588a3fc04cd655559f773f8544f5525bd1d23c415303ab88d85d6217271fe480fb3148d7cb923cb8f62c5f3532afa4985dc5ed6ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4277a41a4151b696df93df24dca52f43

SHA1
ef59e97a99ed8eab211b771f7e7d43e8b3bee366

SHA256
ab6ba4d8d607e7ad9c84cab261a2ae5520e65b630d1899c946e303530dd79397

SHA512
1f463da5f6fd81909b49c292722e6dd786fbf019dcaaf80e268a9fc6e0535bb1d4bd14578731017a989d3e74014b6012a100ac3f274ea4f5458932fd0efd1ec5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
808e01b44837748c84033058f8c4c9f6

SHA1
99f4006862bf40f1c949e017b6a9b6ee99ca996d

SHA256
24f28f53b8fb19c6eaec28d8bf2f67f9b9b6e1ef81ba1a375bc376e338394998

SHA512
cd587c5f001278ed446529f40a50eb66e35b4e4118fda99c265c4d2e3ae991ed5652e711fb95ca22e519f32768c7fccb9029e16e651f2d686b34235371e18851

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
548d1f3b97d5093c709a342f379ad231

SHA1
7e1c51a1e3e146d2b850938ca0114654ec7f35c8

SHA256
8d0d39a1e7d75a3c254271ed37e8b464fc187cba4f08ec5e602eac323a1f0e9d

SHA512
44e0310cea9c0aa0a8aaa0aeb78033a3bc8cae4aa98bb1de34e07ceaf96c61e4c3cf3d020397378ed84e82f63283ec734c6c305218c67244f6b412fba5307a37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
407290012de3064741771bfb3ce7facc

SHA1
7ef813132e351a7017af339e76a37800329d548b

SHA256
1ebd88ac5a252127753aec14121e765acb410e98693f79d95edcbaf85f1740f3

SHA512
69b14c321e01c91c785b62fc22f3614ae35cccb1a58fb3e6034c0f4f67e9e0b874974575ce3134e6426671e80b9225784ee4b8c6fdc65038f2253894fcbbf9a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdaef1e5e5311a75c2fc44616885a89c

SHA1
2cde43af1b4f7c038957130f3ab69098006e2a73

SHA256
1534a29cc5a0cd0523d2231c6517efd200f1f0ca68810ee646d0d9ec86ace915

SHA512
cecd87e0d6bccaad73ce2e8b6344d44582ef4eda75819a8b8aef658b4606328e90465af498bef78e25a394522b256eccf6acd811d9eb3b48b290f69ba53a0912

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a374ad748a86abdf31abaddc5e8e5f2e

SHA1
19ebbc2c1536cabb44d50121730001841cdb4136

SHA256
40e224cd5a988caefb180812c75848e40b99059cd474478fb8378cf4eda84778

SHA512
5b9d69aba39e462f4dec1e8f25ca2866ee2e04c6dd55bb0f4da5b73d84e2ce6e2792eedd1d54dbaf2b98d6e98a9e0ada49d65c5d9b5b5a06fa904585fecc26ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5e9ad65a6e112a691d5feff4fa3c4ff

SHA1
251c90a96beb5dccab0dadf34104be9c1a03670d

SHA256
6f7b74e0ba0449fa88574626ee3a424cc4e2120a823611cc1485c4405766aa98

SHA512
a4791e7371f5fe1dcbf7de247e1dd426ed5c9bc8937f5adee59e7cd5ab7f71c250d6a61ff32b266384fa8141689ff2bb1291e644832ab7d2cf99c453020124bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ea150641b01780e6698bbec090a7f17

SHA1
3977636423e993d08255216a1983008fbd08a502

SHA256
0e36802253a73f163f7b184f31a43dbe1588fca8b30c2ffcabf7292d979f1b35

SHA512
d29e19b645b3870e05d33506b5ad841029b218e0035e063fac6eee1f56862c9e5eec54f75da03fee23b3f840566aab0bf1e74b86ce45046a931c6a59f12a9d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD9FD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDAAC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit