6d6becf30feda97f5025e4130b97c5d48770ea231747652436afda9225be1c99

Analysis

max time kernel
137s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dde3eb3143eb2a9e03cdcaae65e1e69d_JaffaCakes118.html
Size

26KB
MD5

dde3eb3143eb2a9e03cdcaae65e1e69d
SHA1

663dc6bf24a8ddb9ba49c5c4dfd6bbc08e390bd7
SHA256

6d6becf30feda97f5025e4130b97c5d48770ea231747652436afda9225be1c99
SHA512

44894ecd7b0edf8c3f24b6ae55aff3f516e926ddabb96eb1961dea1ba67bcbc23331d6485e79703bb8d42e0ad50a83b01dc5af3dbf0a6905519c987ec039091c
SSDEEP

384:ZxXQ64LSrvo7YylKiDUhI2lRoXU2K+62PSGhtJUqxf7/TxJT1h66q1uM:7Xt8cylKrlRoXU2KMXrUqVJJ2

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000047e021d69de49eeb21aecf792355396b03ddffc9c48e0aca38123d36379ea8cc000000000e8000000002000020000000c68e51532b9d3d619e8fd31b60e5b29cd869cb1e855f01b1fc5bf8461fa2de49200000003c7a07477719fa45854ad031aadffdee5b2544f002671c4c04afcbb2f9650fc640000000a183391a1b11a2e43b718050da229d80de89ba8663b0ee2c2eff4c4cb1c00cca05c8143733c6a9c03345a61128ad168c20ef120ceeaee76e7e03716c990a2f2b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432371934"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{14EDE2D1-719C-11EF-86DF-7A9F8CACAEA3} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000001edafdf3c9ca84755407642c922928a8344f31b7fd9a2987569ff67bf9f6873a000000000e8000000002000020000000cad0a2b9857929ab2bc23fb454bab73cec466997b9c7bc42ad5024a17706c22790000000cdd2dbcb69ceb110c64cc3a93fdd8c892a00d546541a2a18f7472149f9d5b926faa1ba3b47a69860d01d2b5272bf5942ae3011ff621838dca826fac4cbb054b410dc8820027f2d8177e8c42b4106765845d8178accc75ab332e0a6603887909c0afbe5d41977829475776c4e2af504618eeb345fc7fb65767d59242819ce783d8884dc4502c79a135776d557ed25be63400000009412903d8a66a24001a20d3c39142c57ee0f949c7ea253375dd8447359a984d349b99fbcf22ee72879e7d8eb7154ddb7de74c92319f623709e82e4bb8eb99882	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f01aeb28a905db01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2352	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2352	iexplore.exe
2352	iexplore.exe
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE
2528	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2528	2352	iexplore.exe	29
PID 2352 wrote to memory of 2528	2352	iexplore.exe	29
PID 2352 wrote to memory of 2528	2352	iexplore.exe	29
PID 2352 wrote to memory of 2528	2352	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dde3eb3143eb2a9e03cdcaae65e1e69d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1837db0d2f6cd17e8d0d10bb76db759

SHA1
5726251f43d478c5f57fa36844f2ff1400de0f84

SHA256
a405483aae2877cfda471c6279ca26b81608f6656e85e64b0140a1c3d678e248

SHA512
74c5c7ce92348f2cb1f2a0e9b5da554d596e8baa6bd9607fc64a4293713ddb67dfaad258ad3f1190c514fa33138012c5f7de76c8a965547bfc84d228f6cf1a8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d52127dd23c6b41698d21a1539dff825

SHA1
cfdaaf926533c349ea580f4f22322c2dd1caba96

SHA256
c8398b98429d7e1e1e18bad7d9a83c83c3ea8198d0cb79ae92e0bb32c3e7001c

SHA512
dd59ae29305f5a08db135d4e722e10801b3dcd95c0e4c1215d60a34886e766a27981b568c3c1f606fb762c1f79f8ca6a95e00d6afe3c182c755c7d05e218f127

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efcd947db89a255c6ef27268ed5d3f7a

SHA1
4d1887d38ef8d800f2753f7a3939015337e08d07

SHA256
c375394fb705d246a05700756efd6caa5d3e6287d4267b71cf31cb53c36d3378

SHA512
652286e849b81b41e828da2297c2c74a3f267a6258216f15ab08db8ef1bb800b30a353f31bc91cf3ecf81b36ccb0ef3c1a7a17e31a9180ec067a7cc4d8978f58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6673be4ddabe12524569498077300459

SHA1
a5de4a5977787b090056842be2ff70094d833578

SHA256
8af886de925e2599b094623829cf4cb3e371ee9c8e420caa1381490f0ac2562e

SHA512
bfd6014961c427076d6a651a3681f7ff820156fa430fbb73e059e14224eef5f59d13a0853dd258b049bd0b58970f8bea241a2ea68c18c58db6a2f78e6f165cd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e93548e820b3fe969591ea54bc14b79

SHA1
41e1164706a683f1e247a2a91e8053908372cab0

SHA256
5c0550c188eba0149a691eefc3031e4777e0ef3e4488f66e057e93535c248e18

SHA512
5b3cb39fc2aeceec4ab208b01f3c6db55ebd0aec84e98cde9de348839445c4bb9e1481764edbb62ca34ad6cf13871cc4accde5de995a7a7f5d1694c5dc6a8f61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8489896f3e0ea744ea4f5b7837a6a010

SHA1
2a8a43e14938c4b37156d54535cac0175c1467a8

SHA256
6b95d66369a3342b6d3c67a7f84acf2b9d7ac144e97d10dcc66e34aa66423b18

SHA512
fadbc7d05e473add5ce631909e6c6889c10c171a3b8c95c8821da40e72953b567849d26be69e0b50ebc8c114cff83c1531abfe0414c1ed80ed681e64d7b01eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4386bd3d39d6a016475de5b6ff8e8809

SHA1
4e26e715b59aa7a8bb4c8a348e63bbd1cc9976d7

SHA256
69c026113f25256348adbf4cca36a7301df46f32e43c930d065dcc60b445e082

SHA512
258cb23819b4054573a3d716c8bbb4124ebde407cef942faf7677598304d213ee57122eeb6e3780da0e7d1081c1677038f85f188a405a5a2c42894ef257d7cdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca002c4fec215768ec6e1de0d23792cd

SHA1
1e04c22c787df6b818d62264e6cf096aa338c539

SHA256
f8e6649405e1bfb2156038bd6c3fb905d1807fd9041aa16a843ff5bdc1f3c812

SHA512
cc77de3590da38b8ae8d6a9cda9bcb46b244f5b519bc5f100e889b412d3d64d7008f5ab4878dbee4f41db39ad77fc467620aac3dbced92842b5f9c8af0afd59a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29cf1e8c78362175d8d62e69631ff56a

SHA1
5169102e712f1978729dad2e7d65b3fad298b8fc

SHA256
9ab99183bd70a94ba8b399bab4dab4644cd345593ccfeb14874452c20a29f1c1

SHA512
78189a71a1f30e85cab0c0098963113bacd9a194677ed270f7a5f3045869b25494db8136a3de51105f32aa5f1a80a2eec2f84abf6fa02e49e91f61c6d738e746

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42e8120ff07622cd716da9a58db21f2a

SHA1
18b09782406cf8282de765c2c4542a90a0fc6406

SHA256
6ff7cce6b56164db60902189f7572f1e7ca0232f6ba5874507f3808b25d84e8c

SHA512
2cedcb3e59390fdf9fb766fca49f081720fc750fc657587d92f5bf83c60e3f13def8d5e047efc1f36a28f549133db97a9250b1da4e6a2845c7fc127cb8f6b3a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01b4f1872d336e65af78c6edbbe2c57f

SHA1
b01b6c5a35af4a26bba029bedb9daa0f5d025f81

SHA256
9123a3f3a74463ce53cbb041c698e692fcaa9ff6af6ab7cd9f76e1c345990a2c

SHA512
4766fc4b29cea43fae51c2384b548b59c88790bad3f1a1ca5fee4d7ec71d035d59c2e2cc7aafbad39d9bd3ff888f4db89eaae623af02b9113b04f8eb204c0bc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8ffc0197fc8c9667be99deae5398d23

SHA1
8d041d948cb9458f3883973d0163c8a849ccef1c

SHA256
4c7e531b30ecbfe038f9d7452ba0f1f9bbbb131aaff0500f51114c6199a34fcb

SHA512
df2c36aa305a4208c0331b2827dc25a312fc07c3b425f98dbe92886142d28ad6da04f1175323a6b555e2c0cea20bac3bb06f3821c78998ce6399b6177659c57a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29524317d87a32289b85531c6174b347

SHA1
f9ae9873d1fe50102f06912bcec29235788e6376

SHA256
17fd1e8f6bcb922c4aaef957ca3aa21ea8b04d6dd499f2b9ea15aa8aa82aa088

SHA512
d68d3eefa78556afbfe26a77445ffb1aff38385547099d156e52334ed29dffd23dbfaf3b600b3caeabec41af426fc5b63bd78f3c1a711e1d5120bba47d17d374

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9f556eebb9882b307714d98a2dddc6d

SHA1
95aa7c266146148b75b5da2f5f62ffedf0b2cb45

SHA256
cc9abb7fa2ee0c9dc3962f2923507a0a0cc92a92653f9fed68d1eea0f98cf012

SHA512
c796cb794e60ddb5390c68cda39dc8b088b63f8d15b9a79b38f4ce640497f78093c8ac94199b5c7891a922098b44f72e0068d0ac121795de0d639b3e0a45b625

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d579c5598d5d04e91b2646a4fbf8afff

SHA1
0a4fd1520acace972774579b4b666a493a0a03d1

SHA256
b77dd5f1ab085bff45d35cb1e178c9f27926aa30f06da79aefeb995784ca2fe8

SHA512
7e7384dc3aaedcdc85e8249c0bc5a4500172a2d62c5b7d947b896a5f040ca8bfb07c5e336943a0b525464685d9f675ad9f46e28a35e6b9f16c8dc36dfc667586

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9638.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9726.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit