9167d5ead520909a086d7d61fad1a4ef05ce5fdaa362cb1368c86b48f5e9f8aa

Analysis

max time kernel
141s
max time network
134s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 12:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de51a18032ae0917d96368d67aca97aa_JaffaCakes118.html
Size

22KB
MD5

de51a18032ae0917d96368d67aca97aa
SHA1

8270692f594cc73f0bd208a28622e48e05a9aad0
SHA256

9167d5ead520909a086d7d61fad1a4ef05ce5fdaa362cb1368c86b48f5e9f8aa
SHA512

502566a46edb1762d2bd1cb92220d9696cc33e5f085d8934ee24a874f07f46dba68f9546da3084b906aafef774b72fc65b6ef29d00401e5c91c7c1f2ad85a635
SSDEEP

384:csdGUimF6cbXvL14wAn4hsJTe8eZZeSeGeReIelere6euelSF7nqKjDELLbbz3LG:cbbcIjndjDGC

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DBDE581-71CF-11EF-B8BF-428107983482} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432393859"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 0060d4f3db05db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000380a05219c407c34befdc728c63f392e6f9951f0eba048e095429fae99857f07000000000e80000000020000200000008aee411efa156d21b8c798b0454b43d84b68ceac8d3e84233438925435fd2e8720000000dbfd27a447e7297f201e5f479c3bbe109b138e06ecfc176b9c5ab380a2893d3840000000f230ac9590a34200fe0cfaba5c6786f98831281edd8544a0e69631cd78d89471265d35edc50bbebdb9107a6c6ec8b759ddde0d082f0744e1bec845888e5455a4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000d5c3a30a8893b2763bc6b186603cac733dd22b95a9a94be21e365d1591bd471c000000000e8000000002000020000000354a642b955fbbf3a2fe7d1efab6b4bb9f40034673776d2a8b1a2aab259b68029000000030bb7e5b0095def6656a1c9149215ed1184432c0fe3367b27a71b60a8320267cc77cf9516c30a570dea6f76fa538165d63cdadf9f4bda0b6e03f47c480d807c4b6d6f209c439958d407d772e01057dfecce5ae5c6843ab73cb46515b98ed696a297d87ff52699cf28a13e1060c7722e4372075de6d56eca976ca95ff70bb6fd63687bd28178436d486fa105c3563d69a40000000ed94779cf613192bc66346b83ffcfa7deaade7ac9f45b3f7c01d5c777a48831fa77627be427e4af9a5d42b821d8548e44805baf36a31807380d13195225c1ab1	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2980	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2980	iexplore.exe
2980	iexplore.exe
1844	IEXPLORE.EXE
1844	IEXPLORE.EXE
1844	IEXPLORE.EXE
1844	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 1844	2980	iexplore.exe	30
PID 2980 wrote to memory of 1844	2980	iexplore.exe	30
PID 2980 wrote to memory of 1844	2980	iexplore.exe	30
PID 2980 wrote to memory of 1844	2980	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\de51a18032ae0917d96368d67aca97aa_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2980 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9fff64c9104f340cf970d3d5752c3bc3

SHA1
9aa886de09cc2dfbb54c28df23c6a8003482b433

SHA256
abde5446d3870e64bb52edb72c4367b7a9365ba813dfabdc6d07601d9fdccedb

SHA512
8991b3b80a8b45085267452897778af66bc0143981957e4e6c590c030bfcbc0428b8a2bbe833349fb3b9b1f86bd1a0da0177e1f1a7d815494880933b237aeb73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14f0ad646406b951acd54f26954d8b3e

SHA1
b3f1622eb3d1d583793e148f448a2a9108244d8b

SHA256
6b77447cca7c2ac552d1fb0d3981aa046b0620e8809afaf3635207d205230732

SHA512
8cc9071e367fa697873253ce16bcebbb208473eb314f1e34a670839ba569d71a59933fc2aae7bfa0c36d69724dc46dda9fe387a1913dcbf55333885353f5e7d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7329ba7d3e271bc50b87e49d725d78fe

SHA1
5eefdad7ac9cd8e8a69741eb931ecbc0dc29a3c0

SHA256
906b4cedcc10cbc634583677edcaa4d00e2c5b23c195d288d0e53706a5c214f9

SHA512
662de2c5df67cb8369bda3d01d2636fa7b7493aaa6f35e320f97e15dcb1ab74c7afda2c3f124d5e81c2108afa990f65fd706dcb32a546abc2c63e8fa5ceb089d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c893800468bc277eeef3f2a095dc0545

SHA1
3e7f11864a69852a2d9ce75564360df1b608cfb6

SHA256
b8f058a06ecdb40ba2c97fcf052c53b060257905b66ca8af319a1e63e2e11c4a

SHA512
f1164c1d4cf9ea3640167988ffc75730cef60c225ecbad249fa925b5c657555bcfc78fe7aaf846c46c2c2d463a4eb9295e8a7a8c21cfe45008c8d6c6dd63bd90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
903a3c4c18859ca3aa565a14496da918

SHA1
55e7f9631eac8cfa71eaf9aa247c22f2686ef935

SHA256
ae52e43c49d20fa92f58e01bfc9f77bd1ea5889fb11cd140705732a23605c9a2

SHA512
0d6c23e99af6a1d0d263861fe4ddfa05bc2bb21c88a2c04f11fa1194e1d0f4b81625ced090aa604b12c25ee4ae139a1fd217e1f392c16176e1141c295a738d8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4dda04e2f739975651a07a0d66c3314

SHA1
3e04eb6c0d1747010944b75c830215eed24dd485

SHA256
98f93188267c8807d0efd4266893fe38017016deeaa923adffd51cface2a4b0f

SHA512
2024fbedd8d305e8d3a5d0a4d184eaf90cc373f8b4f32b7923662944b414b77bb8d0b3a827901e775601db1a6b974a4e996438870296a94c5771a685d5f4af18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9836e5836e77b3ac668ab09a54cbbbd

SHA1
c237c512f6b53a8baa2839cb01f580e9d8b7f95c

SHA256
16274d9f93a6e85e8342a8f40ca7183ac57a7f298cb49a42b5ab14faf3d63442

SHA512
ada29ab64a2633b2d26ab8d91e02aa325f576fa406aa3b044a9a63c60eeece00ab26ce386b4519612c99491b91abdebbe3eb16dbc197c4f60201443a1442b96f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
537826bd99a7a92e84696134c1540cc0

SHA1
af49f1db9c9b06dc1be92a5f6a0b9d667be24089

SHA256
73bfc9435cddda3b97351946c0bfd20d0b6a77f5455faf659dd42624adc8b6be

SHA512
5ff9a9d25a6411ca4b3c2b589981cb072dc3b256ec76cc5e34c17ade674e9129d735fa1f6f321530bcee78cb0536213ff62fa238295b09756349a684ac10d411

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fad4e8960707e8a368431f76fe77fad

SHA1
56167f9423ec55380af251d0861e000087e9f984

SHA256
3e57e1664b0c7ae0947224e027822638ee662a8136285c7ec005062df1ce8a17

SHA512
178c1dabd10d7c77547e242ad6a7c2678dc61c1143bae2da3d7a052bf12e6cc50bad7c9aa9d17cab8287e643d5dae02461b2bc46764e51a1308154ca763b3dc6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6268fecd4a621bd608800ec6a0480d94

SHA1
d4b95fd828da5aefd22d7b81de092f7c80433f51

SHA256
7c5a9321e64960f6abb8fb9aa0ccd4995a4b9bd12509792d2a26a31478c459a3

SHA512
da1f4e071161456043a8575be4448d31d90a0d0d0de75867b0f055dc9eb93f2a203a0534fa4b28af78294cfa41ffacb965c57b12d1923f7a7ddc822d22aa3907

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d2b50dd31016ae3736974a72af80777

SHA1
86135b9bea12b49a06f30ef77920877cedc67685

SHA256
155a02a707851e4f6bf4f586cfd54feeb269933085be23df9c6a500949b91efc

SHA512
3f5065a5a38c30513454b07562dc86cb055de821ce93e02feeaa4771f631e8c0b6a37256f67545646fa8ec59022237229da51cb65b342391c1efb8cc3c795243

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9fba0f2231b85c42b9821399d7c34898

SHA1
5940d80e13eaf3c863906845e9d43194a041b0d7

SHA256
8e07be483f539787acaf44ce176f59d98d2aa85b575edc016eef6e8661470872

SHA512
7bdf5c3e32a093ee2141a606e0958bf979bf7cd69e2798ec3b92fb81bc4b06099b4731392e0cb93d2ee0f08ad1400d4a1081d6c7300aa5125ab6a51189486129

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e26a8b4cb5d72ce6c663c73f521a5c23

SHA1
4e94576fd3a9d493d8aa5e4013c7ce040e9868a1

SHA256
e163afbe9a30c23667a5ef4b26c8b3dd7eca54552207b0854ed4247e8012cacf

SHA512
274c504ed61bd4615c7295a184ff670de8698f28f58ca19857652b2846daf412bbba7473bb7554bdd8a15d90cbd902c14a33def91420a708502fbde6da514e04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
309052fe50f39fd0d492cda36b2d6ee2

SHA1
8b8a8c0c12726aad8d18a6c61491935ab5cd4e51

SHA256
9aa231940c9011aea443104baaedfc684b1448066a18a27a23d47ea992e702ad

SHA512
0c3ea54c784ee89cea5013f5da2d7a3ca1a6ef48433b3e57f5651c118128a3bbaa2b6bcd243aa8e2047588235d8c82bd456a47ea2463c1a9e415ba54fb609870

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e455ff78ddc057b3c8e22357763eaee

SHA1
b37252f87c4abe356ff3a3597bdb23285bdc1198

SHA256
dded7a556cb872af545275d9bcb7f7663ef298baf38a54c5b66a10913d81c4a8

SHA512
52a7b0c0335ca32239b69450026d2eaa74ca87c085ebe1ab4f27b6f9c3cb4e1debdf2643c233fa04bf52210d564ab6dd8b82b61bc25ddda3bccf95b7f35e6f00

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
524700a453d6447698178af98c9b4afa

SHA1
94d04cbd99e31f9ab77fbef1451b4431f06ac27d

SHA256
184e5886f91e8d70411c65ef3a8a0ec39c1c7da2995f33c53de581a6b88ddc6d

SHA512
ea795248ea577c398faf3e3e398ee3efc5dc9b0705253b15e333dbc7089a52ea8fac278a5383b196771c895dcb6ba3e9ca823d29c59367a14e2754ea6ea78a4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC1EA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC29A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit