19d16c3c209199b9013f9a5e36c4540f31f47094bfda2ed5ea14df696974c10b

Analysis

max time kernel
120s
max time network
131s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de74b4d47b17ea27a897554c14b86e36_JaffaCakes118.html
Size

1KB
MD5

de74b4d47b17ea27a897554c14b86e36
SHA1

5edc5ff93ea0a51abcea6f84a3bb97ea5e440df3
SHA256

19d16c3c209199b9013f9a5e36c4540f31f47094bfda2ed5ea14df696974c10b
SHA512

434d5ce3053e10115f3e14a51b56a918e3294f785408b7693b7045637317d2ae3a5d998059e201ef7baf70ea3c03a5055776befe4f9ad1c54164a267a017bd1e

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000c73a1b6d96afd6d83885d6ae372ccb0e67487679881c144f05381ab72f02c5cc000000000e8000000002000020000000650e7e129a294d5f45e7537d8522a96c2a549da82dcf683e67d2fa8ef4fa6d1d90000000a3b3ca4fea1d884c9cbca272145341c45568f1d3db17c3f6bcfb4f55e0630cc1140d1169157fe59eb7e7dcbc24bfdc63c85488a0d5a3a34ee93564fd3624df9af0c44c52c380a39abd733ce5212bfe0c2314a82b61e78aa1f899b9d438b80ec5dd1152a9e9d3db04757607cb3378367476b8f004392ec0f7a89052db4a8d46ff074b0ec794e5a072beebeeb147a94e004000000029cdd05f2c6368f7194b04f6acd219a5de5d79e8f4d6890636a5c8bdef1f416a71bc5b69907b85a96146ef275543b14ea5e19cace0b0619b3315fc7a7da3a030	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432404429"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb470000000002000000000010660000000100002000000088ce48cc24090173a2057785cb1069a91b113bb7180727a0e4f8cfce04cdd497000000000e8000000002000020000000c826d1308dcaab588f223cfa483d6c7398f898c012759540840e6b0c218e30f5200000000def64ed53c27a9811a3958e265f29f1acc0ac438e5d5ed8a11b5e62d8a459bb40000000c51341aac74ce58990c2fb91185ff8dcd16bc2571f22f4e397893bd66bcdd89e1da66c3c2796ec31fea45e7032524dc94a4ec342b1af21dc07be47003f9cf849	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BC5F8781-71E7-11EF-B4E2-F64010A3169C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9063d690f405db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2756	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2756	iexplore.exe
2756	iexplore.exe
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2680	2756	iexplore.exe	31
PID 2756 wrote to memory of 2680	2756	iexplore.exe	31
PID 2756 wrote to memory of 2680	2756	iexplore.exe	31
PID 2756 wrote to memory of 2680	2756	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\de74b4d47b17ea27a897554c14b86e36_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1b5ac765865f6fd459a8a8f812b7ff7

SHA1
9c609c09f948ed3f9c634916f142d7e489a43e3c

SHA256
2ad66f0d061a64964dbfc526cf7379c0fac4127f21cbb9232ec02a6a5aadc619

SHA512
40ad00885d40038b7ab5354fae26ddc123e77cdf7ffe3c2965ea28cfb6185a6a3be311606ea53c0173b3c713da8d1f05edc6848838f7cb7c951a071bd9d5bdbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6d05ee78a60caa91a7409690a3c403e

SHA1
af9fe8b85ce2941fd31205190f36705a77160e36

SHA256
6f4b6c2b1203848684dc3d68e72e6e8bdba7b885b79f87585012b30128585f14

SHA512
bfec55462f43a6a3fb3f9c6a0c8af530527767dc6d5a2b69a251335644fe42a7597668ec8e644702c12ccb090395056015cf5130506e2fb5d8a0b9767c70f3de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d23138fdc0713a5f6896d9a1f7547d2

SHA1
fbcb8c56f012db127f15a8c2ae0d204bd2438196

SHA256
b8e743fa979a54b2b10e000bec253561bf4538797062fd1507237de8471de4a9

SHA512
709c9728532cd142c9438ccfc7af95f51c1ff8e2add996ff01d53f5c9c7714d4c3aa41cc5c31bc39a92d680b2509d014ab44eb6492fdeb47a76407237c0fa519

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
796b8c39f6829cafe7d736c0a3ff08c6

SHA1
be74b23226f8ef3e8c8fcc19cdc044a09132a288

SHA256
7508e56dff1aa876da24fcd536e51f17ee539c98650c734439675dcc028eb0d7

SHA512
ef9b50e6ec8b6a8a3d4713920c646c513c6885c9a441057046671d121a3e629d070cbeed8535a46e959f78eb459bebd465f5c5188b5aae36d12085c0a7d78aef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3d0294a4d70696ecd89481ab2654549

SHA1
79f4b204c6bed2cdb67d646e965e7e68a62cd786

SHA256
5803bc194fd54f7a5074ae35091f36f81711ec00ff6fa7ad5371d4a42ec0a30a

SHA512
d9e05c1c1b4124a35598dcf910b53d181a2aa379ff1648c3b211d7ed1cbdabb5b81ac99a59016f44913902f894012767b17c7988dcbfe6b9e11d3f6c0869ce2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
258674b7a697acc211fc20dbf5318363

SHA1
6b124bd3f353a1c946cc6445339bc45daddfc31b

SHA256
91be9492998120d330e355246d7a69f09dc2b5b1d0526690270b0fb6b653cf55

SHA512
f1536b9d1dc273b013f54b5bb2cb6fab97f1d2ee7e69b872c8f06e671ec98d5c7beb39b75417b15986afd07049f5e4f0f6b82cfe06af957b78e7ddb1654baaa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f96ca92182d1f159d7286a64a679aacd

SHA1
0b1b8f93780de374c4562a632575c3129b9c7fb3

SHA256
72b40659a08a1b7f9bf3c566ebff6531dae7912a0a23ed79b4875a38d1eca2f9

SHA512
2694f2995dff6d6eccc9d546222f5b76475f4d23d89098ac10be7d91ef0876f76288efc89d5c01d68369403135c8bd7b222ec2c5612433f3aee3063476cf85e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0657102ca7f5dfd5f698a9d3b18241be

SHA1
5d2e6fd9cddce0c9edf0e0aa9af281d9ef7c09ff

SHA256
9edcc8e59a6f76a2f0d97afdffd5a896bb9b94b2ba56a771fb9ed5437f4063bb

SHA512
36a3f9f78b97bf3844484a9e187b1208911c1c7d65a41f4a570e3783159bb958cb7b2dc442d99a8705ae4bdd6681f987c7d386041da91445b712a1d14b4a031a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6284c9eaf766940eeda4af07c80e8968

SHA1
2ff3c570c6f9d1b58e0d4afcf96ff37d64235334

SHA256
596d1da4ac8559a1000eae9d3e745c3d56d0c3066e758c43605d2a70a94e7c8b

SHA512
c7434b8f9e0059cc2d2ccaf75be518ba5c575dddf8ce5b57b9d54e39b5530edf4e664617601d16bb92a8404472e6706f1c2fd3fc022d57e3eb73c4a8dde29958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64fd01b025892a7cc5b78392f29703e8

SHA1
e8ae2fb09ca04dc66063412c16ce7a1b37b5dace

SHA256
9c3907b406e9d0f369088593707b83c861788970abd53d8500122ff7d350ef90

SHA512
bcfd107bcc5a547fdb0104eb3df99ac342e5fec1b2f5617b0cf0a6366f6281c678aa528f3a074c8e6e00231a71b75eb2b5051cb74cc64595206177146d069948

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0eda5814d57e61e856eeb6ce4ca314f

SHA1
8b61e17d2a4b79869f3fe3e8e9b91f20528e44c9

SHA256
5bf7624f8eec0a5dacdba39cb980912a79e941efbc29bae532dd455d1852fa61

SHA512
b459b78d6c6415b8b62a4da26a6d0bb517ae2f6a504b2f555e370f5f21b25f96882d5bd916776abac9b0d161c9c603e0f53a62442a054d588a02de5345df48bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc5edc5992930cb2eda82ccbefff9d1c

SHA1
15cf09bcb126dfb2faf6afad79f4cac260da442c

SHA256
6d70a45facf5f920fc0a4bda992da8359e732b4e43ac16752de59ef6b6d5a22c

SHA512
e8d8728b95b96a25867ffea0e9284c6f1cea1c51a066584e9549617f9ec4118af56aec6c630573ad145e7bee86f1e6fd73f187436e109a8341d87596d7f50332

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a11a06a23be56ae0b166c17276a25dba

SHA1
81ab1df6bf10df44f451f025c47a898e005394b8

SHA256
70cb1807f374b0157acdf9bed06bee783c7ad3525ae1b52999bec8ec8c1a206d

SHA512
615e2d61e5de771609a23d87227caf12cb95d6cffc8eed0df1a33329ac7e2fbb48e784b9e9d6644919b3638beb14db2d1e361ef7f8857c0f576c2471fec17bb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81443cee6e8c30a327abc1259a304261

SHA1
7708767f6caaf69c331de1df11405d522caf8393

SHA256
047542fdadc9dee9dee5685883a410fcaec7d884be1723365311a9bc07665327

SHA512
9a72aa51d22dee9b55f37e82b6b175287d2f33ef44368c6c368e10dfdf1fe1a237a27a135632a28daa57404afe4a9a009bca08ad14d945e57b8370bf444e94d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7235335f35813b84d42c5978a94e849d

SHA1
77ed0559987e4eb2acf81e48b2a468ec188f2346

SHA256
ea7bdd36cd4f963d1b8c0f4b8763abfd342a533dcdf7d64e435b72c9e79eaa86

SHA512
63f15ad6e05325ec3b6ef4eaab5c8b1f0ef2c376a28df6af30244aa292343100a1d56c2dc9c95b6d708be615d0756e59e7ced9b9a3b43f5cbf48b73d5f130d46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb7c8cdadb9de81305bb9d57c5f86973

SHA1
48c40218e70b1a2c1b09e471833722f8192a0aa0

SHA256
4a534a0dec4e92b1ee7b2a5106080030f1e9f0f3a73b2b00521a1740efa07b35

SHA512
657b3e99fe692de965c95b15ce42ff4e61914ddb388eaf2e395ce8bbfd77ecaaefcc1a9332e69ef2d5279fc92a9e89c6fddf8e8799a233e421c92719fc282623

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF7E9.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF898.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit