6e5debe4b69a85550734a0be7637ea7c3d09b9c92053269ee42c6141d6a679e0

Analysis

max time kernel
136s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dea439a0d55e243158b7e05b91b9725d_JaffaCakes118.html
Size

4KB
MD5

dea439a0d55e243158b7e05b91b9725d
SHA1

5ebea9a109be58de3c66313f4a72cd1b73e30e3f
SHA256

6e5debe4b69a85550734a0be7637ea7c3d09b9c92053269ee42c6141d6a679e0
SHA512

3e6cc35d244ccd6fecb1b719fb44927b2397c7704666e3070a772087df590b6180c85bf7625f489d7642a6fde1fa19d25c760cccf10a2742df4576faeafaa766

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432413163"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1286CC41-71FC-11EF-BD50-D686196AC2C0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50428be70806db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000008df09464844316eed5240b7ec68a40a2e1a880a3e06080e3a66760ce5f1e9f93000000000e8000000002000020000000d3e432694709ece3fd3dec92752f56631a9177fe7d2db151edd38cf3713eefc8900000002921eac9087596333c7790cbbf5fe7fd2c3e2726ff011f82ba3319ebcfaa8a05a4d652acadb2affcd81ca93dcd3a0acf1b8a08f033f3e3c8ed721baed666494f41879361fe9997b68b1d27da9e691772ea0525a2e58ab796b14db1b62c1847c19e3b42315c376020c1412beefd848b7a14ae850f4a789d3607ff237d2385d99dccb03a30f1ce19059f864862fb3fb42940000000e5e16c51743b1caa372890cb317986c330e5f70af85a7063722c6938364131c1e9e83509010ad75358aa469a486e30b73f54fafdba93bbca7a0a9af9dddc6c57	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000c1279b01f736111fc96125958ae142e50b6bade83d7055efa3a1dbfe30d7737b000000000e8000000002000020000000553e57d694cce708019a5d87df6f294c6896a2353d92c300a7eade2da444a27420000000378b0582af88a89a1cf6a45aa9cc5d98b913fcea4f40017f7f2ebdb52011ae314000000009755e8277956b56203ad879b33178d1713d4545a6a1f3350a7a17715bf6c293c6529dae4afb67ce5fddbe76e9ed779221e28a1871eb836dfff114a9bd574424	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3004	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3004	iexplore.exe
3004	iexplore.exe
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2292	3004	iexplore.exe	30
PID 3004 wrote to memory of 2292	3004	iexplore.exe	30
PID 3004 wrote to memory of 2292	3004	iexplore.exe	30
PID 3004 wrote to memory of 2292	3004	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dea439a0d55e243158b7e05b91b9725d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9d5d2e4c589060bb5cde2965f7d8262

SHA1
eccb53be695c276913c28ce6c577e8715584f1f5

SHA256
b652b20a5bc8b9c9ce3b8e9ada885bced44c41fa3a24618f3d74c300440bd632

SHA512
766dfbb0889689ca4de93be079102ef5d223605923ee430cbcc67cfbabe95410668c7cd08acefe37551adb90baa5403dd0b3382af23177acd58326c2da2a9b30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79e751a91a48b17a2228b33d9d501a47

SHA1
153b6f0ebb48e40f2cf7b28c4468c90eb822f04e

SHA256
fdd1afbc0e6b56a3bac0116b1a5b0e29c492e3bd417ce4d53be36982966f0ad8

SHA512
f8fe91aba62afb58483bfe2f18de72c189f747dfe8bd8a9cee52c4b3a7cc75109622c896d7552ed35ed584efb271ad2496569df4ff76bce395f8364741e1fd0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ca29e02ad97d7848a50e68cd14e3c62

SHA1
d57d6a47c5541dddc998fcb6f01cb7fc4dcbb43c

SHA256
2e2ff19dcf8d7dc774f1c8b6d23df865fd18e2a305855603a1f957096c7b5d9d

SHA512
5ceaad8e30cce45311bfb9fde65255226179efee101a6bf1b8fe8fa76640dcb18d24c3acde47d8fd70e04bd23826a02477dc0480df5658da03ee7a45c1eb7215

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dd6b1c141a3aa54251e94eac607857b

SHA1
5fd5e3765abe4d7311831f154bca0b09a900793f

SHA256
c5af008fb9d64ef66a04fab6d5970d5481d063b0ad740637c42ee1789e497f11

SHA512
7392deefc348cd5ae4c71bdae0e7099fb28d389128e21168610ea7c09c6287da065e7e516f1ab29d143edb35ffe56fbc424ef515f59042c8c0d705e76364126b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ad3678e7ff766b67605e78112ab75c5

SHA1
855885b3e368e373605c032bfd3728aeb0171092

SHA256
9ccd8cb9a9f056a9d743a8b3b3df0641fced5f03f7b5f7d80f9d50001311b18c

SHA512
39eb10b07f8a14716a4c2f046336fcd6d6bce52c42cc3fe65b3c14ac8faff970594f56bfbb413d34ba463ea7625aa230b89d07fe0fa2c7564873901970f8ba89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6511a52345856168eaa6833f43b22a19

SHA1
a77a2cbcd3f661bc33651cae7a172c084253e54e

SHA256
dfd75ff1517def990eaed498b17f7f644f43ff91b8a10bb8c261d14a0d88b41f

SHA512
d7245e9bffcfee235b2bb2304e43b83b23ab3fbaf4ff14de245eea62380898c3b0cddd5c64d8bd5e729cff3c5466c84502af48b123e0e795c27801920349b3f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03ca5db41d5673cba31c234aa864781c

SHA1
cb97daab77e707ef02df94698bf5b1890c255750

SHA256
86f9ad34fcefaf3b10336a15dcac759face72b1f7fb48095e273840dcbe9b728

SHA512
0c509842b3cb97b901d729f840f97680f113a35a4a5693048a676b5110cd26f55670567a712537276e2cb2d0797b989d5d0f8c509c7a15d62b5cdae7a0a54ff7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
470e5e82cc55be16fb65e0df1edd9ef9

SHA1
453b0206c43772c0bfcc0036c729d739b90a1b09

SHA256
6e2842b74e0df114f28d69aa27699a49b1e70864da950a6b7234e4e9d3ae0e15

SHA512
bd433cc05ce6660100a6422f121c32663afaf777308b4a00fd7d5bf139bad5aa5f700ed56ec3f5cbcbd40f3af00e98408351cc2b3159d439bcb510397e723e1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74acbf4ee35231128fde893ebdcb7dd2

SHA1
29c80268e7634ceac2b2f09da3c75cd559bb52e0

SHA256
f363d7dcfc9d60510071814a53bc10914ca7336f6ec827a54559e4e35d6b3464

SHA512
0ff10a24e468ca6bc81b2d16f9ead773f467d9580f58e3fc99a94cab0c29ec3c2a6899b4aa682201ee904aeffd3b36d5d0881540638443ac8f3222aaf0143eb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d31ce90aebdfd7fde5e1455ddb8e1dda

SHA1
898f34197812f6b0e15309c417885f6deb886858

SHA256
92b3e2e050bc6b6b794198aaec939ec9004910dfa44cfd057b10d81b5b062afe

SHA512
824dfec1b9d8a43b4c9d207f8616578c8a12939a7cc1ec7d5869c6fa72a6c78263c8ec92eb6dae694c6a76ecf73c98817eab8059bfffca1ff708df0d0106ace7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c42f7e6bf54e972c8167cfddb5fd4934

SHA1
da64ca28da91a4e923b7415a29990d9e65c3fa5b

SHA256
aa7d9008bf0090eb262f8bc027ae517e34bd10c5c42f06ef1d8a5657fc197e37

SHA512
960a23acded71ae27c9683efb608cadee08817deab532dbe63ead129cca84188586ecfe782b82eba4ed1b0b5e489d0b984de111f0e9c362ac6fd7430d45f1b2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9084bd1e9c70284e2d21ba65fc89b5ab

SHA1
cea2ec50e1cafd07c6fc6b7b0f2cec0a1792d8e4

SHA256
ab26f50f6660688f398acc4ad2e9580d790f1d075d2c0a8860d28931a57412bb

SHA512
13867c019cb0678b1fee8e1e7b55f071ebcd63492c24d13229febb39894166765473d7939fc76642a0fc70064fe924f1e99760067398b613893691ab6907ecff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
faa77b711f48ca7e5272dbf2fbd31653

SHA1
ffb238e01d7a2ba0beb01aa5dc1cb2403f5c89eb

SHA256
b449d69141ca8af598c94ec92994fbd9a65163d5e82a44a825d37ff4838dfa56

SHA512
b7433427680219d4abb53502fd23e0a64900013d5a6ca1d57d8b00693f1871e63b8716708e3a7dc792b42c8587876b5f60804d77a3bfcb23e6ecf8b6642c4d18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a3656c572e32dd81c13726d5ccb5807

SHA1
04aa34394af0cb179789a805d2cd53cc29fb97c3

SHA256
c33de331d9ca23b4f4930a7f17cca12b9d3fd78d1063db451aa01b71314f964c

SHA512
7a2af296f068b5f63af5b9220cdc3acc7cee7fe3123ff41bfd9d1c3c59b3679e791f68edc1d21cc333f4fef655d94bc4b81109ac2fe82cf3aeb585dd0ed88603

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b3a46aa2550797502b3ade23d5d195c

SHA1
fc9479bd83acc5067f8e4b101569796a521d9a1b

SHA256
559cc5084f5ddf5c52025d1df3b6571b9570aefc3c8046aa8f1acf3d2be85b5f

SHA512
245494ccfc7c52771bf0010a62346bfec39938edcf6e8d9f785ec44155b6e3a839269ff376e667c3d9556d3d7896c7eab20cb75065f23969dd53f82c01e3f702

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE85E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE92D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit