d67aa98a3b9bdcd713830d413ef0f3be1473cbf931aa9e20ec961e8e46f258f9

Analysis

max time kernel
122s
max time network
133s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

deb5fc6bf3dd33f6545513fd7b141384_JaffaCakes118.html
Size

461KB
MD5

deb5fc6bf3dd33f6545513fd7b141384
SHA1

c1c049bdd17b148134c8b7dbcb4e6d97bba1966b
SHA256

d67aa98a3b9bdcd713830d413ef0f3be1473cbf931aa9e20ec961e8e46f258f9
SHA512

8bdd52bdadad0eb2338f058bfe75521b5936961b617d52802ea1dde17cc78651b8c1b47db49056af4a1d291547d7aded5df56dd6a60aeac60d9a234c5b25cdba
SSDEEP

6144:SFsMYod+X3oI+YdVsMYod+X3oI+YDsMYod+X3oI+YLsMYod+X3oI+YQ:+5d+X3R5d+X3B5d+X315d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432415921"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7F1BFB41-7202-11EF-BF4D-465533733A50} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000178a05cd1c5ac5a6c8e3d19b44a07780293c8ee254a6bd14ff313b36e16f8d69000000000e80000000020000200000004690c1ddebedb51e7bc8526a9c1234c44f39bc06ea2518518b2b2fae644504f69000000066a7d52bc5c963d82e46b92967eb203f602bac689dc66884085adb8a07c5f6e199dad0bc77d087c6f4d2766b974fb18393bf1cdf9e1838b961c17a5ed84f9ca6fdb8b22bb5d077a62b430d5694e36ddbe71d56e8f5ad87cdaeb8b4194430776f6a6c0451ac1ef20587cf032ec19e65cf7976d8bf4776948f99d94a09b95a8dc178f58d8d7d9b08868f92cecbada0226b400000002863c8f5d70a91fe04b7c7710b726ab48802bc53e16d76f1b0b05ea224be15e78576007fdc6567a6d91aa806e6d6e87d9abb417f39db06d5f00cdbca5cb7dc0d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000824ddaed879a3f80fd19d7e36a114128ee136948df4bbaab5c3ed0efbc55b0a5000000000e8000000002000020000000adf038a5e634b56f4bb70d796cf4b21667b68128182ea113bcf2347621c3d5cf20000000da96b3b7f073abafb49e8ae6774a4b71581c3c0313b3b4a93795fd832af65f974000000073242c6c20a5d6618d6f8e9307352e91a6e25a71cd8ca022ec8bbfef0052fe8efb393a41316fe9b7640b7b91ae7cbb098e4fa4f7a34bd84c9ab64e7a2a842f54	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b005b8590f06db01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2068	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2068	iexplore.exe
2068	iexplore.exe
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE
2336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 2336	2068	iexplore.exe	30
PID 2068 wrote to memory of 2336	2068	iexplore.exe	30
PID 2068 wrote to memory of 2336	2068	iexplore.exe	30
PID 2068 wrote to memory of 2336	2068	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\deb5fc6bf3dd33f6545513fd7b141384_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9dbad3d0bcba6a046d2c1cedce10dacd

SHA1
bffe9498eb9cd652128acfd0c6df190566a5f066

SHA256
6095634807a555e6db1fff5f46e13a629ca1bbcfaa767c989419d5456ba2ba8c

SHA512
5721276105c6a3de801b9486f70b07e4c06a0773a95694b6c7fa29d13e8b72ccf006ee37f16a659d8ce388533ebdc2bc989b4926add3a345f65b61062497cbfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a3a38775519f09c88bda17e1211eecb

SHA1
79fded3650c2ca6bc2fded2ebac9195da215b6b3

SHA256
92ad84d61a70eca5cc532795e15db6383bc24e4eb1f6eda4ca60a2f69da0f109

SHA512
a5ba1aa4ed82033462f4f1fd90328ac72a501ad82f078779851942c245903074ebbf4693181b3a4d15c20332a718e259e5db85fa0f768053784719d2c89126df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5ef0de4ce0db1af1249f2c7249855da

SHA1
4d1714e7b89f1b34d5b9db74502e069bb2d92ff6

SHA256
6354a6bdf7a8ec7b5df510c052d8e4945db9ce7db0c355447da00ccc45533d2f

SHA512
812b103c0be7f10c72473492ddd3088b63b4201fc389a4c5d3bbb3711dc0429588ad56b1f10ef8c2f35231215a330bdcb0bb23c1cb418a3c0573bb1f46c48cfb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6a6fbf7ad9980760e40f78d39c160e2

SHA1
d1ab5bef2df4b866d90543a10e704aa9787627fb

SHA256
f243003278264470e4b53ffc3d1354392359b4ecb1ab344613e4d38d58e7ab72

SHA512
59f1b7219289f91ebeb0ecebd36b09f383fd66b8eb4ef3850de6573c5bf8e923decdfde04a9d499e8f1224692a595bbef825269f4166dc8e6bf8e737e1b8d6e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54066f3b09b91dd9ead1b92cf6a9a77c

SHA1
848d352fd0e23faa3beb483e1d006c06f50986dd

SHA256
7161782cd5fbbed1b98147206cd9969c29205af241aa5293cd0d0233bab530f7

SHA512
63655079836ec1aed9061f21fa82e2889bdb9c1a36a692335d723b4dca3c75d8beed555d08c06397ba5f00bd02d24ed3691f4c5f1c16103492ea2543362c582c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d75e01c2d291a14b5e435aad84bc8f16

SHA1
2fb5950ed83c33c44f08a977f4688d78e14595e6

SHA256
b90cf00cf01f97a8752a06c8f3e1e79ddb128dca3dc7d679cf8a78b870ed48fa

SHA512
ee384bb96ce54fd409718efd08d496f3bfc3c0311398b13f9a0344af0efd5dd1a4c583c0b905659ec61abc95eeba0c807c80a565cb8a7a67a1bfcdb8018825ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cd5ca8165f49b1a43dbdf7677c618a46

SHA1
2f87854e5e94ea404d1e87e00872666deb0252ac

SHA256
c6b67f5baf3e2b9dd7c11fcb7ee597f586bb11c88f7a92bdf352b4b6b2b2d211

SHA512
aaf759bf2c0f44df8c2bd59c163f7010b6951ca2fd255d291adcc0c71dd97014aef373093e86a74675047bf1f63cb899e40881bbc6e532bc419ae876456c3524

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8dd13f16b5443e3e34a3974c04594d2

SHA1
713131ff4110ac980cfcec3b6edf4286c4a403c2

SHA256
7af7b00104e1e0fbb2621a45e7cda6bba85227f098f492a194c769a865ea3970

SHA512
ebdb65898e6799f21dc425da8fa4f163d5117f8eac4add074975e71c37de61b22d05b11535f50ae6a50c97b4c931bd8cb0901e6d2ddd620ba545ac8f97076221

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
518ee096b5da0eeae56fbf67dc5da124

SHA1
5ee377ad411d42f74230a18cf69ba2f87570ec9a

SHA256
3f21babcb54128ee650fe70a1ce3f9d524e49825475dc079e4dda05213f9ab5d

SHA512
5abf5c81c604447bbfeae37b08b271813097d78735517a2688b5ad894aae44b58f9f0f05fb8873b8acf83194de5a461c77462ed39cea383e0163ee61f91c055a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
102b494df11247133c4901c4c6259902

SHA1
f54d6e2aea690b5f5ec15d17861d8c6d933b9c60

SHA256
ff2fa11052d06f689aa4e1c6aab1cddd95aac5173be2510fb655f562a2f0f577

SHA512
b8018a0f9df11aeb4d2acc0b927d111535bfcece3a670851cec65912abbc40137b4d6d8d16235d6560429831a327bb4235833d259cbcdca71341f99ad78b5bbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
01d95a1b75fbe1602baef130ebdac01c

SHA1
c0c4b089089d2bea48a465cb7f684efd73ff491a

SHA256
286ba94f196860970498e929f9dc47910136c6c11817cbfdf8bca53094d0bd5b

SHA512
7be9b57b9f289e4c12308e2aaaa291b4f1779ca9e7c6b520b54c447fe34531d14ced7f51d83730e55ffcaf046811f7aeed5c821fe4dc4bf312d348868cd6d69d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2faf2fd0d04784ecce84c4df1da155c7

SHA1
8af894298a260449a518f58b74efd9fec1728de2

SHA256
06eab0ca494bb2491d79518fa86b046e00c7d0166710634f008bc754432b87ff

SHA512
8fc2ce855bc6268f736f31c1785f08cadf455cdcb12a14802edd4becbbfb34fcc842e49aa8d216797858c0b92c903387b1dcaa9dc21ebaaba5a98d7636ae1419

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
340667e6eb20feee87606be3dcf4dccd

SHA1
def39234da245844127fe0df87e678b03bdf12b6

SHA256
5d1c04e0cbff90af0382d460b8542f34a3a1cb44be7f2afd9d0d4f109b06dade

SHA512
174c16083dd98aa0a27cc90011b7f9396afc271f7e69f8ee2bfd67a2cc187d15e7c2ac46d790c730d51784727f6f79e21f2cfd893b477307ed1ee7946fd850ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1c3aa40f12b94375ba0d4bdf26a5106

SHA1
f490086b404fe5783386b778b868f5a017b8fd18

SHA256
35f6c2346b008845b5ab600270a157fea72ecac2245ffddfb3b5df688d0a8a3a

SHA512
3c2b3f0a0669b18f8ff874e78b0e7acb041b17e0f95465f79439246799ae86725ff3d9de29d9afe992dcf59c490c4fa7706cb0922d8dda2f1a82902ff5119d0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5987c776db60907360b4a0047d14459

SHA1
b9124ca08500ef5cb460251ccdba3bf73a24c5f7

SHA256
5b2deff397325f888a40dc44230554389897b67b1b3bcba55ce1308c9282d631

SHA512
ab73923f88bcd0df7784c04b40629427a772bec7b37f792051c215db3c87fda99528bc193460aff10feb9fdce8042eab5b56bed933f8021ba29b41ac1792c705

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
248919fd56a9fcbf104252770233de39

SHA1
c3b4f58a08da051d0ddfc3aff4b8ec2649a7b187

SHA256
7531657de22fbcf50342915a461199f1bb5a9da26d6bbdda267fdf6e2d6d55e0

SHA512
0285a542fd5876dd5c8db2b0e3bda977212efd2a1b9e69bf359e2b47b7150d348883184c2e7472da8140d9d1d58162777c9f814a7389215de05b101b1b97007a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFFB6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFFF7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit