cbd8d588db183ef64c8f0302f2b2815155461feacd2be12e2e1d1fdbe1fbc702

Analysis

max time kernel
121s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 16:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0895b5937678ff6391454e929a6aa1d_JaffaCakes118.html
Size

803B
MD5

e0895b5937678ff6391454e929a6aa1d
SHA1

26d3f891804fa47e69ce251487f37299e1c9b733
SHA256

cbd8d588db183ef64c8f0302f2b2815155461feacd2be12e2e1d1fdbe1fbc702
SHA512

7fd84b57b5ed11204b34cecafa3dfa930301099e37b7954d896934084858c2a302515de1a075a84a79fac40cba1fc8e615351f33ed4023bbbf4fe9c1a2d716b2

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432491811"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000c8e011e644c26f271da88bb9376d0a6af2ee494fa40ce3966016852bcb72cbfe000000000e8000000002000020000000755b3b8ec5a3d8c1699b10e78d5b8c1bd137cdb4d63c7ba285b06f8d7eab6cc39000000078a40e7f153b06b51b903e72f8ec67e543b0acccff46aea6714ff8ffa6ece553976a27b73c00ca447ecb6f73c2e306a166161c7635d2de6dbfae18756ce0a9208574fe7c3d6f20026ba44985f61be6eb6e70fd34295d57c65efcaa755f0b109b93d81dc9d8281796751c33955cb4f42efbcfd9fd27304503b14d0f3ad6835715c9aa3143096e4c2ab7ebf0318674093440000000b7f40aebf253755834c5e07d73f56e63f18cff9872915673a2106b53c0ce3679f3d3d9d23e3b2f774b083da66dbff486b140df225876e102498242576ff8f7ca	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000006051a2f03164bdc9c2d0dd12c03cee00b9af77ee8b263a4c73253e540e8ea500000000000e8000000002000020000000895903a5314a179e5bedb540fcff957889992cddb2f3482ddc0afa3e85f006412000000056b69eb3c905baef506693d787ce8045c53fa3eeafba7a652dfa9c8508da4aac40000000a88a8e59bd8aa0e64b60b5773bea70373348ffb6890a630ccecfa3754d88d3bb51d00a6e26830b8b9a00362cb73431400e3802ed32718c1ea94cdd315e718c25	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0ae8806c006db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{31E7A5C1-72B3-11EF-83AF-F2DF7204BD4F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2668	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2668	iexplore.exe
2668	iexplore.exe
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE
2984	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2984	2668	iexplore.exe	31
PID 2668 wrote to memory of 2984	2668	iexplore.exe	31
PID 2668 wrote to memory of 2984	2668	iexplore.exe	31
PID 2668 wrote to memory of 2984	2668	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e0895b5937678ff6391454e929a6aa1d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a83251b20bf12d38bccfe06abaf761c6

SHA1
8c177bba0d4f5503d75b87eb2f36570df2c6ccf5

SHA256
c3d9f9aa793df0eba5a531433e310e77f5a0b6ca0e025f2553796620ec2d3526

SHA512
adb75f749e41f7583aefc3ded944f171560f31cfd8cb43dd927d1984574da8dbf03cfd7ac19b1a79179e7a935fa53d3ecd5c2f2e4d559dfb4f38acfb9adba152

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c6b1e3961f220ba4b997821bf72ca46

SHA1
29a3721185a9deb99ab43e957b87617d6af0f328

SHA256
a73fa1069fd74759f7e7eb508f44bf7c880454754dc59ca01aeb97bc416997ce

SHA512
8f3a60aed7b7bb31540d7ed3138f21229a37ca2a8604ff0b2f376cf8a20516664def01dabd5f7fcf79f34d5ef0022db8f42a913dc4890e4f6885b698b6d9fa98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0d93e2a6307c4075fb50712899912a0

SHA1
4a828285787d18b8bb1d4deefc8907614280c92b

SHA256
933d7058fad8fcd7304a63c1ecc5950c8264c4389d383a145bfb798cd0067084

SHA512
023070eb7f7e7c95bdb6eeaf73dfc70741db8d14c72af9e329d199edd288d6cc7f6dcbdad4c9df42c2406b62639c3117117bfab3677ce9bdc466b04e4f0b9c4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d73171a010b1ccbe8356ca0f160dd62

SHA1
c5cc689f6092131ec019779ace3638e344e73f48

SHA256
e6190db7ac284724a48ba53ed64ab84a10d820ada9017c9e8bce07f07acea336

SHA512
183e1c539b492a2916e4dce58cee627ab7916db59bda0ad2d6a517163b30ab6ac0e2983fe80bb9bb7d3b6295a5af8a5b698ba1722bf7a893c57165a82592626f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8743dfbf446bc56f4dbb104ea12bfd5

SHA1
f6f434965f166398b4cd98f13b45342e1a17b8e1

SHA256
e6de0207dd9011348b55f6493afc1e76c475b0b898f1e1e047c80def2d7567f6

SHA512
67bea676655a822428a1e7a122e052c3d2a1d5f8e3d61986a87b93d548ebb8df78b86ead2a74795a5ae582eb12390621274023c73cfff45fd7f7619f9c9128f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aca7624e9456cc91a60ae6dd09ac5c1e

SHA1
f0c0ea4a310b59a969a3d3be066b340f81e3a972

SHA256
789ac7ac6ece18c7e8e444cd421612b8d4497335c3d3fe5bf79f94de0e6e95df

SHA512
e7d9c280b4088a93f50693135f554000956499e8d887ca5e36fa4394c194ced2b18a5705ce28a480e86e75e09f62acf82f6d0b481085e2f4c311fcb70246ad4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d66c95c7cda4760bf43983c37f2973a

SHA1
a0579f71a7cb2d7bb9637f00b88eebb97275056c

SHA256
2310eea8a367ea4d4de0b464a87d40c2198f1d866dedda8c7100b4ddadbca6ba

SHA512
b56862a1c6feccfd3a689a58144de1937e923e78471bc41d11876bb871dfb07ee1d0a43096d0e85ee8be07e5d4fc3853f8b65a4f775ba086f0751c5eee3eec66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f3c25c922278776eb025117bf09c0e5

SHA1
f1ca84aea30c0c800f5a616fd0f6df61ce94c033

SHA256
fbcd9468dd87642db7aaff2a326a2e39fe56a9c0d03560a7c711bd90387f1caa

SHA512
8201497146fbb8e5394bd67f778a496821d19bfe8eec18d6f186057b987e42122e7291c2df766d869048d4411ad17a97a46d1fb3a3b9d50efa53db872df910de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3cd20fbef84617cb1ada9a2b0725abc9

SHA1
59ebf1e328614d5aa9bd01fa195055b554827155

SHA256
65d63ca4ce8b0d707e0fee5f4333a2ad1014d0f7dd1661e6b3560728ab212924

SHA512
3223917dddf954e55619a5568e20d0152597f623bb41110f811a1ad55b834be2bfa5c41273594fb17021ea55d645cde3c44288b61b59f35567f8efcde206ab76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a309727a1982fef0efe7538ea9e62f4

SHA1
51a8cbe53ef5274691d4a23f0cc608cf642ad161

SHA256
7671b01a5a72e9870cd1fd8ed4db661b30bbab5eb4b9c0176218ac0c93d12f5b

SHA512
c8165e3fa3cdc2fcce2ee2b3a6d2d8c88070cafcb940bf3702a80810f6aa7df2a653dafb40124f5773fbabd515d1e0cb1886c073ac0542bc07c854872ac65451

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b2f0b72e9fe731790b531e1cc8ab8e23

SHA1
37f854719c3783198814329d7f07acb950fd026b

SHA256
7591e6c64d45b84c301042663796394899227cae9f9d06aba3dd162036722658

SHA512
cadcee5c3755ac692396b407d5c4a7f149ccf4767277685552470491e1a9fcd7a6c866cfb45035b082bdcbd015eebb8bc5635a3a15e7733ede05d5fa5aff5800

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ead4d50b36a17666fb8e0080ff072132

SHA1
ea74fabd0d48a92b0dc9301c7417a73a773a4d6c

SHA256
d99ee38e900dc312aa23d48147a9739f6c9e4e3fe4bc3661e6e76630affd3e06

SHA512
c6240c3691d9a90fa4892fd8305d7b42d7f98e22fe72d02d34fcb3a9d7dbfacfb0931974fd24873efcc8615bc259727f4d17f7f09ba3a12c8892a59fbc00a36a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20a997cca4a674680a0444e2a11b24d8

SHA1
99df8ab46c8f2a75f03ac5258a866eff547b813e

SHA256
cf11d941958d8dc64fe64903797227d81c35a1ac307d85a3b0f5d35ffa868d4b

SHA512
8ff9963614f0c30cef7f3e45c1a53e39ec6e9fd65da9fe62024750ee01120db50ed8ca9bdd4a02ba31786ef361cdaa7c5c5b7eeb5dfd9f77247b3bc57f876a1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a90252c586a12fd4b491729ef549a3b7

SHA1
35016caf41a2f1a927ec2a0a1aa8a99e3de6b13e

SHA256
658895433f30e7eeb31c628c4bc9649ecfb4b47ef4d8ce9f8be5dc03b66f853b

SHA512
99d700acd1aaaae55622f3271fd8f72016f8f9cbce4027bce73e2033c4d8bb9df805684c7798b62edb9126e8b6ba02c501233b185b6f5295890ea3d4ba3724b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab12C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar19C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit