d7727b76f14a80f351ed07562d7ba82cf8f088949f4e426b25a6819761380f6b

Analysis

max time kernel
119s
max time network
136s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 16:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e09c9f16ee2dd35697029048da34234b_JaffaCakes118.html
Size

461KB
MD5

e09c9f16ee2dd35697029048da34234b
SHA1

3d66bd937a88ebd7cff4b7800b091218c6d0b56a
SHA256

d7727b76f14a80f351ed07562d7ba82cf8f088949f4e426b25a6819761380f6b
SHA512

584989c8bc6ce49b9bac1a090c2297ba8719d0d7f612bf9368495139ae24992acdb68c7f5037054c6d5bed48654243f2d1799f7effdd300c1733c45df68a3ac5
SSDEEP

6144:SSsMYod+X3oI+YMsMYod+X3oI+Y4sMYod+X3oI+YLsMYod+X3oI+YQ:H5d+X385d+X3k5d+X315d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40146f8dc606db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f035510000000002000000000010660000000100002000000084a01bc4e0e44c1217308de10be14f0c91d2e6fd1130452fe6b4c3fec1f5b8ed000000000e8000000002000020000000ee3fc38e6ada85bf22d92844a77d17f8a384dc31054f7cc9743e01fc45e5ad9420000000f413a1ed69d93f711d165c810560f762a979eed3eb5041ed4df11938bdccc6874000000018bebf1b767a21cd22ef2ca782b46ae09b9dddee04370a471fa607e1f203b6898d0dfae4b2b9f62f2810fe3cf5d6c6bc91c10fcfecf73788966f0eaa95e32538	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B34572E1-72B9-11EF-9257-F6C828CC4EA3} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432494612"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000000cdd75d3b983674476c77c9da65cd406b93eaa1526ab4e54ced428d5c4e560a1000000000e8000000002000020000000f91ad6bed70448cc042fdbb9afe8709cb637f66868c7313b461bd0bb6cfff1e090000000fc844c4b931efd61ceb481010458d11b696690d9208a91b5dcf730378d67a79eb97adea59e6fead0aef99103a749ba4e0ae4cd3435228926fb32b7632f7a1ff386f64cb7ea5839a7b89bfe9d3517c834967629967dc8c07a22f0e0ba695fe29b708475bebeb5900d08bca2c25ad8b1634f437a8c0e308bfec1acb6be723cbdf609b6528f4f75038936036f1d7612ce1440000000a9aeaea08f3db4d10b57436fbbf2a6cb11a9c2ef6a674bf9bc3246eaa23097264cda10a9f21c9ed028bf8cf5cfead0f4045c4b59b055769bdcb62fdbd0cc88e4	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2144	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2144	iexplore.exe
2144	iexplore.exe
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE
1564	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 1564	2144	iexplore.exe	30
PID 2144 wrote to memory of 1564	2144	iexplore.exe	30
PID 2144 wrote to memory of 1564	2144	iexplore.exe	30
PID 2144 wrote to memory of 1564	2144	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e09c9f16ee2dd35697029048da34234b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2144 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
385335d27ecc9c4d454747a3b4c75428

SHA1
4cb29f97141afb7d10fd0958bf2bc46e422e28b5

SHA256
3152f29b4355b3534e8a8255e5dc4a256fd3468c4a1adff01e30d5e30314e913

SHA512
795ba63519e0c38fee757865c30f50af2d05db105778a97c7ee34ed8e47dcf7863195c7a900eae807f49ba52c3f6dce30ce1df61580bf8546d79fa24eb05d411

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e7adf5ac50298cd835ddc9e739d5b23

SHA1
bcf30582cd6f211134a3dab526b93ec47f2e4a65

SHA256
69fbec1c3a40e395d0019ec6d9fde3ec646933614410d34e921d8a568bd9cde2

SHA512
b65cdff42839416092004c91936a2cf2503bfd3e6e33e566aff3a95d672b0084f04f2aa93ab0d64bd707b0a97668e76bca46a8982f852ad0b6aad82c1943e3dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f08bbf686055797c0495b4fea6e44126

SHA1
083fc472a078842f3ca93e6131cdc3995061f266

SHA256
ae27a08396c7358889e26e184c7cf884e610a571f6b3da44c753e1af9781e2e4

SHA512
94edf83a89d2d908ce77e54eecdb847af582debc032d1037260ca35be54ec11d494cfe9bf7f37ba587469b7070a2c87e9193a9df7f1a5733552b7ab7b94fd3fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bc236d5445dc136431d2b523ff4533a

SHA1
71e82682425b3ffcc5319373280bb5f4327b60fc

SHA256
2f625999b15e8531035881599526246a1d02649f3385fc41bf36bdc5b34b2b62

SHA512
9ffc5a63c3e27346c611a0f952bc43e2a24043b919fc3a4cf72a96748c9a57ae6fd964822636f4db4d7caa309c8883131e05eeb55bb837a6b0fa1243c928577a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a8264e946bb192051355e471ca5f2da

SHA1
0391dc6fecfd7fe6780b61e1a6241ca11d61e2fa

SHA256
13a4b7d87a454c66bcd783d9c1ea00da976dd6836ecfe5b3218f050d4bce0204

SHA512
82d44f45634f5c8ee2c065503234df40cc82f5e3320853c1a8fad2c9dd08d8951ced2294bfb04e9e10a0e11a2cd90dbfada8a361bc5f17cde8254b755d308b06

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
862bc4ea402c2972d7cb8e5c5ed513f2

SHA1
ff1e528c6599e3d45c9611cda40b8d1a7d9beea9

SHA256
cdb66002fce2f87571a1fd986b433841912d3a43e571a3a650e26d6e1d71b9f0

SHA512
f6e6fd08933c288e49ca1c16aa0a28c6fe5e59cc4994c08a0872e50981cd6862e9c73a0927bcc1ff41017a9283cde13cc589193ae8334f89ca3995a6fd827cfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9510d202c82aad42a4a3f88373811740

SHA1
1c4b17022791ad3fe8d997e4f293fd08348a3949

SHA256
dee8a824f6d5eea798cabb5c35c30524936e8f4d05cb00c4cacb3b8866bd788f

SHA512
fe009b106592dc903a6aae0b9095f27d11b59d02717714d6444d9a644deb0d2ed3b4ef21f15b254271342adfe7a182fcd98ea5359f4636b676acd0eaf815a118

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3339bae84d8eacc89a6617bc38a8cc1e

SHA1
1164415b29cef8d5bfb97d5fc6901846b9df4fe0

SHA256
ec0b840be097385c6ad8f93ff581ffdf9a7ccb2289e573921fa7b2e65381213a

SHA512
e5296c725ed75e575aafc5b4cd045f5012a0b99e79708d723b12ea6fcc7dfdfcd779506ba4fd06c74dd9bcb0a92c895ba9de055588f252388ad397f19defed94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a007126868305f31770d42671acdd9c

SHA1
e49a681635ede342b666114741012248f8324c06

SHA256
3ea5535e551760740f38c61d355a7db52b3f5cda3e298a23aa6cdf1ef8d6b25a

SHA512
02ab5d4f3e4b39aee3a4624ece91127dcc740cbdbb9829c97ae23a2eec20bb344fcfbf423d831b26c6a4605ff880e66f5d35f6d4f2b65bc3dfa44eb82c262d9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87c5df83ce581dc8255f662c3d461339

SHA1
ee007ee8288f19bcdb693e664e66657b687b5373

SHA256
a3487a9664be49673a94fa57b90b6090ccf33134a7b617346292e3e68d228dc6

SHA512
7759e9c3fcc0b126e82ee2d21836c33770ea740e4a3c5dc963decb081147c5b1a1e4321621f235f5b0d4f8e3b19d60a1c00aa37e9f8926ecfd08e0b75706cf3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e25e2cc06473eae9860e15223746bd0a

SHA1
523e56213ec941f0de07e379ac7f104eaf0ae004

SHA256
bc7f1f57621c3d36e2648452e6b556932e240b40d5b925145a83627d0f6abd09

SHA512
4e12aac1da2398251027b3c31ea545c499683c867cd78f30ad5798927dcc817b00fc5bdd94c648575b3e14f4c476278550f5d8a28e8cfc6f2ea028c83665243a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb5e67399129cf43a786fc571c36ba1d

SHA1
e904d515c7ad1b74d5c493e9675be727f77a0f69

SHA256
5e0b997dacc4b411f642aa46751b35fe4ae86be8b27ffe5288d836066ce00dfc

SHA512
b2da1a3f74943ece1b49e58857df38772724f782f7cb1dd3483e3eddb9dd60e359a856207e7c032032d1d62bf6e8f47a53ed75d9929eb45c25b02766e5c71f51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20aa1135480908bd91c681ee1166371a

SHA1
afbb5d3d92905aa3f048bc6cdfec347a4cca9ef5

SHA256
8ceb07eb0380f6b2976573a68c898e44d0ec513aadc9871a5ef4b689b0711cb1

SHA512
566142207154aef107612565eb4d81050b6bb2bc777c85a9b5de78a1af1329af6ce719f352c862a1e1bcd939948302f5b452ee4c8a8a8c84da87b729611e345f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE45.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEF5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit