a44989c63c616d58087b33dc152112f989b4ea03ae76ef3618d49806a42d023a

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 06:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e1dba2e1de31c7cfba0f6f8d7eaaa463_JaffaCakes118.html
Size

204B
MD5

e1dba2e1de31c7cfba0f6f8d7eaaa463
SHA1

df4849edca30a3694d94f6ec6ffaba0f86e64021
SHA256

a44989c63c616d58087b33dc152112f989b4ea03ae76ef3618d49806a42d023a
SHA512

5654a0cfbec54b35612a2170c2bfc54a686c97cdeab263049d87532902ddde17a088d681f03f2000af666f765501b227d9ccd7ac690381e33ceffcd3a629177d

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 106bf3ef3507db01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432542453"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000001ac5d4bbf6f8a0eaa3d0bfdeb25c78a517966c9cad55ea47aa024b08d1d14a78000000000e8000000002000020000000be632fdf3d7bb25996895a874af4e5955c9ccf69d418ea5f997fe621d7fd46592000000018510ee83dcb285892a79c98ad6608cd3755e448bc1900e6c7915f44bfb2fa86400000002c37d62beaf384b238be0b9dac987979abbd78fe29654461d144929a4fda43fb2526cd15101db8cf021ac49e32666e79e5e7adc3bc753b64462082c0b504b5b6	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d9070000000002000000000010660000000100002000000062fd2ddb299f6622d4ec29d5558bebcf3daec5ffde9294d7249d356523fd8e85000000000e8000000002000020000000f5313ff8f85629d0f3446155cf2cfe681b7d58c8856afe2dc522f80106dbcad790000000963450e217563b33e3ed163fb253ea9159613d98ce4e254d8813796a7995d30148019b9ad503c046779527df617d48c46a2bd0e29066e7c30faa417ee18807f757ca1ab7b07fe32bdf03eee8feba301fa4feabcf1b398fa38b53d9c5c3d4008ed8d31b1cff3deddde7e2615487971bf74a21eac31db1c6998476a9c39d4d7510ac0895ac83d0b4c4dd477c264131c6c140000000c90ee7fbd502c32a14df04d0b668405f78095facacac442b1d55d874d6ee4552663fbc445bb35e24016fc46b7026520e4d7f211b886be5cfde33dd27db3778f3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1B736F11-7329-11EF-9204-FE6EB537C9A6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1916	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1916	iexplore.exe
1916	iexplore.exe
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE
3056	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 3056	1916	iexplore.exe	31
PID 1916 wrote to memory of 3056	1916	iexplore.exe	31
PID 1916 wrote to memory of 3056	1916	iexplore.exe	31
PID 1916 wrote to memory of 3056	1916	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e1dba2e1de31c7cfba0f6f8d7eaaa463_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a58c9954ef03994853a343fdea89ec38

SHA1
a164f365b83ec2263b452eedc39e6ab6e6f9ddb5

SHA256
1e74d5091e03771804610a1e6cc12e6f213939de9463507db1d583bcec5b00ba

SHA512
8e71229d1f0b710271ea3412868be7bb9c0935018d07b06d9ca44bc68407997146fb663fbe8cc9344accd4255d3d9eac1c03defacc8c4fe0f83234ce8fdc3b40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
996d85bc2ba85e863ab9c3a1a903204e

SHA1
03aae7e4c5068bfb8f89169f1e3831846fa19aaf

SHA256
a8b7712616d645eab4b9a063c4b9e63bbab2737f4781c7e3311440e74fa29801

SHA512
894b092d7bd07c7c53e0207b42fac28899b987fa69c198ef72c65504cadb8a1466831cfc0a98fc37f0cfad1d9ce0f20a0fc7111e67e936b0b5b818681cb098f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25c353f6e608c97cd1fae4444b0d5471

SHA1
b2236f0d2a66197177f3dcabc5ddcddd603a20de

SHA256
65377586842311174b97c37d3ba0f6b534a51d048ef5cfd17039b6b457c53286

SHA512
56a900138ba3dbacc0ed4f11ac3473a75490a8de1b6343f73485255294517b0bd8e5a800e5204c08859579ffbd17294bc3af55ff526e30495b3d5c3b28cc71fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a13c9575f6b18af1aaee010474b055c6

SHA1
3163c48b1188886d27d3350f07a28e3cae2fae0a

SHA256
7992c1287fabb0e8c31e8aaf9a653f7367f9adc8cb8499fa4cdd04ae015645ef

SHA512
c2f3235ba6aabbc20728a362fea9cc92142a5409166294aab457a5e84675f699701c2491e7d6f0b87fe5f665b941db99854fa360875f93b68b4dcb774ba4e9cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4e372408539815cdaf10fc485592ec0

SHA1
7c396b8ae31c3f5986148cec47f237a50185e710

SHA256
1382d87ff1ea11f773f5301fcc3472d0d93852368bba932dd68786eb8fc91dfb

SHA512
51960717c9c937772cf03caba79c3b59e0c4ed3355d3b1df3960116543629a6d7e81e30bba9df81ee9e443f2d9ae158b5ac09801e61d7380ce656f7ce407c784

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb141dd5d2de7dc85cf2b28c76054d24

SHA1
72ce5261b6eadf7431b5f36cfb47cdcb3ef9f544

SHA256
ca63915afc6e3c74bcf6ddfda4fa85e608b140165032a1414b77882d506440b4

SHA512
97b698423a3e080ea053b8a43c9dc9d1c96523312c66d21f5e32fa09fa123e85761cf72e1ad3d91a4a957fabc93ab0cb2ab015fad4ed22b7b4ff304f6fa84284

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc15947037776fcb7983c1f3f82fee00

SHA1
3797ead799f578c5a1c40c7fb0faffd8dbfab578

SHA256
ef02393244f03b5d8ed8decb58164d48eceeb3550f4ca9a78461e9f454792b65

SHA512
ba3786e511e7d5c5b5c42baa9bbbbf871e1a3fff671bc739057fc897393dc78f7be6c8c438200a06072bb9002ead0e77f5cf6711b84969b4b33998609726e339

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62e07e26847934865c5796c57a1db2f1

SHA1
7c68d88ec8f1039cdc65144cdfcef11bd9257010

SHA256
a68653756384fb14a0640b224fd06d7fcd36516a44994d83fad4d04df3343fc9

SHA512
a48f7145b2b32c33e6e35f3a5a1e9b0b5ff018edc7a8ab755cce8d65b33ed9a3b764eec95323ccd157f9c80880b6c04d4961bf226bef1ae7cec4a0f2a2e46ceb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
420db1cced24894fa5cb75133f2f8773

SHA1
3b0735ed0d5c2e2322f5a61703b7f2424a2408cc

SHA256
707a2618b4562f50c74358a4443194f9e5d46311ded95634b8b493717bfc496e

SHA512
2ae391a1b8c6b299ae54a670507dff27ef5d4edbe785bdfd240c3389b126ed5ececdabcbfdfe578c6d4666e1d36ecd0826831c35afdc5b8952417835b8d60309

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
027ca1646b8c44bc20b129589c0d4bca

SHA1
78bc86997628258aa2ca70b3fcd326d9c42e47a0

SHA256
48ecaeaef131639b87ac1a9e947c5d450c703b89ee9129f28ba9e84ea7819349

SHA512
43b6ca900460c295b8f5b4fc5ab74ea0f4d7d25559592e4d291aa0315f18963a62b7c006a4edd95fd91301a169b07a5260fbff0875b129bf9ed124f3bfaa8d69

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bffb68e03ab2f297b09e05537ab68047

SHA1
4f56bf732b3e89994dd1e43b3c5e9af67defee5b

SHA256
198f7651e9c44bc662e3cca7f24221fa8354a81ddaa19e9b1f02207b09651936

SHA512
a9792cdc45a13e7edf888bf7bc79f625f2d50ed86acd90d74e6da011f39e770ef922dee46bb30b60d71224b2d70bb6d76b894d2e0062935326b932fa57cf3d60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97cbf8d3f236018555dc09deff3315e3

SHA1
fec2b61a2dea4d28931c9e5ac342f7ca6d78ac71

SHA256
d5be610053c71e0a490c3eb18b9b702e014dcf24d93865078f422fcee685650f

SHA512
64ba380f6e09ad28bb28b822ea61eb557901e1a82fc189d6afd08e1b88133d6c5a8d570a7dc0c2ad99eefb57f8ea650e71203f193a5a9be3331bd54a37fe0a36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77f4c975d2d02b100f454aa527bc0fde

SHA1
b036742a5387e035c617ab1bba27220da86504b0

SHA256
989c9d8e6804a1e84b73c7ff806df07fa79da22f4c11a23baf59315f49712d2b

SHA512
2d136c6ea3cc0d2497898e3a6c4aaef2568004d1470f924acf0ece3d0cc5310d9edfce6f10b8455eb4044d1c91a03bf7995991f1d6790dd9929ac191dd0504e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a31bb727298ffa2a14a6042771cb1b05

SHA1
2946cd63c5bf62799a1e5fb91060a25cae67c946

SHA256
8b6ebaad7ac7511fe6ac9d4ae10ab478f852716164f99e10a6b1b774b8d2c16e

SHA512
f2da193187be93cb5a2cbb316160d052ac7a879afc9a8c93848c0002a1a4fb2cbf1ec16638885d690528fa36724f7b4681ab65f9f8b044ef5f9159e5b3e15877

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
402e2ef9afcc1985b623913a2edafcb5

SHA1
771da22e7a8fcf15f6a43b900fde0d91db2705f2

SHA256
35eb0b1c9b0ff58d0f75f9299ed22dc93f2484164c5cda449a1abf7f6915b3c4

SHA512
44a631980196a2b74cf1d060d3a0fb7df0182c708e68a2a824b1f399b1e7d2586cac1c67730d4a71f2247ce55e29e4bd24488ba8a52d6ad21337bf28289ae93b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0158bb2d61dd6cc585bea9bbf77e4e6e

SHA1
d8c4839f66dad0f4339097d33887367af863a9b5

SHA256
da1a1eaa25f7961da3fdd56b974e1324471fc90c0467a2ff5127b7f945129f47

SHA512
74a65dc402d25605c706abe036dd3aa5209d8a3400ed4237c25a05cc9fe2343b162ae5e145f57d945a77853a55258689b247f6a8885d4d81d5e5e748e604f1db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0e9291cfe43e34413d1a98c8912e216

SHA1
9420f4760b92b1ca7019dc6545119efb54e4f601

SHA256
1f9315368d18da857eaea9b58bbb56ae547dfe1b2404788b53d24e8e292f5cda

SHA512
c7c3b254cd46ebb0da1456d71588a2c96ed8a8f6849d9d3b792d68127db1901118caa3998c775ecaffec58a2f422e8eed96ae61c32b587ffe01ae591d37ee1a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab39C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar40C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit