88d7ce9ce2223a63775203f8180e53f193269871e743612fd777813cc941f758

Analysis

max time kernel
138s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 12:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e2847be74092621ff2af86ea1930da2d_JaffaCakes118.html
Size

460KB
MD5

e2847be74092621ff2af86ea1930da2d
SHA1

44a30aa90792140bf76296a6aac4c5a3921ded07
SHA256

88d7ce9ce2223a63775203f8180e53f193269871e743612fd777813cc941f758
SHA512

51df7b33a5bca868394937ce8319ed79d86b91f9e4a1fbde639a367a59468bdaab553b07279c344e4934d28d3e9d5ca358e7e44e1fc328990f759256a7fe5a7f
SSDEEP

6144:SgsMYod+X3oI+YKsMYod+X3oI+Y8sMYod+X3oI+YLsMYod+X3oI+YQ:t5d+X365d+X3k5d+X315d+X3+

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 907b86e46d07db01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000022d2d1cf2b30770a476275fb43d98875925d144c05840a44836fd9793503ba49000000000e8000000002000020000000406e9b889e3e7a9b2eec9de6e537f9ca386839435ae747c0a0f695dba3286ba820000000d7e31198a7fa2b1971bfcd03122a4b7a82e1fc50c1ff3cd91aa717d3e4c2404e40000000c86b2a9f62a0aabeccdb66f65fa1602951a5020b2a18ff5819794d5b8b47185f35ce480d761e69988cf0ec18ee345379f81563aa198f3fe99dcb0f9f3c4a8993	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000cf0c8cf7200eb91ec4a562a481b11d07adaf69dd42df23d36482c8b7e3e9ff96000000000e8000000002000020000000ac239149e781c41f07020607fb54090a12c77f9891d9ff9461a98e45c5d54d2f90000000927ea4a47edff7045dfd321fd500611845d009c0c7d4650253dc926f4fb4b6b7ba85ab62b3ba2b5e92f8870d087ff209cca971234ddbbbcacd429d275aecbb913a3772e0a9d502a983fe30375ff2cb1b2a9277465a0f4d0689a178fe59e40e732ae3991534814c0f6c546ba2912ac868b0ff2dab03aeabce858cd29ee435cc170daa752e6ebfaee82ba748a1b57244484000000011963dbbbc0424ed15dcef83daa3bcbc132118f488766453a0f80ebbcd994eeeee03112665bb403a7c2d2d8015c485657591dc9eac614a9c830d8e69210668f3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432566482"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B950441-7361-11EF-B0DA-FA59FB4FA467} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2096	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2096	iexplore.exe
2096	iexplore.exe
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE
2432	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 2432	2096	iexplore.exe	29
PID 2096 wrote to memory of 2432	2096	iexplore.exe	29
PID 2096 wrote to memory of 2432	2096	iexplore.exe	29
PID 2096 wrote to memory of 2432	2096	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e2847be74092621ff2af86ea1930da2d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
639387f9171042adab326845ac4dc9ac

SHA1
c6fbf88e918d9d3bc831cb3a604a63cb7145711a

SHA256
43eedd986fb07e60bc9331c2109bd278c9edc833d57e9880c1e1f812c151bf22

SHA512
5e729978716515c83ebdd74a5ac4dff960d0e86ee1974911ce2a99eafd8a3fb6250170f386e25d1526bab8680de79705cb42a180b8f33bcc681c5bd103012134

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c42ccc491971a302df749228b498e46

SHA1
0b3ce0ddf092100600f4cbe121edb3cd5979b3b7

SHA256
8d1dee815bc85ee2db578c67f6c6884abd1100a2a3119f19954673f0215c6b7f

SHA512
2e1750f134750f97303768cd036fe37b3667ac277ef1963eaba09aeecdb75acb2819166c3f16f1166a54fcfff662326ccc186d417038e7b35bcd60ba1b46a1e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfffafefbabcaf3a5910de913bf74771

SHA1
20165c14ab271d79a0010ed83d6600582a8117af

SHA256
88d413d8479ebe5c24b7f0eadec4c828f2e867b779b59b377a739e0a437410df

SHA512
94bb9adddb9c26f49adb90ccdfd1a460e17b6fbddf972092d2bd748e2a446f3367317d85226c9e02acdabc72743f5f106c0abd53f2536256906d2efcb31ee0e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e26870e028abfe21d163460d7ed4572

SHA1
053508b620380603d69bf8cf01274c3f47aa194c

SHA256
2ea256b2e114cea4f16bf65ee1c3de36946e000b20ca0d0ecbddbd9749e1f227

SHA512
4e9ec40352b645bcbcb23a065d838a816b69781819f7e5cafb42d99abea5e2b0edf97e829b0a13253f10fce73ab0585dbf898d2670c18ab04123b986187ad0eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ca2ac8c72205e7eec58ae3309f7caa4

SHA1
5c157b0714ceb4f46e96759288115229d16d79d3

SHA256
454623dd4ef20f9387d37dd83b065b5a56d2bf1edc074892984575ad70949194

SHA512
33bbe9a32354409ac857fe82d08cf9f5a3bc190fc068907e12fbe4d0e393b993b1452bfbd749ab9c88e5cf85ec3cda52557e2bc9e9e7952fc1ae61207b258315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc83497b173c04831d6b72b3ee8a256f

SHA1
85ddddd6e9d9ef9df4ab83479addb03bde563263

SHA256
ce82df98f86389aa3c4be283c461cfbd68a93f542201e12fe1933b6d1ccab823

SHA512
be3e383b66262a145b0d07f978229fdb5df4328f1b74109cd1d7676286c180bc66845b13e1777a406a413b17b03d2607b33a744561b0a48c860b5b88f5f00d80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ebf2e0bc68e2779a1805c0559af0725

SHA1
c5126c8644aa16aa94bdde7fae7bff7265dd475f

SHA256
6617b27a24526a697e76654c8e2b841f67b526ba2d2af828e6a0d2b44ec79d3b

SHA512
98b1871cdc4766eff2a3e5a30fc5f402a36924c245454e0ba39361742e7d00ee8be79ba701920e594a830e35ee1729828d5e0b86e11473f88aefd6bf864455fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34202a23f702e0b9435829b267f00b9c

SHA1
c14f9bef83e16e437c03a2eb4fdde620d08ccc39

SHA256
09ceda296c05b49c64e409453bbe0be5f1b463e8af009291798eaba4dfe7c572

SHA512
d4415c7f7678e4cceecd847f03b1887531d0ca27976c4d8266ad185a4ce0d1211e96f4a47c123fa0f68c0d630726e17fe358932a2ffdd64b49f49ddad49a67d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55117225722b0b3237e2e7edd99074e8

SHA1
615b1d03f06f78ec1272d0b119275ce78f5e4d12

SHA256
69d8dd5e8e213802bd124c3afa6b83ccfc2e29f5ca70b92878f2ea92c3ab0dd8

SHA512
664193f17efb01f6c4a680eba7bf58d3ed49ca0ae3f85a0e3bff9590c8f389430f3de1c352387f14a39d00fd0cb5a83a8dc47c4069843eb367d6179d38e19d73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92e3467495492a098b6cf282b7254f5d

SHA1
731ecc2e3f73776840a0fbabbfb7bb9d679a206b

SHA256
4df3078427f1ccd11d60ff5895a96bdb9efbc0870a283f3f90e0592b245523e3

SHA512
087464d9e9bdfd2563007d5b82cd1beb1c1651f898bfb0ced87e8af1e0a9f965dfc3703823c0b66ca733f7fc2e7a529ccb7c392d079f63e5e0945e6e09284698

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
141784c3d0f0a227a03fe22918938941

SHA1
5d3abcf0ee7a6a6f3638c0d81cc342e957671863

SHA256
ed218551d64671f5b827c8fc1f10c4cda646ffe72b8e841900ead7f8538da683

SHA512
b58648099ce0bcbbaab04bf5611050653ae68b1fd7f4c63916aba968b4b218be4c0038cf1d2a834dcacd04a804d8fed9bdb04ef98ea19345232dc3b522935feb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5b69470403bcde5aa1fc111c3b36bd7

SHA1
b34533e3e8b2d964ba8da8913975131a41ed59a1

SHA256
b58f99a87c9cd469bdfa4930d4893f64dbcb7b14bc2a1fd1b21d302996ebe682

SHA512
bf23e43acc706360dad768952d2cbd922184bdfa0fea8353d9a443cd99663f1c42f3250f72fce796655afa018eea1b6bc1590ce6f6ae3e0edb3b32a0c4346dcd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93650f60f19af6e5c3850927cc8af4c8

SHA1
f98b0f79bcc9083cd07279b875a3c3b79e5b4e87

SHA256
ecab9e0a7f415035a3926d1f69a115c14e0a9ab1cc402ff7013bf4913e7889f8

SHA512
0cfca9d13be784305e566749084f30dbaf40f8d699afca0976ca6e017dc4b00a58ee3e58270f98e29e10139fc5d8ee1c6c9708354137605cf1e7f7fcff529d04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c11a7b4d618a60e3578c79dfe7638bb5

SHA1
e85fb632049483b0c9cb9203fef0035da4f725eb

SHA256
e214790eb68b4be5153a75ad0824d805a69acc2ecfcfe6eca491aa120cd5a131

SHA512
cc56afdc55a00aa5b9a0f1d7d3fe6d887e9ec16fa64c153a6e4134309d6773051c0e28f7d17f1e7c2462055759143b065bbc9aa3614f8fe513f5ee96227ba5cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c2305a42469e272e1573594845d976b

SHA1
4ff91da0044fa6387549a2a29b4361be8ed828cc

SHA256
6c9dd7f94b957b7173d5be704f8306c12dbb7c91beec715585236415b6eb1cfc

SHA512
99a72d52b60fc11034ccaf4f1f85122ddf57fdd6964fc4e4f7d778350d04e64b6416d42c0fa26bcd3c0346c347ba24a08f9d6b450e72d41be623380569534a0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9aa992f4f78b66577009c06f02c5422c

SHA1
55650c22cb11b98f8ceda3d241f0f75ba863251f

SHA256
80f2b35b21398c71dd0eadd68903ac6a3d4e655e806e8cba35328341d2597bec

SHA512
423e2babaace3ef2fb477fda61c9d0cca95365826dca01c1315b624ba0c3f3c2c40f8ccf83a6dec39a347d496d88b30ecd4cd26572ca830d17302065f1d5d739

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA170.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA692.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit