fb2c4141400acc42c43240702524ab4d29161c51282b5709b6e3520d8d0d6a48

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea8e62829782103601019cee23075cab_JaffaCakes118.html
Size

2KB
MD5

ea8e62829782103601019cee23075cab
SHA1

01b5de6ed76aa5895ef522a74628b1acccf8d9df
SHA256

fb2c4141400acc42c43240702524ab4d29161c51282b5709b6e3520d8d0d6a48
SHA512

98ad60406780f2c197ab394d93c29c50c6aabd27b725f71dc1f331e7e3f48946047ffcbaec13c273c614b4c1d04e51babfd67254a7dc90d29c06ed055993e2fc

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb90000000002000000000010660000000100002000000049714a5cc9a6e1e2f2604da9e198333617b44342098277439aabf1df9574f149000000000e80000000020000200000006d0c897257b1f65df78a81878edbfc0d84e672c0c85b44b76c5b6490712f8cc29000000002e0c6bbc20380c2bcadd0f9399be7ccedb6ada053798cb1762a4390bf447408f9364fdbcac9f5ae6de0b625d76cb7d57d50801a2d21e6b3f020cf8b3237896d3c6ffdc0e00267a549e912927c1bc2cbfdbc21bddb7f32e0d98c86b8aefe0dd20d93988d6bc0d75c6e94e189ebac5b06c997efc13445a61c1cfb2a38a821c2fd16292e3ee2b0380922efef098e22d147400000002213d04cf1245c1d22e055c0bd94899f85e5a5ab3b23c2f0c6d75c4d0ec0f06ea0f5c4b88769bf05edd0db4ed851b3a2d5b14fe8d6a82bf1692a9b820eef2680	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432880669"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{93E27571-763C-11EF-902B-EAA2AC88CDB5} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000a0d5e838fc3f90b91eed55420dd591954039d967934a343e031a2288b7afa07d000000000e800000000200002000000070c146c906a5514422d4bc36995b850075efa9a2b0e889d13d097e369bd6067e20000000a7aa6090bb69f41a35fa46dd42c76f9817900de101f8366b45e3ea06bb76c472400000002efa2f2ca8f7fa122a56292825c818e25389e97eea5d4adef315968fcb400be023b252170defa4d3fb3520f97f39f924504f547eeda2f87ec10ec722d9712d80	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 404e7e68490adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2128	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2128	iexplore.exe
2128	iexplore.exe
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE
2316	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2316	2128	iexplore.exe	29
PID 2128 wrote to memory of 2316	2128	iexplore.exe	29
PID 2128 wrote to memory of 2316	2128	iexplore.exe	29
PID 2128 wrote to memory of 2316	2128	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ea8e62829782103601019cee23075cab_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc6d723176edc10a2c867c8556e523bc

SHA1
bf81c97c47a72f0ff1989a5198fad272509fe1d3

SHA256
0f2a60dcbb679ce42cb7a687ca33530ea7f4d11c74127fbd0b09e0faf0b34676

SHA512
59cebd165af86b746be33bfba5faa931761459e398191f247126ae56e0a3441e54dcf61b5e048a065a8314bfc743858e9656df2a0b737353630026cf19de8522

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c51fe10a52acbf2a691972cba8196341

SHA1
e273834bc505905a02a3a5fbdb5d6b094b2352df

SHA256
e03e51ddb87241033b06eaf22b606214f220df0d295f4d7563b2f7d22128a370

SHA512
2bb8cfe3734513d4596285c64527849d40e48a88e4edd3712b2abfa2abfd4790edb4e68293c2078e4db18a8138e0e97d08ea3ca7dc0a280e5b0a06356b35ad13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
669ebb0d9a766a66f81c49cf53b7703b

SHA1
35c4861e4d9479b2cd5507fee450cb4989e1b4ea

SHA256
218cab25be6e3c2bba0938b7158c075593124d3723f758d5e26721f0ac338a1d

SHA512
30a43698a994e2636c1d691aae58cbe1a6c065464c570edaddae12ef5f633709f06e12e55660acb6c9ca357fd77c8a67649d23cab6161e542aa4968b258c1ae1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9ab07fe4d23654b203c4e2455caa434

SHA1
1dcf3f7a9acb3e1347d31d523ba674854f59573e

SHA256
f3b6aeef31f78f251bbfcf5bb477de15864048d84458d75bd0bb405a3124bed9

SHA512
55ee0180c3412b31b5f40233c4eae18ae6a38e7bd000f0a002d7a7dbc5298ea8afd278a1f6631158571504a146a2d373d72733c2de8b1c0e0bb29aaacf2e55f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d82b2fbd53393a3df911be5fb123acae

SHA1
6494c251ef962a1d538d1e643c552eaaf00da8eb

SHA256
d834b163f0334acd474f4f4ca81af47ae591cc4cabd742d9ee3f9d86ebe166d8

SHA512
a181c7a72ed92f122a37209e2ecce53a9bad21193d92c6e1877df084be87ddd34b7e8280eab3723ddba214bb63d75f2ac6f63d279579fe82a1321266a398a10a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70513912ecb64a2cfbc55c95ef774c03

SHA1
b29d7095393f8e066d5afb5c465d511cf795cdce

SHA256
e670393a431d8280087725425a8a5cba2f1c583ddaa7c5ee1eed93f5859c8242

SHA512
890fa51adece945b1b426603eacf8943e2bd3b055d2df71882026085aa3dbe00a81d5e47015c8402eedb1f79360991dfd8d5c1ca1d469084ea22abd15c284856

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44e0a30577367f0afe8e5b1f4c67c685

SHA1
b5cfd29beb1fd14d08305f0ca04b54dd3adc09b9

SHA256
016e639815d877b91eb69e4615a03d394fb68bbb6ea7aa919a0f7e129ece50df

SHA512
ef446cdcf015d4518ba1f13f7b7568330a8d444d8db8d298092645522d07a68928e3568c6c5ab853a740fa7eb10b161a11a6d28d802215c45e7e05985a4b9e96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27b882478c659a572014c282cb97b050

SHA1
4fba08a423620be592147a37037d3ae82cc23d00

SHA256
0d8b5d6508457088375ecab124e85b5e5e45a1583ef854f47d28eef7df3c845c

SHA512
d79c1434ad83cab9069aaf80b81968cd150b62c6715696a5470a9cf39684672bcbc83676419e0366d85d344a96adafc0f477754d71493bd13dd379705192df1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44b78b727476b5394507c0102df1aae6

SHA1
1b5fabf100b75aec81f270f87cbfb63ca2dc4287

SHA256
948506d38d969b4aca9e54ff41aa1497ea679d1c5a3cdcb0cbb3720c07505da6

SHA512
afddf449cf45946e7fce8e831d0b6c825bdfb8bb17d43153df78761ceefa3572de6e14ed29806204a1a939deccb895b080713e63b62518650a43b6b3eb6561f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c68b82e3f46c283343bde68e1a5f660

SHA1
6f78b5a9c4b0a8f0a83ba8d3e12bcf32e1253f06

SHA256
a5eaaa5fa31a8f62f3ef16ba6412ae2f9e9647d5030b494e4e7f71243716c3ee

SHA512
9db3f6f5e68e8dd0661bb8c5258ce0845c1f03c25c16d282ccfce590e88abdd09eec6b189f2a1ba7bb6d60512db03b55ee750d4eec05404e4d9f93a92ac313e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea0e9fbe615e4df4deef2ee218854483

SHA1
0f9e8af05da4f0fb4be141016c4a12a1fdbe1864

SHA256
b96841190d7a835192d2e5714b0971993ce85ea4707500a8e5e225ba50105a13

SHA512
f2c21d3e65fe5ecedf5f4f9a8c794e65a4855ab701491312a4333f0eb55a8d553addf1849bcf4f47dd352a872a93875879b46d3c977c7982aa6d615657e6347f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cbd71ffdc10c50d86883484cf9a66dd1

SHA1
29be19a54515026ca8fc5052bb3f9a0ae9981adc

SHA256
ada0b9259e900ea8ffbd6ac5e60177350ecbcbc7fd7143351f48a63cb53c150a

SHA512
246dea2a3f6e4ae87445e9f43e0db9da699dcd81bb44333377a55a7580081ee6c4be412075c7119c11cd1bc7852aa9d36bcb9c8a8fe790cdddb0ed6b32074958

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a2204c6a1f971e9dbd8cf1d8b2f402a

SHA1
e1213bc8ea582ca7a0e7964174e3cdf4f019d9ab

SHA256
c0e5d0f0a6ed1c3b0848b19c2308ab59439f80a6e86e8976e8a97f074d02dfc9

SHA512
1b466494e3fd94c3ca27ec864d63a41d76c1f28a6a8e1ad676d0f1aa012cf8f9331b1d52d28ce6586bfc8fa694d7684e8abc2d00862739b960741da5a4c4a9af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e475e53daa7f12a471fab5a2a67c922

SHA1
dfead148c899f44d4c8297ca89bac07829c64578

SHA256
258e5c1ed671eae0804505431f3d80a79d613fd36568260ca25186d76ba71351

SHA512
e7fd87500f675b4f0737ef96fecb61ad9cb8f5e24ba225895fbb7aeb5e0631b332d6a0a8710e5d1a23119ba19264b22f6afdea49ee34d8ebd95503abc3b76138

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
557e42b520375fd9d4e158b5d53f8a50

SHA1
9d70585e351a6e9bd6d2353712330f89588aaaf0

SHA256
483b12266580b70394923dd165ae4f91e0ef2c5b13d6af29eb5274f3ffa0cbaf

SHA512
c860f0c65afdd73d1efddef1201d88d1e451e12fa6f13087a1f1caa23d6e53949624f770f4dfa2b7d28f6bf4df0f547fe3701a87cc993e58dc28939f63720f02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a88432bba29535809db99ff2a9a1a11b

SHA1
59db70e0d39022c07e843539392b08eb0425f754

SHA256
04c756b27e8b99dd5f6878cbb9086c7cdcb20167995abf08a08868651846107a

SHA512
4a551556f46ef1414fbc4340f4a12774d75b36c6422940f64f4cae18dda4d468699334273f02f3a1dfe9409e80b27fe20a059796919a65a1e7017ce5df5a87d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab934D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar93AE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit