27dff08de515f7f56acb645ac4c5ab8dfaf7ef36d42e79df3293c5770c07cc1e

Analysis

max time kernel
117s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eaabb52288d7702dd2ed5f0875eaa083_JaffaCakes118.html
Size

30KB
MD5

eaabb52288d7702dd2ed5f0875eaa083
SHA1

6068194f8e861e7a71d027f5ddf85766ada637ed
SHA256

27dff08de515f7f56acb645ac4c5ab8dfaf7ef36d42e79df3293c5770c07cc1e
SHA512

b8c92fc1ab31ead5f6dae9fed8afdd0b1dda84096d711059fda5987dfba03540b894dada3eaae836eb25c8cbf477ac6c6fedd9d0c45fa5d733e4ce39ef912401
SSDEEP

768:wftDjagWBk5CqHyW8eDB56NXtNvl7Td9QA:wkgWBk5THyW8eH6NXX9QA

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1033ccd2540adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432885569"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FC8559C1-7647-11EF-9DE0-EE9D5ADBD8E3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000f8781e3c0fc755d9fbcaf22e73a3516a338f4ba99203db1f0b4356a2ce7f6d22000000000e8000000002000020000000be1d29ec0325b3e75245a44977e79aaa0ce4266e37b1a4d07d0c703ffb53984320000000f590805eeb0a5a8769e8c4f2a92d9e15d708b5d15713eb21227e7cc5efbb52ca40000000971a278316652f72d5bf09d974874aac3013d8c2a888ed8be9e0b4b05549e6b9b8b63abfd0873b6a726fcea8ec418732330c303b3282f898dccc9f40f77a863f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000009dfdc38ec43c240ffa105a38a293445c5bb46cc876390fea09dc4c1d48f6a0fa000000000e800000000200002000000030e6bf9636e7cee829b0255329f5c00a7e235ab09421941a7ba98ea6027448ef90000000eb825da4151ec25185b22c98242f99c390e969643a6a26408bad074950ef39b0d47abfe2062ab8c2fdad9823a071656c24193bd43af3ba59d40a69a50bab98a7ab256663042968b5c575a9a7d92198130906a2b58bf876ff7e0f06bc6b0db719aca882152d9a2a47279c9e9c681ffea86749f519d5e22487d100f51f1aa9458c0da2fecb2117bcd311666493649bc2924000000028a8126ac138b6cf1a63087527d380a84869d39672398645a981156e2fcf6d20eee003abff4f54c9ce4b9721d3f6e6b8bac6efc80eb42e407870e73de670cc6c	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1972	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1972	iexplore.exe
1972	iexplore.exe
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE
2292	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 2292	1972	iexplore.exe	30
PID 1972 wrote to memory of 2292	1972	iexplore.exe	30
PID 1972 wrote to memory of 2292	1972	iexplore.exe	30
PID 1972 wrote to memory of 2292	1972	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eaabb52288d7702dd2ed5f0875eaa083_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f90b040f06ca62bef2ae1b4a86d6c61

SHA1
fc3297b48d45ba81a39eaac5b611d431d885efb3

SHA256
2e93e842506f5616e7988d0e6ccbfef6f60edea5534b0c0817fb05013e931ff1

SHA512
4980bb1da69acd4148ce6c2c0d3bf82529aecf0d2aa9a96e9a30e500692a5a311b104d803631c01e841017ca120e95427c6028adfbb3d3fac8c7611c132cda54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa69acc8f73abc0d9ab29038ba074303

SHA1
886c7c6fc225a3e9a60b3a6eccb6ba3cde0633e1

SHA256
a92462e168730ca0430a35aa2b00fbc1f555335564234f2af9f7f7e20dddf6d3

SHA512
86c8274865359060fff1eadf3e7deeea22206d5d9757a637c2739c173767af95d969070d2a04c6737b0a9156c993f6f45babde63625b0ed7a504710a98d731f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bcb7aef39271932d9a6b6423da2a0fc2

SHA1
a13bb728aa4211baf2c0ae3f1ae1e537f66525d3

SHA256
c9af230346fc7bc9fcb4438ff0735fbfc092ff76d30905db63fcce83de97ec96

SHA512
23bbd8580e852742b3a433e19304de8f9b8309b350a0f259752aca383d4928a0ef8676e7707f26ec244ea8655ad5defbb8f08a4ede5db3a1100739b64b7e9f0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d170ffc15118cde6aa473eb212197c61

SHA1
8a9d69ac05eb02c87b35dba57de2e9ac914c2874

SHA256
c8f34fa24bce585e5d727dbefd7aded333bbdf768555c5b86039de9b314e186c

SHA512
f458969894bcfc81e1f712562497dbf1016b2e21ff96376b6fab6dbce323219db6ae81668d175584874011b332bece0bb0dc78516ed154812647c9859d6aa586

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d31a202efb7fe5c7b52aa5a6ec19cf44

SHA1
c90e03d6143122fd6c5c440606e14abb5f60b27c

SHA256
ccdde0283072a69e06583aba6bd0b46eb6e08360bf44bc42616b3a7688d5450b

SHA512
326ef12bb8cc757ff989fec206890281526bc79a949c1c4074d09f7a5cb8a5184676d4aebcc738313a0110bc654f84909640c9116ef4b30b48d953734118d0af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1683dbeb8df6fd6726ff8a10148fa7fc

SHA1
72f60569baffacfdea5879d9347daff5eae74a3f

SHA256
236f22e7f0aa87033e416b865cd4d646718746de64a4a6d6ba0dc743f2b005ff

SHA512
6808e1f4e71340382b589f6ecdeb7c2700775f66e905bf74cc04ed2e1ba29663bf11252611170ae7b5bf2fb21572dd932607c4d588ade4a37da845be7bbd4148

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e06617bca2691cae75da2350f253132

SHA1
4bf72db9679877d17fd077f56b36b65ef7161d0b

SHA256
d613db9d6866622fcdcc00e71c38b310fefe59f05281e588061aeba4073c7831

SHA512
70734720a41fbe9b30ce17b440b66632061bcb0b19a5d6a7c8f6aaf282a3348859e71d3914130e5ef25211ccd9817722d27b603eea5bdbfeb48524abaf34c274

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60e6423d7e4cfce5661dae0dae3a8079

SHA1
c1719198cd300b6d9b8e61fa6370f82fb0aff5ea

SHA256
c571c5e954586ea0a708eef0e00df55cee1a8a528afa8b939a25598432aae0e2

SHA512
12f72818a44623949a0f818783ff7bade646169bab46b62a534aca9ad107ead0b54b96803d5da7d2479198c375a2b5b4783b42ae99bce35df64ca14ea853413e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95dce574852bcdcc27c7d371013a790a

SHA1
95a704d5a3658b669f88f9f8c16c115ab652915b

SHA256
096c16dc53383f9a6ef9e36615265db14f9df0235e3f0db940c167d311d94969

SHA512
3df0d67df9eb51a49e7288be47e64af11821233033ff8b39b61bee5132a25d648620d41525dbf91706802b8a3da278ca91cc95be81b723458ef717d273febaa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21d21747b3990a8877cb1b420064feb1

SHA1
8b674732c47ff71c680a951094fab48bc1860d7c

SHA256
d7848a255162178988c235fecead26296779f0b0f1bd04c9e16023cbbcde4368

SHA512
b3025c66e1b0d9b0404aedd6612b4b978a7f9f58027a8026b811d36758c478f07e99a00981ba82bec6d5283a60a7eb3e05101fd0befba7e98b717fed2ec98ff6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1369cc1923eed0c5ef5c09fd5de5a499

SHA1
abe9187ce7461d6d1af5bb81ef4212a035ac9377

SHA256
1e5d2939a1f8403acb7a2609140b7b8c419c3b0347e9131f2e5a45a2a3077f50

SHA512
edcc28000769202f04a5f01c345a1ad8d0e4118125252265c15cff24ab7fcd422e0cac514804adfba521c7772dad9a033eec1481cc99cf05b286ba9072e7ca78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
544516ca87e8634922d3a79b5e4bf1b3

SHA1
4d133127e9d66c710d36b7a995e1098a543875b9

SHA256
e4209651648045f76cfd3d3b529b061931e7ef059983b04c60707e6ec511670d

SHA512
57f51962ba8e5359ab59cb53fcefcb7355ee3ffb3de89386644a8892a371858aead9c6f983b72d3e3e63e1be19b252b4b184b8fbfe9b53884b4b8fe92826e885

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84abaf1844954bdb22af7c5cccfe18be

SHA1
ad019afcc50031984a2e25b0bb3329020cac327d

SHA256
fc11fe52d19cac2d6681747a7912371c6068bdf57bf26933e4396a35ad7c0b99

SHA512
03be6f48eaa8ce7fdef724bdceff6d878776f62dd2b6301958eed36bbd2e07f29bfb3fc5de5947155f142dcf05331fe85975294032a29f905c947a976cadc8d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a379d356262ea4d63f1abdc2d6131f8a

SHA1
63b29d8c4219684aad1f2c23d9680c52c9b66e18

SHA256
411f0f1e02dd5895da92af34f4566a063548081978c070e51ef040cd33d3f2e7

SHA512
e4eaf435c86e95f69d4ecbd50de300c20b330b626ee67952d86ae82ac01aa31ea3af2697abc0b6609e4ba576a5b47c87f2c1738276886527eb9f7f33632c4f0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97b54557872c3fcdfae15d288398126a

SHA1
a5624bc3c53b2f54654119891cbafc099394ed41

SHA256
9ab67892a0c0fc84e51c64eca5335c8b4a73c1b6e2d8ae84f646bd181f7e6166

SHA512
e59ad11259d714330cd2c03e199969e68674d7007a54b834559e1ee8bd2b7590a7c0711d85012e99c15e7cef58d6174e882e743319c2eacbe34a506e3f7594d2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
366850889429b236bada089cbfbc6171

SHA1
ee73a17f16b8bde0442d66e10ed0bb4e2c82a5fd

SHA256
cefc9685effb0cc1ce96a24f4da7d80a15c910376a3550f94b6070a0df777385

SHA512
75988c973a5d52fa8349b34f2cad54ed5fd7c9aaab02c3152aae4b8643cdc7cbc46b2d14787439c591102d2fbccdee65344842ac8806309709d79738262a797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC9D7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCA69.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit