b66a21de95d078b3ea6ffc0e82077a78999a78fe583edf42ae49db799590cba3

Analysis

max time kernel
134s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eabf259511a1cdbe1cc8c399bd945cac_JaffaCakes118.html
Size

1KB
MD5

eabf259511a1cdbe1cc8c399bd945cac
SHA1

591cce48364e34314fb68e9a8428652da313f4eb
SHA256

b66a21de95d078b3ea6ffc0e82077a78999a78fe583edf42ae49db799590cba3
SHA512

6f100e3cb86f0ee5e10df93f37c1ab9ddddd017e672851fd861583ce30d1850577b4f9222fcba6a4c7564816c8b4a5823d986399465e2cb858735d6cc6ecb784

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000d6e5f8b9ded72f4f4a9485b89d2dfc01b3421faf9b5200016d9befc0d18a64ce000000000e80000000020000200000001aa0025111ec6d46ac3a91f501c5f19319b057aa791d45c58f63f7763d363d8c90000000065819ebc1018a324c795c34806125ba5705bf82f30bb83c85ef9abb7b4c8698ea7d6ba988f4d46688e81c4f35a78baeb6ca6ab0975a20ca79925bcd6d3ebbbd7f2bc84621fe65a5a68b74ca3b7508533deba3bf7edc560e1a271eed3fdcb497aabcff96aec3fd3a6588040a0315ac025419102294ef78ce4eb15bb4988d4974808b6b6c4e1781125ce71009487d3fe8400000004e86fa37cf773c169b7485e6d45809d531d7d7bf8ee86a03edee71c4c045b984a56475d09aad42f55d6ddd8e58c532a9b64111ed84f8fe86ae3550796c5dd971	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{05C3AAD1-764F-11EF-9BF0-D60C98DC526F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000114093fa74e3bfc459f0e91e961356a4a8f94fe5eb662aa030059181c03fc062000000000e80000000020000200000005009f0d4ae19ca52071397d7f03279570c07b4a886b8d7f6bc7595d797a2f6c020000000e1c280bf8b3d1b49bbbc9895807048c4ac99df17be4fde1ce6c80b84880e78564000000004c7205469415521f382bc9285c46a0adb19fb75465c82e970ed0ac70caae535fad33ae52aeb84cba9a6068e48af3d3ecf4a8484e09cc5d5bd2958f6367a56f9	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70ab2adb5b0adb01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432888592"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1392	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1392	iexplore.exe
1392	iexplore.exe
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE
2140	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 2140	1392	iexplore.exe	28
PID 1392 wrote to memory of 2140	1392	iexplore.exe	28
PID 1392 wrote to memory of 2140	1392	iexplore.exe	28
PID 1392 wrote to memory of 2140	1392	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eabf259511a1cdbe1cc8c399bd945cac_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1392 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eae302c2226823b3f17093cef87810e5

SHA1
b04e31084853be61d55091b6dc07f9bdf98095b4

SHA256
72f00b26e5277b6978360ddeea3be5cb0f16d94222fc62824c404af2b40d8b75

SHA512
1d29c9570daaf77c4842e27921751b27e758c880fe3b51ba366b5f396780f0ed4ca896c7ee8e4781c5e144890efbf436b2450406174467ed04b94d6b91fa8863

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e77b7a78761e970ee54d6ef55bb4e65

SHA1
0d9e3b9530f6cef20c9f1742fca4e255a6e1e9a0

SHA256
20436bec7374f939d22356ac9df3a70570183291cae0722dad8d4ccd13fccdb0

SHA512
4fb4a906faae59b1a88892ffbcc636262e70ad0d56d8d5ea5fd2f9eaec69bd68c6c2a5d157b288879bd363500fadcb1f6142025c18d9fda8300dee225102325c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d217dcdeff9a6bbb009b8e2c60cdb049

SHA1
dd92750e5639d3fa533c7a00c9b558f2c5d304de

SHA256
9e2b4e40564e9c7ecbb676d727d21b6eee587288ec49884f72ed1f20df253825

SHA512
52dfd51e521cf194e0589a7cc50d61f29ff7bd2ecb5c92c81caeeb7d4e049e22ea2090153d21f4b0811ca28cfaef53ed2d23e328e6ed74e4610453d722667b09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ecb8a0079b94d451d9e509c071ad359

SHA1
b9440cfbe02f041eef34b61ddc6351471498f909

SHA256
11ae543121f38e7b97f7a8bf30a76c4bb3d4a4f5e5108bcef458d4918f0b9a62

SHA512
32c87eafbfc506e5f9d977a9995ee66cf49d55a7342636c4779a91a7e7e8e285a6752ffb7e33a7c39a4cdbfceb106edbe3f67d316c014eb7e086d1b103fef381

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd0425a7d1fc42a79f1c9b7b525208fc

SHA1
00f29514eb39ace9b0ca343aeb6eafe1a453ec8d

SHA256
714f464ae4d460843f2d36a2aa2fdd7d160a9c7b57286ca6618ad5ae9e728e79

SHA512
6d54b72ccf5b01101689841a66612d529c3b61d9f0ede41694971626ceb0d2c5155dd06422b399b816b81d459b7e5ef27e0412ef0329b53c2cb1aba3690f8513

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0049c9eb6d02e5e078cf04aeb8c1f881

SHA1
c494181630908c1f8045e3da716652fc9550975c

SHA256
2e0d20a4c0a0f35c612b7582f70876dccfffd75884deca833dd2abb75a655763

SHA512
3c8eb52cf328c9d2b0ab958eb1f57d032c852155aaec88ae417c850c9dc1f4319d0d2141528e7eeafdb3a5ad100eba7d6bc0c531e5c70a2407589e7ddddcf349

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5e461f8eea23c39131955a1fb5cfa4c

SHA1
8c4e5ac8e64ec98b578efd27c8975b5401717ed4

SHA256
a7294d84111ab4fc25124d7375c048f35d60980b99b8ba5cf88ca42707524ec6

SHA512
7ee12f424b7ef6bc2261c208b8dca079bdf9022cd775a22a08e0fdce713a5e2b75447860bea57f42c01ab5240a56790e40a26c627a631869c314130123aa2659

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11aae2d894d9b95f2ada47fdf6ba8596

SHA1
e7721dd20a4fc7ba758daf0e8804a7429d6ad23b

SHA256
73a8d7171d8e101bbeb8fd8d28805bcd6dba04dd82e5f6779e5e3eaffcbc061f

SHA512
41c1ff708e8f4cc379d7267f1aa066fd42f0b2ac45c51d4180ac84ef6e5d0fc2ad3b5d37113092b0b040d91e4ba59e6eb6df8c0fe0b81c1b924a36e49a504fb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f08a42b29600ac36987cf478795e1e77

SHA1
86c0a23fc496bb31858d755cfdba910ae575445e

SHA256
7e30eaacac54886372e7a5e1c0ca75edf4530985f4bfcf812ce6bb8524e0106d

SHA512
7e630fc6d487cffe35a5badfac5c8acba3b3dd4abbe99acf363a6559f4735782577f6c0eeada2f10dcc96d2cc8d37b38e7dc795fc83573a5e62ba679c77886bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
189a8cae824042b0a9f260e73cb6214f

SHA1
54ac4a1e1a10bd0d07130373b5a77bbf772594fd

SHA256
f287bbc4650d91e8a2f6a34e0fcab900dc1426156c107683635455b9e79f6388

SHA512
8e267f5449c1012719845ea3642182707eb1e0eb68cb877d3469554e3c8a0c88c4dbaabb194dd80e999b7d3349690562a57c624bce8bf5a645c095f2c7948633

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
848f88a821cc66b3579f79e09530f93c

SHA1
03dd10b6dc449b381af3a068f16a6c9777f5c42f

SHA256
4706e3e8142f44ad0a2f4e33448549837a9c287ad6d27facacdb9d403e6ad4e5

SHA512
c5187072a7883bc45ceb1821633d8ec8689727a86e89eda351190230c23e93bb982b9e9be9a8deee820a15cae78fa6af2274f72081b0965d0396b280f1fccc6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
142abc44a574613fab635b1ec623e8f5

SHA1
6165a3f1770fc3b7c6135ebfa2dc73b32ac0397f

SHA256
d5f690df76b1a8162063f0a5d2558a86f3eeb3186e20e226f67821ccda62364e

SHA512
0f488760a085ab1e44f24eba87ecf8bab8dc28e2b2e1b036e2703f84d82a25e489cb7564355623f70645e4dcbebe30e9514f9ac45a3d7038b99636a865aab20f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06fab64f20e00e57d92b28438f4bf8cd

SHA1
7b980a7949dd6c375bce4f9028d1d937f1104067

SHA256
84e88ba330bc27a48fa3a0f1a626b3793b7d700306e354f18fff39b969c85118

SHA512
a89f937670cabcf5c0bfd6033c2911774c086653a696d3b284a295f66dca2d6671624ebd971f61cfbad71ebeecaa1c52af6c964513cb6e48bd8f97fb52010282

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
653609f753e79e935a4410d8864a6429

SHA1
453f7877eb07d8f600c8e19279fa5c11578f4d4c

SHA256
3e5b7ffd9d3a481ab6f2a9f61523646c8e9d26e1c07027179b32c5798f3d24cf

SHA512
efd8528aa3adaf903d6ea603efed0bb8f625940aa2f9bde43709724d4727845ae6efd0b1d6467a15439f36e716dc3e3f646f7ec260dee708a4246fb162a7404d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
778768d4ba2ff21063aed2d06734261b

SHA1
fd1d038f2f915d0df54adc0f382e792b59629c70

SHA256
28c29307a93cdb8319c259308ca5c2f424c65df3577847f076b4359193d8ca6c

SHA512
b9f7102c5d19c99c99723e09776a17621be144337b10fabe7f02dce8963212815ad56edbff18fc2e3b572fbacf4ffedaca399457c55dc2320bbe5d6505e91aa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f18c58ae2d34f789e0025cd25d646f7a

SHA1
9bac58e436291248f5935c61b4ad1912cd447107

SHA256
dd43213f45108dd71170c36a31f18a14cdac29145e8c0d9cb70cea90be6c9181

SHA512
2cb764b4a1ff39fe74035ced1e9eac4050c2f86a229fcefa6e3a42b0144294ae15c852d153f3bd5c7a467e1b558802d22c7193f5dd7890b5fd278ca58b92c890

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7502.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7505.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit