cb3cdc5f0c117474746cd1088835e1762a7ba1bdd2a67cb6fb808077043c5789

Analysis

max time kernel
66s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 06:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eac012f21a83ffe2b6f8889a947fd4e1_JaffaCakes118.html
Size

254B
MD5

eac012f21a83ffe2b6f8889a947fd4e1
SHA1

128658b9442aa5616fe3a84ccb827b592698ac46
SHA256

cb3cdc5f0c117474746cd1088835e1762a7ba1bdd2a67cb6fb808077043c5789
SHA512

1ce4bbb9d67d4a7df95082dbf48750606ec3b56910dbae35d6a46eeb666f9644739ba87ca239523c5032ea851527b661a697a2e8f4d3b4b15c73c078bb7a1295

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d9070000000002000000000010660000000100002000000007681c6fe741be2a0478416ec21a2a56cdd559c66a99107c2e0964f51b4e487e000000000e800000000200002000000040d212e3981514fc3f81f7ec53084c6e25d1e64781cf3194522caee774c2be51900000004f08afe2b0f6fb70bbee3ab8c63c77d5e1b6b093d2f06a1a7a230e26ac01cb5a8167695c4f9f5cf87256c65ae111432b69d559559085bcec73abe8984da2ea96ff0d0b753a910392533aff4381a9f0c706f840fa71d2d0074302f1fd8ae254d9e83a117054a6b0a149218cf6c4b5c57126cc49df5b03f1dda60a4e07c5a76018460e109635e967ef4b1c596d51e254f1400000001f5863cbf8688d6dcc961f41401ada6c37cb852bb7d7dfaf510a115285791f384ada0b9060973458a4cb59a367433e34739393a6ba27308fed0b826af48d4108	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432888779"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{75D545E1-764F-11EF-9F7F-EAF82BEC9AF0} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d9070000000002000000000010660000000100002000000078329bd596485c488e0b516d855597466e9a89a370c44d6ab6d844fcda1722ba000000000e800000000200002000000090520bf80eff1a34c6240f11d4da8ec9055bf92869fd68d951687dc301ae3aed20000000dd690c4763fd101712514ff58b53b47c502fb1c70be125d0c7b88af9d9d96ebc400000001ac32e05694ed9eee3cc5f9692f5e461e3212743d9db679c42fbec700b458e2ee28d23fa96d5ca262fc2d3a694461c590ea0207b6e31e3254d58d1383f7e2a6d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7059624a5c0adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2656	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2656	iexplore.exe
2656	iexplore.exe
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE
2836	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2836	2656	iexplore.exe	30
PID 2656 wrote to memory of 2836	2656	iexplore.exe	30
PID 2656 wrote to memory of 2836	2656	iexplore.exe	30
PID 2656 wrote to memory of 2836	2656	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eac012f21a83ffe2b6f8889a947fd4e1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58a65f653189638df7fc7445db08eef2

SHA1
d847191b71f2cc58067f28efa019da9a5a603eba

SHA256
eff058d670e8874586a9dab2ed40cde9b6722600a6e1c4e27c8a8e1f9d72ec6f

SHA512
a09c929e048e3f81b4e74d7aa4df4d00decdc04d70e55f07c53d1cb31227bab7d188cb6787724d0c0a90a3d9d5c1233a569fe238a4fc2f684f1ce33a1b8bfad5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6ffe8d82f5bf9cc487bc4f9cd58e159

SHA1
ad59d577712ab3e8790e17c0e2cc9c5207e28f14

SHA256
e00fab911d3ab614a1a21b01ecec12ad5bb232c3ade119a9cf8fa9103238fa15

SHA512
0e565dd6c81f07d89dde7c617ffce08f045a0320ecc77454cf56d0b813df8ae2408128bfbaa5af98fd09ebb3aa131e9c1a1fb6914863f5611770fe6f7e0b6e19

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce11281a8289bb514a1a66ddbfcee8fe

SHA1
bbfdf3f1f5f20414cbb541ad80564f222cebf101

SHA256
d80e7c4365eed690305959cd129de3ee786ec6a025b7d4adcd8e5f4049df34e3

SHA512
b5efafc6f631a5bd87d38451288f96b1cf6bc9f0934ccf53e79636e7e705791e006592ec4609527a98bdad7acc85a079b3dbd6e2aa90ae44cde98357d4a2ba96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
843a4089a665e32706fad1824b52489c

SHA1
10cca807bcaf9472e528a1357454a1d8a2854e64

SHA256
5e2fb512efd2136cdbea04a5125f12fd07381dae133b800c2bd63881371d9ca2

SHA512
d1b5d563051cd2763e4363294f704ad9d8b38cb7db90c9596622061f5017e05f5b07822e5812cbecdb057ed34585de6f0d7461da76d56488b26cd3d310b41e8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1568d06d7b81476e135c33f2290a693b

SHA1
8bcf3edc6e6657c9a2149d0c4709dab525f96658

SHA256
eaf219e3ae964d2e6d976e5e0192890b0bcbd4754a21f6506291e92b2dc7bdc1

SHA512
9ff48be5372100b72df5cf0e12922e451fb050a29be92fb6cbf4b30f8063790faf73cc5b81bc0a9db799b174bf4a37a703f616e0b1329564c21ed46bbeb7fdd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
015e66e3696fea62f0b105c03d45f291

SHA1
8b76e04421bd0df345c29249ae1b865a69dfac37

SHA256
e0699f99028f624c91423d7846a9bbdf0b9efd4d207614b4b81f30063918be61

SHA512
cc7458ae77e359b5bd438709a430636445d1b11d5ece3b094189119c3e9048aa7adb69a613a6becbe352e01b4d8f64c0a50b2677e0e8da5e3423cd4c45472843

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e1ae197799e28d74dc2e8b8b8e37c46b

SHA1
9b2f5b90f76ef266e2d673c03abe78c141521730

SHA256
aceeab8c449bd26b7b2ac3fe162e0f163d8b6742c63b5d31d3a5f4e2c8415c22

SHA512
fe7fb529c9717045f1cc47bf0b306b72615df6f55d8dbcbc110e52d065ad30bfd47570199645a71d1aed01c9701cd954cdce73b58e6c831fe22aa168bc68ff94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eab58c16b9fcf692ffb895f3a4616de2

SHA1
c7f8af3dc166aa165b8c9984dc5b2632370961ab

SHA256
e1c144e5aa6382035d323c54b588e3ff234bd579fe26da08aca44716d8368ed0

SHA512
32e265c946a1ea859393b9798b10547d8e9732b2fa51a4b1e8ae4719f79e24789d3752cf98dddfa152d7a7c71b774b0745c6983fbe05e77c3d1add957eb94997

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
849326b0da7d4d19270aedd5678b9fb0

SHA1
4634b053fde69e7f669beef1117c5e799f797a70

SHA256
167921602a3e90f81d20872e79e9e6dcfbbfc0b9f247ab57121d32f3562e5b02

SHA512
67f988c58d4cb29a806d15cf6f75124217d918d21e7162f3a6d699ea2b36c0077db7f0706a9acde097a0b3b4ae002bdf6458b6ccb4966be32ce38febc56350d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cebf9103278c582d6fc36b1db9c47d6b

SHA1
ca9a87baf2a52c90b31ec2b25943a23087b4c526

SHA256
90f73e4c21dbc8908c66a48eca325cf5d9cf7d1e7c350e96041e4cd6fcb0c79f

SHA512
d2bbb01dae51dd082202eb410771c42016678031dee03d41255230afa2fc2ac17877c40dbba0f30bc194931e2c1b01490793b8444969b1c979e13ffa9eb21874

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d714eb64f094054a7a82fada90c738a

SHA1
e8bdf305569e030542243e774deeac4be232c1d9

SHA256
11de9c4aa6019041edaa6582c3756c44300721f194b93d0565ff3d8159e106db

SHA512
daece8a495aabce3d11c2d7d215bbbe990b65a272f3a7467cf4a799fb3bba585a352dded5ffba39ecc0a4762006df78bbe7c03ec57bfbaaa876d85332904912b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60ef9a1cecbe0945b376b7801a4d0995

SHA1
4b4e9377076449cc49a8ec689404ff4608966694

SHA256
3215eb293a426de3a1d8f5df0e5058591ba7c6e5df0197ed93a5afecf4e9be30

SHA512
f941b4c19f4bd521aec194f8cc3c67a7e06fcd8eeb58bb875f5d713806e7a5293888ac6cee1a79c36361357d34231f14141bd8189ed2c103ef282bd21296486c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e3ee3be7eaaf0280edd404c80b22e43

SHA1
a4ebc68c22be084d3aa35085bd672dbc3cf35589

SHA256
6e7e4404379255f4f7ee3bd500b5d4c055197a2387e632c3c102662128119f48

SHA512
110cb8e93bc46ed2bc7dcbe734a1fb5f03c5e2850a65846ba498d725e242d8c73c6978d875ace505afd5a116c4eae0cf1df488b6e70ccfedf44dff80b1bc058a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4e8d5cff1d4272d426c2b882d6c966a

SHA1
938ba776f5ef436189375b960f946f027716ad29

SHA256
bf197d779b75e4fa64ffb2ac376da8a2d64b9accfde445c64e6045762ae2bf04

SHA512
f63eba4865b1e55de5dc34d5ec95ce17a3e951409e63ecc7c4e2b71e66186c466a450ed2f1cae8d8de605667f06161748710e3291b4bb14c730f23c97410c5eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6EFC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6F4D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit