c8407757d1fce731f62ae78a2470410249412d517022f1ec1c9c998940d4aa9b

Analysis

max time kernel
119s
max time network
139s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ead0ad0e004672d3ee24a441fcf9c667_JaffaCakes118.html
Size

4KB
MD5

ead0ad0e004672d3ee24a441fcf9c667
SHA1

cbcf9a2044e7d88bb92e951fd94763a0255a8141
SHA256

c8407757d1fce731f62ae78a2470410249412d517022f1ec1c9c998940d4aa9b
SHA512

4cb53d95c7d8dc26b7e078a7fd6f77e78534fb20df6a6f3720833ea73984bdb85346384f38e6b327b9505bea9b12663528c6c7dc1f269300091b374c990eb716
SSDEEP

96:+j5SsJ7pPqNdF6M9Z9KtQbRd3tFaYkXau+Er:MDhpPkdFLZ9KtQbRdtFaYCr

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc5000000000020000000000106600000001000020000000c6efac5b5d82b886c42848a36ff4ab4e4019a9dd436750c04d40838e092f3ee2000000000e8000000002000020000000f3b2ac2887cd3347293b0160a20d0ed8c519b4f190da166ffd7c6e8f31be21d1900000000c768678d0869e5a77142bd34a9c6014cb02e1ddd4d94d15ff3994533f0e4699f7f162d9bf8a82976cfc1fa36aa0b288c05fdde6747c86005cadc848ef67ed6cec02af12be253bf8b300973e9fb7c5daaaea2aa1a59bdff3667c80ada8469ab01f8e0afa265ee5901e519571360f8dce91d210bd9e114a69ca91c9fb59d4a2dcd21a971e91dc05036b2df4586afe4f96400000001608c04bf9aa269ce12a6802a9815ff34cf2184eae9f3f34288bb036ba704aed1880558f5853ed38d2343bce167cd503069358cc8d94c5a40fb823b0ef08277b	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{88507A41-7655-11EF-AE85-F245C6AC432F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6045fa5c620adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432891399"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000009e6313246609e967c37c79e76b601bf01e11af2518c15d3fb7b5c599732fae8c000000000e80000000020000200000003d611b92c523dc6e406d199f46770a44e0b6539a358032cca3e8f80c4a39af15200000008b67d5e8d2433a2aad20b0c5cb86a5ba8709dc47b6206c62bb988a2ee98d14f640000000ea6cd3d5727520d70ee218ff4be47f174a79aa6317fdc8c3fb3175042a6a84449468b6d8e22923c82bb165989a0839e7fcc9cf1d7d4976e1db553cf017035b28	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2848	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2848	iexplore.exe
2848	iexplore.exe
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE
2832	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2832	2848	iexplore.exe	30
PID 2848 wrote to memory of 2832	2848	iexplore.exe	30
PID 2848 wrote to memory of 2832	2848	iexplore.exe	30
PID 2848 wrote to memory of 2832	2848	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ead0ad0e004672d3ee24a441fcf9c667_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a8b59e73f2fd62caf096cf35f7af6bdc

SHA1
e97fd01c330bee115d5dd51f013a40ad1cf23dd6

SHA256
50facef48b7e3d4bf42142fc6d5956ebbf9c4170c11e148d10ea8cc377ea096a

SHA512
9c04f2a93ec926c444eaf565a26ec0734f5342bdff5bcc6c5346039f1d6411b4fd99ad79d1579a4d58022a6aa571d92e92002d330bd1ad989a044d7e5fd9b572

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae41f26a2afb93a1aa1d3cc090b605e4

SHA1
58514a8516b9a857c8b49a8f0c2c1d796f355919

SHA256
15b57aa0f8bba694c48690b228c4052b9d51ce8e32f6e3497f530f7118b50ec5

SHA512
ac14b9c1a339a8bf6482ed69f7640ba47c80dd51c1784119f42be30b7d24b4d7752c06409394fb44a7ee46527498cbf69648b52107b51fb0c360900022bfa794

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66ab3664af7a080692eaa68876b74d97

SHA1
ff7acb2e76a661394a7ea95180a9373a79273091

SHA256
cc3221022a1c0ee5572971a52127b0622e692c771921d6d2469f581babd4d98b

SHA512
344e9b78a330039303a8c7bfbe8298d1c1810ce9ba467cd3abdd01dbb1934c8f090e0c243870859744ac36de620757a5d4a548c74fe79783c4161c4895197630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04ccba5508bd6761513faa504dcc8223

SHA1
ea3b10e90abd7988cc536b405711e4106cb35156

SHA256
6d2e26cd9ba36b876282b8514d31749ef0a4db7ce7bc6b1d41a7e3f704aff746

SHA512
e5521f5b58d8c0420fe0904e81c6087ae49ac4ddd45ee245c1c89e6436babe1655bbe3e67e22631ca4992c7ae6aa54da21825e02ddcd2dbff7735c5f53e2beb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7bbcca5369d4d56970b4b24525722d82

SHA1
571f29fd6524fa1f7d35c9bcf96ef19ef45cbe22

SHA256
3725dcf21e37a4de2b29aac32b4b3f00b942ee54e0fe455eb086aeac7a1ca86c

SHA512
5e17aae6d3a9fc41843c2436ecd220799554e2ee88996e519cc56eb2b99562d9a7ee616b616941cf7947237068fa92de4ed70e06028d58e265d5817269addbc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d889590a093f652803faa0e2ef1941d4

SHA1
7155013b8dfc1a40eb4a100c758d7a223f8066da

SHA256
7d4edcf849deb99db93fcad420e0f0df35df14fa9679e776e9b142e796f79a02

SHA512
66ad2adac529f63f45c8cb5f65cd5366afec8313e80cdc793c9ee052a3b2de92f7e3b81099f3cd11e7f57625d303cb084db90cdbcc7449bd5b24bc069712d56c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b90f8719165fb616c4d82bbac381c4e3

SHA1
29b7bef2ffd031748e15d391ae7adfececce7820

SHA256
b688a7f853237bdf07901038bbfeee1f6fa70b41d78db3eb3c8c3e9630b25ae0

SHA512
01741df78dc979b6d64523b31ceebd6cd8c11b398f9d1741e1176444fd4c91c54f73f52c6672afd590a7aa8d16aaae156663c7eb131b04b8592aa27e0164da6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
534aa3646e37705e0850eaac9b4f67e6

SHA1
03928e2e58e274aa6ecc979899c44e3e338dc85e

SHA256
9dc2021c46144dcfc394828b9454424af7b05d3993770137bc0b50476a163e4b

SHA512
dc0d9c2eb10672cd512938ba423b9df9c5521d541937047ccbb596bb2484564847f4936017cdbc0d95672647864af1cac60fd275e63601a804f702e7d9c3927b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95d2707611156b99fe5712f0b231c882

SHA1
5b80665a4a8cf5cd715db6f90def86c55c4ec196

SHA256
e30817cff03ff2e3351ae6d917c2ee7f3740c864c0538a7f1c9211431392a2ba

SHA512
5afcf2fde254bbe3f0bf99ee1a597f128e6665fc40d9a2326f2733289e12a4ecf54cf9e654b4af0a01d0d3bd63a59c2b0ac7d77f84ba4c1e60979a5856437afd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bf5f43c8f3f2664a7ff716ba0278bdc

SHA1
9fcc8d465726e6b3301de913c804552af295b55c

SHA256
c8ed3682f27c8f85cc21cdbdc532ccb3fd7b19509b2f19a22b96ce1f4d353bcf

SHA512
0c25667232fdeaebe374bb4122c2549485b2cf89aa2a9d0289555f536646ba9ee30fa10a18059040ad0f80c86a3fc4a14b9a26f029e45173604274859ee3c60b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a58f2df5a9a8c84267f8e199fa4d71ec

SHA1
5fab78429cfbfe168301c3a4394f1e323db8212c

SHA256
2807156de52a990e563d1f55ea96364dfc6e4b3f891b84ce5ff52087584c3b5d

SHA512
ede6179680dda96367cac8ef73231a8c9fef938949eb2b59fdd0a54d2ffde682f21d55dedf3469b19e9acb7ece2ee7c113d0328f34177ca9d4e0df41942f5ff6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49a50101c180ea8e920de516728dc98b

SHA1
acbf507a91766efd470d8ea141fc469edb88a4dc

SHA256
2708862fbab860160e7e51fd6eab1bafdb043c97a68a09a21c3bc2ee81a3a787

SHA512
7efeb4988d1d902887a0bf4175a2bb496bbb11f11665a3c9efcc37e49109cfc80457f88426bf2416122041e1744a65794b4e1df7afb57ed0911e02dabcad44ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd83eb6df37c9db903fc94be201226f5

SHA1
99ed5dc74c100953322b2c9fcbed70267c218616

SHA256
ddb38bba4ed5013a6c4653ad1992ba064eb4c5e92b5ccb48f9ef37f21fc0cce4

SHA512
43e0979e7ca27d7b4059e41b3ddf2fba7a37b67232d952fd9e6604162043fd52860e185e427edacafa0ce0f1ec61f8f9296e50f998df6d28351f793bb0b9d3a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab787D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar792C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit