d4f8a056b8eca85698746eb91a19f6d1a869f9463546b06dfec4814ab0c446b4

Analysis

max time kernel
136s
max time network
144s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 13:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

eb66d07c2ba3f9533410d26f682b5c67_JaffaCakes118.html
Size

57KB
MD5

eb66d07c2ba3f9533410d26f682b5c67
SHA1

894f1ce57c9dcbf55e4ed72d2a799589c1f8f0d0
SHA256

d4f8a056b8eca85698746eb91a19f6d1a869f9463546b06dfec4814ab0c446b4
SHA512

c73bc7ab0df57d21b3489ec7041179f5fd5087af1829c01c7b65a64e224f0e18c482ebf3094af4d70db1b9cde7dc44d8ce06168f4e1fd30e600ce83049e831ef
SSDEEP

1536:ijEQvK8OPHdsgjo2vgyHJv0owbd6zKD6CDK2RVroLQwpDK2RVy:ijnOPHdsD2vgyHJutDK2RVroLQwpDK2m

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50674b8f950adb01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000001ab57705e648873496ef8968f46222f756457ba638551132bd8eabe6f1f1835f000000000e800000000200002000000019e0b0795fe85565a06e9b20294099fa1a4b83ba62c56aa3b2d3c082e7a39b7290000000b5555f09e427746694caaf8f97784b80cc9d605237627292999b1b467d004177397d7e1cc18f8e18fd1f5082a610093f6645d36b7e3611665c6d9a9f5c76eecdff0173dba9bf2583dd5085043748a4b34cff884991a40fd27544ff95329794fe1f7fbf8163b7ea2bc52ca6f114670e1e6b39f2a6ce88b86a4220d3c2decc63dbd5416d6ad51d46adb54754356c30cf37400000009ace2b528d3117fddf78b84c4a2ca17592c11bbd713ef384d97af8f1cba86d775d3ee1bcf483c1d7927b97a81d425b1040ac71ba2f354f059040d6ecdfd85100	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000adc9c6943da3552cf0bb0874f27539a6f5f64e75af362e90fb1232d3d80b6119000000000e8000000002000020000000192e8d289334f8ccc0049e155af63bed17a15cff4b7f10e9f48a97edf2ad57e1200000003436d9f96745d89c2806dbe15a43d47cf216d08c533e17736f990b05b3077a7440000000391be3696c15a9b2f7d2436421a5d4824ae3bb2f5232af91fcdd675ccf124a0af3e9a2d65bba6d6fb8862f324bdbcc8d8c512a291c8e5838a8911918677fd570	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432913352"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AC78D2E1-7688-11EF-A8AB-EA7747D117E6} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1480	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1480	iexplore.exe
1480	iexplore.exe
2156	IEXPLORE.EXE
2156	IEXPLORE.EXE
2156	IEXPLORE.EXE
2156	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1480 wrote to memory of 2156	1480	iexplore.exe	30
PID 1480 wrote to memory of 2156	1480	iexplore.exe	30
PID 1480 wrote to memory of 2156	1480	iexplore.exe	30
PID 1480 wrote to memory of 2156	1480	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eb66d07c2ba3f9533410d26f682b5c67_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1480
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1480 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
adc2b8d327aa925bc185b38c8ed316e8

SHA1
7eb0a256f502e41594052795806db7ea0d9bfbbc

SHA256
a3c84a2bfeaa89d315087e6ac7ab75defdf493c2793441ab6f44cf7d7a25af52

SHA512
cefe489a371399de2abb7a34e096bf2fd813150af06b7c082edd31528037138afde4e5f3bef7172cf3bcb45d0e11f5d13dd2d9ed1b6514a8f84b5e12084ec942

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47989235f8675876880e2aa1f5ba02fc

SHA1
dbd0820db6b420741f8e703b58d938cc74eec3ac

SHA256
b21dcaabae1c92f6e7a9f5fa84f96294d9f37b5b0f3eaeca3884640c03c90eb2

SHA512
2faa44746ae422da6124b98567520a37fc4ed1a7d14b8123d83b2192d45a1663a701a969bc547ff3a4197fdb938bcc095cb2bc7211ff57f8c4b6f715d4d282b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc0af6158d7a5cb976f35c5fce2863bf

SHA1
fd68be0a989176b4ed9980b1f9bd3c6cf685014d

SHA256
f25845a943294ef4d0e661a08b71b7c672361d37eb1c905a8c8a2984ccc9dea7

SHA512
eb1d5432ded7533ff211324dfbd027aa6bb2d7033eeeeccd28cda2e346fc1eed31f2a46c1b4c6dd75bfb0efa8b2756d133459536966a81b28c9e9afd63de6454

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c618499e1b25fa28c0f9140998f502c6

SHA1
ec88647ef6a0628027622fff57324f04687cc038

SHA256
db3eccada7ea8a846d8b332197e371c6a59c503c013b8d88f69c3c7ed94e55d0

SHA512
7c1c3cb5c463ec917e26155001299cd4f8dc4a757ea57eb50f18ede0eaddf6b5aa29af065d1f5bc538f1bd97c3c7a5093808cfbfda700258412090853243ee4c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
338c63e0fb21a076d1cb275dc6b5dea1

SHA1
a611c2191b121b13106281bce70d569994e6f7eb

SHA256
15926ae8ebe3009032aa353f65d856283ac9ddc3ae543180fa7edaf441afb999

SHA512
84ef036819cae573f6e5ef39c3f18a1d79b3733cad6f594f9356c06e71735779c49b824959d61bf843cca29f35f147389dd9373ee5585da8614d157517258c1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9266f5a277e97547a9af2e44434a32a

SHA1
182a094b9d20480152434f5ffe4f94f05d8a86e1

SHA256
e7179c3b722679efd045f7c56b16d22c1507a8ad917f34e0c644ed7183ecf550

SHA512
2768cb8d06413f3017dcc493b7845f4ab2634339916a7fb61c0d87309f146f0c297afd9150e4b5d480676106fcf6e8e8bc3c5e89d9a638b90a01da7462b03aba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e162d05b2bad48443ac1627992c7ae81

SHA1
5ed0e28c0646ecfb16709171c71c79a838f30a07

SHA256
cd81bb21dc1fc35fe820f9a207420222b70ecd1f1a6188c3b840f5da2cca1e4a

SHA512
fd747b90ac9d7b5bd0c59edeb42b586be9555b6b7655d386422cdce96990fea3c5ac52e5cf3f6ad5247783a9f8b6cd7ab6e37da960eac70d7f920c5fc39820f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a86d436cf971c2d2164c9400c6fbee74

SHA1
e5008c3e6047cf0c2109ce28d5d589f4e9f5f7c7

SHA256
dbea6e7cddaa97d4cb88250213f48fe92097770f0b2724bb7e28d962572013db

SHA512
3e02c7450bb164134ee3339400a0a2c5ff5554931c83acdd44dab28e8466bea81c9173dea72c1c855a37c34277101091b77bf1e3a4bdbb9d076d9933396fc04e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15c88b2f419c755cd093c79d34cd5f8a

SHA1
957af8b25c931abfce99ab825010ded5e804b58a

SHA256
462ae0afdbdb9694abf7bb1aa467acfae393ae4fe0d385d87b2dc8e0cb29a8db

SHA512
45184ff2839a342136596600ba1427f4fc136db2ebfc9912e7d5055e92fecdbff972c8b40fe286da28ccea7254fa37ee8b9ef3a6c165addc2a840a7dce1b780c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ea4a23e19056ae045d5be91e62003ca

SHA1
830688b4b63ad8d54c1f5c1165e3536fa6383a49

SHA256
f82040c1f045fd87cc88bcdecde1055e64df4d36369db37306419fbad919b85a

SHA512
400e7584783d4656a6aafc8d342e05fb52f79de7c6642a907ae1b7ca7131a2d95d0033109d0f1bf2221f3a1d57ad3ce5115d28627b69db2db29342ef240f4ab6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4eb29c4dcc2b0cfb6236a7095d051ed4

SHA1
9ed28ad4db135bb157a91edf2c2a5c0e56f9c649

SHA256
6d2c0047053f4aea07f85838b89fd73a62df2ecf91ce0d4a84bc1ba8135cca55

SHA512
f1aa8d6b259406641ca9aca0b4d0c73285b914d7061091c00a9eee7a39a7b81f16552b2d4b77f539eeb4e8db62d3ff5df0d488b69c08fafeda7f4f6a4a3deb0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
946c8a33aeb7ba616ddbdf3f36835b3b

SHA1
e304a4df8a0e3d50a188d230ce5520fd620666d2

SHA256
49edac5ca2eb55787169c5aad0c5a4e12a5462fbe6596bd64f0148385742ebc6

SHA512
fa0dabf527e078b5759e32fbf7582ef10ce9f5d704e758bb388da92b90bdbdb3c1cfc2044c522a3b628afd747daa8741566a538776a55910e788f395a0c60647

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b97cb5a80256c63896406aea3074dad9

SHA1
c230f853e49379733273bfc1916367fbb1e38aa3

SHA256
8743a818dde890747543c538428f173fcb46fbba27fa4fbf98cb18c7574479a5

SHA512
9958b303bb255cf399b524892865da34744c4695b08ad0d6392725be3a6097523b2a79614eac3e15980e4ed6644476c1cb88f17bc8d821a43d4798d3cc8bcf66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a41e01cdb6e910092ed7396e2dc58b4

SHA1
c97e2776afab5095296bfc2863acd1e0d05d7690

SHA256
1205e9f8f416dc5719401474f4e2c7fd647c35dffd7edd585ad0ae20a682e91b

SHA512
faa8cd0ef379c2cb55fa9a974a2949f09dd0a3deb6dba2ca158896e4bcffd2bb70b7475ee87e17900191825e897dc5cd2ba0876a96b9299086138a22f95771db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\633SXO0D\f[1].txt

Filesize
41KB

MD5
b587d5e5f914f24ac899a13febebd99e

SHA1
7117ffefbdfd936138a9d8b47583cb1fda5b2fb5

SHA256
c385a1b1344577984cdeb4d3a2a2645b91d9d01c62c472b2a27547fcdfe8f468

SHA512
5833d6514c30b65ec0f7e7a728785467ad185425e7713e767e15db8a3e84d6af8234473deb2ca3a07164cd97b23b34ec090d2121ab9e6c81f2bb231f7ea96c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE4E5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE4E8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit