9cce68dffa3dd39dfb049b621e0101a7d37ff8283d72d3e9480367221d88dca8

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec0cd0f663c9e86285b2e04bee50a5dc_JaffaCakes118.html
Size

2KB
MD5

ec0cd0f663c9e86285b2e04bee50a5dc
SHA1

d9949201d343a1bfc49c42cc4eb9c39c609f32b4
SHA256

9cce68dffa3dd39dfb049b621e0101a7d37ff8283d72d3e9480367221d88dca8
SHA512

3580a98bf08e0e6c480808f8497b56c81ce6c8da10ecafc49c208bf71f191a2216a81cf8699f54687be446d1c425f884913ba41af38a9a657381c9f1de57232c

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A8AF1C1-76BE-11EF-A4C8-72E661693B4A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3008c0f0ca0adb01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432936301"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000e3ee4a0b2c4517d65008424d594a2576a39fc070b6f93d6f24b2151b1c53f9a8000000000e8000000002000020000000c7cff3c6964dfd597bc1bfb5583406f71380a286304a4d34233c47c0273d601320000000f8163e626e73dec363bfb578e80c2fa80220ce738fa130d7b90f80fdad03e5a940000000c2af1f6d38ea8ef20e53daeea1c084c795aa3eb7d517bba5eb01d99a1612c43e98eac8f8a4c25106ddd925bcc175357902e30ae7af20dfd8a1b1d649c2fdd50d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000378a63fd451dd3efe04e8d73e35af116e9a1453d9790ac2159aedfba35bc1729000000000e8000000002000020000000eaba3021d7f48e0fde7e514a8c17f76dccdea585f567fda733bb3bc9452d5193900000000458f35f316c7914bf1c8c3569d30f25e0f6ac4f0ade29fb44aaad128c8c44066161048cd4bb99d3bd824dc414766c656149176fd54bcb172abbd03b68d3b606f36a7aecd0675db9cd3e1fd7bc6e22136cfd2d276fa5200e310e251a9ad46a6c0706ca5dc8cbeb722b5cbf0072bc2e7bf8552f1660128081139883cd9b4df75f8c012891ba6f29046f881ab1b082c417400000001aa42a351b7dd7759ccd363bfccec141c7c9cd2c15a7f0c8e17e5ecfd4068f7a723ece3e0d447eb7a7faac3a720ef14504d9c5bded56343ef1ff83471b3f7ec1	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1916	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1916	iexplore.exe
1916	iexplore.exe
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE
2416	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 2416	1916	iexplore.exe	30
PID 1916 wrote to memory of 2416	1916	iexplore.exe	30
PID 1916 wrote to memory of 2416	1916	iexplore.exe	30
PID 1916 wrote to memory of 2416	1916	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ec0cd0f663c9e86285b2e04bee50a5dc_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c0c8001af6718b9b8875cdc754bacbe

SHA1
1ac681e423634910c6201ddbf82a42af894fb63f

SHA256
ed1e4682857ead6cda48886278570156ada85b40db2bec757a63bf0ee0f99653

SHA512
77e4d2edd2332ad12f61cfdf151e9d9db8609fd63f71213957974ff0c8f0787f24ac3776e7b19f3d34ee4397c38a6a6798caaa71cebff0eb3d1c78b36c3b5c9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db1026882dda34f6df21de34b02f4c40

SHA1
dae38b52a9f2a3adf1623456627279f40ff2dc78

SHA256
1f79e579ff0b6c23804eca47f2bb7a9936b6b1f018371ed84f6c7556e1c00b1e

SHA512
80bffe94f5407452a8078bf36d3f229e2bea1fd022109509869ff0e608735297677ee3b5fc31b833f277477e83606f9a4c3f0d9ce7242e01fc8702ee3c890ac6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47a5b40a7edbcfd5dbc30cb57912fc05

SHA1
ec4c2e554aa77f0e6239a87cb59b999f0462938a

SHA256
a9138b50f519ac672ec31b5ff4ba0c03e97ef47c879f5711f2984215278ffaa2

SHA512
5267522b67feb2024971f043cf792b3ccdfbc8a787645689e8dc433c58379511874f1514aaafcb4b6c498245f13ed91f115f03382a84f177d3d50e3478a27741

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3c1a96e703e4239994fc3cd465d6968

SHA1
b451c49d2f6a26236625f0245dde0b56bec77bf9

SHA256
ec0386f2390539d914eb937c2bdb65a18edd8814d704ead4a7f665de31fcd895

SHA512
564a65dda9e4b1b1eef135d03818d0c3923a7ee8a55546388b67ee246b0baeda666ca214f77fe2b4fe43a6eb4dd4343fda08447e879f242211c4bfc9ed3d098b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
595f98865efd8550006b44d362997e04

SHA1
aec6347dbc26f120d18797a5b17bca0fc1acc795

SHA256
d3845d6e54d89875a6aed2b04ceb6c021d5f5abb7e60bbb1819d251d4a07d6b1

SHA512
6b42a184b4d340ac4f6932a0626042088f3d7a2ca47c94f647e8a4d572baee3dc8e2a2ae29fed9dc31306be4102b9767d59c16c702dddf01d47ab2ff25394c4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d4524f940ed922f3ae03adc35234c0b

SHA1
c0b991ed4d8a28c4a9491f2633c5da0032f76229

SHA256
ef2fcc0c9374d6e5fbdff2524ce37be7041dec680cd502a83ed7929f49663e2d

SHA512
b95867150d5d73551df5d62d22c8e0db4a313d539aa2ad6f767e0ba079892805462dbfb60898bbcaaaae253b567d920e28e3a096fed5eabedc26c88a98365d94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c92b9a8dd14dc9afd0ebcac5c2ade66c

SHA1
c1a55ce8dc0b7759b84cca4250cfa11af2b66d98

SHA256
e1d80d5d275ca2fb9981dfdf28f824351b6471420f82b4f85e506da8566386cd

SHA512
f81238356edbfbe5a4d74f691fcd3c156de9d0bfaa17decdf15e80c30ab02f6561eaf59ef8475d30c67dfbebb069ca3c749a4eeea6ce71778b5e22a95fddb33f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
701188264428380a5a25ddce8a9954ab

SHA1
b6e31bb59ea45babc281827e64960ff7a545ef23

SHA256
0e95433efdc0b31f5a30ee4c05ac6e2d4308a106cb68e4ea69b7c57b5b04ef05

SHA512
437ff8390692ef0c058c574a301b6996fee9304501cf13b8f24ce5d0344386a3492c66f3d7ecb67c2e0aea3a995ecbbc1ebb382db4be7756bc028b2586d9a36e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d58e79e8a5fcaa5f08badb1ac212418

SHA1
8a00f5a9fb3a0326c8380104cfb4c0e789dd1a7b

SHA256
57524cd8f367ab81658af6ee4a20d65e374b71e805a460d78ad2d90dddd8ec4d

SHA512
29748645842b1e84a43588f46e28670012067cb670b9dccc71bcb68d88aad6fd13691e1ce55e636a528cc32bfa2cee9455374c408e71b4bc495fd7d7d45923f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f83861970a666b499fddd3ec33699019

SHA1
ecd90926ea735239f41dc7aad018d9f87a62bd78

SHA256
2223d7ac8973697e910df736d0a1adf46c8edbbc7706628023d5ffedf4816f2f

SHA512
79f1bdf5825f69dc78f60c28894956c03f995b0aa40a176553af99a0c66ec0b521728046b1b9340d6d3ef719102da1917cec40050e9092dff80b722778fdafad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7fd64088b539e2a855cb53a393458196

SHA1
d8a39cae37ab00aff2e5f62ad692fe3a8d7f68f6

SHA256
cc9b46100b43a15040c388e3a67535f483668b9431bd3d43242f2c694a56aee5

SHA512
571abbb36cefbb61e3f0245eba31de6303991186cce385a18e6abda4121aed2d1e230fcb8c05091f0203b6328338e9eee1ae64d219e68da8c568b8f9cac0e662

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
731df18bb39760dc2f9915d9595f6090

SHA1
201ac31e27f04fc3123dccd60fee5ee352fdc4a5

SHA256
c36eeae33e382836e8a79a57a703605ee546c4666eaeaf696354361ec6f07c51

SHA512
8b49facc3368e1fe84feecfedd6101b878d9b37b91496f7e12a61e7164bae7ee9b24f35d3659c00197f87c811ea4a22986217edf3c3d3085427fe88929aa3fa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cddb4a8b721ba37a499147d84e563955

SHA1
a7222f84c11a902fc4b0bc8ccc7c2422d15689dc

SHA256
ddc3c1207269700cd0987dc8efe6adf4e0cff3b8a138ea4233b6966162554ddf

SHA512
dc419656594ee38e7dbd0ed35fa560eb45f050df2d9b91b449a878f80dde788296b8d76a50a0f729a5706a1a2197c027e11d0796a860ab234bff1656324d514f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a661c02a1b58144b04a43a94c737e729

SHA1
92ab4ce9afe94986900c7ab7bab9b57e88fbcf18

SHA256
009a8fb53bd501b1329f4380ce0aa2fe884f586022e7caf813e996ddbe239e4d

SHA512
536383dfffa9a9ea1257b24da595efc94906ac2e6109851239d8f8c56b795213775f52d8595d1767f3f0d1fa3d7565e081ef000ca23a5ce107b80769dd8424f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c779109b13aa90082cfcb653b46f7d32

SHA1
5add99198d62f1cc4bd7184c03e2ff1c4f8adaa1

SHA256
ed7763e28d41e8cc2dcd6c562f7bfe41c509d9d1701097bff7a4f85834e38607

SHA512
27ad33af046dbc4d15c4d9c437bd4fd0331e45957e08cbb0782e595ec5dacd82be9d232ff131b715106638a921cece849989c532b12b936f56a8b5c361524d40

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD404.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD475.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit