1ff56bd0e1a4c339c94951140de19cb6f5816dcd9850ea760d8720ecf3a305c0

Analysis

max time kernel
134s
max time network
132s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef69f69b764bbd6bb5b442b777ec1591_JaffaCakes118.html
Size

4KB
MD5

ef69f69b764bbd6bb5b442b777ec1591
SHA1

b75e35fbb2779d10b1dafe9c547307876e595739
SHA256

1ff56bd0e1a4c339c94951140de19cb6f5816dcd9850ea760d8720ecf3a305c0
SHA512

1cab5090aabf658f0efa4df944f31f75d14c32775fc2b73dbcbce53b68a82f05837846f6da0e2d66fe58e958f5639a42d229b0145ee5ff977fb2f85c5a4c8dfd
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oQ8sd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pD1

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433069319"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CD135041-77F3-11EF-B40F-EAF82BEC9AF0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e04a81a1000cdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc500000000002000000000010660000000100002000000080528422bc57022bf409c2339483277e94c380033295aad9e7f34251cc58355c000000000e8000000002000020000000bff6814f27ed6d30564922e0421531baa7082b5948c9768cae03227587a47dcb200000001382f2be0cc239f18640e85dae1bc0a53979d1f99e0f4f1007970aa0cf477fb640000000041a343e40787751a8d6595c8f1b71cbe32d5ad1d7ac85bed94c2f06ca91255b89af1bb59bd23017ba345e71e3d4dafdf0223705574c3fb413ad6472aafff972	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000303eef0e2cd1a9499efdd285a56ddc50000000000200000000001066000000010000200000004b1b2687141afc4139669e57e8cb00658a3cff0753cb020c168a5c0832cbe123000000000e8000000002000020000000347b394fab59559a15dba642642a99a1ddaa93ec78ddad78561e357ea3310ad2900000002ccc4f2f1056ffb0fb114ff1b0041c288866cedb896d80652e1592bfd6185b45e4299850da775298e461944cf378c89b19fded3b2e1e58d8835dfe231c8aa7c9802dbcf24eaeb501ce4ce5172f5b7d2e08fc9aa13183297a6e1087e9ad282b03b3e08071a46c72ee095710ef943ae089a42b0078f16063761465e79c7906c5797c5bc9906322384dc9fd5ba83dc0b28f400000006a67a5fc0354c2a4915e1bfd83bde446770f2a8934dd8ddd1d3fcec8066646b5775c5d1d4e874565536184963e4f0f1f1cb4a7356aecd7d62fc3269e4aa02714	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2548	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2548	iexplore.exe
2548	iexplore.exe
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2572	2548	iexplore.exe	30
PID 2548 wrote to memory of 2572	2548	iexplore.exe	30
PID 2548 wrote to memory of 2572	2548	iexplore.exe	30
PID 2548 wrote to memory of 2572	2548	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ef69f69b764bbd6bb5b442b777ec1591_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c8887a2089a3b73c5225ca512ec835b

SHA1
3692f94308fd80df5d9ac8d192a98323f475bf00

SHA256
6dfbfe19555be0996ff70fefb6b61d8f535ccc71d80546ea449e038e96b29268

SHA512
087e9a1e082b642b3414ed866f3735489ccace9ee98ae0521bc13fa7268dbe7b8364be97b75ec5233cd2dadb113de2885e670854d5d412bc314bdfe33d8a48a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
73a08cf4336b7c16013c262ad35b8574

SHA1
469eb9059c8f87ee3f6506e62164663a127fe394

SHA256
8f67a0e5e08760e5c1678a572fd0a28035361bcb021c2cd3af41c7559ccc131a

SHA512
e9d39e2437be8881433ffe16c921e74d5452f198be80ccd0e103016422acb1e15a4fb97a2644025d7e2153ba1286075517926473aa804c0f1132bca8ef77ad3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bccfa492878e8ef4bf3d2beae741a9b0

SHA1
11d603fbaa56b4338218a7b02030781b39103002

SHA256
be1416bfc43493c30d9fb47453b9c6d151c9ff31c998e4a934c1e60aa18fa068

SHA512
cd1d1fc81e65a5660db86d0c7962b86442991f9c6a0b518e0bdaf3aa45cf68963d83301397abf3f41021007d3758cf6ba2d092444b68e659b0c90a81e829fe62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdd72275950d559a521f19d01a30ef39

SHA1
e37135589285de88817b449a73529e7609b2a995

SHA256
1c64e581282e74cf0209c72610cfa3b192d29ab8dc578e72d1b70bba5ffb598c

SHA512
076ab223118d79efc2ecfaf56d458a0c82a5a2473f5ca74409ad76115249dde509223ebbe03d4b1929fcaa2535b8cc0b034498185b47569d02de0bfe06733b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e77f8785cb890808b69c7350dea15430

SHA1
27607ede36f414a1039fe32ce1d355e789a0af5f

SHA256
379f74d9df9dae82a6d96badb209fefbc3d6ae49fa52393cd756cdba7267bad2

SHA512
08d4823d1172e5587276155597ddd96a8107d96b97d6a50b23c7a6b9656cadb243ba7136914018d263c14efc26e14fef3debcdb91b40bf88c409ce0284c20891

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac8038857e790e6c01c6b78c25f3afb0

SHA1
6c80ba5ec60d10a4879b56cb6df9024936e9dbca

SHA256
9583f075d6f6588f399d9bce7d6392c53d21542d2db7babaced38e9ab92e7eca

SHA512
2ce4fe849f1bb53277c3f93f114ab1368308b08a797b645085ec8eb42a92de548b58fd7155917bbe6c6f6e114e75cc5864526a378bae7aef710d21296645f553

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a9a2bd048bf3cdd9a59c6042f3346e6

SHA1
2e5ec8637448074fabba38c285b46ff1058eb222

SHA256
4dcdc55d6850bcd2642b11000c7ef0efa36b0b2a6d6728f03d8c9bf4ec2547aa

SHA512
9b01702c3792a7e82b17fe5721fb7449ce12919a9f11b84afcbf2c8105baaed082a8fb2e12c2d9df72094a3e80101c122a7b731dd6f2ac36b6fd70a776b3bb90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e05d1113a5f30bcc7407a815ef8a5c16

SHA1
b7b9f54f033e1a9c4af4da9e976f59df3ed1cbf2

SHA256
6894af32cbd67f00131c171dc31aaea3c08d4c64dd3d4accb9cc77406f79a862

SHA512
3f71610bc38ed4619e219cf3496335308f2fccdc8f348160d5860cc16f32bd4278483ce2244ab281bc2401e43bb648ac2f0d9aa54338e8a8c7076ecae07dc7df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95e60ae0e30316362d2cbce00f8d3218

SHA1
06a9989ff2599cc36788df752456570d214c1b28

SHA256
8712540279ec90f1034b86e1100a05fe953afe9deb157830df0f842567f13495

SHA512
683790ace64d56bb79e69fa46f03a3d6926a00054867ad46dcc9bf3bb1d8e0a1584b85cec7441884833fa7da33a8b91d9756e96ab11f5ebc1ea1445fa06c4519

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6255ddef0a5fcd7d8a6fc967fedd873

SHA1
7d7488ce65232c28d540dbf92bcfc20cf8c8ee78

SHA256
dcf6322385ad24b1cd0920375c31b44f4ae02d4a1881acf3536313b6e99c262f

SHA512
d60640ec173f90f298e486c98c90e382db1076972ff38ff4bf4347d90ba866141f3c93aca8a59796df269d82fa43a877890f870cdfd6380d76f985d0c58d0f11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
50f9ccdc282305148af4d8d82eaaaa42

SHA1
648fe47d3d2b8e9b3fd19ba035a35c3ed3bc6630

SHA256
2e87c0651a858b338293a868feff5efc4f3bf96a88b0e57b3e620f288ac29397

SHA512
291a179803f92c67f91116dc646cb988fa0395e9e94ed9255073d0cc6e4296b0a834537b2d02fb6a937d095573fe08290c000f314a7af9fb2bd609894f7507b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11438e5b8eb856a3d0e3c7d1a978574a

SHA1
f1accb6d60fa7831dd5e52d723e8c6ade720264e

SHA256
694a6206c7139013aa85ba877183ff9ba00a170350986b4132dc08d0745bced5

SHA512
9c1ddc96ca8193fdd2da2c081c97b697580f955982d6eeec39d9dd63c0d460e0af9672723c849b6b6c279407fd3a8077f01dbb8c96bf7b84085d0ca4afcf8db4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7082dfbb8735888f8111157cb7d724b6

SHA1
f805cd87d2e317c46ecbc185e79fb5d7f450d133

SHA256
2fc5b3de05346efdcc464740f9b6f5873b06a4e104197d999268fa27db51edf6

SHA512
24040fea03fe0c9f3897508f97dae65b5141e3e6247e85eb5f11312032b71fadf6d105662b1c24af31a49d4adfa3e75c89072efbb90ddb2236465b6dad8394c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88a4dbfabe944fc99a0b1147eefedbf6

SHA1
8affff88f551384ef71bab3144885329091baa68

SHA256
550e1a526dea903050203aae511860f4e6d8b5defa78b38779857aa83441a135

SHA512
2845641bf6b0d50e70c9bc4ec172c1eb215add423b49a39f04938ec57f521a9ed433a520ed3b35fc1149da678ccab3fde70e46dd2967e2fc6a731158e99db4f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3d218b23ebe297eb17f91f20f4ab209

SHA1
cd3c6907d7ff33b6445a683b9276a28a30e35141

SHA256
92ecf2b3a08ebc3eafca507168cbc591782aa92f4dd92b60ba00678de5153379

SHA512
a18eff2cc930829c748b754a1aecfda4f070ce7db050cd7d2dbc05c2141402ec8571e7df8807b0baa30eed89bcc1a935eee87d3e708310f72b4537b88397c6b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
987929b0e9809585f9dadcf5b2814e39

SHA1
2d7023697370f0ed74a9bab4b97007cef00cdc49

SHA256
bce03442a49cd5f7a9ec34f80bd600709fdee06aef234cd8ba2b096b4b8f9b73

SHA512
be408d9375c438b492a60fc6f2005a4a30d54c5b6ee13880af7ac032e64fc5e73d7a7c487d01eed1d983e50985368f0f3095218bb3dd4dda27fb765cf55e3264

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC229.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC2D8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit