02dd5a06298b41d6032689423d322448933eefed5e04f0f3335b25c85a2043fb

Analysis

max time kernel
137s
max time network
131s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 01:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f4e9d477544ff7569e5656161d0ac52f_JaffaCakes118.html
Size

8KB
MD5

f4e9d477544ff7569e5656161d0ac52f
SHA1

7419efbc15776aaf3b10bbcf0856a24c7bbd4b79
SHA256

02dd5a06298b41d6032689423d322448933eefed5e04f0f3335b25c85a2043fb
SHA512

7308c8baa259e96fd405345c1d681d021119d8e1fa41c344a7e968de8b5428be56ba73642e891aaa9de64768cb3acd41463a0436d2ca2b86bb1f4c5eef13b8dd
SSDEEP

192:+ZJf09hrICAY6GStsimh2GVUR9jIcix2vDijSjBC/n03fNwzUNS:+DcJIXT2hHVMUcix2DijSVCfefNLo

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433390949"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A8163F61-7AE0-11EF-B40C-C6FE053A976A} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6024857ced0edb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000b1ed962e8f54ca36647dc4a7ebf4197e15cb9dd58208f3d4bfd9e7fe52f85ddf000000000e80000000020000200000003ab3e269e77179329e3e4edd00ec53da63b64dc4d8b1bc7c0a9fc4cdc755376190000000e7333a82d33a7ccab6adb37861e9966e510233f5bd56bc48b6352e5c9e049088b1402b791031d5f8d3de79bff02a6f7e71f6a0349721dd8f1910a340ed1387fea1b0c342fab674502594c25c1b48b66df3a852a037583283cd1d6f92a6bfe7bf4d0e0e1cbb99016f0717989cfc6e8d2a036acebcbbec1c0aafb2c126494192ef665999ea94b4d21e346df8909fc0936c4000000055d10a7959219d57956a3a7f214f207615ea7674c6d2a3c665652534b27b1642527cbf92e47167197c74da4b6ebbe51526bcd2503459b588d97f68b7b86f4d14	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000a07db20cf4d3d96f8bde735b2079c0cba0864275116113fdecb57aeaa4472951000000000e80000000020000200000009831bf077189997f8888ff6fb970c2dbdfa300e29b30f20ac5cd13b155886f2f20000000fa5934950a729754017f572e6bb75f2f44bc81e5423488a1e58631514ebb83dd400000009c8f597dce02139d327a93f7c5291e92c68540c1e773a71136d8bca6b79d19c3fc8dc8a9f80ca27da13691bdc0256f62a63b61e14a98dd195beff0bc2414fc21	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2668	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2668	iexplore.exe
2668	iexplore.exe
2628	IEXPLORE.EXE
2628	IEXPLORE.EXE
2628	IEXPLORE.EXE
2628	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 2628	2668	iexplore.exe	31
PID 2668 wrote to memory of 2628	2668	iexplore.exe	31
PID 2668 wrote to memory of 2628	2668	iexplore.exe	31
PID 2668 wrote to memory of 2628	2668	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f4e9d477544ff7569e5656161d0ac52f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e31f99cef29cf32c0d9d1040c8a6b4b

SHA1
d66f5817874586ee5d6bb7e69e478fe0a59c653a

SHA256
6526bb72c2f4bdbd8db46cacaae0fbd9d1141843840769236a7c57eda21e4076

SHA512
6a64b8e6aac915327e8313bf07841e9357a5f073b666c43e113efb8c50f52ecab00ecf8945a4a6a6ad7c78ed9f5fee381f482c991f03a8ce7b66c0e29d3ea60c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6bec4f202b850228e0f47e7085b23bf

SHA1
cc58360739eb89094c37f1fa19597efc2f45774a

SHA256
b1f72e1ed75981a1e5c6e36eb065637487c4387b1845508c44b74921c4f0830c

SHA512
dad14b7623cd415a1cd39adb763e2f087a0b04fd77919fae42b9a2d67e09d13f560cfc3e343104865fe71dc49d75f3cb9bcba5c9b400681f873295c78af69e12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b91f48551fe82061ad36bcaa189cb4bf

SHA1
86f85d00b21d9dc825edda6855decf675aaf1149

SHA256
b0051d78631abdd61475cce50ed9c5b135ad9a33215de2d58e18cd4d10e82457

SHA512
b5e9203425680dfb319fddcf102acce18263c1991151fd0cc9f6ebb3d8c1cd705d451847f3203a6314323356a345ab2559870bb465cd6205b66ce9d111ee9bc2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d08816ed78b973df13ce9140920e29c0

SHA1
32e6c53043c4ffc67b69eb33072973d3a4e6f10b

SHA256
e407b1ff3ad87394d586fc09431337f817ea0bc504821dd26a00d2f474f73e24

SHA512
2b7c7f36bab006a998384d81bed342869550bf3fe1433d8b534c086a6824902bf74bc081ac9bd35184e916197540117c02842d06e22368fb3ee78d500888f747

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53146a8e47c34796091d678c7c235a12

SHA1
522a20320858a51b60bd174e72b97f18b777bd94

SHA256
59e4e585219d672d5e9e622df9c957f8a3b9d8ae6dcf1b759ac05b50bbac619b

SHA512
a3d859ee2aac5da3c4674c09b934203a92282e1c8a637f8a333b62654883d866c86ef675b7dc150de90992b64792a88360928e33eae1980b440411b92826ff26

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd70222357de0719a80772874b7ea4dd

SHA1
4608e2a84745d17f7e5d8be63c9a332b31ddcff1

SHA256
d78d2097a5c4b84fc3c7999ef50b6ec87c8f6a953609bc3377dbb64b4b160da4

SHA512
e12ebf60a2b2925c9e2d1a7cfc1af0c9b0e0215d555c708eacb3aec83c86ddd8970da0fd400cf4a0b01015e013c600aab19641436c9a531d088657a5c9d8622b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9dabd3289dcc1bfc8807999faeea6fac

SHA1
dfb2a955d289807a70d88298c9dc1c8893f8d312

SHA256
7f39fcd555fec2683410c56e4d7d2a2cf11358720a27e64dd843c806e622fede

SHA512
64214093e08692793df0f29b49cecee7e3a42dcde78fb59e570651d198a12c5211775b8e9fb74eb30153765146e0fa0ede331c2fc43241c3b25b31d9975a8abb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38abe9edaf8f8d4dbe1d6b3e096dbbe9

SHA1
44d8e5bf7bb65a0c3fd0acf038e69c604ff9294b

SHA256
edb9ce7246dd099ac25734c9a120d1ab6ffc39b63430875224bf8846ec63a3bf

SHA512
c113cf9bb5831a7de251543785b42a579c87555d7a2ab27e113d08815851e14ca1ab4ec841cb16847f70b8694d1bb931dd8546a8a60009effcefc5cf7d5b17bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72c5d1e30dcf2a3949576638a29849a0

SHA1
1c1af74123b03510048eab06a01a40eb39db66c0

SHA256
ff13b88d5bdcec50ff4811c7e203dc656672d5b64175b024ceb4e2874bce1612

SHA512
ac832d54f1c87b27910581f6b98d80065b11ba18523c3ff399ce524aa3ed93f9e49ba07917228f8eb1c884404c473fcf04cab72b96ff1f56b3f04ba6b163528a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d271b6f156f4828f679ec744d824121b

SHA1
9f40df29c8f3d46af1049f3a606b5419e90a6fe3

SHA256
6681dd4cee94174bf61cd649e12054b61b768371cdd34102020fafd2a0deaddd

SHA512
ea3364b3c347172d8c35f8043bf86107b3ce9107998703a19327044236157cc062dcde7acb41455b895e85cdcf0136153b3ac70377f90adcec2a56f0bb728fa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2692c20321bbdaa88a4e25a2cb31422d

SHA1
6a8a3234ee18187a1576d93ff256055c2ac5b860

SHA256
10de415c1a267f9b551431795a946d9435632661a4ce3406c8a19b35c7fc9fd4

SHA512
3c6955406223e6837015e93403462e31075be43a39929b1e890562368ad51a9a7d6341ba34e256d053ce2e272d61f80192dd0f8b4e8e875772ce1095bb1216fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabACB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB2E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit