e97301f15eaacd005cc3f98d75b8bb0da3be17d5494bd6bec9bf8a8f2dab2e5e

Analysis

max time kernel
143s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 04:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f52db3e1630ff7c9820abbbbf81b64b8_JaffaCakes118.html
Size

91KB
MD5

f52db3e1630ff7c9820abbbbf81b64b8
SHA1

509aaf54078ea535123f75e624f9bab2d3103376
SHA256

e97301f15eaacd005cc3f98d75b8bb0da3be17d5494bd6bec9bf8a8f2dab2e5e
SHA512

f7c2978dfbe249a82f7a2954fe26f9761b3996682e53ecf3176a1f303b742eb5ae7564c65d81fd29e707ac52bbe94b13b69e9fbee8dd0eac9cb5c1e3214980be
SSDEEP

1536:O5RPG8gdzxhscsP0PPRBnENwp/NZL4m8ObyxUMa1Ccqla+pbO/zmy9Gx+p//PX1P:KPG8gxpsP0PPRGS/NZL4m8ObyxUMa1C8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07C715F1-7AF6-11EF-ACDF-5EE01BAFE073} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd30000000002000000000010660000000100002000000047441b72cfd23ea011cbf1b6f60798ece22b6273a28aa2ee5481d9b06ddeb893000000000e800000000200002000000021f6b866244be5dbe8483750e88c9db2c4cd10f78e3de940ef014e82e9962ae720000000c471e092b959f00e3ec8b78445ab69702335209f30bdb43647378ab35fab422f4000000035553527ae446e2f5d91b305cb97680f40969816cb31f7baf7722fc5ef5a701e8f62161ad13bb92cf7420de8e2d66bc1266e09b9d737cb58d34e9681a58d16b4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433400130"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d02d4ddf020fdb01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000007e18095fd9e6bdf5bed0e2a538820c6299522bc8e81cf9bec12857376fcdb796000000000e800000000200002000000064e423b6e81f9d6354da600940085fb81828069c4177f51f1bcb179d37d2e878900000005e7d8e8796e05bbcb9bd9df78b47ed5cfb5c9c05a4774f11b9c591debce976e81a4aa569b8499b307739fdc6b26237285f16a15f2e4c051c3f28f83c41999e27019b31ad23703e128c61c44723220a74a315f0755838730361fefbd62de99d01235492e8f5ebc61d1dc352b36d92be03eb1d3edf7b578c4804876ebbaf53fbcf5b64a882b9a64dd22cd64111e62892cf4000000026d5eca5c5d581c229d53e3235a24c78fa2d31f6f1856212b38f3b44188fcf8824e12e41d131b4612e9872062e1268acb3060eb38df4490c05c701ec8a9e217e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2288	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2288	iexplore.exe
2288	iexplore.exe
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2752	2288	iexplore.exe	30
PID 2288 wrote to memory of 2752	2288	iexplore.exe	30
PID 2288 wrote to memory of 2752	2288	iexplore.exe	30
PID 2288 wrote to memory of 2752	2288	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f52db3e1630ff7c9820abbbbf81b64b8_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f30c2439ee01114589792c9e68b55d7a

SHA1
6feb8f32a394c22159a0246c4d5646a5e7f3e062

SHA256
8107d8c58d6b5c68de96d68e5643f9b79824a108c36da9f0da56d6554e26943d

SHA512
64a9bdc6734094c38bf9ae8c5e20ee704a317747cba91e1468947b6b92f9b774a25a9e7445087c240a040781ce979ea4b3e968aba9208ba82ae0f80d30dc11ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe1734d4286f7c70994245ba356b9c6f

SHA1
6b45bc094bcd9b022c969e5f341c77fb00a8e9d8

SHA256
4d087cc4b45a64057363c5e3ae023d5b1242609eb037ecb76a46df4a484a48a7

SHA512
2ee64b9669874cc1577c3763431b6e0cbee3274712f72e4b54703bf2544ce7dcc69beb58c996423b6812604cdf1e39e5cb46fc216c3d986b6edfc07993d45a67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b7be7adac185f1408b35951bc555774

SHA1
89bb6d222d5f63c3e019dc0b114cf0f42f257994

SHA256
4f226698375810a966b6c80bbca6d988cada603010819c99132a1147edaf657d

SHA512
c326a130f5049cb89eac556fe55eb4ea6a57462de2a2b04c72242d7772b896b0233d0a2c66e0fd789099e2a9859d28498ab503ea4a3e86dcda35159d8dee9a86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
638f17997531a0829b7de0e440885203

SHA1
13f100541d5f68e9f9cbe66ab826f2e1988f1bce

SHA256
9394925f94e1fc3a09364b15f86becbf70e3a8225f8a0898689ddca39cce9a00

SHA512
780a6db9d8f32b011a71b9bd705d658c95f1e88d8cf63efb42fed0806028d215f9157f3fa215d4cd247a795ee92285573404ff14ad0becfd2ab51ba53a70de35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8ec657a9e729b05e48c8b4c528ef9c5e

SHA1
8942da734a7ee7e18c5f149af97380323d4b5552

SHA256
3c819f16d08fc410fec7a0ec6db70e47c297612dd6226dbf79086119ff3abd28

SHA512
4613821025c202ea22cb93b5f14fd3c9e1db5fcbafaf75fc440a6435a7af18f0af3cd8ed3c57e35ed78f63843038723aebabccda5db3cae1ff1298fa3c9f5d34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a5e697ab4ea447fea19254653db37614

SHA1
03090a51e21298751fb93377879562556aadb67a

SHA256
666b13eb9663af7a70ee1be442f7ba900bc711e7c516afea656ebec95ef34d93

SHA512
84ad7ac3b0102bb2f861c5a1a812497cb2d6257f43002589ddc87ebdb7d8d80e996f540d0537d2770b72c7eb61a9e12bc4e447bac8e081c4be57392743849fea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c90c056401a729d66724d474ae39f285

SHA1
fc2521b6d6bb85b63701c4bb1f786523c1df3fc3

SHA256
5c7048eb72530e07905dffe97f2e5929ed3815f94906e577772dd99eea428764

SHA512
833ef8b23e47c1645215e3e9e7fce685a968a6392b18e0aee1a65a759c9babf50bce6153a9350ef12e2cb8285714a7f5a3b1b87c648df06395fabf6d230aff72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec15066ccad32734c86be140dd56f0d9

SHA1
ebb3a0dc15362da11f183302bca85c2ba0570e1d

SHA256
0802798efb4d072ff7a8c2a9eaa4c2ec78f2a9508a0509da00d143dc7228cea0

SHA512
a30b662dede9477072c274b72d4ccaab42f48c3eb3652ea67a8fe66a3e71c55c0cd17ab789272569e6c1343bd1f35a4a9f230670ad3b096f6163942fe0498fcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25e96e5c264dbdebc0b54ac46baaf2ef

SHA1
c43fdb30235dbda9469b785ca07063ff163f2078

SHA256
f2da9fa2e150605d60763782f8969b9bc7b0305b857fed28ec93ce12d81db694

SHA512
8c8417f79414976d61708a8bf11912654a32669db50a3fbb8722eb8aa54dec15d712a855729869796506b1cce54bab67cca650956ea8c53cefc7ee044ab5efd5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb06bf3cdd9d5a2f5f8fa982412b09a2

SHA1
e09de85addaf74f91facec0f6d7cec3da1cd9c49

SHA256
275debfe2c7b81bab0a793134d91db1996abe99969b3d26191d94f4a575dd360

SHA512
6889fc85c05637adaaf9af0f60bba5dd12e3b24672bb3dea0c4200a9e1ef3bf4611353ac765d8c19a54f76076614354539b31ebdf28f58b5356a37a7c68b61e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4952b9ed79a8bec4b8ad54a0d1092bc1

SHA1
15f93c64eb37940875ca7420b37aeca06cf11d5e

SHA256
2a15d4dd501779519ddcb56b00d50463d2bd5897f25047b0c0362e4f8480e587

SHA512
eaeb82b3b5e26e3ecb69ed4bb70e273d2be5c1632d53dd38a4f1509c63fda975076624e9eb908aff50c30989c630f2040ebb6cfff2b096097161a2ae45cb5dd3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
11f1965b1a374c1e4af6cbd989b316b8

SHA1
0ea40f10447b53b84ca362469512a2ea7367049e

SHA256
6ca4310da89fed70db85b25a23351b03b62254bc969f387498d726f525444bc6

SHA512
7c5f55c47aaf9230f9b25bf70c0e240ff39d4581b177fdd0ea5f412e0fbecb6dd95952604fde9d5cfc57eb5bb717a01b410690f202ce86aacbf91397ebd56647

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
48d5f179d5454e8153a37e7505c71ffe

SHA1
76c3386750d41eabc52610fad4dfc7a23604dc69

SHA256
9833de92845304c071ddc90eac9bfd13bb1770ed50a13762ca49225370c999fa

SHA512
09bc29e490ce391059653128cc8751c4d2c535cabb4d4821430e0d6f82eb5eb6026a7f97e1c71ce4f8042744465850edfbcb0fe33c8174a033eda9ba19c7136a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ac40804a17e287c6debcc0a3d8a25f4

SHA1
44fcfadfa0455887e2ae0648152724f0f85be83a

SHA256
6a57bb271441839413fe83a93f0303525afd157b8addf0d3f4bd7ee3549ee4fe

SHA512
12395d7d662ae853c785e6292b5ea98db4f7aa81cb1a2a3902fb6fadefdacb8b29a78221577cbed4a85dc8ad28ba82bf0c83e6b8b769887b97bcb7aa45f56649

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7D8A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7DED.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit