5d9395eb11b42df3133fc33464bb0f3caa107432df4f1bd8ebd33557b53dc2b7

Analysis

max time kernel
133s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5724fcdd1e1ca7bbea0d3773e2b5f30_JaffaCakes118.html
Size

7KB
MD5

f5724fcdd1e1ca7bbea0d3773e2b5f30
SHA1

bd83acff80bb2859bddab35aea2a2b9144729548
SHA256

5d9395eb11b42df3133fc33464bb0f3caa107432df4f1bd8ebd33557b53dc2b7
SHA512

828aaeb5563bbcb9504e3adc0121dafbb08e44c0052beba6f034fe4f1bf94c129131417b581aa1ee5714a628a4f8d91c0fdbac50947d7e7a35b8b0ea14a446b2
SSDEEP

96:MhqEL3+HsmLsbCHaOsT3x/CEd/6Y1zwMG1WhWJGsT+g:Mhx3oGvf/9/6Y1zwMG1Wot

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7EBA8B51-7B0B-11EF-BDBD-E62D5E492327} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000b972b797df5fdbf41626b66761fced271253d1baf42f3c23dc12a531d5b6609e000000000e8000000002000020000000d3239f36276e09f4c1957bb783c74a6002d086cfa41cfa62751f53de2c0f9495200000003b0e900162e29fbc9d1f09409bebadd7abfa9349859d150d36bbcd485c461b9b40000000d51b33578357b7ba40388a3318386af722f9cd197a436050edc98d11e839db9299c649b7b3c7b547c70792149efb62e0bc48b8e8379f37c388e132a27aeee6fd	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433409344"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80083953180fdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf6000000000200000000001066000000010000200000002aacbfee0363ed1dc3b4a99157c58d3e00543e782838d97c4a0a69cb56aebbd6000000000e80000000020000200000008c09d43222c8710dc7dfefb1eb04e20838bbd63a5ffb2b4fcfb0fd007e323ed9900000005e3e76fda6bf932b6cc025d865249c6dd200309ab3878a78577bf7e54bfcfcd9944f53318be51552bfca2e2ad4b655f4ac745f068418b8e7bf0a685632f86f99fd84a135e73163d014363d9f10bbbfe40ee9df898d9f5a90f5d30002c94088577a01cefe76a38354f2d043c88f198647ce601652d0f0b561e9e4ef1d74f8a9baa38a6fef7ce055b4379ca85f061b611640000000779a05279499b19932420bf7094be0ef855d4b1a211fdf6c4b98f8b72121372ee9f494d6fe5e1070fc37faa310bf5232e10c1c5e38de6461ac100107a5f6a41e	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2332	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2332	iexplore.exe
2332	iexplore.exe
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE
2448	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2448	2332	iexplore.exe	30
PID 2332 wrote to memory of 2448	2332	iexplore.exe	30
PID 2332 wrote to memory of 2448	2332	iexplore.exe	30
PID 2332 wrote to memory of 2448	2332	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f5724fcdd1e1ca7bbea0d3773e2b5f30_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2332 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
670f9730137d1e9882cea72f84ae3b2a

SHA1
125f70dc29e50adc93c91d5a464d5b0737c56aa2

SHA256
c762ab98307a70b49d115cc959e04dbbeee18a52f8bdcac780d5b3dc17a0dec0

SHA512
57256dcff17a8583a1eb8b644f591eee17e6cd06ed502f7a7275db56aba9891c2702b9c68068664859f732aecd765bcd35d6482bf00fb62645dfb8ebcf0e09e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fba8eb652674f263e3fd1606698041ba

SHA1
1d2e2416aabcf28cacb4e6a2156a7cb4bda69615

SHA256
be83035db12d0ccf46bbdff0a5ded95f4d7a86706ee05297913561e92d5903fd

SHA512
075ab406e1a8baa431b67615e89068bb3f0a166db4e1764d8ccefc66176266934232cd55f503b89395801b510481b048455c9b6ac7eee2c492b9cdcd29b6b19d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a777951e1f03c432e8dee6a958977e57

SHA1
e0eaadd978e3fa02cfb4f60a1715f0cc09017276

SHA256
45394d28696c693dfab0dfff6f02f8d9cee29d503d0a299b4a49e5e333fdaaea

SHA512
de454b7a0e47039e1d5ff7c8fce86f770d2b860dcf97bd1cbc9085544e2a7de0ca8af8f0ec7a8c4e3f69c48f8543c3a6ec3672cb1fe999d93088e253c8230116

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb297e760f0a26fed3ff43ce0238e0b0

SHA1
f4f5001894ecf31250e6ecf9f58124c9eb9b2474

SHA256
dd677bc1d2880b7155ee5050c6146ac6ffe610166ec69fda8930b412363f9a15

SHA512
40ca423a3981d8558191a3a59d4bcd86f87eafbcc1e0bc0970caef3e12cb8a3fc630e3ff25ba6a33bf0d0a5decd1be302c9513a8e9c77531ce579951c1dcb2ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2d3325a34f45feda0f98ee785f28fb40

SHA1
1e032106f3a20bc83fea80e0ce0aae184f36042e

SHA256
a437e79e59157e2e178426bf1259d6aff860522c6fc9a11cdd2a43a589b728db

SHA512
732c529bfa2e32522d22954fe99623aeda2c1b576d8999fb858723d7ed153d557203b7b54fb904c3ce75b36bc092a0dffff4182a63395ea2a69512901a4bcbc7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c8a109583962b533d61dcb615da72d23

SHA1
16099884963347e23d1f719fa221cf8ade43caeb

SHA256
cdf06553fd61c42458d997f26d8694ba7aa6f7aa72c62d0258fcc311d473ea9c

SHA512
d174d92a2675cf85a28859b29571b50bea0ed7d7fc9e9ba97e15f8d26ee64adea6b54cd44c15afd185cb77af8283f4871f0c6093d960654771cd711ebf9667a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3d32fc6e5b7d67c2bbbf3002b5aa033

SHA1
b0d67c4bc251cbcebe6a9b0dd978f58b42469d72

SHA256
3c89dda7a4a945aea2aed58623977f484006c8d1e7dff3eda14553e18f00818f

SHA512
a4505a14cf1c626ce1fc3e2efda0238492ab17857fa5e6da4eee9866b9f5462eeb635cb0d677e3e6eb7efeaf8c94f3373cf0a5cdf04b267da1a9e1186a78314f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d23061ea2397a55b44e3d4fd30e9cad

SHA1
ecf23a22b4ee67e6513240dcf203e6f6b26b48c5

SHA256
3c9599f5726dc7e1187856adf7a9015a352ca528f1dcebfa79aee811a8224676

SHA512
e97812adb32664c69c633a732594111b845b8bb58fa8213eb5b8b9e7b8b611733cbbadd8c1c57dd43afc5f93ff1a219c04403245a8b67aad1778edc2828d31bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61365e34a0fea2ac473b9f37b6567d8b

SHA1
087f1b08a14ef14c8d4a02af0d31b5469c7033bd

SHA256
dad81cffc8b7fd093b0c388ab676e18f2278d96b70167d74b892d46b25db7fde

SHA512
3ba1a12769b43548ad0e07ee8bd91784523a53fb8bea42526b09a2779acba0717f52b8dc3aa07701a1d0b8ae2e7c256a018434b8737d8075f15a76970e1cdb16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76fbc54407dc829b335b2e00efb5bf04

SHA1
53deac25e2561d507ece822b2dace324220f10c9

SHA256
47fc48c1bc1c69b724c20062c41e53c5b0467527d321bad5b5b3aa78bec9eb94

SHA512
87babda75e2045e3c60461424402363fa4fcafafa78d75a163bfff0f5a524c97783f9fa3a271e6bc87c88b83a73485b04d34a89dc5d5f967a41b507c65e8869e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a11169287efc87f8ed4a8ead3e8b95ae

SHA1
3ad53206f0e3e48d0af7baabd23daf215823c678

SHA256
ec80a47a9895d5731f92596f8b8fccdc01ff09a2d209cd4471d2f5ca0a55bc22

SHA512
876ac3f62fcc777f9f9054a6e9a4fbb8ee0b54064379e22b40025cd874f165d6032d978729c469d90642358f2d4d3e95080cbc8a6565e1330ad16ecffdc6bff7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32e8991140fa51195c31311d3c57ab60

SHA1
28e75d081f83dfbbbec0621f98f842077775d15c

SHA256
a45dd58da989efe3758247f4c608be8e7c99be718dc7153ff9dcdbc57899dcdc

SHA512
f85c05cc7beb6befc5475afb6b21ec94f262ca5f2cdb53b3bd54601528723371cb71354e29144767e2d174d60eb4a972a87ee3ea8baaeaaf13ff854cfa7bfba8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
113eebe3f42c7d7ab4c8c562c60c07ad

SHA1
c3bb4620f43a4006ef6e0f1baed8f4783cf07bce

SHA256
e05c3f9f0e3d0511e1e26c8a4af7ac7f49562c0549d5b94105d70aa2a56cd43b

SHA512
c7a533611bd63d4b7c81a77cf2028c56faff924dbb8a5351efc7b326d8221e0d370da5fbd82a56b1453301bae5d94eef1570f42eb1ffe11b7f4a282e58a6a859

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b531cc71524cd451e9e239edf5b8c687

SHA1
77aa56d03c26231ed5c2a514b03e895cd629e64b

SHA256
b41e9928b5c8a8709d5516f62b7699e5df8b41c4dd7862dbc3dcaacb7bf01d19

SHA512
546da37745b4c0cb502158a75cc9cfa61ef753c10998bac43661c51678cd22d0b7f4342f1c1100f2e1e59b636a319a8e571abb655455059e6cef2c506906aadf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
141f9784f3f63ffe1caf4ac23a39a05d

SHA1
0411457631de0871d1ca005c0ff31ebe607b082a

SHA256
32fd0a913c16c4159632b609a31edceaa9c1867a15e3d2c3dc067c48d72777f1

SHA512
f781fac0117eed41934233670c1046d3a42963e41388da68a511e38115cb9960837d952d47b8b41d8560fdeb3e458e520bd9706a4c1130774add1823121eb64c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC2A5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCECA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit