d433f3d52add30f0240f23475452be6f2ec13b325ec9705fa7a23c2b63743568

Analysis

max time kernel
141s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-09-2024 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5ea9cfd7037f44cd3547b6e561e592f_JaffaCakes118.html
Size

21KB
MD5

f5ea9cfd7037f44cd3547b6e561e592f
SHA1

5a24f47bc598ba70c994daf3e0395c8405a32814
SHA256

d433f3d52add30f0240f23475452be6f2ec13b325ec9705fa7a23c2b63743568
SHA512

e548fa96baad22bd86b6c8a04e97af77e74b2e0fe52ffb9ffb6d5236e09207d0759947e1ef6a8e8bf78a5283aebdb0d1f38b2d5f9eb73c2672093aeff401d85a
SSDEEP

384:zi8KhgefGVBD8cu3R/y1H1ImEfP4ycbp5FzVcrHDJZTO6uN:zibfGgcu3xyXImGP4ySWJZTO6G

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000dbc6a08f5ed374dba42f2dcb3b1c6862626288361955a75a05be90acf3013d14000000000e8000000002000020000000fb6f0129455c15070b7dfac5ea58a6ff7200f003a23da8a1156740cd8177eabd20000000f2e2dfc504e7db4c5231d3251bcd3410823965c75eb894d1b47c3dbb34cf80d8400000008cfa1917db260e3d251dd4c9fdd65cf6d177caffd1117f0335b74d52dc10da2b9124354085345482777f69ee033694b595f7bd0a274bb73e50a0880785ae947c	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6052419b3e0fdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C5C0FD61-7B31-11EF-A51B-E61828AB23DD} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000929d981dec15283f4f810f20b77a93f2274093af75e4afa6ee8f9743305212da000000000e80000000020000200000007b877009908a62db91180d79a7f9f71236f69cd54d60603c0625967769bc6ff790000000bf6d517acccd03ec11a54e54602b64653b6ff33010eacbab3c98c432f6520adfda3e02898755384a3a048ec89db7b7283a8b3f5f5b09492ec96d04d23077df7247c3b17c15630e319cc9301cbad3ed0c22bee59027275d6bc245a2bbcd0568f484ca7e84540a4dc8b6187a27517fab8933b123efc175193724b9a7c1d79781afc0b8e3d9d94284da9af026c4c0e6357940000000d81ff8e15392cbc7a572c86f8749debbaa3287822ca80b2b6d0b776b76026c723b52161212ba82a82a55d0daccbf2e9367772bd2edd4ad91a418d978d0cd7730	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433425784"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2636	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2636	iexplore.exe
2636	iexplore.exe
988	IEXPLORE.EXE
988	IEXPLORE.EXE
988	IEXPLORE.EXE
988	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2636 wrote to memory of 988	2636	iexplore.exe	31
PID 2636 wrote to memory of 988	2636	iexplore.exe	31
PID 2636 wrote to memory of 988	2636	iexplore.exe	31
PID 2636 wrote to memory of 988	2636	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f5ea9cfd7037f44cd3547b6e561e592f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7373f46217503e13a43aa065818d159c

SHA1
2836750602990e1249f940fbe58b4703509f8554

SHA256
b5f9082939baf607481fe81231a95df237e1946d2e5c5d1851b626792f1093f5

SHA512
9ab33c2536faf9434378e751d5c50706c03cbcc5f812b015f31ff36e6a40b41be6ada965b7076b0e9497a4e41cb2c6a1fbf8318d170a95fdb28546ee784c1365

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1f20540b8ec6bb436b735708ea7f83b

SHA1
b91a8206ec3cc2eba322e2b446da44c38f72228b

SHA256
b031f8cb5a66b4086df29f184d7d5194f74cdbb44360b17bce649551a5f7c12a

SHA512
cac7279ce82ca1ea510ab6e39e064d91f82a2def57aa4dbacce964718d90a115674d31547d0a4054aa43b8987af1a6446f4d2fc535b5678a3710d1c7ea972925

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97b7e6d908da822ad6cd87b834a82184

SHA1
fba42dfdcbbeb1cf10f14c0a5cb417f0918220e7

SHA256
4cf40e2128793321a5ff0d8247b145da20efd62c3a44d40ea814d38b54172836

SHA512
0cfe6e1e72d9ef9c79ac434c7d910ecce23f49eed9b938678700bf19419ebb9fbd04c966727fb717da21dcee37bdc224abbf887c2d43856832f832e938222fce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da3b4a92f7c39205aef07f36f944e0fb

SHA1
926370215a2e4a06052beb4fa350e640ca3f0e14

SHA256
9d247287aed5fcb943f6312ff2610881c8c013c4ce694b3234b9c3bd0c9415c1

SHA512
4a00302e5ff88f5672972d6558a02f661b343e90d8d893d07f894cfd7cb71a4b8450fe10592621ae3e23576786868bac35ac9637b57bd3dfbbbb24366a205658

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64097eefc1dbdf2f20a1ceeb86867239

SHA1
ae5f23aa6a3647911243f752f190336aaa566f9d

SHA256
d117b89ea65723bc2b2b7e9d70645ed30438fb931b8eb5844eeac82630581d7d

SHA512
da36e8d461e3df67d827f2362c0adf18f3ca7b78d4a56e60bb0fcd8bb05122a73ee1d7eb9d15d13c8266751e8d62df7d4bc05e9045634efbb77c6ef74712880e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe769753813ca8f628aff839c9a1b986

SHA1
6fdc9a41e2c90ace8740691adb13b6b9d4ab0c9e

SHA256
c9b5b1c8895e7fb910fb5a50ad408fd542706ff672a26e160e638e5376683f48

SHA512
dd38736d61a9d81d9c4c51174b76c0330317537f14569ffd3a7ac1aa861131a34c65730d6d9eb312c3ee0074035495c2a08916eb849a253333ddf85a51440ea7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea30bcaa729039e925ddaf17a9ffa4e3

SHA1
8a8e60d23e9a7d38f6b8ed867057a50a1b60ce12

SHA256
8961637c40e4b2d3dcc77d91a6638ed1a5118bbc70f11cd332e84aeacb10441e

SHA512
7ef1a37220a406d642654813aa6c7d2c3927816d311e0a9fd65e67e11a8f03282b679bb6838c8af64570a751374e1bc17c9818ff341b6c3c7a78e6a02dbd4484

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5dd009456c6d9dd920926ee74708b28c

SHA1
22da3d3a890019633a9bd29ebf5466cd8ade56c0

SHA256
42bccf8830668a1139ff41c087f335e820f7046c6cdcca9f9bf5733dc907a0cb

SHA512
1b15a96daaadff0b79bb809347ed50b1c5d3772eb89cc216988886c51a201efaf8a604c02d26ddcf52f56b373fc6ea2a43a9af131b68e462cc375959e8f7de74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0177b7931f6cc415ff1910a747b8db1

SHA1
f5dfa9747eac19005fe64703441c4211f69f22e2

SHA256
47812da66fe2dc15f2b44cb074ab01c83e7b50491fc9dd662744c46c43fb6693

SHA512
95626190f781b53e05710a508db46a166eed1f05549a223e4b0188055797748d4e9ba78283df009f53cfd06804cb88410929eb175901152517398e3306ebfdbc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cde99d1165072e1c2b056cf6998923e0

SHA1
a8b8e9c5b0ce6cd43ead56f402b45bedff1aad9e

SHA256
77e2d24f787e792377793e27acbe0330d32903e5539620a833d067442a7abc06

SHA512
7e1dcd0d8422e38555036d16c7313b6f75d5ad15f1b8e2a9f7ddeee32165a395edb958ce3c293bd298c446a8c95eed8068e4b5ec0c9fea89aecd90c56e0acafb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8653c0af7aaec935098957bb7141072e

SHA1
6f67ac23a7ff2bd618abae693a221a0b44ce4226

SHA256
8cc6eb49014f0b93133445fafce2a58828599f85a100d741e4fffd165435519d

SHA512
101dff33852d34b66d6257df0667b6f9736671dee95d1ed03fbce40bb7d54c5d2a77df9635de03e282b97db1b558d830b5e120c746d653423123843ee9a01c49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
092a8cba36b46df43c4831e4cc6265a1

SHA1
78946bb23bd284f0baed1e2ebce8fdccd93677c8

SHA256
e52c0762f87121e35084ef2b78a8fae7b8e0caf0c3980fb673b9cb41fc054705

SHA512
1d5acbc8742c6ca77f8304bf0d566f0adbbbf61c7e16ad94a91d3298f2dcabacdd4e22f843c295a83699ca02c5c28ca42cb16266f957259234fdbe56a27f30ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9312ccc5436eda0d276009c0ff265acb

SHA1
f5e7e3fd40ea20b80bce6991425506a1d8325dfd

SHA256
9d7c4a4e92636aa819442f1b44ce8421cafd036c23ff49fe1ac82e06d30ccb07

SHA512
51e28b7c8349d08eba45e732b3f19be02d5680bc6796758f755709bf1c980937633b29b2b48d25feb7fdfe3e1f70dcd54732ec109f255912999dfa0b6aabd84e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c5ac32e15173fffff5b8c798dd7efac

SHA1
8a4e5ca45ae28dee1bfa269c3c5cda4a67f5466b

SHA256
d2a3ad9130a9f03adbf82cfe94c487f1e9a263e5bbf5e8bc79b16931c20da557

SHA512
8cf988b00d60fad10df50f44494474636d1677378ca0024d11d248eb107e0d7a02605b3c4a4d156ee56f097ecb2b86506b134048b98c9cdcf37f807e17784fe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f9e5a50f845413c782dd8917bde649b

SHA1
18adb89243978cc03a4379c1e497c4826ec0d189

SHA256
f98ae813e4b4bce452f5d00a5ec96ce1e071ff99e0d80b3f9c971b2aeaf9c7ea

SHA512
c969ae6e69e5485bf571148aa8d8c04e93206fa8c1b5b9e6b1c2862bdc38fb0dc65f2fb91fdc651021cd1f328d1c40526ce540b25bb08d7fd6878ae1edcba70b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab34C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4F6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit