759360dd3f6f062aa136a84c6dae750cc2d3c46eae3c52136c70d596c852f664

Analysis

max time kernel
143s
max time network
124s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 19:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f6bd5bec8e8946f076654c02adc6c1bd_JaffaCakes118.html
Size

139KB
MD5

f6bd5bec8e8946f076654c02adc6c1bd
SHA1

814c007f93ce51f1cb61f51e252b41157c74655d
SHA256

759360dd3f6f062aa136a84c6dae750cc2d3c46eae3c52136c70d596c852f664
SHA512

1684d5f5de4fb7f4dbf4a2c8169f1078ac68de2ad5036d2ee32b1727a152bfcdcbfe15367b61bc40916bde416d903db9970be95a0fd6b6fb57989e3d3550e3ce
SSDEEP

1536:SpNj4EluyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy+:Sp0yfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01354641-7B77-11EF-91DA-667598992E52} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000c4dba35a3b3380b3917f370eae98e2944da9146ffbc846818fc4f20493594394000000000e800000000200002000000020b64785882504fa1f17af808a85ebbe6e420b464fe763d70b625541d4d281de2000000055dca5b4f596ec41486bc7f88543ca384cbe9a6695425664d42e02ea95507f59400000001b3da9b4756b083c25c599b1dc63dab3e579621a56af08b9b756713244ebf5da894df79686a625e2c912ef1745f148527e2a58b9e92868a912c6e2011e1cf2f4	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000a3b9811159ecf602b9a526477a6f8e81ca08ed474c17064514b2dbc6121d0702000000000e8000000002000020000000c1f7e43e13afd7c9313fc06daa8a5c23e7ffee3729fb7bd40e966c850c4f98b69000000006806efd3c5ebf61f283d8c6aa06a602059c42540fe4aa7724b1f537a0dda2d7874bde2b8b9e95ccfe268effdab808736da53d1994c37b6eccdfe483b0bf496d255063189600895549faf51c5e4b407671e993572029646a14b350821ccf7bba91f820c59f769f00eabbbbdd5b115845404f65405bf98aef39f40515877aa2de8f10edf9482935d0a60f0a5fc09e346840000000367086841af3033b280fb7842abccb6330c1d4ced76db881b1c21d1a80b49910cb874c22c2fb477ac30138de50c17a40a1b53b8889fc3d0661e3a7c740338e8d	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433455522"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60d63519840fdb01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1296	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1296	iexplore.exe
1296	iexplore.exe
2260	IEXPLORE.EXE
2260	IEXPLORE.EXE
2260	IEXPLORE.EXE
2260	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1296 wrote to memory of 2260	1296	iexplore.exe	30
PID 1296 wrote to memory of 2260	1296	iexplore.exe	30
PID 1296 wrote to memory of 2260	1296	iexplore.exe	30
PID 1296 wrote to memory of 2260	1296	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f6bd5bec8e8946f076654c02adc6c1bd_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1296
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1296 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47aa4cda2e4efbbfce3b2fe61e9fb972

SHA1
6309690e9be49a0d5787efd71639120837a7a4f4

SHA256
f01db60f0a172416548789e50a24983513bb6714e095624ae19a87798d5c6dc2

SHA512
84fd61c535e6093bae13c95f0fa388b1c2ba7cc77025059f732f401a1b3cdc3758db53074e35b7c041e875708769552cee5f66bbde6c4c911ca68e718193feaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bfd1a1d5585cf114378562cc36d600c

SHA1
7d666781ef60993ebe0324aa2d18db692372e43f

SHA256
5be9ec744fdb15de1c02d3905b639b6a798238bb52d46e11c2c743a9b380755b

SHA512
730c63b17040a712f9e00ada99efefeae568a10157503a0bb480e39ea3fd5570dc09adb408b4cd20d3b6fba3843ce3839e90e8b0f3f5c7bbfe9e113c8872f10d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb0820deaa0029d4e1e951a109ca8360

SHA1
09b03470a608453b22276b272ec7428f7c65702f

SHA256
ac445a2fe2a54541cb90d88eb77cf55a83d127be5d15afbfec3946423ab80fdb

SHA512
171deabab82b949785cc3910c238ebc2ddd893cfed71516bf41646facbd7182aec04191a69b4a0490055712335cb4049952faa9bc4f593682cca8f1391aadd3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bc5e6ca481ccbfd652ba0422b792e4a

SHA1
6134493edc7f14f162a16a8e07e7793cf90233f4

SHA256
5bc1e6aaaad15fa28dc5a40b68dcbf0c24bfdc12d15f0f88765a3987d8de20e1

SHA512
71301e9e53d56b362f3e22937a72bbb8dad015375968a93cc8e590d920a3843eb54f16e3143ce27862df10675b23df4aeca351b88901b9ef4c6a08746905f2fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba1b1f8a2d7ea7caa1987c521eac177e

SHA1
88251d76176c6be7d5cbdc051ea93e8da3204e0e

SHA256
0d08cda38edfac02f1e9426438e8b2aef7c20d557afa68e08eb18cb69699e737

SHA512
3220ea2e7ed51b73bb12c5be3dadb7ac52e5721fc9c21aadeee429c4cfd50c25387ca1f28e2b2505c59542bc261998860ed3f3f4e8490996be015a423617b988

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0123fe4dfebfaf9a353027d9c9c01883

SHA1
92ffda243991f591138312f854b4752286e3f9f6

SHA256
bc6b7ab6f242d56e8cb6bd62e49435141bc9347b4c9eb3d500b66375bd95d4e2

SHA512
968b251f5e0f959ff3b6b21f9f0e3e8c0ada15f876c1435edeaca56df594f5dc835f75d0e8e734e50eb6ca1e3b40fd8724aa93652d63431a4b6cc85e7bb1e4fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
856c7446abc29e598de2de179d1ae743

SHA1
844edef7d570c6ff1d3d17ccc0dbe96fdc6db064

SHA256
1800fe1fda112daa229ac7e7a1133202c1024279ce1ecc40806959f5f2ca0b9a

SHA512
abac01b4175805ac2b3e2c769c2a8c5ad8ff37a8e15826e2411ea2220c336d6cbb9e2f97bf98c46b2bcdbca3f7c020bcbf07814a195556bbdf530944a0c88e3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4414c54f5679affe10c798cd6deb6d4

SHA1
304027b6c4559e2b8e7ea762b1b72923fa2dadfc

SHA256
5053d62eab56ca626e1d80d6e5fa20de1b4e7d985598900a2936a8bbae6f0412

SHA512
b0543c51d6385f2115b54795aeb44b96c9c5e986c949f866fc8b88607b1190c0d56d556eae394ad1cda9e496ff01ae3f7a2998eba6ed7f90d8d5e50ce20e4399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d97e12ec9cb842164957ef9055c7a06

SHA1
bdec616056f266d26c5214116f2dbc055c843128

SHA256
afc4c87b6f1c263b498135eb4018b64f50b841b1f57b55e3bee7446cd4ccbf8c

SHA512
338a13b7c5d08c83ff51489ab2a9b5760045ca0487bb1eaf2c2a0df9df4c51bacc33cb4e6469f62ca84c679f87543640169b44ce820ca51341872c6f576b9aaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31a54bfc58619d4d334eaaa6cf7b87b9

SHA1
3bf16cc0f19614967745cb444e238fe598668fc0

SHA256
bd2ea0182178753d906d4621bbe194333d0e03edc7b1a640a5261f46b8ec6534

SHA512
85f05b45255812b52a29c72b07c5255184946104e0739c8e31c735435c06fe357fe1f7bd63d310459113707e7525dc82003361f35e74902faeec238438d27068

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2e8ce98819dcf8897389a5465fde271d

SHA1
68fa0f63d3fc9669be05d9486de8c7c5b6698278

SHA256
0ed22e19e652e312ce01c8be7f23a2d69aeb9bf0a83a84c4789783b17f56133f

SHA512
3dc54aefeb2775136d4f47914ada4cf6234e9c7034d9c2af40ecdf73ff8b54227962400a6fe886b49c307d62f296ec67047b06acabe6ab935bf400b6a8cdab98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d99d86c9f3cd791b313ecb153ee1a05

SHA1
a459ca9aab880ceae617bf8e0d73eeb47b05fb7b

SHA256
52a2aa46ddd32890a3984e7ec339fb03fc03bc5fffcaf724a388fa1a238c35e8

SHA512
40974542fa7341de74257b9f38e25f2666282dbc42556636d10d347a7a018d029129e4088aa6bb584605b4a68ee074c5d980d262fcf03681926afbac034406b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc8c8857417822f36c2ddc4f15afb591

SHA1
59deeb9e8936b7a248d95adaacaaa979f82b7ede

SHA256
cc76c9bd8d09a37131c588266afc2d1cad95b91f3e84c22d75d04bcd922166d9

SHA512
60a68b8179833e9a5776a8c15269aebdd4de0e51116447c9035bd17dbcab63c3049f3ff5782be3ab03b28c31abd067c5fd2b87d84d945d1ee3115802b107f37f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec063e79173a137bf766ef6f41b128f6

SHA1
83ed5feb2f750284e73654156ced51bf5c1781ce

SHA256
85faa9aa5db6a47da07cbec4e2381e219d9d6ff443bfbd539dce3c3eafa2687f

SHA512
277ea8e05bdd708d704bb7e331889dbda07ad74bceb30990e217a2c543589ff136387a6fde610753d49ac58fc61c0b2e96e808697e870eb19bb3393577d6dd75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13df0284373137537806c0a6b5b28f04

SHA1
3a6a65fa260cab5ca51b2740234af1014491574e

SHA256
9406c60d6dd66b5919bb9f01e33c881afedbdc965c35711f78d75f36cfc98ee6

SHA512
d133f814b8c42ca5f5b2d96919724c156bb205161d14fd5689b852fc8d7e7c2bc9f4e9e3e2604b4cb39d1660dc1a1cf333b131788b0bd2de84115e178d5d5342

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA0F1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA1B1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit