caed1addb80dcc62d3ab6ccafb3edd5ca987f6fe8f4f3067d496fea908ee3438

Analysis

max time kernel
139s
max time network
139s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 15:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

faa6181fc027c6d803ff14298172deaf_JaffaCakes118.html
Size

24KB
MD5

faa6181fc027c6d803ff14298172deaf
SHA1

c3fcf1c6235ef1feaf987819eeb4d0bf7e89278f
SHA256

caed1addb80dcc62d3ab6ccafb3edd5ca987f6fe8f4f3067d496fea908ee3438
SHA512

18cffaf591e375ef47820236785afb73098b21e0416116c935596c88ac9f43ae188fdddd9293dfe3004f23d2968d3115a3de80c87bab77801e75a65cc4a2130c
SSDEEP

384:lef4aQ5yz9zWWDfyE0Rtj5+FB5uGB73MBNxaYxpe7BcHxkZmtXGeOANq:of4aQ5yz9zWWDfv4td+FB5b3MZRgs/SZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07910921-7CE4-11EF-9982-5A85C185DB3E} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000004329090de406dc2c59b761176ca69693a51d7d90203d461b860c77633f48e9b5000000000e800000000200002000000041d0a70012c0324cf7cdf0213fdbfe2dca317ea8bdab2309a5c63f5cd4ec15482000000091f8eaacd05a5e65c38534d19c5107ecf5894355e0ba14291423e4b14c6ad3994000000075346c833e5a67f4d40ba69d8f5f0896e6b90e1611391be5ce860e729a0d06feb8a94954a20164b53e42deaff2bd9111745336a04857f93aeb1e75f23a4bab39	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433612296"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30c771e0f010db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000008faa3db822c6a8bec1562eba6ab5560d19666a5a5448215254b9d16763febd06000000000e8000000002000020000000aedf30d444dabd45af60d374f1e898fabdab63a9ca1c6ecf298ca80ca9c5361b90000000245d8d02d0a49633e46babb98071ede7fa7e35358783224f71ca2b5fd418981f5ff122629c27331e2f65ebcc58fae31708df912fc591e677f9212fcf1bc0fe63ee348e52beb60f534abbf9b70de507757be089f8794a371c1eab57116d395977ce620e5ca67adfd9d584bf29a327833b96971989564248c27803650049550bd166e59b5632304dcb053692ef4ee7b4c4400000004e829820e059cb1d51a28be8dabc338e3048e3cb05ca31120514e9a89f82600c1b7e9e5261d5930cf9203d8aeb567314aab770df41b9d9501d879ef13e98e9a2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2520	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2520	iexplore.exe
2520	iexplore.exe
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2320	2520	iexplore.exe	30
PID 2520 wrote to memory of 2320	2520	iexplore.exe	30
PID 2520 wrote to memory of 2320	2520	iexplore.exe	30
PID 2520 wrote to memory of 2320	2520	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\faa6181fc027c6d803ff14298172deaf_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f05e1cf1e6f6de6f701012ec7cc7dec8

SHA1
6b0cf84a8197c60704b0d94319265b78c57986d1

SHA256
f7afd52732d182cbfa1d6fbfb83b4ff420c974ed3fb2723f22df6ad76ce2f7a4

SHA512
f1979781f017867c2c4118efa0c1e9c68e3638c6352fbe0d6972fdd46b547cba635a596a7cdaee34f05016ce30f1fd5fd1834792eacf5ce53b85dbcdffd46950

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c7f9bd69220235d745680ed33423ec0b

SHA1
a05860ad61e257886d89676ccc5a44e74764c672

SHA256
71d959b71b3339aab4d336e45eafecb89537fc0d93ddd988d95f51fb0c4d1023

SHA512
53d80c98e97f6649a227879244517d50ec10a374e8d6a854724c60008f0f6566f115fb9b58087a93344733911c18b19aac686da6afc3afd131ef1a8017a5b3e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51692d7998652465152d42b988f073f5

SHA1
99434dcd555ad37c94043fcf4fdaa1873b8bfb19

SHA256
cf7f1d3e62ebf7a61708d5f3aed92be6bece24a4184cdd9a7644ecd18fd0cf18

SHA512
f1256579209c3e06727e82c4852ba3d3a0cb45ed404faa7ec61078309f0d7f49e1f8ab04bd7e8d900a040540abfc457841ccb143e0c84add04752a3dd9376fc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d9f3727c3a00ad36ad2ccca9e88bd27

SHA1
03f4068a09870ee09e4bd8921a9d7051fde00677

SHA256
cf3d6ae479e4a741adf1bb3576c5db1222203374caab0d29f153f71b841cfa00

SHA512
291af5a97c82bae4e10b7d98be26b1f320fa74fedd03393d898e7e5f0a74098f04e39af6fe08d7995cffe19d44778248ec27c34d5be903fd6ee75633ab3515a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edc9b20319efc4e0f66d1959233a9df6

SHA1
9b330a2eef6f75bc60d8b8096c7aab960ac7e89e

SHA256
bb12287042c9db9ecc5fff3cc9e82d2a91e45a836e3b375127d51c56d975d420

SHA512
46d79df146c75a98cbbd2dcaf7e54e37e663ef19ab18c8934bc2408e0f4e9d4c75be3a6b4f6b650371677fdd188c5ac5dffc3b7e7d277dd2f9fae4267ef0b803

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
806eb2b9794ecd0df00ef5c87c80f05b

SHA1
c8e830be2e9663aa5734042c85053328134d04b3

SHA256
bfbbfeadd9b7ae2dd4d41beff830eadd61451e3eedcf0b8bfb0182ec5685f7a9

SHA512
3500bdbec16622352c5e0a613d21aae93df7ec0bb76a4b857c59d9605e0c6dfb2e4699dd60976263bda1ea14fe690c819b9c73a2cec79ea154b0630780efc820

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
77dc2230813e9e7a115c56279d1e780f

SHA1
80303a22d7c7d2a6e0cd309c5275a371e87d0467

SHA256
1c9ba4104df9bf8e9cb8dd7c8fdaf39af01f53adfdd992d3b89c83be875d63fa

SHA512
15aa1c071bf8041e790cd1f3bb90eefe38298c9e3e29dac397ab031f4d3f44ec3ff4e00161eb07ec7b32d3cbdabfc8cb9627476b6a2b4286a62330cb88a1a521

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
efa66266257712dc19ebd71bb20ed8e5

SHA1
b85d580b0fce01319daf1462ba660caaa7261ace

SHA256
57472f402bdef9b9b863bd51e13a1f75b85fac659df0c43a8caf70a8fc3c37e1

SHA512
38d2b9f6ed702af551eecc856cca8d244fb4a1a6a61bc78e8d61ebe4fdb132336f63e7127fb7c4ec8afac166e26673cc0a40316808577d85d2b5e634c7ae7525

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5806c7b2d7250d5227ee953c369eb57a

SHA1
e4b243abdf270f3de8af5cf3ff6e0fbcd03a720a

SHA256
922eff311618772bbb2a704a3b4ee2a3f736722d6eff8e582c7aa5cd90026187

SHA512
8e05d1003bbcd4ea2eb75e7fcaa81247db5c2068db38ee04440a6d3f0093bf706e3edc43e76fd4591a2514bebe993b1cc39cef6ea9f6d0c24747e598f9ecccbb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c50827e82563cbd0c14a9ba86dab289

SHA1
0481e8f18673ad996ef2501c991c5c047d5e854d

SHA256
f2fc50a6e6648a4440681fa85f5356b3f945bc143ce016793c40171ba638f765

SHA512
921dff41be4c41f0da39183fabbdb2c09e679f5eed562212be51cb6b7855dc2c7913b62b3914f86da3d73c23f7630aa67438a473e6ed0004d117bdf040110205

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3f7d3917e72021b442cc148c8e94ea7

SHA1
661e00ce02bfe7e1ee375203b4e02c0d9ffff1ce

SHA256
62aa9b5abf89fc25b709987d9cc77758ce7955e3dff62d63419f8f0eadf262de

SHA512
f9e0a646fd975d83084fd8f22c624163033741d4a8e3ba2304892a99525991082c369cdff94a2a8ba59d22b334419e233abf8650974993a5031a5887dc3be0e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1769d12f62a7e6b75d9954f22ba19674

SHA1
42be6cb7c63e1c3f87e9c85fe102dae4bed620d0

SHA256
1ad242ffe3f25d5d0ce57b8aab656513ba9d880804ce3c26a466cbda1086bccb

SHA512
a307b759d73d7d51ff55a7fe1bd4db3e0b1ba249c168a9c4a1712353778f895b56201ebae4228c431c3d96a85bcd59b838128cc54debfde20c3b2756e66655bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
adc2e19385ebcc662ce2969010bca936

SHA1
458cb92051cb4f3b9b01f191338932138ca1f1d9

SHA256
031272e350d2584fa4e7d2a729b8f62f22e2ba308b409ae8efa80ff1a89413f1

SHA512
605d09065ca42631ea9c5f9b881e819338f5c023586e0975c72d5a97cf96d1dbf243b4e3974afa7cba972763276fa4b32174ace66d18b502abc366413e423d8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fa75b2175fac511a9ec73599594078a

SHA1
98ca7ed01316f1c820f6105ee0313e7593b29680

SHA256
9a0051e0b3d1855d815b0e7f71def8ea33ca915c83f4a9bfde904b9241a828f8

SHA512
a7fb65f5ff69a1ad1c350c640d9230c27c24c6dd034300769106b35b845619e35d8393e38344d52c63081c738b6e33c1655a95ef36e9037860322b39e9efeda2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b5439daaa90293403f8d38bc9d858b4d

SHA1
0a82fa1c8d219f0ed05ecf90baba3d9cb89e8496

SHA256
9c02d254429cc153b4010409e523c392885e524c31fe0ee2c040ebe34fc1783f

SHA512
6e2920478d4eacfe367d3be2fb53fe2cf47ff9e4eb43cbb74a4806abdb9d00e341cf26e6f80d930901dfe07acc404f3960f397d457c0b3bdec8276a714badcd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e5f1e90a5cf39cbf5324c88b18f2c60

SHA1
98c0a347bc7be5a5f75a5cb6324e6ecfc700f079

SHA256
ee45dca9880641662276efce93ff16f11292e61e004f6e86e8018a404eea0ffb

SHA512
d8e188a587b816fea68e097b91228e9d02a71ce48cc88bcfe1c52e9cc7c9390209664d47118444638fdae8b9fd509cc8b10ef5a7beab552cbd40a824ab474c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE3FB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE45C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit