166a0d6210bd83ad0453de6f7a04bb623df5fe79d72fd062db5aca08a3f6a674

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-09-2024 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbe4d1eea35580cefb987871eb5b2910_JaffaCakes118.html
Size

15KB
MD5

fbe4d1eea35580cefb987871eb5b2910
SHA1

238a7778721cef27dc4b3a1f67ff486ea609e9d0
SHA256

166a0d6210bd83ad0453de6f7a04bb623df5fe79d72fd062db5aca08a3f6a674
SHA512

b7b5625529d5d0b3f07f7b85f1663edc1d43c9fd99b1ad616d356bed41b8a7e69fec2d54104cb72125e86e22e46ceb0cb50dda996819e19fc89c7eec645c7be4
SSDEEP

192:JuU5tMEs3Za6S7ns7g72w6ng+zBv11/IGqnq+9Ohzd+zUenrMNF1dtnqgKYYjZtU:9DsMSnDJGwj

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8F6BEA61-7D73-11EF-8E45-E699F793024F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000902688f80b1a12d0a35a85a39218a58ff1265091778fddab68e46ae6d513d41d000000000e80000000020000200000002d60e64c9e22256032280c38ee9bc5d11834663b42cd9e162b0ae3bab592421a90000000a3ec1f55b0672040e5aad771d9790983f876f0679633d998f1b9c90cba7cabc98f0d3df35ad45c08e476911b5a7bd7a213990bffc1a6961f2de1979c4476601d23990d2d255ac49efe530b41428645cc407f5de4a23eb58efaae80f9208ab7ed48ee3009ac099228d7177d1b42fc15afccc9521537e0651b9d3938f8210af2e6291f936f7f64b75a4cffedc5f5b918344000000024674320a14f59725a0b54d843eedeb0e98f3fa06297c7fe4164f8f5a28d949e5245188893dbedebf55273611fddcac346c832771b7bfe23896e1fddc56571bb	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433673943"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0bbe9638011db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f5420000000002000000000010660000000100002000000021c499380e977861806809468637267d40fc54128a446ab7539f869845314396000000000e80000000020000200000001420cede43ee8d63b5e4a2f2275a12091034e3ab71795512045f7eb837a03f47200000003fae08c2486c5e37a4e0fb898e8d79ab2d405e857e3314d313ee92899022fe6940000000d9bf4c3654dfa9b08cc2e071aa46f364bbef5c9bd33c36103630fbff7cfd96f3b5d12e687ec04a91cff1f1e1fe9538b0d683a293109b0c4312da54cd1de11721	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2720	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2720	iexplore.exe
2720	iexplore.exe
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2680	2720	iexplore.exe	31
PID 2720 wrote to memory of 2680	2720	iexplore.exe	31
PID 2720 wrote to memory of 2680	2720	iexplore.exe	31
PID 2720 wrote to memory of 2680	2720	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fbe4d1eea35580cefb987871eb5b2910_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2720 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d75416fa62f909c32dec6633cd2df008

SHA1
a3c602ca3c4a4743df5d3fab06a38af25a4fd4ff

SHA256
bf2ea1e71d9f3585e55d0bca583e217330ef45cda09264ca954e00ca3de2436e

SHA512
6dd65a3955a220e6c0d1553ca87175024994b1141d9c0116f5725424285fcac06681183dbddfc9a850ed99e01c2e1b312cd4ebb794d48860f416d7a6fe5da08b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2eb9236f009f9801d744c53a2b0219ee

SHA1
59585870616bb96c2f06b72d30355c3cb778632a

SHA256
44ea7ff9cb89548c7e868ca58095d3289ccbb794e902a1fb51c1cf71b25a97dc

SHA512
73ec0cc20f85d2aa4ae3eb7e7a7a1a09f1ac7d95e8b2d4f28e3caa4fd49b89a9dc2d961f97e7bf2b67b9d9284d50728987a0f7247c6809100f341b70d05adb43

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4e5ab89168934f025f8fc75eb6bb6c4

SHA1
a0dcee92b83a2a6689e9751e318d235c95115031

SHA256
35c918bc0fccdd917af885b27d91d679ae6229a1b4ee0759a129ab5cda7f8aaf

SHA512
16b5d5fe6676cc653d4559c7cdee52edebdd39163e00da2c9dd82f504765fe52139d132c26c382e3927e332697b605bb62042eb71a4751a202bc7bd51941e976

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d8ae21d93f081a2e437ec8c4ad74132

SHA1
54f5ae1363b4e29a7267eaae818e07ebbcd70895

SHA256
3d7181a669bd45114f8c95f411934e27219873cc8a3da1fdcdb89b5e826ba5a5

SHA512
4ce307948e376ac0c8d529c3cda7fed4b7f2e7e729e7dea07687fbb820cdd2079b271d042d2b20576c7a925db3f562dd045700af909aaf2629eee6531c5d3706

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0881b9d5b8cc0912c47a8fe8c8e1550e

SHA1
cd58151f52345a9167c6760eac357508371a780a

SHA256
8d6376e2d699a14641e6238281c78d21bf813ee7ffef1e93c8c9e2bfb424d394

SHA512
ab4b0087986558236b128d120b6f020ee9655793a2f1d4ef508ba915d6b619f197403b4e9d25e9d69d16d9270b40a72ab8753ffba448483487efe50a4f38f0f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0983371191c2a09181986f44c2f4bba0

SHA1
c8e1c79860625f9253c42039a85aef9857f09141

SHA256
f310dfe0813bc55d7fff25b4f9aeb40cf71cc3b7b4b1b5b738fe10e8eeb71d8d

SHA512
981da38b3a893f6d6cdeb4b4d7346e70e1ff13f317d7d65dbd175458e212e041375d62347be42506ae8da76ded76cec1102f1e3534480afb67e605135c949839

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71c97f7d6fac7debf8de478f2470e67e

SHA1
4eaf3edb264b69fa1651374b83e34151c0ec417c

SHA256
a895c6c34730c48d7df8b0cec8a52e7852147d39abac6282b862ba33a9b06a9e

SHA512
6a3d87d3308d370e83ccce682dc3d713d0f7b44e635561d81a2e7970acc67748d6ffbc06a40af708a4c3f2e373691c4c92ad5efe5ec9eb04e98dc2a43e6b2493

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47501519a189d0eb1758485aa2071b4d

SHA1
3a6c7aee7fec6c2917ab275a84b79aafd0836d48

SHA256
7af819c0685ec0e0f395dd532c3e39e010711303f9da912306998d504071e2ab

SHA512
db41edb6d10498e2a1aa72f9d417af077423cfa8e6d6b255b2f6e2978663f23f9014623421794b868ecd134e30b1034115d9d1c6a6070b655a201eb3fb83ae3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
baf62e5e391964f10df2e42c169963c0

SHA1
402383bbe0f9cd7355c2b1cbbb0aa8e7a8d433df

SHA256
4b6d631857d85b12a046686d7557650cd4f80b86cb50f7b820f6423eb112a28b

SHA512
90be82c329182e31d5d66d06d5496a97aa721ae485b28e994d6b644cf2f6643088fe7e479edd35dfeea89698e36caa06c916b56c71e71e9125ea898e9c475790

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d112335b4674ff35783ec6ba2786ebc6

SHA1
f0b32be028c268fc494363844e353f43e09d3276

SHA256
7703dca5b3660bd7c9328124eb0180650af76ce4ad26f99506addab852ac42f1

SHA512
e2579ecad6277d488ae6932af7c9496cb972b3e230717b391bff4ea6db726dca9a16efb8db4c02409cd2e297ed3c0cf5de83a3a18e8f954f55ed0300a003edc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f8d27a16dc5b40e6fe52d98ac92e8c4

SHA1
1dffa5b7bf27551ccb83a158287045f27921a1c6

SHA256
26744b8cd52364d55b2c20c5011e348e0736869f76ca2fd8a9d282217b56f3ab

SHA512
6ff6ce363feb3f9914962d7888a5a57698ef5faa79c9b1520b3e4123f7ed412cf49cbb562fa5e249ef39888848bdedbb4fcd4a9eb8ff31ef7aaa170abca2b5ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b14b0bf2c0a344d97791eb887a5f605

SHA1
bf4011ca5d51dc158a0e29e5379e2a6d3107607f

SHA256
c4b0fee39c804c80fcf89ae0873d9cdc8172b7b4df2aca3b21b2a7231cb72a6f

SHA512
5c560ead8f9bb965c0fa639ea4f5e8106c57b954b585d07ed59116a2df9d073c294819661421c0b606ea8e806bfe61ec88d2fbf5507977904d0c1048d7660c57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
114bfc246a5d1437a9f5a2596fa973a8

SHA1
d256016d430c5841029f5625e0542ae2db9c3167

SHA256
e429a590bc5925e9b5223917a8cce12bbcad805376e682a9da66de9101189a1a

SHA512
53f6f97bccd445dd183ea99aceb3411c4d192b87fa4abce0038b87b41418294fcc9456cb345bd10635187bf1d5de31f82855556b046c8845005ce282b93244f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
968a73704d8620ac215b15067af1ce00

SHA1
b8fef15360f18a3b1e8733c855336ef4a96128f2

SHA256
7b0f62932493ee648eadcc1a51faa651ef79116346a28ae2352379a233cd6b35

SHA512
2f40128050bdc2960318be5cce642e5ff3fbc643bc382d2e848d25a15aef0c915a8d715e69a38f307db3ed62a701498e291b5f360db787f76d8b0e6fb55217e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a65ef0b592050a8e27212c397b889bc

SHA1
f93472795cb7f4c7123640f756563d81bc6b3490

SHA256
b1bd0a7ff9436b1df2393b2f0810cd9717655a0948179116c881d89a57ddc565

SHA512
1eb2180a471ecaf6ef70deec6ca2ce49bbd131f3ac98d7420efe0d976ff845244a60eb29fed0523310d6396561ac10e05176966e276dec71160398ab7422a770

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab83C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar89E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit