2d9a9895d471187e840434db5a9c22b28692d657e0a3221a72695c2f7b34491e

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28/09/2024, 11:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fc2d0db46d5f07317150b916b6fa82e6_JaffaCakes118.html
Size

58KB
MD5

fc2d0db46d5f07317150b916b6fa82e6
SHA1

75791b3a0385d8f7b04006a08ec6ace15f6b1e53
SHA256

2d9a9895d471187e840434db5a9c22b28692d657e0a3221a72695c2f7b34491e
SHA512

7bf277976d9fde5fcf6a1e31cad593fe43ada7edd8cc33a1727d50ae8808a2369bb03a7a6f2a2525b978f451d1a4fd9ad2a62fd2ca86153e0016f911bee7cd55
SSDEEP

1536:u3P3KwnqlO4aXe1qc7QkjClAnlZDuXuF7r:Nw+tQYBCYb

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000000d65e8bcda201c13fc3da6110d39745ee47ce647276d53132aa2b8637ebd79000000000e8000000002000020000000d3555fc0134e088ae53c477b74e1fa2c320a39528f73617112da6aecbc3ac593200000007bd7e4f54ef688b7ef4c20bfc6f5860765c82e683b1c304a35d9a0bccc4af1884000000045519b490d78d007594725d2a55637f982b25c65d6d188612b6f81bec5f9915858291d09be5555c18ba4f2bcbe62d22a7cf9bd87e5d83b27d31cd6c1bfb545ad	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000001d1715379ca9c607d5516b974c082f957a3f5267998546046fc8575aa50e626000000000e800000000200002000000069b16302392cc9d88c8f14189717fb5a107a3207a9d105df0ef7bdaaf1246d7190000000c2a7a9cd6a74322f3bf08dd35e04b5839c839327b62f012571d87e1ce3c7517b6a5e8b1dfd197a675309e8a224c3eea05e5abf12b60d7e45c4427b96aaa55b4c5297353044f1e6e69df5fd1b406a5cecfb7484d168082ba3d58fefc589c8b90ac484d062f6997823ad55e0231755d8ef419d2ae3a353359f1e2d51f4f965f313ab152f130acafc2f9a333e8fd27d90eb40000000f84d8dda6814faab2664864d5648ea4136edfad957ce63abf78e40e79a36241e05675e4441aeae6fd27885b17f3dc89c1d1b3b456d3ef960df6418f4e950d2fd	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3FE221F1-7D8A-11EF-A0B2-6AE4CEDF004B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c07355149711db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433683689"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2700	iexplore.exe
2700	iexplore.exe
1912	IEXPLORE.EXE
1912	IEXPLORE.EXE
1912	IEXPLORE.EXE
1912	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 1912	2700	iexplore.exe	30
PID 2700 wrote to memory of 1912	2700	iexplore.exe	30
PID 2700 wrote to memory of 1912	2700	iexplore.exe	30
PID 2700 wrote to memory of 1912	2700	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fc2d0db46d5f07317150b916b6fa82e6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aeaa0d1ccd606701dda55dd9b22bb89c

SHA1
4b3b46ba8f2f28ffc64a1c8213136e8f93ddd623

SHA256
eead892ec6608746f5bd1e0fb87557953377c67e09a8dc30e9097213c21feb5b

SHA512
c36c45432dc8139249dcd8f40da6831e6ef1d12b9e7b842bf18b860eb4aa8e2b34f9e4130ecf8cf2206c345d6d23bc564e7e1776b5c6101c6990833f07c7f6c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b90f15e9dcdd116301f596f82c0938f4

SHA1
db1783415835ae24b5500f3534eaa33d8db855e5

SHA256
f2683bfad7bfac7458e43b3a2daab8923e5a529b3204d5e20e4fe06431444e96

SHA512
73d648af999922a8e12b73bcdccd4d4742228a3932e9f69957f48ad815afbe8467d8a9e33dc3949acd985f3b5dcfc47043685aa0788537f20a43e7cae5b4b10e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
624949c2b8f03f2f0f7cc61e158de2f1

SHA1
7b28f349e41bd7b3bf67b0ca9b958c695a915635

SHA256
959454d8e41be8a4cc796f22d7117e4420a09c4373bf4a56826358dc0cb9645d

SHA512
d8bc986aa1268337b1f3f36eb2d60f8d16078de6bac814194e31bdd1225eb000f910374ceb93cc3fed782f6cc82ee9b3c38237fa9333a1b17134028439d6377f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c7a58c81a42b981e97728bb69d2e5a8

SHA1
4df2c83835f12fb446e0a0178a6fb9555e671f43

SHA256
e156b70520ceed7ab040a2df79af92bd846cdde46f22da3d7c2e2be0adda5fb8

SHA512
78bb1c04ce686797fdd81e738ce3cfd3c953ee2d1228101d7d718db659bd3af9a1bb764463ffa3953ea8a2ec472f2f085a7651d30f7c5cb0a64a48d53343f643

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfd0e81bc428fb0b64a221c50f66ec09

SHA1
f59995fcf170171ba822d76f840ac87585a87db3

SHA256
7c532ed075c779d742ca8d942456e7832d0e290c8da5ee8a9b47f6377fc8ceba

SHA512
ee56aabc466697cea9070441fa90d5576201effb9ec688628c6e27987213b673005620ab6c673d9cb8c52904555ec2f88fd5144415619fb7bb1de0dc747d0556

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a6e5ca554b1423c84c2e005deaba91a

SHA1
5eace102c5acdf745cc8af3e8c67f0a22617a675

SHA256
a29baac2ea7d7768f9b71b1f9f48f328f958c3e98e75cfd25398b2cc85768095

SHA512
7f6c2e754b3292520e770210cc908f205f421d8d86b1e773d66cce1b78c148fc17a266a15a0359f612902fe3848508d97a4fa34744de0ee83b065914ccdd657a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a0be91cbbcb2eb8f068e33976d6e6136

SHA1
aec71f0f0a1bcf9c983eab13698082e94f5245de

SHA256
2c21eef2417264a31a4c9ca1ce02fac62e4dcf007948107d848b4c6aad53dc11

SHA512
5c1ed3525b228bc8a523eae157d0770e05e4d7de0d6803099b194c394d3fb025309fa367c1d73f5b6d5f717a71e6aa92cb4d3caef92bedef741ba5bc1c509f3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ad352ffadd26d9083440d40e61821a7

SHA1
1926e698a03e1441ce909a61d90f662d1ef6f167

SHA256
ddad3143ff75919c07c983cf6c9f973a5e2d95d93b0cd1c2cf03946028b9b3e7

SHA512
85bd9010d6b9b4c6c7c1fae562dfe8daecbe775b1acb275d070dadc772c138c8c14011977410d955a63eaf68d9487a8f0c6dc073885987034897baa22aa3528e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ab5c066beb118dabb7c4820ebe4b631

SHA1
5e243c57ce56a88b08ba994a324fdbb1cb3e7d7e

SHA256
2da2ac5acbcbb729f31bf1eea10168cc4fdb8b6081564fe0aadf01f99bbc2c87

SHA512
ee3e8973a8509d60c8c1f05a810b53a249c6fb0ca584f83b48acddb7234c2f1b154d8023618f973fe0e7ccb1c7b62ae2c576d50d542930d871688a6c02b60db9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0552a39957363836d424c9eb1c20c8aa

SHA1
dbe60b8560f1076d25227dbb411d17c3a70b6905

SHA256
e9628712251e376f83add3f15718954b2be19036215c5bf2e8c7a86f54ceaed9

SHA512
b2ad81094e584d665600cb1634c283327a86755d18a4e644ae5fbafad934b26f68b150a1b3932304083472a1dba22fb4382c596afa94f4d7d10d37e2aeff7d53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36f8fddb7b72024bff5d4cb3e8bb90a4

SHA1
c9fa8b9de11cb06e1fffd00a4b092e2a89a5e1f1

SHA256
8d0b407dea83425f340019ffa4c897ba77563019d9b3c99e8ec169af4b0c7c28

SHA512
916e92d960dc4d3a417ee8dac89466b7f84c0ba1ae00cf528fec315125fcf06920de0f9a9f94db7fbaeefffa82c65a6dd10bfd868ee144f772e888fc7c070c98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c41feb6aa72769561a04e1924d5ca852

SHA1
84a9c39cb2076297d4242b726e9a88c39ac4e51d

SHA256
5b2467b5efe2dda77a7b379925a1071b69c27489e44639b325a909823c38495c

SHA512
3353941cf405c74732cb5bcbc7638d77b84249d8d3f04365ca4b115514fe911946064acc2ac50712e85235e9b8e3a55bd371601c0575b1845aae813f6d92fa66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31addc8aa520fce040fb7031134cc027

SHA1
55bdf6cf7ca50d2889eb65867fb2605259772565

SHA256
03d0e58cefb807faa963cbcdde76c900e3c3a5b6122e9b11e772d589b03189b1

SHA512
405c7bc24a1dcc9d059c007234d1e3e271f92d3b069455e1e72e6a41e9cb9c84db6805af169765bbf3b3f87f0250084207682d886046dc24b212546715267ccb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
18d3d3ff9cdf01c85414c065dc5d99b2

SHA1
fa391b5799b9aca5f2cc6574567db39ed03926b4

SHA256
0d1e3254e9ccf8db881117d41c81c44277b9b6dafa81e4189edd93cae29364a7

SHA512
fb4e259a7444f3d8a36f6601896095febaf465bddff1162341cbe95f1e23ffdccbb1be304d6791c2601068aa1fab84e3b95fd45458d2fc4287ab5517ccb29bff

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabACD4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAD65.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit