189750e37a38299874ff74739f595f7473f7db0adcf838d767e0bbc8a8352155

Analysis

max time kernel
142s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd8b88787e9f06607521567d9eb4fe01_JaffaCakes118.html
Size

59KB
MD5

fd8b88787e9f06607521567d9eb4fe01
SHA1

4d2ed0c1d5fe7bcff831aac4cdc9ace6502e3698
SHA256

189750e37a38299874ff74739f595f7473f7db0adcf838d767e0bbc8a8352155
SHA512

705b7d778c8bb0f59150ff64d1748944408f535524ed6929e797a24b6c69c97256492ff89c2aa4205ac38e8dcc822641c83b642e45dd392b15a1e89f172b26f9
SSDEEP

1536:AD6fBnKUxA+d/o/MIuGhBeeaeeneeXeC8eweee3eee3eeeSeeelMeFtyJ+MEKWkL:AD6fBnKQ9/o/MghANtcBNL

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433735624"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2C2BEAA1-7E03-11EF-9D09-F245C6AC432F} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80399a021012db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f0000000002000000000010660000000100002000000012315693285b1abf57dd920e43d9e3b9599133912eac36dcb106b3c8c9048f5c000000000e800000000200002000000010871e946c723204697b333eb27948d701e429712beda2cb5a9efdde27bdf5f290000000d8a672e944328ad6e89d27ce52168dad1947669939846a6d0880eb55a93afc2c3328d5a281a641172ccc41d9ff68ed31cddf7d795602f1628a367a1fdc71453c375c7ae1db59e7d819663bd7aa0f88eef084ae0776f062cf5c9502ef985f5f803047940669a7c3e72bf0bb2d1604cbcff5295fe1cbe0ee6197bf2c33c2593fa2cdfba9f1e390a7e3130531ae9d1fd1a640000000124306bf657430616a620a0066bee6665ccd092e0c5f04d44e23c2689ca115132375ef60005404fafc2d4aa88957f988a622273fd75d8fd6babeda7212ee2150	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000ae15d3f848678978d04d1cacf0b0ff669cc67b4a29f8f0382f0b9497733f49be000000000e8000000002000020000000a9971fd99d448c5cdbc500b4feb2e181e852bdc1e04c80892bede9ed12baecb42000000037098a5347155de9ce337ca0aa42e742580c053b918b35e549cc954ea926722840000000f542ec7131d18611aac8cd65e123c79e7685c3329b84eb53fcb074d9f94abf563471f977ff3b8b7dc86af170c364a86f54cceed7b2cff5ceecfc52d397ebc62d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2756	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2756	iexplore.exe
2756	iexplore.exe
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE
2680	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2680	2756	iexplore.exe	30
PID 2756 wrote to memory of 2680	2756	iexplore.exe	30
PID 2756 wrote to memory of 2680	2756	iexplore.exe	30
PID 2756 wrote to memory of 2680	2756	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fd8b88787e9f06607521567d9eb4fe01_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2756 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13710b97e1a44944c622c97512d26118

SHA1
ff0ca4f1126e7bb38a67f86537e81e6f4e7f956f

SHA256
6d23b030a55aa0af70ecf9490409ef1a002368aad8747e6a57e6e55512670c60

SHA512
47545995477dd6d8589b58f513da414ba843700e0d05ae5124d3db2e5de317f71e2e92378639fdaf40eeca79ff96c058c9efc80088a548926892c1de02131c37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e84df28ec163a3754000c63e9f6c872a

SHA1
31593a39e959834481d02b9f8e55807aa08e126a

SHA256
ed50be3d49c45733d02dbff72f4854037e746e7fb6ca929e7c77198361428c69

SHA512
73c7e5fb1ef596d23e936fc51ef8b1820d522fd66cb504eeb9eccfc490cb68aa709996687cb7d543fc11002fbd314a5817fa300b1e679315fb072623a28f5388

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
653c6ac464460ac5b4bf0ccae554ccab

SHA1
c921b0a0665d2f7aab5bee92cecbdf3441758217

SHA256
8a57199609e7f5541c0f0bb4a3362cf6e9a9457a95cdbb65b2c0ed7c2f7158d0

SHA512
78035063512f7bb64c078720278f92e379727ceb88fd9b1bcdd68021c02943ae8dbd79265f4cb15c7540e5e2bc29922f85b8e551bf3dbc51946a10f84a91acaf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74832ceaa513422e2338b4908e87de8d

SHA1
2fc5ada4b430be54ff3d95b07e541f8068ae5a83

SHA256
3b99fed2ed11379df227e3fc9878e281f39e46026835d34f3e7c4f6cf75b9c47

SHA512
0dd22fa5d6de3ca38ebde3acb982fcf6ef8cce3637f6b435bc37087e1513fb1d09a8911b89c655834d8db31e32621a25fdd4f11340de15b1ded1110665f42dfe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dbdd3802109395f76dda0b13f92d1fa7

SHA1
5664386787f4a0f1fb1e3cc817309d824bbdafc7

SHA256
143e118be113cb23465c496a2e34bdd112c06d5fd3eb3fffdc98028f7ca766f1

SHA512
5b954a40cf8491f378542a0ea4ee63269700f9e2541be6792a925733b61c09539bd42ebb53aca6f5bbd3d1f8deb56996f33a67ab1818d47fbfe2a486bd1e8fce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c2fdd4b1e11370e8540161f9cdf880d

SHA1
3926db737a959fb681e1982a6e64b6b17a8cbcbc

SHA256
07ec43de8a4ff6e98b507428f9f88e0bd76e6d3ce3f83e421fe2762f673c79cb

SHA512
87414a6fc13d5ff5caa53ecd44a55958260b7fbf41c988fabe6c9c09dbb5ad348ab09fb1e92c1b6feb7affcc0909fbce700e1c3e1d864afab08c473f20407c37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d463c181d9293a5bb29c86b99f3dce78

SHA1
34853d3442a51e2f4ccd3db06dd6253a968780d0

SHA256
af7dbe04c9a34757e66fa45b641a5d1f09cb4aa933d1cd6ec177d7b57ea2c288

SHA512
3e0236e1c7665aa21afd1f419e4f43f34e449b86bd30b3710cdd4300164db482fa85242b367faf3e79c9593cff3b5f68f95cb16804fdf7e4696551cde83353b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b466182af9efab458d673e4ee344133

SHA1
7dd1a9c32b9dfdabf357301f2e6867c6c29f7245

SHA256
a44aaa05984ec3813c2ff113064b743c1c7fd04c1775ab12c33ba477238e42a8

SHA512
e67d55fe26827cb67f87272fb2c6460b3425db15b3c8f6b30d0deba38673c433e3750832bd011050e4a67ba1d32306ce68789ba29c51f7a7d29c927a2ef077c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e663b92ab788ec4dd781d18b35c1260f

SHA1
1297ec617506c0c81e1e1c90d46ce2b7bb43e254

SHA256
2f10af6cba4a45e5e8cf54ea5a684fb5edacd1eaa572807a2dcb73809e8880a0

SHA512
e0ed6cd91c0c77d540e566770828da0b21e7c6aa4857ec982d61dd1fa294e29279e3923d0c6cd0e74c7b478f6513dc0b502092f22558ba2d466ddfd7e063ff0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89b36b278b0fed66f374f1d61a3cd6b9

SHA1
e34a6f5d00f9741b61591fe89bad39c43f191905

SHA256
2c0afd39d5afea52aa03b5967f46b77887a9eec4d41406e56ba1fd458fa45d81

SHA512
7bd03113344a57ea125802a20115e41819207328fc2a7f773bb4fdf126c71dda68b598b5b640a3533ccc2d184b069c1d5fdb96faedc8bcc0b1c803cfcee90201

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
acf4f84cf25bb6dfd2f7bad274e3f5c5

SHA1
b30f5f169e0c163915d0899cb22f1fe3449bb24b

SHA256
95bd2d0be87e7c9337b6d2ea763e64133de8f25c183c9ad686f3b715ae42e267

SHA512
b11c8b66cf9fe0e430ea668adb5b46e2f2529204b6fd356539b4381dcaaa8c3b718e7b66b9403a46525db76ff08f86b9baff33c644f2a1e440007debcf038d75

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b4852d49adedc3faf5ba213b028440c6

SHA1
96f3171f9d54e4095e56853d304e178b83d9a563

SHA256
b03d986b43f180ab844064403cfb0b5fe5844d0c0e72b88fd040b0e67afbf3d6

SHA512
39a38200520f27bc59e65866a0975d78bc6887c8804c79ec793524b3d875b3e10296d7a1300332072072d490e455c7893d4ef0c290a4f0bf22db22e4a5e7a7a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2d429ec6b93bead65184445f1c9d892

SHA1
f6b6e8e38db94aa3f82e9f4ffe9715358cc1bfdd

SHA256
fb8fdabf52e9b1b9de3c20f75187fcb5259736f718ba473c27432b337c099df2

SHA512
bf971deedb7447a072d4e49d3bf0dcb24faf011276db53f3b69c2dad467827c6a7c57a02544d056e1e2eaace12cf31e706cd3719e786f229bb77c06a97a0320b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d27ff37376758e38f3bd1d3915d3247c

SHA1
6aa9d124e82699e3ccf73b734b47147618142c7a

SHA256
4a0da6e577e963cde9b6844aad90f35d8cea99b01385349e46fc27b381a5cd9b

SHA512
961d1d3dc45526bb6afbc3bc34dca81e0da2b0bbe7ea5c495b7eac0c9adab80e8d1c10a84f159ab57ce768e5ef9ad285c5c72ae1c0fe6ce4a86c569890c0ac63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
948301a20c3012551e9729599bc0ba65

SHA1
ac40fc27fba0f3c0c6f4aaa4c4e3e1ee2875e45d

SHA256
62fcc3cceb56cc263ce4adc8d8754565ffb6c1bb3bd3eea8cb6e87bc985d91cc

SHA512
ca44ae80b5e12c20e9169424bb1e37030776b1f69ce36aeec3d995ad50a9395a317959ef0c59903ca102369543a0693430e2f6ff6be8a643c788e14ea9e8cb1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f5d27e4027fb1b01a158968d3e71548

SHA1
2925176b92893bf9ba66c40260aaa9e1e861dc7b

SHA256
b9557c5f2fe5766ff0a2322117feab9356e8516ef257c3e4406f1d25985a3d0c

SHA512
32c5d263fa1f7c2240f03c1f82796d971878ded9f4efdb0f1c7a2d7da7fc5d3e6822551b8afa8bffbcdb074aa1864a17c7f867f9242a4136beb7ebe46bb813f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab14DB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar158A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit