9de5883b33adfb6c4163d73754892407053931d103e7ed3e4710d4a3676c2814

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 02:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd9dfaaf642ef9916636033acabb2364_JaffaCakes118.html
Size

4KB
MD5

fd9dfaaf642ef9916636033acabb2364
SHA1

b81dd181ef92de69c072ac8195e8e95a228cb2f6
SHA256

9de5883b33adfb6c4163d73754892407053931d103e7ed3e4710d4a3676c2814
SHA512

826dbf66d7ab12046ba1f5ca6736d3b176ccb919a03f6054fd0f8248834eaa18deed61793c8c478ba1b6b2d841956fc42a47b3e4787a40f17c9019bf0e0fab6a
SSDEEP

48:tyGoO6bsIkcbX5iaz5qBaSa2G+M7tTcIJdWnLyhbGkOrigqTP:V6oIX/5qB++sTc+W4mOgq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000288ef39195f42fe673576ea32b3c31b1e7fd13e493339383e1fc4dac73d2edea000000000e80000000020000200000008383423cea13f1130e4dc761a06595120992b68af08fb8bce0b27ad0a0ecd6d32000000008408d8077669abec96716dde40779de74e21ec09625a6fe2fd018c4944f43bb400000006f21043f4d8748a513388793ea5334aa195ed9b97b612db5f3dc3c4738ba7db94fe2c35125ac4f90fd25047170a7eb0792c01d5999c282be3664d24c89c47a78	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433738599"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A008871-7E0A-11EF-9527-EAF82BEC9AF0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 103b7aee1612db01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf60000000002000000000010660000000100002000000013222091992bd90959aaf48645d73e31cf966274a74679e5622fd932af3e1322000000000e8000000002000020000000c2e06178c79bd87916919add9a3ba9a0bee2163f5506b832dfc25d3899205e92900000000bf5b06ec3dd8726471a425ca11162f2ca626661ea91cfeb9a4392c876548059468ff0e0629bfeebd6c031666e2bf327275cbcd0e5528d2881ab2f5e6c559b52e2b44d4ce8f39d4f4b77f7ae78c3b4ee49222292f7fbd3aca93c11a6267b5bc1a855bcaac653d2187bfc21012c8d0e75d79289bb2b55a5c8665c0dbc2b1743509e97ea17d5cdd6c8a6954da0c9df8bf340000000bafb46ca4bcb5244047c26d62ca2821a6aa448e8345a31abdb7635849b2ad75476805050a841d6b426c2b25709f8215714d3692fcf5cd54e568d92c232616eb0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2248	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2248	iexplore.exe
2248	iexplore.exe
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2936	2248	iexplore.exe	30
PID 2248 wrote to memory of 2936	2248	iexplore.exe	30
PID 2248 wrote to memory of 2936	2248	iexplore.exe	30
PID 2248 wrote to memory of 2936	2248	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fd9dfaaf642ef9916636033acabb2364_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2248 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
552c10ecbd632058a84665bfd603eeef

SHA1
2139d93de28b077de6de804ede5a14b0163f1cf5

SHA256
9944be3f0a0a9fd7a4d7564f732a01c9ae98f5cd4d16bc535a9a4d8f6172e32e

SHA512
919326fd695fb7806fdcdbc3445770f061524bf6832f3af8254a6a80566b5a59048de49e9e5f6d2c88a971674208d97e7cbe7e5d528680ddc75efc559b1d3b09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfcd8463cee337a0dee69902ff50264f

SHA1
dafa739b9047c01309a9d0ea141f9d935c8477ed

SHA256
669b971010b75e8e1c979d456eb7984a7234b453b7fd335c10ae3dc72e41c2cb

SHA512
0cfc0bd4d1127990be2084e395451da5c81906d0f3ebc47a15a10d768789de43388d26e21fd25836395a4c176d0dd79cd8c4d7942da3858bb91e5cebbe12eeb5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b7a14c519fa38a8ba3583cf30bc0f0e

SHA1
024cadb0a937a7f5c9f6b71d733017c29034e7a2

SHA256
1ea5086ba41bbc09e6062303c1f1b3bb634ddae758d71a2490211d7f1f7c0705

SHA512
d540a7d1c6d257b1701d63699aa022ba583725ad26d55208fcddd765c2b97d96f6997f105b9f835b64a63c561d8e8b97774be9e5ca5d5faea7e75bbfcc6fba35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e1262c23da6ff9ba8afeeb3c7dc57f8

SHA1
352b79c6c9c075beaf0e6a5b634685b187835c64

SHA256
5d6cd16ad23dcd67c398a6209b6b8ddd70620e5fcd3893ac6dca683c91e0f349

SHA512
9ff40fbd6d1eead7cb23a0545d2bbf2976c9260d17ca7d7f153d22e71a177f0de47eb7fbe3ce9e9ee3390e28fa144785e852d9d1724a674c98fea8b19bc23bb3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ea6216c4a940e483c82f32af8bae881

SHA1
e1ae4909c4f23a57f365fe4c02496c3f17c9f256

SHA256
0d4f2984a20a6878d0e65dcd72331c663bcddab9f33e0c57e30ecb06be3b6ad6

SHA512
190c356c24e34f7b2bc85daad93475d187319975e3d58c03ecf7ec92571faa9d17362ee75e21b4ebce3bdb08dd7184e651918cc26fabe3b637779043ff8d7d2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db04b011042dcd887f5f9c4e2512bc66

SHA1
c2f5c4e3577333b2be7ce453a1795ef7d1aaf9c7

SHA256
0f9847be40a6dc6b5336d0e2868a8eea4691e1c00c1e0f879fccd562f1087c33

SHA512
f77fb2e9f27db78e35e4aa6de1aa116eb3cdf304a742bdf36fad70c5a83b23bc119d82a30c7d1f74c28b225a848e624dcc6ad315449c95f6eda437ee5956e2d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a56955a2dbc00a074028f377b068b542

SHA1
54e087a88d4b7143883390407f690a66bbdf117f

SHA256
05092cae11034408dd3b6739aff77154e17d954b8055fe1b9165b929c44529e6

SHA512
98933900414b21ad333269c900f1a22421ca2501f1c9ce50dd641a820d3527ffa24aab1805763e60809bab39c519a04c6572caa7059788d8889c7da4ebfd12dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f959bae8afc51328dda007a8c6a3e30a

SHA1
3979006eba68410028325fd4d1d20257d481a7c6

SHA256
d251b61fbd788525598814a6e6b37ecc061734b482fe507dc1f8da5ba6a5d162

SHA512
9114b0f06e462daf18a0652c952908d8d4262d7894db85d44dceff8a8bc487a5f65b8210451052a8f2f6bfac72602fdfc132dcb7feb89b89edbcf8db1a8bb094

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb5b60cc9fd122b36a9eb349ee65f3ca

SHA1
b1b6a6aff6be36f0f71db78d6586952c9adcf6ab

SHA256
97452f940c388c6639c032be8ca34125af79abffa3c3ed0cf86560978035cd13

SHA512
9fc7413235d9891a5b5c021f190c05479344a14c6114b3016ed68d3eaeb4aa6fa42f69abf91b4d471d83217e78d16f30f2b44bd18b77b4044a1af55733327d3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f2411e814f236a09cf6f864fd2b1f00

SHA1
13b1fcb76a51ca956d3d66ff085ee3dd687fdddc

SHA256
62d4307e4eddad68c52cdb88d57174dcef31752b7aed2186f38a3c61d0fa6948

SHA512
b78e14e4725c3e8d59151f7fdd008dda9d10ae3e84aa43cd19c5bdbcc0cb67d2cb97bef4f914224c1e4d019a7e0a4472abb199fccdb594cacd46c743cea31753

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67c95f8409ad3a24274045c6cca527ba

SHA1
d9d65822dac6fef0ce6eb76f4febee64eeea5458

SHA256
270db336f04f49a0d7d31e921e738ff3f908b02a2781df0580ffd7e290a14ac6

SHA512
7fb6f2e92d0207ef62d6083d2db8e937b7b7f790eb3dee4fec95f86df4bdc3154814897a0fd4566e3edcb5ff622b9be414ae14d741c4a5e5c5315d3a3251af11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ec58c4703e236fa40840fc03c76b3d7

SHA1
781910de219857626844b52b42149c68ef66ce3d

SHA256
085a6f6e6c3be89085a2849c47bb696e05bcbd7f13cb75e4b44f44bdbed84deb

SHA512
45a19f0c2a2fdc9bbe089c478d0283534e5e35f0e32d59961588e31d26552a3cf6855855891e94618826207899184bd352d3256119e1d8b484c38117b64a0afd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46b098f6e56fe34d7199aaa3044eddce

SHA1
47b796db70f8e7bb84d3e31c1bdeb06eefb5c0fe

SHA256
498f637a34205eb9a9645f64ce913189bfc96d054b70b3d272985585a4f52547

SHA512
cbe8f4089501c9fea19662c182a32124ffed4fbe0fb0b950cc591295208f10bbe436e522725a1da47fd0a08dd0dcd31c1142eb81eaf4993430191a41a867de8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a9c4df7730ef040a0ac1024c1fdecee

SHA1
4d325cec5ab79ccfded558ee2b25ee2fcecf8228

SHA256
df7f06d741202227e237cb378df0f6c04ffc7041e7d10cb0c85b48676a74878c

SHA512
3850174f56bbee6b30cd935c460fccaea1a7e749f009820bcbf4afa0c574a29aea5d3a39f56876764d23316a568184b036ddab1574f9d4faafd0ad56eec58a21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08c48243adc687d99bcbac876c66ef98

SHA1
1d1dd68952fe4dd84104f6fcf39171e64a0a1f9c

SHA256
fd978fb4e6c9766e4bfdab2331fbbbc1de540b9cbea4461fc27537e756631008

SHA512
5813f58f1c46f91604cc4f6d15b4218077448d825ce2736a5f2871ba2733809ec211fd3881301aff1d0dfdc5a31fc65ab22e37436e402ddc21d808c0f7ff1bbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
16af588620402e9eb99b520ed10247a0

SHA1
6211d5d48ec6e9a1ac51acb07473a37efbe569c6

SHA256
05885d809cb46fbf09afe6e213e639a5d159e80d2b8eb173c8cc8b2be7f9a78d

SHA512
3e25a74f6415e3e3555f72f7ddb9b458f133f96eeef29fe862ed12feed23370460b6c0796bbcd0b28775db895649ff752522791e578360d3257e0c00841b7fde

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE46.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEA7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit