967f74ce60d629bfad4a041c349f1055d7d49d9ca86205374b1fba5dfc5095ae

Analysis

max time kernel
143s
max time network
147s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fec488d118f9748f5d2176d6992a4c4c_JaffaCakes118.html
Size

21KB
MD5

fec488d118f9748f5d2176d6992a4c4c
SHA1

ecd80e76c1b4867222ad10f2955857f909079870
SHA256

967f74ce60d629bfad4a041c349f1055d7d49d9ca86205374b1fba5dfc5095ae
SHA512

ac2461925e9772c4dd007ac7c39dc5457853eb830f265b09eb7396b12d9d5ffdd4c316c6880f482fb8352232885d307aa8f8d90bf2f0a4612708ee3174b6f0d7
SSDEEP

384:zi/KcRAa5r9DIiXbUVBD8cA3RCQQii6gmEfP4ycbp503zVcrRDJZTO4ul:ziEa5r9DF4gcA3dbgmGP4yh0JZTO40

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b0000000002000000000010660000000100002000000009e165ed79cbfa16bb5072d795a3867ef62c0a504c1b7aeb0ede61a4b38db6cd000000000e8000000002000020000000e498c85222d0af8495ba75e75b18bbe2be587fc9649073d965fe677e10f43ef690000000951e07b24a3a9a149cf4b3981ddd0240b703bd0b7f44efbdbf4315ecb17d938b72465cee9945ba5610a36f65e514e68371a421996b2cffc5798ba361e8fa7cfd93431019a21113588056893e9ec0440c37b7b1c99a59af92f051ba87316f8e6f2bc134b6a0d127a77c0ed611c10fc38c5b4b2080de651d6a657b884b7a876600c94c36cac45fbea6e877e8f02a3f2495400000002e27875b35a32d1bfe25f8c8994d95bfb0c4a6b0fafeb3149b8a95820856c115695ad00dc6398b5bbf578d0073852b0a4c294545dc5a2557025f4114f0fbb09b	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40cc500b8012db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{35CEAA51-7E73-11EF-9B59-D60C98DC526F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000691d1450fe858c79016072a9d1147bb20b67efef16f032bb99500d9bb2673459000000000e800000000200002000000006799b328cb927b9b8801f1e3b1a8a86725473a1bdecce16a923ce735d54365320000000db41ba2dfc0fc00fe074110aea495fb977acebefd32f0d8fc24008226f1dc29d4000000014929432e4f483b9858c739a98474fb87e0d3d673cce2f4c90bcc3112e6fd43153714ede8dc8f878329b6b3fa7262886fa47b91b15c01daee2106ab453b10b83	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433783744"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1088	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1088	iexplore.exe
1088	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 2172	1088	iexplore.exe	29
PID 1088 wrote to memory of 2172	1088	iexplore.exe	29
PID 1088 wrote to memory of 2172	1088	iexplore.exe	29
PID 1088 wrote to memory of 2172	1088	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fec488d118f9748f5d2176d6992a4c4c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1088 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c3a250c0de50f69fc41d2b6d8df0dd2

SHA1
a0fd6937a523b7931e8c0e28f9d34ffb70955496

SHA256
f3ef10bbdc158631eeab34576b62669b49eadf5a5b2736d2642b38acf7f86b5e

SHA512
fb0895bc5c04b3475cd049ca6b4b80ffbe15b558b95840105448266cbb88235d52386d9304852c514751a9213cb6c12036cc48731db292ff6906cdfb3c1bb49e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ed16f1dfeee18a7d192467e63b809e5

SHA1
b077bb3f34d78ca46e6b875d03497843eb733ba8

SHA256
c891207322430c0487852e5c55abd6c5566cac59c8d8d9e29eb968b77c32ff94

SHA512
8a9b67223f06ff76589f54f985f05c3455b8fe037cddfe3f3beb09f37fc7ec698f3634220cc64a10354a3db8abd5130f2f0ec1ef438ae78386ca5a0749236056

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db99903511e382bfa05042cba7e4a837

SHA1
eb3961fef6df7ea220fdc4f947bdbd47b4e83d82

SHA256
d37e425579b054f4c2d4451719096c03da224d5d3a80a6f7a991b7ae73021e10

SHA512
20461f5b7cbde61463075e1d20f52fe30120efbe2d2bb4a8504970ce1b30a22ed055b88182cea5905b32bdb589bb7c86226ec501b5298690fa3e9d82a2c85ed7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b667bad39090b4da010d84ab1594a38f

SHA1
c26fb151bafee5b51b5ca7af5ece71f3109cf5c2

SHA256
2cebf94e477e5d5bf2e87d8407c2833772d50fdf49c63a517e8bbcafa7eb57a5

SHA512
4a67e1088d4bcf821aa633c4c62e2a8f350b378aee8ba96b238f979fe43835cd58b023a37e8cebb6b2be215909761565d8f934e2025850c4d0e375938759c278

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80f8a5781d0460d557031a48b4001bb2

SHA1
90b15e836977ca0cd8eb0b344a1d7d97784ef056

SHA256
c838480c5593e2fef9b8c9665cbbfae73ad2c5f53fbcaa063843074b7690dd5f

SHA512
b6b6a3fce5db6936e35f490c15a636226b3113d681a12bfad587e3cd4b26bd84978c93d2df9aa25ae0240bbe16b667790db39b4445abeeee49c449981b7808dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6d29b94495c5c6ce09486c65b8370d0d

SHA1
93d1ea22e96c1756e2f77dd37184c32428f0f4b6

SHA256
d76e7a8c166b92b4dfcf5b6a49f2b3c756c5b1f3e0d16cf387b70456bcec5167

SHA512
cc1e8583cffb2fa0ed7e0923d69ee588bb9e370102ba4ce1ea2b5adbdfcd77adf2c494b7667c62a90e0df4c918bacee0754601c364d8a58c2792d2fa7a3e658c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d35a06dec27a92d6bbdef8f1a2e7e89

SHA1
f088dd59ddbd2a47194a571007f0a533c9bbcffd

SHA256
53a08d44db3f7bc6876136496981b49b2462d32241068c9b3639251f23fa646b

SHA512
39018059fa1c839013ebbc1ce5750207c5edb102bf58b6077354c82a27b7c3146e3b20e59c2eee51c3fa153f3fdb1669c74a7b0512493670d054df55aafc77c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1523697a66dececa1813a1e90ebd46b4

SHA1
51fed32a3ceb01967360315649eb1d9343d1d8b9

SHA256
decb82b1d6ea389127321dda24865ca79c7193a4b723d2a7f75ab6fc65cbcde2

SHA512
14a3603ebd7fa805f78c388b3e3033699f97957e696e84d2e3c750edbe41bef1846b3e533e9944d56d328b8b4981981ab184b657621ce82f7275064f326cd969

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2a414e94da38242e93e0e330e6df332b

SHA1
1f3f20868b47f5f181c1110ddae1277874210ba7

SHA256
722af8ac09c025e67974b70a6aa92303a6e79b180d69d2ad3f5d6590efbf7c85

SHA512
674ecdd4e76c145c7a6fcef0d5c86b9224f7b3871f35b4b2e29e6153aff726c8bbdd4ea6f53fa07f9f15448db0b7666a6808ccb967e5fcb4497d680ad09f7fb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33ef0ceca4f44771f07838fb32e7f1c2

SHA1
7475daa588048d8e139b337de90c20ae778f8325

SHA256
a6d701c6dab632e44d9e47a4112e5854996bf10cce74b1c2c3e00503ee3e16a4

SHA512
0300f92a23de7202e826e07612a57d11de9eedf5fbc98f1261e0a7cc561a1ff069b018b3bcbacf5dd0db796074acbc4dc1e095bd00e2687cd18ad8960155316d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1038ef403107b77d956e6a01796a88f3

SHA1
0d4194387d3f9b08b2b9b4e6ab22ab8b8ef76cc7

SHA256
6feba9d8b55403ecbef376a57bd8846fcc18a75da682b5da97d6d797b0a52583

SHA512
c13d75412d77cef1395386f58eedb004c5a5f9aca035001b9807310019d6d4c98ec1588b5bdcef2503aa91484d47e92e67462905fdd536e82368a095fabd4134

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc2176454ef654e9ea02b8f5692eac50

SHA1
ec0dc2d6cef3186f4c70c006424342ac2726b73e

SHA256
366ccc5b8c58015dd131dd78914c8b5ad46926cb66a55c0490f432c12cbcfb03

SHA512
e02552f15231f964e8abce165a43790d2ad261b2595dac5f9c8d124104d93a546534fa5ac6826bc7c0268c280f620677d0bf998391e54dd5d0262a76141b497a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc7637b12e175af35082bc676d560893

SHA1
36a7aee8316e026e82cebb64f595dc6ab3b9db26

SHA256
0fec75e3c913cbacd1bb8029de594ded524ffa0a6fc66c68aaf4e5a33e68b04e

SHA512
d7f507cb263c939c63b599e11c11ae11dbc6efb50720f406caabb59a1dfe71413a6a19d2e781ebd0f3aa61703e3c69e6e2245ad1dc0d57f540726d27948fa597

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b03f958472c0276be4d8e72460340420

SHA1
baed6064f265672a7cde6cd1dd7fa4832a158246

SHA256
ba4a723cbe8f90d087e8dc4f7cf2c23cc6fe40045acb8fd6c7c4d53d0c766a52

SHA512
e559abfd36d02811e0d36a9976dbb4cc9e2458935b32283ebce4be37f6eb4e236d2ddd2b7d494b70a73318b4e280c9e4f76064da58785d9ab352b94fd11a452b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03b5ab9003210d276c14402f08ef9187

SHA1
4ae7f4e8c03a849eff4c31ae3d0a422f254aef02

SHA256
d64332465d6631df63d105670feec1c875756be3d7e05c954832bd7a06b9f0a8

SHA512
7bcd1c64c12029f4c3c2f4e667ee0fc8179239d56c8674e28d70f794639c6f6a38572a54a6f9757539e45809ac1956b0d088d79e677f5b5784c89fb352c88a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBCBD.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCB12.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit