ab5e06c24b1bbc6bcd0a40a7751942895c706a12d83667057d233ad966e91caa

Analysis

max time kernel
145s
max time network
146s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08424a6302a5284f7a807efd8d2939fa_JaffaCakes118.html
Size

19KB
MD5

08424a6302a5284f7a807efd8d2939fa
SHA1

5020eee58b17c0bc1816c1ed761e05a29906a150
SHA256

ab5e06c24b1bbc6bcd0a40a7751942895c706a12d83667057d233ad966e91caa
SHA512

691a1f2daaa2e27a7d20748e843f726a5512e54751ffd255f55341f26e0b8e47be13e4149e6ecd9cb80436e2faacf2c6de64bfc7a16fc4130a6271871413b1c3
SSDEEP

384:ra08v12QPnE949xDFlEDnDRqA1D1bROviHZSglREw+8dGHperi9yVEJnt9NQ91Ts:J8vfCDYc1bROuW2AHph9CEVNQ91TAyIN

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000cbf28ba024fad3f0354d9a461fcf2062a05dc28b4223eaa1e462db77ac094a91000000000e80000000020000200000003bd6b03b22bb8e1ac3e47e92bebc85f7d5984f6d37d848311209f043a3ec52ae90000000889923623c768c88314730552c6f334241f32a575ce584d0cab18972c8ad10aa519e980f72780ec4a8b8ffa505787a894145821df99562e7f0f630346d69f607144d45060a863822e8146f4b76ad24374a66522f517ecc237c19bf981dd0d15fe74d9dccb8b68288d933b9516c21a866958a570b44fe77d1dad8b2674bae091735e7ccf9c1b268df1b8172e22b9f920b40000000e3a6e4489fdb46b00f3231e062f24a72c391bba8ff291fb9b0097b1c774b2108f9c2c347662a44a2425aca61f10b5de943df8fd2a94784c3055ca63c9cae8a83	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000fa30949c0709dfcd6b7fe63f35830fbe85f2090afdc08289c0417b7093a61117000000000e8000000002000020000000cf0a04f2ceeac249dad0c6e4902204d24dade57ab38c828585eb6a705a8aea0a20000000b0dfe33d8957b6f109fbddb5c2d6c5d0f11dead3bb08e5ae9bbf1277ee03db074000000025fe88c7e5cc85bdd622f5bbc3f262d941a7b8fc7e6faebd54d72e2a4fdcb07b797ddf9d8e6efeb2f8182befac0ff450da268ab1371b87492bb2d08ac1ef8ebd	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c09822ba6a14db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433994485"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E02E3061-805D-11EF-AB1A-5A9C960EEF88} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2848	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2848	iexplore.exe
2848	iexplore.exe
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE
2696	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2696	2848	iexplore.exe	31
PID 2848 wrote to memory of 2696	2848	iexplore.exe	31
PID 2848 wrote to memory of 2696	2848	iexplore.exe	31
PID 2848 wrote to memory of 2696	2848	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\08424a6302a5284f7a807efd8d2939fa_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
115d261ab280cfc5121fb79ba24cbb9a

SHA1
363121803bdcc41e1a31c48bf537b01586669e92

SHA256
cfa90ba1b80af8d97cc1f5b6e9baf8ae8a2f9d07c66a0478798352b75b21cce3

SHA512
4358e9a1b45495461c5106a55f3fd178015ccf8240b4447da89a4130b71b01df070c9f6a476ef921fe69de724a305684078ad0f00371290ad56b2fde3dcff2c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6bcf82a275dff100817c2c14e42bc173

SHA1
31042a9aef7374cdc2710ee7cbdd34c5c132fc39

SHA256
597afcbf80878713a2bfc4794886210c6fa91ddce9eeaa701a9f57454f48d2cd

SHA512
f0d3d4f6da9faa39f5092f2d620b5baf4dc1cd029524fc5ff2e4ea2327fd4f46de7ecd4dfdc2460e04432e9f6d019fc7f567f0431f8e473783d848b7ced88790

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a480947c92ed9c85df6e941e94f3a1c

SHA1
cbf676f863759edf636cec1efab56944386ad972

SHA256
43c02f8470b22b1740c85d1805acea8590626cae96caf70bbc435fd314aa0d1c

SHA512
a3098320822293060d86fb9b89ab357480cf99af9da6cfa177ffd0da260c39fbb54e088f19edc7fecf52d6bce5a1498136f3318bcbd7ddab76bb901ae732f823

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b68c31058bf821a47c263b907bfde87

SHA1
6a0e1cb87ed7f820fdd245b750f414d12ae5587c

SHA256
6de168fb4e928a645225c8b246c66a50546402a560226b332ccedff3f1d1774a

SHA512
3c91c901e7dc9895657551c6181d60fd9ee0a352bff3d8a301a55d3c7b2eaff017bb128f30c7b3bc870034127d5f08e9b3bfe85b08e3dd44585afc2000634c3b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89c45609a6f5f83e47f5b130f84f5a86

SHA1
8103f23844c6308015bc3282e060db5f870b14f1

SHA256
b1e8f94c23668e3c6f4ebefac2de2b716d71d3c777f43d9a9679ab7581d9a1ae

SHA512
16bda5623700f1221def25db4c3cb56f7fceb89d33927d4c32baeda6502688b7620dc9ce40f687a3db3f81e8aa339164198b0f2def691d012e063e7da47c8955

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e63044da07ebcfcecd06f92234a7824

SHA1
2aafcb1fbfa21c839a7ecfb5be91f81b79c77c49

SHA256
1991f26564d1daaad3726d2528968c1d61ec690a0c574a3eca54a3c3aef4431f

SHA512
1c9b0b5ff7c65a87d6cf7918639312714a4a68f31d49d8f095ab4d472d3f92bebe0d78264a9db2ae7923b5acbfc97efcba689f479e9f113c0ba9983be0f12baa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a08a52d2b79ecaf9d76107727bba9b5

SHA1
7c9934cec91b71424584d77d51da39adfbadbaf5

SHA256
110c39aac18b4f8b5417e1575d93afe938a26e395b931d9350295b08054e7820

SHA512
b815bb30adeb9d323479f0f91cc6ec301043169785216f75cbe06ec7d6e88d7ad654cc04a386d889abc3b351293819d6b16ad88e215c590099d52381c1a66000

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38a8a8fd7456e6d560d856f12724115e

SHA1
8c6f36497cb4193a25113944d5f980b59ba4d3f4

SHA256
9bd84fc5788cba0f2fb192e53f4ccd138cfbce7eff6b11644ae8c15824733e62

SHA512
31d896d0571cd877e9902ec3584f68a3bf36747804187f1e1ff6d67376258365fcf8a51c4a619706923ad02534a386ae6967fae1336f7bea0977043bf95d05e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0efbc428e9a06c3c86ff26391d65072f

SHA1
31865b6f15b232273efc22f3a8d29f6844f1d6c8

SHA256
3bb40dd167b08b816ce5e9ccc3ed71c3d404c53d065d990c4cabf53144c014c7

SHA512
2977d44082b5ec9ae9ea57c81563017391c84f54825b108bdab20cdf78b6c9c231029a5e3438b8b4c1637761183816a9e876f91f087b63707de826063b07a291

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1484afa69ba1f2568923ae663cee20f

SHA1
8bfe1f89b3c9c77b7298c8969eb543b1225aa105

SHA256
8bf187e066d7e0c5e26f39c818c34f94645a27d6a48563839c56e6b171c98a64

SHA512
88c9eee9f4f4b327d9997b37a1eaaaf20826365103f74e4b8d08c6a025ee118bb44de32dcba3291b67af48f4194a2deab3552f6dd54abfcd530e62fc2d000546

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3383c603657dea1617e78e7b36d6864

SHA1
73edd7203d55b0a95019f5cc2283cf65d1c98d1c

SHA256
65d8fb75da1b9b0342b190c5ce6dd34598ef7fa5284fc3d7aad25dfc44a5cf7d

SHA512
f06753d2905629d7a0e377cb67175365c98eeaea22d189cf81c89c6b5129759899c1e42e1a34b8210ea96882c58a3075b8f36ae8587b290f27d62ebd666abe34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
238ebda6ee8ec20604fffad2604c9ffc

SHA1
b914c821dc1286c9166c7b7ae5737830b92252f4

SHA256
81c6a784d73bf8a2e3d681b17cba187bfbedd97cda519164d2f9e9261d6319c2

SHA512
c55180593b98bb8a534f5268f1f9f0f450f114c063ba82d9a29d769b156004b44f7ddc4a6e34e1ba51798acc6586ca06606d70a6dd43991c3b178b168226e8b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61a86e3156f42d9f9ff94936209ff74d

SHA1
8867ad08589240cdfd4cb8c8f8589b721423e7eb

SHA256
e082a8f903b02f81204e99f67279d4b997130357d1b65f09640f7b106beaa404

SHA512
71ca152f7fc0d908e58d3d1e2ccd5293cf30c8de6fd71ec31059b0baed325a438361473b77e436e4bdc3e7806166fde3c9088407349fa8dcfe655e2b961a77a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
224f6f4fe11c8939bbecef9fdbf2d4a0

SHA1
a3c78605966f1241a0d415d6cfaed865ac53ef9b

SHA256
3d1b4b274a16a7ade57fe76f58d9a139cd7442f46cea9bafb134b57d66e7687f

SHA512
cb744c5e825c8694bece54ea2af81e836ea6fe3b3092d625dd509e3c944c84196f109a4792b0297af6c549c7ebbc65bb62ec01da8bccec677badc4f7349895c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1E6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar25BC.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit