4bd40ee818b3912e7153bd4140688081839fe057d4137fb1c6cee5c5d404f577

Analysis

max time kernel
144s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b48ed338735514b212031a4fae36026_JaffaCakes118.html
Size

14KB
MD5

0b48ed338735514b212031a4fae36026
SHA1

1e354df1c213b0587db029e6193c0b1ce251ae13
SHA256

4bd40ee818b3912e7153bd4140688081839fe057d4137fb1c6cee5c5d404f577
SHA512

296495e10c48db9223fce4e6dea806933f95f98bb39dea728384ed877537450667597590e4c7399bb83857a9b5d5a9f8490cadcb61dbe02ebe9a335918cab590
SSDEEP

192:Sl7T4ax7TRwZ2JgXw/oVJAsuFWBHMi7kYRecEvfhOr685rrNhdBRAoQ2Q6t:ShWXxVJUytkGecEfIu8Dhd/7C6t

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d9070000000002000000000010660000000100002000000032e6f766142e5177bea765f4fdf4a9655a484da8f231ec037bfe99a4034fc631000000000e80000000020000200000003ad534087ca2b1baca3815de5c90c95545ee14182ea58188e71a19b68114608a900000000d3a400b095794be5dde59250820dc481607264c0260d4366e1dfe1bb089c4efb032d67b04594ae0f04528ac729fbfdb1ef251982f4701fbcfcdb7246d0c5f648d388e9a32121f897a47d3dbf017f96943743b8c2677bda380e25c1e3d67559734f69af09ea46623a9545967a114d0198339384020c3c610e3046b43c87aeb1ccdddf18b657486e26252ed5516a07298400000000874ae08bc813058c2eb5ea96e4b86e0755a05499844620808e5e9ab54c2ced356ad3dd9bcf704a0883b08c5be5ae81c23e766352b16aacc435c5ecaf6a79c73	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000b1271eb3be4ef5991b9272fb44a8478d3c906d07b59141fcd3fde60ed4687e6a000000000e800000000200002000000033a355dda9a56069a5b03a44609c693b27e2a78abd5e90771f14809ae4be2364200000007b79e842240a2abe773dfd1a12ebe5e41ef2f2580f235ab4b76ccb5a4f6b5e5540000000938e32aad6459aea6932b12986369d36cc5724a174a81ec830bc39f536f93b8acd5592feefd2997b37c7c7b558ddd4c06406304d76e90a47b53bb95eba92eb29	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434043515"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 503178e2dc14db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0984BE31-80D0-11EF-8CD3-5EE01BAFE073} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2532	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2532	iexplore.exe
2532	iexplore.exe
2092	IEXPLORE.EXE
2092	IEXPLORE.EXE
2092	IEXPLORE.EXE
2092	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2092	2532	iexplore.exe	30
PID 2532 wrote to memory of 2092	2532	iexplore.exe	30
PID 2532 wrote to memory of 2092	2532	iexplore.exe	30
PID 2532 wrote to memory of 2092	2532	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0b48ed338735514b212031a4fae36026_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f01d5c14c41a169da60663f7bf0b874

SHA1
d747722991c2e471cea8b4e3dae25f5c2414b763

SHA256
4b7b149e1f32d9cec4235683e17ec447cd56c72757156a3ae4141fa29bd59ac4

SHA512
fd2087ea24b0f68540c855608b2aaeff7c781532cb761f7a48b1fbd6f11a792a117f940aa8004d321ec6e7300a26707f1ed72bdbe346682316926f724021ae7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e9d4382a7ad01cc57e9ec90a1cd21a4

SHA1
ebdb7a930028a2f43122fdcaefdc804f448ba794

SHA256
a068fb7dfb230c538170802daf1dfae3292f84e4cd8fa498ddcd98557c491ba4

SHA512
7ec15df9ce3b1f94a20f6d46a1141d7dce99a32986217fb660cf31e80dd6a0f718731036f583d2fca50304dfe6610c712b1c429e0e828a38e5e98415a8a1ed91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6f621eea0f38fddefeb3088dec65cfa

SHA1
4cbc2169d9f8e120aa0626c183965b15f9dc1bb5

SHA256
d1950bdf82bf81e07be0c4bb8021387a9f53788c477370dcb357ee45c9192167

SHA512
7d1c3d5979bb597c21d42280765fbe3ac67d310d6bd5c6e29f0d1f291a24a7f7496e25741f38a64919919d052a87ff4a4f609b88e2c1ad772d7bdc2ed7477418

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1262ad1fccd6b15d8927a13032f6a0e1

SHA1
a414e388b14921b49bf608cf840465fac4997b66

SHA256
63009a05b4b91035b34a40ad67384283f3ce6a4899bd3ae3a424bc1875ab1041

SHA512
9e67e7a88eb656b578d018ed02c9ed3b5214d59fc9a1b18ef74f4ab2adbb3341a11da765ecb24e770375ecf74e90e3e6cede3fdf6d49db64dc9d28e07c96fc0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52901ed5342a0440d4f38300c3b3b85f

SHA1
9c9eb4d0ac9127d4a8ee634dbab0f735968b8cb8

SHA256
731fc8a1efaf2e9efdacc4e18f689f1a98d841dd5e5479c700de42ab6aea6f50

SHA512
53b368cf047f1a7be0e2f58a970dd3227c3bf7067aed247dcaf3cac755dd5524f8a0115360e187c0aeb95485a8c607b047d23774b3f8881855191dde8504042e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79c2431a3463b29f983a34014eb19ff3

SHA1
645d79c4c13cb9055d2c8c8ebc1aec2e5f989603

SHA256
5d3e93a33538093d743a0cb98ff2bff7c5b105e440c2111235695b2fc86dcc7e

SHA512
4d6cc3f9fb9438c73fef3c91b8faedc0fffe67bba809a47c2b4e4689d9cf1506101b1afac83bae1d03728bc490f1828d51ccfa5758be2c715f4389f40cd1d4f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07592165a2a74b142a276273c9f0eda1

SHA1
ce92dae34bfac91ab7bf7c0063c3d68575651590

SHA256
ae6fb93b646cfc79898e7db412c2e9bd7382842679fa0ee3b44510d334799797

SHA512
632a0aaeada881908b314b5e6b8f960554246080b6ad0bc13aa65bc9aabcd7e099bb995f10a520ed128efb72bfa5142dfc2df3e1c0507d48650367e504993b99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b88eed0ed417f43e6cb893fa561d480a

SHA1
b77ac562e1f04cb2167bcfd7650b35de69245bcb

SHA256
cec1bf3ecf2f4df320007ee75846bb1b6b6d7a0d820205d5d18a1c9e6495428b

SHA512
02b9c4aad0b679c12e1aac8fe34c74d0a4f7782114052e4cd9f5e966701d3c0eafed84d161981fe8a760185bcf7c5b19022d7f568304be7f0af66759aa2596a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5caeaea06e911cb8de51ca778641ec62

SHA1
94177e9f6c6ec8d3f63c1a6afc57d8903faedd8a

SHA256
af70a00eb4ab751bc1aa816ab6647057cca56aa647b03b36cad430eb06144cae

SHA512
cf53d97008f4b05b1561b9e05d5ff68ca0a28fd9463fc5fcc82f25420e58dc186f2cd35229d1364880560be1d83c5d3fb3a53910b6aeda5cf0a4a4eaed02e361

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9311a749f5bc11e127f3ab491e6aca0

SHA1
87c93aed324458866408fe67f08548c7f582709b

SHA256
d2d31dc5e0edb76b698b893ababf350e4d284150121b60ff07725dccadc9f14f

SHA512
c059e047c87c5584d74f7a1d2272ce06a5dcdc18372672121359e3242bcb1cb55be1c5ccce7b6d1db034e6aa51f03034d0087ca2994323d2884f1bade656eaed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22ae97b860901f7ce015200be076fd9f

SHA1
a5e0414c8d9bc9205396d7180c2c08f8cd97525c

SHA256
25c6a05ca97a530df5ed35188f3cdc511ee78dab6f345089921a401d6bd37727

SHA512
e199782751ce0e75776ee851614bc239ba1f0b45a53a30660be4d18f41ec3ed0e118d86e69b3c9684730373f6068b1849fa3a236a2204623c4fa2d0cbd4bfbc4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b419be8a5b3ef0a6fee2668dc8574889

SHA1
e8e46f3749759875218571ec27820b5a40d45658

SHA256
7b40d535bb2df88ea5f9a20d33f49a9daeadf93683c301b9d413c2800523fa41

SHA512
bd2128e54c9defa2e52b7b320d75a01b3ae053e4df7f0914ab28ef904757049139f8cda4ead7ddc03cb4fc6290006023aa2f2fdc822dbf8e02dcb3b2fa7bfc67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
336bf764cbf358c0b4499dd0d6d9f69b

SHA1
29d239ae0fc8583a2b9bcf0b4a847c10183f1dac

SHA256
147dccdf454a68ecca65742c76c9b0cbc6135319ac1045f8525437bdd8b962fe

SHA512
6b65c41d95cc824d8475a93b306199eafc3022a06b40eeabd6459b28c257351ae3930fcd7525b974e381599d994bd8f681a6de923162f67c82595e070d53f36b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97db0e23e46cb4fb28710916cf85dbf3

SHA1
13559b288516d1096433547fcf9e74d962ce6089

SHA256
395178de93ee01f9647c4dd9de129472a639b82a511beb895e87e22c5ec2703d

SHA512
aebc2f0752de5136a16a99e26920a09d4134fda5e598f976ecc2dabcf9640c1973281022a48de152aa575d253289481d0dea047d74b9b09a99301d5cd6972acf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e2c19bc03e1c906b41ce5aba717fa55

SHA1
b644b8a39718ca070a50dfb9e239e885436fce83

SHA256
b419a405afec4f97a75b2219341c9281e5cb35016206cf839cb9430fb8bfdbc6

SHA512
755d9f72487e395769d3e88d1829dd034bcd6a59ea15eee0a87932acd55392618abf6113d3d1fce26578391e39ea7003049a982722d464760063486012ac8071

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1890fd01aab8a21c52a212fd1ab49f8a

SHA1
5a08be26091504a9f941afef4474ede418e28cce

SHA256
19d0f3528d0292d46f7ec4020334ef0e3781665e508cef2cb9576a4c27b0fb01

SHA512
cf08ac40a23cb1b4d27d2f80cfacbbfa8c6007494c13aafe2bc28a90073de8a4e0426a16eba78fa74eaf30a83eb89a47c60874ea8500f29e13ddd7f94a80190a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38353f6fbc0fd1a68d7b0cd0ca04da1a

SHA1
6be6195bb74e4f48d1f24bb414fffafee111d1d6

SHA256
70584fbf7665559698262540f45b2916f72973b872f79451b0748b73dd6acba0

SHA512
a5b51c66a042c4832c7cd11fc25dcecc9a47d18d87de0f067b7ef7409717222ec22db70f75d7b67088094ee1e095807104930ba2cda6020411b7523650ce592c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBB47.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBBC7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit