a14a767b1aa4e2233905ff3112448ce181b5b4bc9eccff47e3669c4093102ce4

Analysis

max time kernel
139s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 06:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

123c1fe008df078c779390d3de4cc502_JaffaCakes118.html
Size

20KB
MD5

123c1fe008df078c779390d3de4cc502
SHA1

08a9c7f12d9a9da13e4dd926128104f215db64e4
SHA256

a14a767b1aa4e2233905ff3112448ce181b5b4bc9eccff47e3669c4093102ce4
SHA512

f56f7ae2cb6bbc63f9c3e6b74e3d19d3c94920609bb9c030d89771c2d4af65b8bedd30978fd7433ebbfe5c3c8d55a1f35a6f7ee0c414ee67e7013e674abed9d2
SSDEEP

384:4+QfPFd9QZBC7mOdMM8uKfpC5IgSnbmFe7Ac/G6u2HZPd:Zcd9QZBC7mOdMMqpC5I9nC4nZPd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 604860af2716db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000c1d5cc1e49ae6fafbe8276ca96f73c663a7f94ced33c363a0e2098fc6c58adc9000000000e8000000002000020000000049ae5028534900a331ce904080c0fd68957c44814c91e0488e487498c8d18fe90000000ef8e857676d74041d229cb9640c26893ecec7cf64f3c81112b9ec1d7c44003c67244523d5b7418c7a181532a8a5e8bf8f4ff58684bfaf1c14ad8a3acd7002e56ad940cf4098c3534eea06fe357bd536d0b6375f95a5a41af636934e21141e0fcfa7cd0f26b735d55a5c3c1e6afaafc587f23a7ce29718125afc4de56ff6e50928b135658f80a23d8cf2fbe7444afd79840000000f9398eb6b1c526be75526621febf6ed3af8489ee9771611898d940297602aeab3556fc8add705d233be44dcb65126b013be6356c8fbed350f7228541d66324dc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D86113C1-821A-11EF-8B3A-FE6EB537C9A6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434185595"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf60000000002000000000010660000000100002000000082e6980016f05e352b9c79dc306093c485f52668f52be955d077cf902cf6c595000000000e8000000002000020000000478b3288220823d7c0ea6b2f46efd2feb782426c4e3e55565104ec939114605c20000000ee730561304f376f1ae6554176674946968c30bb3142194584a1d0e841b041ed40000000003721c11165754e7576f7b26a9ebe8f8f0e4c3f892a5437d8a4d117c22f4970c107f3b51e85f34a03a86dadd34ff1f1fb9c4e811a56fbebe3473b2da7706f44	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2460	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2460	iexplore.exe
2460	iexplore.exe
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE
1472	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 1472	2460	iexplore.exe	31
PID 2460 wrote to memory of 1472	2460	iexplore.exe	31
PID 2460 wrote to memory of 1472	2460	iexplore.exe	31
PID 2460 wrote to memory of 1472	2460	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\123c1fe008df078c779390d3de4cc502_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2460 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20907073e36a131a4f2a92780e21b222

SHA1
1703efb6799318a09943f6c8c557136ec0178f14

SHA256
36ba4c67783ca425b2b1f5e93ebbe3708acd78d087f04f6a0a7a8a0ae0fba9c0

SHA512
5094c228bc6ac4b47accf64d5b2a4faddebb6ac2a08e354b74c48c102c70c6c22368b9b72edbe3fd3fc9566531d8a180962b04b3daf6f91204173caf82898a5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7de2ec04144a8aefd411ebf02f8bf2ba

SHA1
05261ad4d4520252a22239be6ff701bb776e7a1c

SHA256
2f160e2db1136e9be28240340a6280f1569fcc4aadc38749c94c956056c2ab6b

SHA512
6e97ad59fad383862b0192b4a4595de60f7a349440b0afb7acd684dc689ab4f53a6b29c3e62864e9f8d56f0393b77bd499481359da7a0fe6c3bbde8497748143

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc16623c0e1ed2b5264c03390942519d

SHA1
a1aac81018bb145e0d6767ec0c09f442c2a37ffc

SHA256
f19a7139f5d4fe2e2ed562c4b37edea6f78e4cbec4e0a81ad9afe05d1232357b

SHA512
7c5faaae138e29aa828d37a5980145a75bdfc7178a375f2a68032fb163378962e343d373d53d6ee1beea2c036188bf5a736218d08f16f9e11c54e4a6d9339c86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
885f3c5a9f64be8e96d7a58f8852f080

SHA1
81402c7af3a0506e60c7dbc003fa5b7543f4f9f5

SHA256
4ef5bb4901e3f921ee73487bd66666c4a7052da40b58e91822839f98715383db

SHA512
45be25a9500a4cc8e2a12f87620976381fc6c6f1704afc09de6f35568e16362e2ff9358118b5681be79f40b177cf9e1dad86b63e069b453b6e7aaa072deb5747

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bc3bc44af3b90ba458b314506c4a62b

SHA1
fa34f711e862309c7815555ef566fc330d2682ed

SHA256
ab89a52b6981045588d5ab02b1a4514b4b5b5fdabfc633dcb9c2f30d25ffd527

SHA512
d65dfa7afaa276946d78a8bae6ed7d931d6e41f288a883f93cad91dcfb2c0ae23b50890f662589f1841f4f0b5507f38278743be975270e741fda885af4fca44a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47501053a21e9147f27a9a3c0d25b443

SHA1
0ae25163837c05bec5a0ad7a66301714969c5de4

SHA256
05ec4c421e32f424a34ae7a37bb27ae322816c3ae88a85ef4cb9ffe209a9f481

SHA512
4281a47970fe4ec7709b6a1d2993646a69274a82788fd2f0b579cb927ab0d6cd1e9560150c09aa893c938df6aee7e7da6b61ca6774679142d7df3a74e56daab8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
53630d6d1d3c7fbbf62b2fc0b8a542a4

SHA1
8be9fc5071ea6c5aa923b4879619b0b92829b552

SHA256
80b665a77ef7562ecc2843ef164abd2b863c760afb94fafff43457903ae88e23

SHA512
a4c2d9584487444536fdfda9bd4d00bdb3573e81f117135e3ac3e8789602b3b40edc88d6aa731bedd4f0618f9abba60bd9ea95657193acdec6da05a3f6733149

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d09cc56ad64ba10585f7fee88b3591f

SHA1
ebb81a2a011c61381e538ca9ae49ac92d63361d7

SHA256
77002db3b1f73ffe2d99c99e07adcd7cf4521a85af6a40a1ac92fdb6f83bb1ed

SHA512
c6b5187c2560cb5b84b0469a0958cdcc6366b48199a800e194bc7fcb46232755b9728ee802b89fc1bae7300f067e23324222c9786ba4ef09526d04284999d159

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d42f7fddcdcc110159d6817ee09e139

SHA1
4d06c8b1dcbaf34574c6bb3ed20ed8f031ca1718

SHA256
eb0aeb5ea56d3aedcb62e0babafcc26dab324efbbc03eccbe6b4bc51bc87d411

SHA512
9f224bc0e8d97c9d0feccff93eef3a3ad9dcbe1df04219624b63ba3f7ed4338542058d7bd51bfaa58b0496b26ab87f8085cd9440c98f8bf79d527d209c121f6a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
760c3c5db48825cc15034baea58f8b58

SHA1
594a445dc50217063bf593212bc8d577def1c256

SHA256
b1e02641d30cf52763f9312642e948b9d5b1be227d2fe31ffc5a4d8fe6603147

SHA512
1aa603f108930ed28d8e0145ec2351c6939a64e86413ff198eda7bf7227e606271cfc6fcd597db60f94382a8772b6ba069f5ae39061d1de3251a5bd672d1f2c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38c6bced12a8e6ec1286ccf3ed69e50f

SHA1
e87a1836277fe05fd790b926972d03da90f92223

SHA256
da1ec1a4a820b7866c7fd0d20910bf67802adca2f587325e7ee27c8bff203fa8

SHA512
ca22ba91358ddcb2b7457f3d9db6e3b31d60a18e1f1f45c668842c7dd2019caec3b1b08c6963fabf981fe82260066616dc21bc15678000bf657b1db3f565c9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b42c6c4b71b9dfb486055cdbd5a48e7a

SHA1
08f85523760c0ab924da3a4e5833e6d79c05ef74

SHA256
ead7401bbb2c5a3683314baefb10187f2ed05506353e80f1ea0ec33e3ac63473

SHA512
54cfbceebb14c9488265370f8be2f3d794d7341ad24d3d329be619c88c4dd850987e678a353c7a6b454f094f61925641ca29a3e1818f30d4c1861e606fc4ec85

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
27b4fe016dca8debbdf5008218aba7c0

SHA1
5f100259996afd6266018534a69a8a9a2d6ec9a9

SHA256
c8efbee6bd73196eef39bc7a3b487baf596513a90e59184ccdd1bf47748d7d2d

SHA512
e849d5dcfd3050717e49acac4334f9fe27b9dea6b7dd53277d921a5ec08f714d460296c544764c24c7199ff9822f9676d21e7030b2526828a5d33a16b7b7e1fe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04809eb0330db661f5d9293f4fec66ee

SHA1
a073a9b49a76b410b636909696af1dfa66683699

SHA256
943fb704d9948376c6421b8b471ebc66c6d6647fe465160f4fba8e581078caaf

SHA512
7b03673422ace22f85038701dfe86a2d9f3d7cd444e82b5b2cbdaa283a550b56134465833b3573f4f1bc275b35e5c89754ddd3927464fe9f4977c033068bedd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c57a36ed6e5db1654bd92a3e0aff8f0

SHA1
e486075357f2207fb328c63ba2c8cb7823d72a2e

SHA256
0155e243443eaf4cfca67a8aa8ce422d5624c5a7ea978bd98541cc6dce905b46

SHA512
d7305a5f46d5924a25b7c4c345bb9322d8fd5c9f29124d7c286ad184f4da11c426f6cf6fac5deb06e43acfbb2e55fffd891fb0e4dd0c8c7ed043444e601b97af

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFE5F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFEBF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit