d4e6b57a6a40292f243551d560cf5256abf5af4181fbad09a4f1c2d29ee64ea5

Analysis

max time kernel
136s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 09:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12b1ce974cbdb5cd4b5bc174270fc8fa_JaffaCakes118.html
Size

140KB
MD5

12b1ce974cbdb5cd4b5bc174270fc8fa
SHA1

52ac8e4cdbf0cf8718680d47eabd50c436101079
SHA256

d4e6b57a6a40292f243551d560cf5256abf5af4181fbad09a4f1c2d29ee64ea5
SHA512

ed50e016845521f487b1689b1aa149d7cc7a1e7f799c237933bc5e8eae3ea664f78720171ec345819982b8a5b835eaf6b193a74d2a14761cf86e7e84912a98a0
SSDEEP

1536:SUT9PjR96jLulq5yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:SUTtUT5yfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434194477"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c00440993c16db01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000002fa743263d6c16aeb38d280b9fc3072517a6773af13715d6cf3a521f64609200000000000e80000000020000200000007ff7080900bb54a2c9af65260af3c6a785b0a0f344db5abdc968dfdc138d92ca20000000342ff2a4200751d2f8fd647840eaf4b4962a6b56f3a090f64a678e09b74a3a58400000005b309ba2441bad1c3af1c1feedd4bb900da2815b69483cc7b2a4de5f575d0f73047fad37d70b72a6b30054cb6f13765c39ebf89ad76dd411381f192d78401406	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{85E6A5F1-822F-11EF-8AE7-D6CBE06212A9} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb00000000000200000000001066000000010000200000003d1a6b9da0e824dea08a28e02bb3dc57f3737272d7da68a60144579881366635000000000e80000000020000200000002b161861dfa579a8b51eb6501f1d7e27fc74aad3c7482950ac80dcbc555e0f2a900000005be2e92abfb40c81ef1c6a576ba864818befbc7e8ed5ebbbc52bd8fcc2d7ac9f2a775444071578fcc3819bb9a62435215bcb454a741658bc1170a72920ea315001c13141c5335b376b8b8f96ee5b1ec4bd2a178c11bf51b7e1f72ec2e668b793b96f795a02cdb71e836004d806136cb4974f7d8a690788ca82837c88460484b48d7a9f01164f07ee3eee2a506933a56e40000000a3c2c30d595ca9f168c49fa7a65e5862e8e4edc653e0c77a199b681fcbf402f90195330f3032f0e57aae59e7161287be277925960deecf9d0d3c007da8ba8abc	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2644	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2644	iexplore.exe
2644	iexplore.exe
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE
2784	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2784	2644	iexplore.exe	30
PID 2644 wrote to memory of 2784	2644	iexplore.exe	30
PID 2644 wrote to memory of 2784	2644	iexplore.exe	30
PID 2644 wrote to memory of 2784	2644	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\12b1ce974cbdb5cd4b5bc174270fc8fa_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8294f54f5b7cff36cf4593ebe9927cd

SHA1
629fb6ce29a12fe653ba89d735b0b86835baf806

SHA256
a598c8e3b8318cf840a0881520e4ab8b246e11d44e8ef9423ff881be46a9c545

SHA512
09d8ca8d304e40dd63b11077e93cf0ac7bf07a03ef58638b1e09dd57a9b46358801492bb14ed340617aed9f5f9db7d593453532855db5c73684a4024afde5475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2513f59fdbea51efee6b329cd5a60242

SHA1
3e122e381c1774d8264c3b56572435fa1b06f1d4

SHA256
1709733c5b8884f5afc1fc05877a81344f2c9c35718525669fdec82b1b1d42b5

SHA512
49b1742048ebcc15f62abcea554456c9b05ce4d06686d0e38c95187a6118d6b2307f7194099034be68c6306011a10f87ef8bcdf77a4b51e70e0b380bb4e64c66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c92726fec923e2652137776aa3f746d

SHA1
058d5000064bea38aa8d632b19496527a1719967

SHA256
f5ae07afdf9859b5cc737b4ea80e67ec79812af87916d6d98a9ecf718b619da2

SHA512
36889cb51214167aea94e63a7349d8952dc6c422f7a60965c1dc2bd594739c5d7a30f691b45a828fba0c3a27d2f19f88a974b893b2fbc041c1dd6ea26de91683

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e38939a0caa93afc326ed4d0c463089

SHA1
b9e5bf1be4c4a64857649edb4ba6d92a56dc07fe

SHA256
80e182666cbc3bad4a9d8f7f9098c2111d868a03034c6ea1b9971d76dbffa320

SHA512
1c61e306335f7fab973ba498916f293b6a7b54bb1c1e68c12c2574dc13945af6b70a9c65ae12a26973a7066a61538890587f2bc5b6aaf6efa7bb2b3e7105cf72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec3f15f1a9ec3b51a7274653642ba5fe

SHA1
78185446bd7ebdd648be58916ee5de4fa9e50571

SHA256
764041f6b5c770343b75b654fc788287fce7c2fedfdcdcab17ed12880131ed05

SHA512
a5fcae68f9e6d311f9ca1cdb18e449d40eea301ef26a94b5d487d8cc07a77869cc042031b50cd6c0b4dc84edf6d82db08a0c4e0c891c2de921642030608a06fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4fa4d2839873753ba0d06344cdf7b410

SHA1
64d50aa3e5d72d37d98ad557331d56c427f5413b

SHA256
418d770194cd8966f97b3635461c801c0cd4a473c0f4b48196eccb3f17df7326

SHA512
4ff14210718bb185212826dd4d5e5fa43b00c78624a3641cd3e8b40ac9f905d157f0aaa698f221c75bcf3b6e74ef8dc0a727709614755e12bb200d93c2452996

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9be716550e10f48b9feee53b6b3e1152

SHA1
24d4bdc5611f02b506e66291df0300262fbf9857

SHA256
7e133420507785db16f158bd19865def178eac8542b158ac37bbc9869e71efe0

SHA512
ea4bbbb65f4545614b7f5b0a1e28749d6e01e78e65681c449b5a183dfc6bdfea0291263a32dfc6bb004383200ad68d762a777aceeda192c763c2c0219e8161c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74ab4735600fecbe40f803c2e86c7731

SHA1
193d15bba9e4082cc46f01559f50352492689b5d

SHA256
a41513904d0bc2e06defc9a453e3ca75ddf652a567af21fa8b53b422a4f40ce8

SHA512
d47e4c1558a31fbbddd53e62ff9a36dd7f6b59b7aa23a6ce09d9380feee32abc62fd8e822db952b3413e261212f66068f952ae2f80cb2f554d1eb7ff1ee39761

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f8557d5e9bf949d0dacb7d9648657c8c

SHA1
22c82cc446faf813875fadc366d67cc62e0b1c2d

SHA256
852a98f45d953fe35470df217537f46203a4c3fb4827cb2fa8ca373f0623ede4

SHA512
cdde60ba1dfc9d6c65f10db403e1d3532d270752ccca7edad9bb770e560e3a68131e0f32b78f7a25a2d7e6cbb29e4418f304a5df8e41c82802341aff3f2c03f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33cc4b1652059c0cb7690c18975119f6

SHA1
2a6681ba351e2ca93daf7a37f019289745a20d76

SHA256
f812d6c559d2c250b05356129f1d557d85dca12450cf5f16cb1d59a69b42045c

SHA512
bbf1de0eca86416d34afa374148e02d50a453aa76a1ac94f9d61020c496c411cdeb3f4c3bbce89c3388f899e83b10681a1f2c816b8b0e767f2af8998d9008cec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e85378f8eeef55c565e81596794abdf

SHA1
406afb617169c38a9c35616c5bdf03a11f062942

SHA256
b2dd06dd5e017688067586d9973ee37d41896e0e8f92ebc8ff0b6f12d06ee10d

SHA512
7a6318f7c6ac5243b5c6cf3a7554a262a5f4914ffe5057cde3908d5b2c121a0a89986f812c77119ed185fc736166b4a25961a622443031f494039027c615174b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1f06375e59d1456b039a89551f6b3a4f

SHA1
8156765f3446f8fd83ba228e1df79f87e00e6b99

SHA256
c1040174bb5e2c4d565859efd23cc8f63ee10fb760767b120be21417f474e2e4

SHA512
ae387092021aa0be788c383e7e90e611a736067d6a38fde3159198fbbd9a5d15d669bf15546636489b4895b6482bcf286c8414e3d4fd192f28d8b22c65e1ee89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26c41cbe067a65922ce0aec30af4e716

SHA1
ccc87e7a3fb63218fde8f0a47c7cc56e402d918f

SHA256
3413f90d101143c01c81fc5eedcb37447b625a3dcc8e4a730b5174feb13716a5

SHA512
48d136b0ae1925a68a359a27cbb81902baeb3da7b985fd29c9d8c51f153909c368a65dbd804abfeb38714fc5b7dfd1a82df6e56918179737133056acd0c64f5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
228ce709ad11e60f53c93cedac7d75a9

SHA1
4e7a6dfd13027849135f7a97c6b22bab54b3aec5

SHA256
36765108035aa2e0cb499b237baca28358aaa460ce1aaea8c04b949927dbf3e1

SHA512
5a78ccf26693207af0bf4c94f6ba1e01ce6104ff5b59e0dfd4fc345183b5485562c45ebda4ce1ff5be4a8361f0c5867a537ca7c5b7d664617713415228ad0be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC14.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCB3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit