824860605078fbecfeeb7b71c7a2cbab609eb7390abdcdab4498b3c493f30818

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/10/2024, 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25034d957d2b0857586782160690072f_JaffaCakes118.html
Size

28KB
MD5

25034d957d2b0857586782160690072f
SHA1

dca87979152939c6fa6b40dc81c72a5be92d3fb4
SHA256

824860605078fbecfeeb7b71c7a2cbab609eb7390abdcdab4498b3c493f30818
SHA512

b7f2ff3af8fe1c26e9364c8c863121b1a0cab874de5db1165fe3bb1f04f79de4b93aead813fa2e3dcd955ff8754ee6ea75e7bf84a1f72bf735fa4e2f89d5ea22
SSDEEP

768:kNjPu39MOCEC6CvCMCXCXC9CXCvM4Xt7/Y4aQJ:ojPu32O1n2T66wYcM4XJ/Y4aQJ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000009e87a0a81928de133c8b0746c192f4ab804dacb83a2901f2a9baca8a951b2820000000000e800000000200002000000067f6f08fb6c81be9947183e40c690d24cd457c9d04b5b7d6e5b4f851ef1795692000000058ac09589287ec1c8cd83e0f805188a2e445d450e9a9053844c765c560aeae814000000064e8bae360837fc22598d592487ade11e359d145be28e29cc6e37e712f8c2a2ac58399baceff5492ba5e28d849ec2710b9d665a1216acaa70a6fa289ec268541	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434601740"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000000b3f11943c503178e4333d2c776789f4b2f289d6e6de800a55ce1b6dd72c762f000000000e80000000020000200000000342a393c521025ce79d8b6729d9f493ed7eb9c0f5179d30664fd4c8a346575e90000000c012907854444bd092f2362bbbb16b5050fc11014a4bcf44f3f34da3c1e3aa0ed05f114280b1313f2184b23efe8b0c9095534910d54d9c0f5017bda1add2ca6070b5efc2d405e37db2f9d3ef55e762a592f5383d57ce4ccc289f7c2043f7d0b1a0372740ba1b104dac9f3bf9eb6a0895ad66678c343668c998693e4e1698538d41c81bae6ae58144579d3c3603fad0d8400000004bfeaef4672e5ddb0a5d6bdf0c704fe1891f1d56c6c7e4e82b34bfcfed738ef5e22477c686174ca39e142bc4c6284e44589ec635f7427dde821f4d6e220396d3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AA4E95D1-85E3-11EF-BC08-7A9F8CACAEA3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0126f80f019db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
348	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
348	iexplore.exe
348	iexplore.exe
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE
2524	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 348 wrote to memory of 2524	348	iexplore.exe	30
PID 348 wrote to memory of 2524	348	iexplore.exe	30
PID 348 wrote to memory of 2524	348	iexplore.exe	30
PID 348 wrote to memory of 2524	348	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\25034d957d2b0857586782160690072f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:348
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:348 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ced168bfe91a7be66ce0039c12d81d08

SHA1
47dfdc81b4715d8e7813df28dc8415c247c3e737

SHA256
e315361ca92ca8148c02fc19f6c53206038ff912c0085101b36bbca610ca326f

SHA512
535e38d42953256bcad659b6ffcafc28557ca9c75686fc907acccfa62551d72ed95c7ae4e060cb2ba7eb4e1f895f1ff4d9a51925b0b34bcd198ec4d0f7f12821

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5bfb8ebae51f3246dc25ce71932c3ba2

SHA1
6434b18b87dbafac26d9c29955e6ca99b36b3178

SHA256
61b0d9c460d2166b629ed4e6cc9275135115deb1cb751e446411ff4d80b02d33

SHA512
af44ee62789c9dcb3d86a552c493614c1dd471918e14a1956ef4663b3787425f10c20b0c5a848deab6b62b27e71e031ea8ce63941ad1bdf86cf5cdff768f5ece

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d59575cdf98ad82283639d8ed49d7e23

SHA1
20e67e569f898c479b5f192dbf76da6258b4fa1c

SHA256
52de9509cda2c1b3837391c9b11307c5d8797912ecaf9e903d57b28710d40ee2

SHA512
26e0e5f501c8c3bd912828e96c296e52a74af3c74f06de4689d2b37a98dd92b07aac7d0bcaf73e1babab827b9a5833f155042a264cfd2716d5598397994d2490

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d218894b185969d86cb0af90e1a86e3

SHA1
bfb2320a7bd7f0e21b54d8489f73587200a826a3

SHA256
5c51abdc8f62d428dc85e391c453e98c5e5b94596f588d9377b0f30d79988b59

SHA512
aea71f98244c3315ade39c2ff4ccbe0b2a36958564659497e8b3351e21eebb2a65a8bfc0a2b588247195fb8cf96f1bd266c21577d4c41812268bc1168a0e17d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a806eb4ece6fc0f55a65a63713e241c

SHA1
1ea7b52c8fc392542c9750f71ad517b24606d093

SHA256
2f3639cfd47cf4ec7702de9e6b6ffb2c61fcbc2fe40ee6c838d78337cb9e5a6b

SHA512
07b2b3dce6666b87c5087b07f78218e7a6d708e9fd81b6bc1fb44c8333e9ffd87a498877bcb2517748f7d661dab0042c6f8d6fc231427ccb7750e519c39917af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b62928ebc4658f5b6c9067f97eb31a9

SHA1
fc719349a68bab86d01778f2e70fec8ec2e30389

SHA256
e87e203d2d9ed75fe530f62a5acff8f72a9963f2d271270347979bc11d141fc3

SHA512
13084fa233fccfec77215897eed35a4a5379e9095bc4d851b215afa198755bfa69f76f4d3f58a67093441bc6ce37a38328c30a691c6d5b454bc31f773cf4cc27

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
204f3c9359754d4f99361fa7907145d8

SHA1
e4019ac63c591eb54167f7622003c318e924dfe1

SHA256
8df48b5f31d3670d6b2103fef9accb215a00d874ea50bd0624b4266a2a621b62

SHA512
c436c7aef26e869850c988796874e9ec8946f102ebbbb08c35434aa42fed877c93baa4449c28576dd31be58d9126739e6b97c28d81e01f12a775b7025fc33274

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10e0253bd68745cdbd059f3723bb0d07

SHA1
2027791e63b102145d9d118a6b3d7d1d3358bcbe

SHA256
f21436dd2ee31566c6ba843b4900553dfeba138c267f828018a75234882f43d0

SHA512
f26e120377da82efb36d7dc4337555d8b4892aa54408c327262f13ae1a3762492e309c31449190353c74cf302c9228758927d57bbaf3b100b9f06fb9402884b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d4572053f2d3e05842e3569a1f548f6

SHA1
af9cc32926a4300b19ba676524629b34a795e3c0

SHA256
6bbe9fde65d7eb79be7ba62b4b20c27a9df135e3d2794a923da04002fa17e257

SHA512
06706a2c7f791c5cfe60ff6b4e6ffd90608ba7a40f9dcdcd51a489378beb230f3e7c377896754717c5cacd8a4598b94af5189694a6ca58514f51ba21837dd944

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
090881057dbb5a87788d26603c989501

SHA1
d67e1b081d8ba76ae15f8ca3133528233bfe50ab

SHA256
cf46572df8864bf6a7c3fa134f7f0f41e26a852fe65d8920a9fa96a483df5377

SHA512
7c27824fc4d2f9fce96c0e2017d072b636649fe25a2599b445f98eaf6646a132d872871c2b20c4a0365d985273977762fcb1135e05b87c5e1ee1efc33a9247d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
603c414d853363dd97b47f6d80fc4aa0

SHA1
74593c4c2aebd6a3a0c8f8dc32b547544694f9e5

SHA256
862c79de018bf7488fd6aad1ae7aae6b1c129e76fff3450fe034d3b067b64126

SHA512
a3239a5882eb4bf52b6c94622fb2de484284f82b102d1598585f7c88532bee139872a1a968d5c3c3e0cd972892051861855851da97820be60835b574a19b0cfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c67466fa7e6f57ba4bc801b5dcc6f7c

SHA1
30fe292f7c95e3af8feef3075a8274d73cdb676c

SHA256
5799fde58f81111f9ccdaf09b64b3ae35cd5e36a4edc97980e114dcc12dfee87

SHA512
950f5fcc5b23f09d1b93060ea57172d17d65c589713e71aa4ce901494a0dad9720b428613f2b87069866649a39ae5a0178e13f91c20ccdeeb8ca0309cc8ed049

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
409c8b6327c9f692afee569bea628f8e

SHA1
ccb00b016d9935c14209f5c167b516683626e7ee

SHA256
e7f809ebde88d9b879702850f04a09d75b81bafb7d2e612652005a450166f1ac

SHA512
4eb72e21d393a421d957070047b78fbfa4876625231d8efd745e5b0432ce1c5b3a20239350dd5fd511d8ec1666846b6772ef19b98b660dcdde2226d7cdd141a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5fc42e3656bd883e4520ab4ca603f98

SHA1
1b3514a70c26175f2f9e88c851a60b4420174307

SHA256
c29a28468f7bfe470f85edaaa34bd356ec23fe8886d49be9f6cb52d08cf938d7

SHA512
b254f0bc9e7c8422eef8b0d48c9d414a4b5cc3fb0f4ebdc540a796fda4b8577b29a85900491472ad40dfe9518d9f7db2800a5a7c11016d32a9aa11afc65079a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0dfe8a2ad470a2b4a1b4a720b25a2b5b

SHA1
4a7f368448f218e18933f9b16c7c7e3c78a96631

SHA256
52ddfa806708f1c762091842e2a1ff7ca91ac298b3c84120e836a4951cae0f6f

SHA512
1f28dcd42f2e51fbaef58bd29ac1bd5fbf6ffc5b2d0570731145d746782f0e504b635ef45d7a1312c5e4a31cf3a8cf946ddfc11f7a97030527d953bf6ce7afdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD56A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD60A.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit