b57efc8d871eb2dcb6009057eebb232327f0a23500c385db274e0fe16095680f

Analysis

max time kernel
133s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/10/2024, 08:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2e50d69c719dfd3037d5122c6fc3c57c_JaffaCakes118.html
Size

28KB
MD5

2e50d69c719dfd3037d5122c6fc3c57c
SHA1

f904845dcc84fb94dad23269b4c044a17cd154c1
SHA256

b57efc8d871eb2dcb6009057eebb232327f0a23500c385db274e0fe16095680f
SHA512

ac174abe030d8ef6bd5c72d2717ab8ac19e023b99b9d514272908663ce1bb3fe9faf6198e0abb75580b5274ca5251f12abd39117de03e8bb4dc4a0534a8655e0
SSDEEP

384:VpopU9JBgRUoNdStryod1fwQE6BZHj6/I9:jBgcFt79

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000003c8f9b51a9712395883f8fca4b9d5554428df19b6ecd0ff15d06cd7ec489bf3c000000000e80000000020000200000004a5faf02372ae370a698e938f1d11d971d1dc6bbdb518bafe48dc783eb8e9c1b9000000044a835009c46270619ff8e7544a487cd3f0d23f91fbda58477d73f6122dfe1889a17b44db308f4aa0cc4e7e5935b56aea222a75e77b97aeab398a7c68fb0f748229c90631cd8f83f91e37d49221e1a2ff00f661000bc18af99ffaaf27bb19d45498e250d80d9849f579b635261b0418995ef47e0b9acca4437fb7b253e125298283636fdd16d0e29f6da46bea5ec571440000000367e922df493c0173f64023d63ee095b842780e881e4136ac76fe355063cbe3ad6b3990db98448fef67f11a1fe5d6b1776092c6245c42b31179f4f57a84e1da2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434671005"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000859a825ece2407acad4cbdd2de5ff71bb331c878de13935f4ac4dd2d7484c2eb000000000e8000000002000020000000d9143cf17abe752ae6d34052ec7219d1fff6c6369842645ea0fe13768c52512e2000000016c619c6455a4c003894862b2153ea6a33d38aace1ab19a1a6e33c65b7f7215c40000000e417e469dda71a0704745dec299a3abf205d63fba2acd18d0096c517429f58d271537eb9a1fad3c3ffbfe1f82767a3dbb4fee82f87795c40687d963458f30822	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07504481-8685-11EF-A094-FE6EB537C9A6} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20ec91f6911adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3052	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3052	iexplore.exe
3052	iexplore.exe
1872	IEXPLORE.EXE
1872	IEXPLORE.EXE
1872	IEXPLORE.EXE
1872	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 1872	3052	iexplore.exe	31
PID 3052 wrote to memory of 1872	3052	iexplore.exe	31
PID 3052 wrote to memory of 1872	3052	iexplore.exe	31
PID 3052 wrote to memory of 1872	3052	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\2e50d69c719dfd3037d5122c6fc3c57c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3052 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
339c2a160fefeca97f81998ab230890d

SHA1
82398778b704743ffe770f20933929ab39b0cd68

SHA256
976dbff923e92bb83068cb31c53a96cd365a5686a3149ad39d3e60c1137583cb

SHA512
d004640d8564682a999a97fa4caaa6d6222007bc74bd70f413619a4b0fed610131e10b91f8d3c15a943e9a50761ac4eedf41e33500a3354a8f161b27ad674034

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a66c5097b232441012950a157d3733a3

SHA1
c6ab53cc92657debacb55195a6ccbcf5b07d6d13

SHA256
8ca880383a0be941429548e0fb751f6d02af1d1faffd1f7518062198f9288f5a

SHA512
8518ed0ad072cf97c48cfd30b757a2da654d4a961a0bdfa6ae2d2303341f52a6dfa7d0f793d1fc3743f5fb24c232e369789484c3357e1e27b980039c9c542d81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7800d5336a31f3f00b036eccad29a97c

SHA1
a69ef2bc64c8a8351b2ca587604fc52c49a63d4e

SHA256
11336b140cf744e084c6337a2c489fc1b069d4825a00169b19ddb4584d45c3ea

SHA512
cc7f0b001548ca972ce34a7cc4b9c2a258b3402e613a50dfe412470f814e213ad64e4afd8b47aaba4779897accc306b0d9211ca855047c81ab7165d36bf36319

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e278db49f1e2b828da4e81d6762f7c0b

SHA1
97f27a53b680d303998fafc7fcbe5b6fd28cf72c

SHA256
32eaa2d460b146cfbe20964c35ba22b5400fa55a06b9a4ef4a64c07acf185992

SHA512
75af1bca19bfef777b7b06fa7030b93fe2574bd6642c9ec6ec6c6d9d3ed77cf6cd394e3f59f71d451573120af87089bb800345b4d391c09a0d3b22bf4296dd8e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a66d516fcf2ff3eb40f4c615fd5f5ba

SHA1
fd41166b263611c3c7e737b1a72bde3b3e6963d4

SHA256
0dae5f594f9c91d525f23d24c2ddc6eb274e02fa99527d13b59a93b457c962bd

SHA512
6bdffa4ea1633ecfc2bdd4cc11f6a80214ff37056a261583360e30efc41162d10060f33f60ba2f8b37a06ec7e8a961143805f12f0ab43631545d7ce9bcf5d546

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fe02e5617119404458e1e3996e232a9

SHA1
c173d671d68dbb7f8c8f49138b22b5d9bde8f6b7

SHA256
78dcba858706b7ed6049714e51fcb164bea1d495aad3b6aa32de6d9552af940d

SHA512
3b14410bee4023839f64de212e4aa5077213a4d8679f8614d7cd29ffd892c14519c5f6327087b238a7099a6de2e24620556f8d2d65f81b3189bdc4520520f6bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf9ec2cff003a2cb4bbfa33980ed6ffc

SHA1
0225cd813d56ac6890bebb538b13b4d227801a22

SHA256
481fd252c70534f8be16d7b80eaaddd353251b377073cdc6fa9112f0e1804f29

SHA512
8fdb1a058211137db897eff6bbc03b744d1db3149e48df88a328dfc6853ae1d0006f63fddc49770f498fe5e9438c020a154cf7dd6a013f6c9d3cb8a7e1ad040b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69fbe4b595cb29a8d8d4651f8cbd19e0

SHA1
d554466b9dd0b2136ff36d5a029ec727eb07308d

SHA256
86ba316f1859ea77246a046802cf9b3e5980772db8372ccaa203a29eef2d30d0

SHA512
9858b2fc2fca06eb4880a95945e4d322442d8bb316ec9aac2601365befdb935d5af18e537e7f0cfdcae910ea7e2e0b5589265cc353970b263eb116197f8a0fea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
575dd1ac7722c1a77392d6a5abc0e438

SHA1
93eb053d244a6a419c7298848165c8082fb376c4

SHA256
be5e7d3ded5c47627330c114c475633a5aa1ddea83750de08b3281d2d2a51d4c

SHA512
681b7734cbf8efb9d71b7bb0f49474ebc26b0bd247c836507a956f6f903df8447cf1a8a2430c760b9126c66efb5c78d2a331a3e209ab3d5429abf3958c964a07

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c007d6713ff2996204de019e945df9d

SHA1
f969b6c063d66b411bc19225451d7be3100a01b0

SHA256
9fe5a39c6c99aba55a8c701657025f9ddf32963560ad291d38d49bfb1dfbf5c7

SHA512
0676d1d7ef0acf07789a41fc949273161ab4411299aa7e58f31632f1930aba501ed4afdfd6a9604841e9be0104a481fc63ac79dc0b56d2399c1c6c7096368bb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59a1608312a4753d3df3e730aea37ee6

SHA1
e6efc535905a94164bbdc58e5f771690f3ea9227

SHA256
1aa1baf66d854338229bd38c70b1e37281a157b4c90d29b56e0dd7494b082e6c

SHA512
5a0aeb76c5a13ae3ec6bcee1cf8089b707495ffe13769951033a431600475f04776eaca8976a8982d772f05d4db6e3e94ee317d42e398023af2190ee89e61108

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bfe36879ea07b9ec1926c84e245e88c9

SHA1
b1a44f62d283d82d2b57da1cfd270af40dc8df49

SHA256
3a5511fca92191d8c3466914c45a75f7a8f0fb4f67352d84766c26baba2e4d90

SHA512
11d1a3419060829457e64d294ba28abe9a544c0354e62e176829f41ae27853f54826339d123fb0824ead3dd29bd0124a9d3280b1f6e21a05fe6de71a198b03cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22eed0420b339c24b5d9f1ac65d16939

SHA1
1905272054ab7703078ca5080ba3dd45242fd0f5

SHA256
81949561f6662007650ab55c2b3dc6386a2a1a95db8b7a243d3b1e6d038e69b7

SHA512
7db34e15587b51942cae895f55dd48c233a64402a84d7c4308f52f6e86fab9215dd72441fe8541981a744cf3d203d1b291e129c3757c4c241f30be9333643bd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c0c4fe5abf60afad9ff04bd8cbf1a19

SHA1
532eea796f4c7616a89aae59d80b76cc45534296

SHA256
3053e76561b776f23eb3b2ca573c49c91a72d5a54e8968c931097efe8c492f7a

SHA512
28ae97890539dc68e562c40eccdca495bdc4bfd04abb4de88c806f57212f49c15d39c4580adac34cf547b69600cc5a07be66111091c42a7ae02af85b4b27ddb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da2017c8176d56cbc7d98fe53b386d41

SHA1
3d5e2bd4e54a81c991485762aad81edc12368bc9

SHA256
fb16a91633eb8e775b9fb47575e2b58bc1cdc189a73773bc0cfac26df785c839

SHA512
75d6b8ae586bc23298941bc4574db5ab8814c9024ab48dde263496a2dd983f690215bb51ed84b40199b66989228393a5c2854f4cd3555bf21e1fcc06f8643a23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7301a6e61ad2c7c5e6330235746b6df5

SHA1
cda49164a2c4b64c7fa8f77442fe59b251bf346a

SHA256
399be0c332130a3f762baffd61fba357319fc851548214de23a44a509128b661

SHA512
d3de227266f8e24fd62f9cac1ba61a65e2c34c8056b4e0ef576e41a7f522c873907ca9a408001d1a3b429ca8f036ba3f7785f8ce9680f0659b4a89de3c73bff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9DD8.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9E48.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit