77c2a24d34711900fba23a04dd085dacae9b58611897c9178a8637934372e02d

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/10/2024, 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b0d26f9b022c73fe36bd0807e27c51f_JaffaCakes118.html
Size

10KB
MD5

3b0d26f9b022c73fe36bd0807e27c51f
SHA1

273b6a574d2d7df50aacbdac19faaa361817904a
SHA256

77c2a24d34711900fba23a04dd085dacae9b58611897c9178a8637934372e02d
SHA512

6d273df86fa93e659c447b4cd84569e390f57cfaf00a478f6633c6a62718e992baae7791265892484e8e4f1bba13c0e4ebf6ef81a0c4ae0500d3bb853ae64dd6
SSDEEP

96:uzVs+ux72edLLY1k9o84d12ef7CSTU9GT/k8GsHXp6wWbUujrlVHcEZ7ru7f:csz72edAYS/Uj+1yUuvPHb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000023fcec7c21c9671b5ddd22bc274c5abb87877dfff21bc2913d301f0d84a3f280000000000e8000000002000020000000744e5835aa4c325b2c1f84384bd8c423d48e047c49c30ffadc33eaf4111cbf9720000000eab35fdf69b0ad9ef890012f533a2087fe7083f944f4b7603d03a72413115f3840000000144fe9239b70b870b393a26a3705ac3db7006bfff2635afac35a7f85e9ab02ebdbc06101e63db9bd967abf8127b6d45034a6856d622818dc078ab14788891ddd	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434913175"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DFDAF721-88B8-11EF-BA23-C60424AAF5E1} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e05563b6c51cdb01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea22000000000200000000001066000000010000200000007dea8a1711fc57ce6c54c6b1f512aadb472ba731d70ed62d68a645259ae2ddc9000000000e80000000020000200000000157bcfa060103d432f7d391ba72bb79a06a03474fd2029bf9f8428cdbdeb2c89000000097fa5d323f3217c5310fb487ac43ddc60b8c54755ef5e9c830fc385c9b55ab864da2218d84a547d40161a1caa5bb864aeb0a45cf7a9ae53f3f67a701014b0dfb6099d21e5c14c2c55d579e22b0b0a0e4dbfd63f5d3b9f98a5124938015cbc41c78e0930ef8a728c08f3946a2aa3c2d66757527e6b87acf311e46cd50e739c53c6c0071a9ed37d39bf62f981a5b6655cf400000007e1e9ba2c82dc66ba627eab3c18599fc4090b04311d52970825e72e37ed783f424bbd99d379bcbda7bf1651d7d53c3d5b0151ec03be5d1daababf16c8afee5d7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1956	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1956	iexplore.exe
1956	iexplore.exe
1936	IEXPLORE.EXE
1936	IEXPLORE.EXE
1936	IEXPLORE.EXE
1936	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 1936	1956	iexplore.exe	30
PID 1956 wrote to memory of 1936	1956	iexplore.exe	30
PID 1956 wrote to memory of 1936	1956	iexplore.exe	30
PID 1956 wrote to memory of 1936	1956	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3b0d26f9b022c73fe36bd0807e27c51f_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08094ef730de4f7c0b862340bcc490d9

SHA1
fa4276b6795772ff29b9aea3c08a9778e07f9a74

SHA256
b24e36de72024887aac6d32d889c7c5e5d997fbe1755247bb322043a9ffb4a03

SHA512
a311856790d0ea2913e222097f71bc0f1525a9c604d73cc41e85951b58c986d00663f86a606557a7089dad80cc360be83df572b176e3b66804f5b5aca290f882

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ec062fba8e7175d6711bbd002723e68

SHA1
f81eec8125ae9e244cd1e9791c65b1fc5a936dfd

SHA256
f12cb3815d13d7029185e3c7c0ddaafadbb08b3f174779a249d9de2c0b3ea953

SHA512
0ef9ba4bc8fdec67f953c4b3f8f036bd761a3fb21c77cf196107f0b324d742d0ad19e219fe74a02effa2ab4e24e0df76e394eb75cfb017b95d0dd04dca032fad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7f6e546b885b50bcd190c8138864b059

SHA1
c1e0975ccfb1a8e9c432e628ce9ee79434893d4a

SHA256
49e68ddd1f2b05a0b2faa5b4c416b6f20318b303403aedda4ca94124f1f994ce

SHA512
1c77f9ec9c7ee37681b921c83be19336b8d61301dbdb3b400e9fb3ccd6064da27b4f7bed4c2edb6f50daec185de8fa3113a834c37706050d013dd827b238f49b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebb4a6d59cad65bfb9a24e1a3b51c59b

SHA1
5c90f802a54a69eed9d3cefa5abaacea371394c5

SHA256
755257b8786b63318c2f87d1e8fce5721a11dace473e8c9220a119dd0c45fa8e

SHA512
312be17c171cccd285606827bc2e71c485ff2ea3f6ce90d7c3c148f08c93d275bb017df771726b675285cf22e48970f9f4fd687a4b91ef88ba0443fb0aae343a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03f9587efe9b9c2bcaa12b0f92060212

SHA1
bdb8f717186cf14f027e208f3b911390dde7b164

SHA256
1052ef57c0cfd954e1bfd6ebbfce4905ae21742d2639aff73cb9bdc4aa4e7936

SHA512
0b548ee867d70f94aa5c214f8757349e2e9157860e131d748afe785c60875ec4fb2ea68eb6db00b6bdb30439dbbbaf4eb75392ca5a5562b466bd06b04fdb6b4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c078dd8e4d8d5a203f4584c544c81fd

SHA1
349075fb60024be1d74621ab725bc82f0e828b2c

SHA256
3231001662642c5d8794d9bdfe69e1bf5b0786135cc23b3c861d8b6cf024ecc2

SHA512
b003cee9365d197f0fa44859b6af4fd887095574e77b5a35ad842ffca6ffe3e6b7c3290408c43054e30c2fea8102b5868baacdbc2779635228487e20a41137fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eebc12516288c2e726c7cb1528229611

SHA1
bde9e8b1c2a67d9e252f2da4f22c55e2ecd4d647

SHA256
92ae20876686db898ef55068dc4054ffed011e18bbae900a7de726b9ab8d39f9

SHA512
88121e2e3b680feb6d4595a3c4514ceb501e2f6c7430d323a9fb490b90878ca3a0974c053fc6ec1ed9aeac5f75bb900b5abbb426fa07e8961b03b5dfb7749b9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
390a0e49579813e7f7017f662df44ddd

SHA1
8abbfe97686c643cc516df90af9691360266e680

SHA256
2c7cfdc88dbcd5b91248678db79c30eb6134ad5844d020988ffe42c8d3374373

SHA512
2904dfd7b08698fa6c34135e195cccecdc0c44f8955cb385e2756f73e57eae00e13b60b57f37ca08383021ff715a4e8659a7ccc069558bdcc0727189d81798ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5a29985d133c838a186df2aa4e48e06

SHA1
dd38b54f9fae1d562f432384fb2ae71bfa980dfb

SHA256
0a6cdf13bc55209baf45ff788e115214f989b3c53145d7db166183cf0827c654

SHA512
6dfaa71e525b5bac001c0611fdabc8cd4e7841fb361829125d54e074a899294c664809f9dbb2a567e3e563e8a77a46a44697cd771c32a4b1729c87491f6e083d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba63aa85b9f94d498c9745ffd5849a80

SHA1
98a24933c7c73adbf0ffbe19fb806531aa04427c

SHA256
6528461995561fc724bb45b914f0f7443b69df006fbae530d2bcf6de34ad0352

SHA512
45a74ca98d5a6f61824a276228ead998624e124491952a230081f9cfa6160a99d31b47117af303a7e1b37328fc5624a1d2047ca525c59f5cc36a1e3c836c1322

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05d448c64e41816bed78faf42f4992d1

SHA1
3cd835474bbb99af5a6c13ff3854049bd0f39f0f

SHA256
a07b21ae1babae0829d3f5f73b16707c9fbc01ee96a41e090ccca94620a609ea

SHA512
a8534b89ff8b3e55bbb5ca9c0169c6e3d8eaf8188ac8ee3d7a9406c5789041969d446c7ae44ac619aef02bd707010757e1bd91fd7b371015e55daef6c5fb8b86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5c2b89b522eb40bf56aba503faeee0ff

SHA1
eb1b8da3d0a4365f2cde43f58246b82df72fc707

SHA256
ddcee313ccc937bb6056fd17b8940cf7f57d9bf8d11c56527852a2705d696720

SHA512
2259ec2e34254b7667b915f7a7852ec531860b0d26bccde5ab6ed505d3727b5274641546a7fd1b16a19ab550a85392bbe3c44c221d937b60c322757dbed01a21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
788ceaba9147d23920b65587bb5e8c32

SHA1
6da21dd6a01e39fd7ea67f8c42b636d03f70e9bd

SHA256
9195296fa5f7ac9b1b62dda8e345a21d3b9c68a04aa44a452019b2ea14982286

SHA512
4bbe281420172c11f3d0212b9d3dcdd514a0459bb3c5cafde210faac3261d57b68857f4bcc6afa76abf81538c4a35f894ea78105e1a936c25ba4e1376155b1b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9ab06446dbdf090ea53131963d0f2dd

SHA1
41ea91d08f446cb66375fc78972fbdcc53e842ca

SHA256
cdb14c5812016c35ee9d5bcd22c053883da43a0865f25674ca2987adc795dd5e

SHA512
971fca07c2336046b4415a31e90a80822e1622d9427481263580551bf622d606fcdf137c18759add4a0ce7b4e0f2e3336bfe5d8645dae3101209c2bf834095d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ff06607e8d66ac0f1659ce6d9347780

SHA1
bb2640ca0d9dd1a1f84273ee8cd8737422954658

SHA256
8b23b934250ed570efecbf5328b5d4cdc9f80559d4bbb55a1d867cdd1406f694

SHA512
75b3ee6bc83916b2b6c3cf73ff62bce3bb68859e1f5a0a4394575e0604162854a1c5e046b8d2c570ffe02b9f2dc2a6c7f33871a813a46fbdc83098b7e2732bc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC92C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC9BB.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit