fa6d0ea97417012b2e7bdaf620475a0cb409114cbecaf552da6e6573c4ca6a3e

Analysis

max time kernel
140s
max time network
141s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4088684cef2e32f1d478c1381b6cfb12_JaffaCakes118.html
Size

11KB
MD5

4088684cef2e32f1d478c1381b6cfb12
SHA1

237eec184a69489ef4928555f4bc638152bf1e0b
SHA256

fa6d0ea97417012b2e7bdaf620475a0cb409114cbecaf552da6e6573c4ca6a3e
SHA512

e85e873853f9e67f40c77149be4117a3e9364b28a9a740ab29b1b231e35183dfb78f28f981a870c53edf6d6ad74a6164003f527fb45dc5eed617bd65330318ad
SSDEEP

96:SI7wIJa/E1Ujw10WaNdUoyE1IaLka2T0Z6fdrJGHRfDcccccYXuTshSneOd4PyBL:SI7o/E1gw1ah78SHhT1AgGEYP7p

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7A5A9881-8974-11EF-B9F2-E62D5E492327} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000009d148a401e006a72d319ac5c25d0ccf6204f302dbafdaabda65f0f94157a1fb9000000000e8000000002000020000000029b484ae43659c3862df51e94b5edffbd5ffce6f61c49ca6f090f52c08e2ae620000000942685d2fab79a0019379f6d2a9c512e7e4aec8cc1f49a8c5237c3a68dda1cf940000000e19f9c0cc37bb3bfe93200b27a400d7750d225ea53621bcb48dd2f20e0596263accd71785142e351430c20abf309e2a1ca48ce6fa0e59f7d9b7f74fb97d24d2b	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000fe16c81d5c2575c78158db2f4dd57fbbda5cc694dfe1546d167ac007abbfc9e4000000000e800000000200002000000066373202cab535b37f826c72c99f92c12cddc8316783702e939bcaac103a161b9000000087e2b1daefae3b0f5b75329ca8bcf33538e388674cb7685c9dd2191b49226b0a382b4b12eee528d85855ab35fd50213caf0c21c0d7d6d47d4ee121440eb2545ec849d77c3713a006b3de3401a5c8a794904e89b2da6aa129b52f3371cee9cec21321f9937bb097cb97d7d4923ab26966236e5273df3fa2dbac04cfa803d6b98ecf7bd0ad9942de1a00b39d996207182e400000007c273493188bba4803d13b139b3c0a6d1a05f4d75ea2abfadd7bf9001aea40459292c6739a9fc90d3d860dbcfb7f96bf29ffb40f35c553242a31c5903a73779b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30d0e250811ddb01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434993750"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
860	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
860	iexplore.exe
860	iexplore.exe
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE
2428	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 2428	860	iexplore.exe	30
PID 860 wrote to memory of 2428	860	iexplore.exe	30
PID 860 wrote to memory of 2428	860	iexplore.exe	30
PID 860 wrote to memory of 2428	860	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4088684cef2e32f1d478c1381b6cfb12_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:860
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:860 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
276e6fabb134ad49d27593baf1d9fb32

SHA1
88921b0cdebd9d1cef4407ece9cb39773398389b

SHA256
cfdb413f5485a29624beb98ca5ac583aaf9b2d9807803b7faed4f47963f746b9

SHA512
788c7403ed4d7a3d723c4d308d8c9f9e9c8ebb385da88d7f11c4145a27712bed602ccf15c73cd9d9c0fc2db09db16c85d12e9976b5f9b68080cddef2d3d742fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19546409b5d9aa6454cfe4fc20e0ca23

SHA1
0aa029fa856cfaa094a4b9fea25f2cf4cbbe64a4

SHA256
4b284e1435c9cc7f0a7a65048dd53a40d4ff6f22632488402f83fcd338ae89ec

SHA512
8022b77655df5d5294df99a9aa6c6c67737218004b9a476e35780598fe5b77ba6bf71161039a3b525a25c4f2221f346d2c318ae26eda740891c1952cfb258a9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
836ecc8cc954d2e7cefcf30dbd053174

SHA1
b5ca4d4a6d5e91afe1f29be2394e6684bc2f22ac

SHA256
30357009363c8ddf85ce6b41ecc52c83e68fc95f1865a35f2675e6b1ebdfad2a

SHA512
2d1e0915de9f97367ccc90c92d6e872509933365e3e54f642776e592044dff256183ffe3eecfd01208a528fe5feec9afb09cbe908183e71ac693e22597876d02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf5886ed9b0ed22b36da5b5571367850

SHA1
af4b1c9bd8f437f6317bad65e5abcfd41f1e4103

SHA256
c59cd0eb469d764adf87c180576efe126b54959dfd9f776a497ac513066b8973

SHA512
f66dc916cad0c89e8b1b8e00852b6ec0004a853f106e4f9ddd1ced5a8d7db0d9fc6361340288469be9033d8528e57350129fdffc58dfcf905a8c2749e01ded94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c33cfc62ad018b94f363493e72a34d04

SHA1
c7f1af2ae0a48b9926ae684e9ce271d2485014fc

SHA256
99bc154ed6f4b7c1a7103bbc4adaca8eed61d199e69d498e5066f319fddd65e9

SHA512
e4a469274554f401c3c09e30320b763703f0fa0fbaaec0c3e970f3322b7e2e64f9d751c7973eae3cc34f05436e4635426b6e8cada734c190988e8469107fef45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76a63c5e54a67f2a744ecbe5dd28f468

SHA1
4642ea4d2316a4cc20053cf62480f062f1694c22

SHA256
f71e1ff76ebc16e736282b364f292051b6c281e3418c7901989e2a5e4f8ee4ff

SHA512
f16a18cc92be4ee1dc2ccc600cad99647e81cf094f0822ae61aa574efb50a26073bb16f565535675e595e5a7a4af2f6c28a93db1c2c4f9bc5b7b5ba257ad8321

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59d940490ea27604997ad330c18061e3

SHA1
55af4b4a72f42d9c37108b83e291c0550055c52d

SHA256
17524b1601640bda35affe5dc417136ce5bfee2d91b7c9c6ec44924b9b85e5b7

SHA512
6e3c9b5dfb260ee71b40e10738b5587d11b55804da079483bc8d9d27ee7972b450c8b6e90861c57ef950edc46695d65d0bcb50b5cdb09570c666ca56b73a5e32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d375357408041fc460707da1b676839

SHA1
de86034d31827713a417cfb666b5383d008d827e

SHA256
3fa48d4db7c86c828b1925dc0660596681e3b7e94ddf4bf7d91234f363ecd144

SHA512
4ddab71f34965fb4cb28d585de61578d19cbec2f84d2606fe566b7602ed88f3c2a7bdaacdd94aae401da215fb8ca74d7437fc8c24cbcb86e74c17e9e43b9ac11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd79c53a1cede6b59b0017709e5aca67

SHA1
e9c2609426cc94fb2cc199ea4fda44c2ecef3ec2

SHA256
183de31da84d812c6b6d5368b039e59873f822f94263f5e4186bb0465102bc22

SHA512
78e13cc10db191f4870a666be02c679747b5332770934458d6e792711f53b0df0ece64f25adad4625b99a7b3b724e657202728d70adaf4e47f571dffa873fdc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58359d0f215fe80d46ed59767e32773f

SHA1
8350f075e025a5c6e88522681817bc74ee40de23

SHA256
abd6e66931358ae8c44ce57ca19cbe784f214fd4bb558fc6aad44942a46c177c

SHA512
3024ca5f1a739022bda1efcae377dc87fe742eee1777f30bb4efef22738642a48a914e95ac3535694218e965c29492f23a4f344ef39e3a6e4e0bdeb195db683f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06698d8bbc798d611062d44345c26663

SHA1
cea60ccebeb57112d2eef6c1278a5250b3166963

SHA256
9a6d2806ad94fdadeea79e76acb1aae659ae5fb76af8ba8f50b27275b7dfcca8

SHA512
e394c78eb7142bf6d8886391bfa942891b8f4a3827c29c8c7c907f1df02f3daad2b0840a3c0ac8acf5dedc9d4519dab9a10988782db55ef030a07ac3e43de50e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb24763125941fe2a4ce31421a28a4b2

SHA1
168d516a7b89794f35a34770fcf80dd87043fd7f

SHA256
886dbfa7c58529efbf2675300a1beb952dcf2896c4fdf119cf13a86e25be08bd

SHA512
9b74bfb36e299ed2ed8ce566d08ad405230be5d3b2c304f3b9429f3255bc552d2c05878562be8b5cbd676add55ed60fee70f054493a2b6bd61c43d9402265029

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3e700a7492b46313116158100143edd

SHA1
700367387fb04c51e59aeba399883322e675ed1f

SHA256
d0c331152844b987a4e898cfc79e231d71c2ed0ca26f0e6d427e1e33d65bf2a2

SHA512
3212448811e73041136d0e5ad809b944dd35f27f14d51fd53d7a9bf5ca15de1b8d20c167625a79e014543690465adb621dea90b835a6e773c16f769cf8485e0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0544f8879d6907330f0ceaabf0a8e3a0

SHA1
179aca84cf2b9e02c48c017ebf2ef0cc08e4e38b

SHA256
5217d4e5ff5a12c0123754dbf82605c9437e03020d2c14d9d5d1e60b672dcc67

SHA512
26d75e8d17e2a096809ca79a997558916997c0915b00c56641562ac3c37954b0d0ca242374d1dae3819b69744c8f052190af8d052a8e59cadd83c0503cf08517

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b57ada3d92228e4e48edaa77d4f417a3

SHA1
3100948c08117324bba9407831f4895ebecda886

SHA256
e5a0f95894a1e393677f2e39a1841ee7d09e311c71bb8fcd99e93bcbbadd4a06

SHA512
8bc051ddd8b8ca6dc210c75b031071c7a14971bf57e18045f581dda2bfab6e8cba264295f5bcafbb75eebbaf81fd97d00ae8bb97e3b1cb0748398bf37e950e87

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e40d2c59a24594a566169ec25389747b

SHA1
b2140cbcaadc5510f696a0bf985535939f20baa2

SHA256
dd1f24ec43a159a903b3a9edb56dd95daf055a7448e1daecd8c1bd9b55579194

SHA512
f481606657ab54e98588e36e197a2793d50ea057f722569a1a05c5a8277da33f27ae39c6ce2e6bc009513a48849fa0738dfe35ca086570ece82bab33d430b0ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB59C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB5FD.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit