1cd11ae9c6b5424cd1596ae4b7f2a946e8cc2ca9fa19c0d45fc6c4bd70dd2e17

Analysis

max time kernel
135s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40f1c0e4008e6ae6140a8f68f270fd66_JaffaCakes118.html
Size

7KB
MD5

40f1c0e4008e6ae6140a8f68f270fd66
SHA1

6d8353a9c793bbdaabec5989c52272ddc83b0760
SHA256

1cd11ae9c6b5424cd1596ae4b7f2a946e8cc2ca9fa19c0d45fc6c4bd70dd2e17
SHA512

a01dae9d3fcb10b733054e5a8d128951e2e13a193c04a9a55247e555a609aa951e8f3daf8f1fc118b25ec12f0e1fe0c4bbabce74b0f8b1f6913ce51f9516891f
SSDEEP

192:Fj6zdwQx34DhA7n0nu5nonM3+nYWoiAURXHj7hc7jHhSjLlj+jlxjtvs:/Qx3v7n0nu5nonM373i3RT7hgHh2Ld6m

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{061D1611-8982-11EF-86F5-E699F793024F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000675f31e4f8e77742627ab5ac36f1e1352c402ecff5e960fb43cf83d24b1e3c99000000000e8000000002000020000000c95717223b8c2bded9666187e92d83217491facfe48eeb3127117fc64b1f2822200000006aa6782f1549fe4cda3821c2090e5110a7ddad560dc0a51cf7ecad541c54123e400000005a8e46da61e9566d9e41a13a49657be0ac34f39829d1b910f1e98fd98570b092ed045f2cac13a778cf3f3a6af94d436db7729c5c2a5558a48eebe0ad836a3fd7	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f05804de8e1ddb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434999570"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000343f9cfb733ba219454c93f9a129e4aebc4d7e15b62c26fe5be5e03a62da151e000000000e800000000200002000000013bb34f6185b36578c7af1440edb9af2bdbb4f72a2e0b2f55a9221f6c43d0c38900000000bd4d5e4849f0a23d95b686a5604d778d234119fe4e168ade21128e4e0d8da58d0aad3ecd5251fd7cef60e5762a9c977b65aca8ec180405df44d396b7e299e49c5c7ac1678eea14011985fd8d72af6770c69637d9cd98e322ba912837fd9c171c8bf0bf5260af5f357eb56754e4254b4140b2ecc9abbb027f695c837f1c94d46ba0149ca0c2e6c4dedbc12ef765021ca400000007e937407a7fdba6af1ac90475583ae5bb0f6739a4bf202c374a676dc96df197b359a7ce2af0f1d194c7e90d09d10e1b7040ea0e21be2c697d9a0740d44b7bab8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2228	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2228	iexplore.exe
2228	iexplore.exe
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE
2552	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2552	2228	iexplore.exe	29
PID 2228 wrote to memory of 2552	2228	iexplore.exe	29
PID 2228 wrote to memory of 2552	2228	iexplore.exe	29
PID 2228 wrote to memory of 2552	2228	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\40f1c0e4008e6ae6140a8f68f270fd66_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2228 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c1832174fbf348b245468f6ef99764b8

SHA1
8763528902ca9d03b201658acfb6c862637d852b

SHA256
203736a0743e000dc26c336ab9bdf90ab035fe96f33701b255891c6b882ce978

SHA512
4185f732e93aa1618c980f149eef9d8417249970003ad61e8ea45da3228c79feacb74be8c5f4215c5d3f28ad1e1325f9ef0e341e9cf464b52bb5727ad68e7b5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a92058d4f03a75ce3c9b2f1f9be1b770

SHA1
1997f849f93d4b4306c58593952cfd563b142c1c

SHA256
5327af1cda2ffd81746ed953ccfdc044f4dfe8a8ada5743fbb4765e9b84bfbcc

SHA512
72e92da3c8043705b0ab3c206353f19489cf854a6772c5f7a642fa63bb04dd603972a01b9ab48f3224b67ec238779de1659ad4f43ad5b6953c1271e56421e88d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47ae90bd71bfe8ea72370f07b74ea238

SHA1
419ecfa191df7ed73a1f3fdab2b453fc65ddd7dd

SHA256
2915385e87fe50e4de6064b1ad8f87477531cb8b51a584f839e50698ae487375

SHA512
d71cadfaa7f20e37f93e8f3883d2c3586e6a6dc398092ea7830240c407d136556a870093209c9d9a4889bb6f61b7bb7885de8d8686925071ced401d924229d44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
388f8b8f2fafeec9a709afd4be75d710

SHA1
852e8aca9ff3e62329d2caac6964e7585bcc7053

SHA256
2575486e400a9b407437c131ea4726a194759b3b5f0d3b8e08829e254cb046c6

SHA512
60a6f41d6741f2addcbc22f31b48d8a5cdc80b80aa9e39d5ca18bda4523f5a3f43891a888c410d6830d99a48041642fd13d2484a155eae6a6d75f2eafee2e236

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b1065998ffeb5514ddb5b5f4cebdd5d7

SHA1
3230d28391089ddf2d9a816fc4cb90d13afcc35f

SHA256
1174f6cd3ad65e9f1df9d3e525aa169a08505ab5532d80a5f38337d712377121

SHA512
ce27c4696020efb7972a8f9c922cbf5ec91a5a24ca19127215b7bc78f4a25a98607c40ef8c89288c3951fc2de9113e786145fc6a82728a86533fc0ce56b6fb10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de6fadcaee04b6c5407d35cdba80f268

SHA1
8e913aca9b64ed4671fcd19820b08267a61757c5

SHA256
e5ef633da3873f5598c8471579b3fcb4ef88d5c5da0258effa0bd302ee84f1bf

SHA512
82dc109a2f82eec85e37180521248cc6a57464d8b18b49214d2232b736bc8f1d43f6d526e9104efc2d23336e51f17af3cd705431fa16a78228d6a55997933c41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38927596d660c3ae3b7eb5c04a29af21

SHA1
5c10cfeae847923b6796d22b0b0cc66eb53658ba

SHA256
e38587454a70a5a90caf493aaac6e856bfb59065afcdf946f5ca2eb45cc4ea51

SHA512
252d5321f4c70cc8cea9cc22c3261767f96fd8fdca187c165f1f7c89ee7bc1bc5b8bfa74095f1cb35598bf2b9c89e762f408645441575500efaf0125c340cc11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
391fb8ce480b4586d462e6ea36ec5b90

SHA1
39bde72dcfc130ac226ee2ecfa460304af4ebaca

SHA256
fa5979f6511232cfdb5588223c33e087a0161c00b59a2b75f9130c84033de912

SHA512
441d5691d2c519f25c99245d94975dbb466693ce767a5cfa8b72ee560b64b680c83e8ce91a0b88803b97d6f98e4f3a77562148633ce80d97bf33cabff68f4aed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e4cb31207cb6aeb47435e3cd181107c

SHA1
208366e70a7c6b37662ca8b7ede706f96e4ae02e

SHA256
5d3e4cb336c707b737532e1061e207c04340bd297e545382515aa8985a4d5a76

SHA512
daa94bfb33501156a2435f6c3ac9710745926eb820a90dbb220f21999e6a5386a2d8d8291900b1f15a137c5e69a4bcfb860c72800ffcb47f52aab2b0661f6f4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bd69e1b36ca419f5218d4be18fa2c53

SHA1
4c5a3eb0086df523e1303986a9467bac06311287

SHA256
d571272524f06d2b70f096fd29a65ea8cdd5796ba4a44bc1828bba83fb6840c8

SHA512
d2edc9e9e6a52930027a0d30faf6814cc8ac237cafc039be9ad37d8ba2846d931ada3db2d3c9d9864231c257b3d591891d43e160e5e18cbea72273ac8ec43045

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04df6c72ece7e8fb85c42f44f28b6202

SHA1
3f22312bf32e6a141a54b52fd8866fa1eeb708fb

SHA256
22272c8e5685a6014016257eee63e20cd1542767866a94f1c521ace900c181ef

SHA512
3c75376037e472b0557ed06df6e5c2b72e3e6897c608f98fe293238902e821632dc013a50d1f2061d2d4d7c00fb9096d7887da05cd699487f08ff48df630baf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
782532a34de93010a90c5d785486b40b

SHA1
b814cadb24c82de8e51dde827c6e9296369741f9

SHA256
7271233861aa740171d948ca2cacb6cd594a4cb197aaa139bc2773b8b58d39f4

SHA512
048043a52b7965b38f6ec42a577397bf27a28abe9400edd78887bbfb88457c0fa8d13e6db15bb92166af2fc2cfb2c5e232eafe1871da49d008163f73f06f69f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdbbb9c9ffdc8bcd57441f32ccbb5a59

SHA1
2673f2edc1dfd6ab4a0544c8899f4db5deff4582

SHA256
191244525de4d0ffde94a73b864727a48974268d594754fabc7f2fbc80e9286e

SHA512
e742ae6af5c0ebe3045e1534dfece17f42a8c0d2a79d36a6c034a21bd43b4c8b5e1f76ab5282a78434edb8d032a017a5a637dd02be2ff3526373e98faf721a21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d64edeb8698638c97ada3e8ee9fbeae5

SHA1
6c97b3848af493a9c58c0eacd6dbc4f3f999481a

SHA256
6a81e07f0e6891fbdccc97c8ac2cdc579463ecf481c557d99bebe9fc5a42ffef

SHA512
6122a8433e38bd8fb65ffbe8f71eb66dd2b7ac57782899cf3ef003e783a772fc422732899f4e66e11adebc3e78d384fde7c39f5ae993b190e2e6cf8dcac95a6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e0afe8d6086bd4c653fa337c2b6ad92

SHA1
72b5c061800759ba6dcb22c0f44205624a91e86c

SHA256
e0bf4d4eb3fac988bed00ddd5b7d78f44817d8760c209c5a4f85f08b2586603d

SHA512
9d6f84cb4875b960597ef889ae17d502b909c08d011fc923fa7167ede5a07977542f8b79b1bc186ec236b2e42d4f5220d59e41bde4930447f5b883edc27fe24f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf4c75177d356820d8332bfb09f6f641

SHA1
8accf0557576e85b3a7a7bd9e8daacd7a02d7e4a

SHA256
99f4da2e36cc51310892c0a801110571fbe33aa399f23d841b64dd74e5009be4

SHA512
190f249aa8aa14106abeba402dcd32a224bd5203e25b07079be019becf45300a6fc6697574d85537753a38765b05efb4e49c2464f8960df5e1b7b1e830527d16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab211B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar217B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit