de8053f9597b042a10706788072f80b2e7cb76b7adf110704d1545741608e723

Analysis

max time kernel
144s
max time network
146s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43e5a69ea358c2ede2d8d3de57c6e27c_JaffaCakes118.html
Size

49KB
MD5

43e5a69ea358c2ede2d8d3de57c6e27c
SHA1

73e0986594f7d79da220fb37bf864a441eade193
SHA256

de8053f9597b042a10706788072f80b2e7cb76b7adf110704d1545741608e723
SHA512

a2b1e12033beffc8edaf966211dbeef5ae57abdea5aab8cb61a36f9e7d6994fb22e5d7b77af271ae9ff2f0756cb04d31b28ce4c92cb3fc4d1bef453beda57264
SSDEEP

1536:OVxzguvg7a64IgppL/2oOgQdb3hZOguTsL:mxznvg7oppT2oOgQdb3hZOguTsL

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435097217"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000039610b225bbc384684cfdd969c7493830000000002000000000010660000000100002000000013dc787e54549740e65f76242cfacb81be7e13ecf7027e1177bc3203039b0457000000000e800000000200002000000044f6a8799e45042bc3a5abbb97bbd320a36c980a070b6afeec429160756c892490000000a64673686b0825f347ade1e28db8445a03e10267bf07759c6d6d47a81215467c4558a2202995ebb1e7c190bbb22bd09f2689f746c421d2fc131b18fff03d778cd170b06ed2452ea8070b2aa9ded8af1bcc5c8c660b39715d8cb54759e4ed58dc74752ce1c333407c8eebc8423a9e59a8326a55cc9cd0afe673a6b862e03fe8c633a6d89c07b4824ba0de328d1873e93640000000c189ab624f539ecd10751e350958f0cc97ec67d4d6ac831d06a2c600b507408ee0bd358d43ca5e69a2040e41cc1f2f6657ab9b6e426c9aeaa2cd42ae9e1a8346	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000039610b225bbc384684cfdd969c749383000000000200000000001066000000010000200000000d955d32109ecd7f5d8f0720a6a4ea822d95a9ffd6ea75e3de2cbc469ded33c8000000000e80000000020000200000009efc1527ccee441a33ba180bd027d71322f128a41e3597c7b9c2df06921e7c1020000000b7c057f7494d18e38a4264ddd0b4b05efcdbbc957bb4a2be0265d84e181187644000000036e56b4ea24b2155efbd1551ad4218bb7132822159f1d7e7c8ea556ec0e6723c3e0ca201277216fbdd80528ae9a8353b590eec1c272a3f3dfd61745a0fe02cfb	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02a5540721edb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{60411271-8A65-11EF-BD1D-D238DC34531D} = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2876	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2876	iexplore.exe
2876	iexplore.exe
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE
2900	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2900	2876	iexplore.exe	30
PID 2876 wrote to memory of 2900	2876	iexplore.exe	30
PID 2876 wrote to memory of 2900	2876	iexplore.exe	30
PID 2876 wrote to memory of 2900	2876	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\43e5a69ea358c2ede2d8d3de57c6e27c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2efe22d3b53a03e4bc31ded8a67c57cb

SHA1
206734418ac5fa21afe83822b327d71a94d34d6b

SHA256
659e2a42291a1e98d97b32ebb7eb45b88ce6f2cf1c4d483942478de142ec59ac

SHA512
4b03bb982597e155dc12fb806a68b01bef8e7faaee7fcdd80ba84984a513a0e0848f857223f2eb5539caf63cefdd3f03158d7671e448d2b4dba868a6116b6f9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4f9bbac3720022e97fe97017dc110d8

SHA1
bafb6ac79ab2cce8f62d543ef786ce570f482428

SHA256
a93b5a1c0231bb23a84a49de5e318ab589ad0f2479c968baadfe2452ec418a0b

SHA512
67d62f960b6ddc24f836b80eb0751e85843f2718eab87bbf9d57aa6b14c1f8effcef3910311e82dfa1dc78901bbc22ac83caf02868237355596e140d0e8bf237

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddb80b998a29dbce1adf270df86ba282

SHA1
7a6ebad2d706ecce97638a300e079cbc2b515737

SHA256
911ae72c4a09ba2ee36112c235b940c687c8ebd791386cfcadc36d802c463c87

SHA512
902cdecc8791709de03458f38c7579b426b9df10ece7e97f22a14a97f0f6711162b9b1c6a2517061e1c30a1888b3bcc9390841039dfe4b9def438f1ce17a440e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d27123a8c2cc7d1d3716068b16721292

SHA1
1b5c553f8ac7bd9a56a1c056203162ea5cf701d0

SHA256
0b67208710d4f45cfa46f410434a4ca71b96f0cb92999efdc6110827f1366ce5

SHA512
71772918a9430d539be048b84297f30d3c236d24a1660d7bf06a01561f79be86b449048920d341049678490e52a6fb7be22bb1fb9f823c7efb17b0ce835484d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7d2806cabded75fb2a5d970b389e2dc

SHA1
6ab22fb0dcb84857d9f4ca3cafb1ec046ec7a0bd

SHA256
210875d00f66c548f86d058f2e87c4c96b7dc235c61603f63b559a05aa71550a

SHA512
1134fd0375564d76c4e22062a24b6832ccfb67e30888d2ef2ffe5ac9fed737f3c5265730937fc07c7c8e2b223fa47d9517f7e30fc88eb160f3570f51de3471c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
086d2653dfe9f812b7f7b7e72fe2dc8e

SHA1
b60384309495c5faaabfb10959b8191a269bd01d

SHA256
69cdb5e666a8143b70d44930dc488f2a29fc806ecc2c553f52fcab5f8112a694

SHA512
919d1382349ec295050bd967453bb76e0daa208ab73ce414889cd80c6bfa3f802c10455610dd295e54d97078027305591a6db80c7234686f8226e57755b64034

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17e233e7cba08f37bb7559d8a54d21a9

SHA1
513171950ccf4d9650550bc934a7bff692abd89f

SHA256
ab33cdf98ccf22903f17ea87b213e9efdf90ca67b39fca671d49eac55c75c177

SHA512
440ee6b89436f18eba395bf37f64204116ed495146601292401023c3940d2c184a842317d8cb1358744cc6e799dbac960078b894e569a0bf9a45acd8afccbdfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f218ee2f481ac97e1e0dba0dec691544

SHA1
bb4fe029786cf3e6130b53f613090b2886aba8c7

SHA256
8b907e72ba6bba310455f1799702265b100b5c6d0a57b52abd526a40b5120e17

SHA512
15d1523a537c3ec9ab44c5663d4faab4f5357374ef4f8ac7b36bc6ad18eefd8c66d46c6c92c5d62dd74ad8ae6f4385cf521d2489fa3270c7667e2b0aa4ea9ad0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36019955fd33ebcd5ad402988c3f29bc

SHA1
c7e873141d703f4957e56852813b65669415a4d4

SHA256
bb5c9e90c61fd87bede90e4a3411d876a84d759f91f05db6b4f9b5cf429f09e7

SHA512
98a094e9f58ccdd46b736040bbe0a27e01f97497276fb0a6336c93a9c5d969c9678229f66aad4fa27acdcb6847d31fcb9ce5735769b49f1f8b97272f464df64a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ce5eb1738c87ec86e6dee7a6d21c78c7

SHA1
fa747c8e3e28c084498f09842744e75ea42b8039

SHA256
d7ec395398185375e3f1e4195059b544683cde62916ed44b76db34c150431024

SHA512
d76d7f0ff72d94f3c53ae243fbf269776f4e6f0c3d7397a0bd6b72139a5d8d7d8a8332a188ba0a093f6697a466a4dadf34a7e8ea2678baf271b5494fa8de0163

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dba6bbc15f336b4a485c0721c9d8aca9

SHA1
9b56f8fdb776345a3a407c1572b32579b9fd8817

SHA256
f9d63fb35e7bb507d22330cd04a8ff32f1458722a38bda779f4e97355ae3d14a

SHA512
6e7af4afbcc5e31ffcb4caca95e7fac167e6e1351bdca01becbec539ab880d0f4d6f72d2af015501dd509562c9ef62ab1c24f80a4653b41dddcb4a1eda0bc954

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
edc7d17e0049c74c5e309caf0be9ebf0

SHA1
6ec3cbe14a4e84310dc7348169b1fab12571c28f

SHA256
2eb2e90ab2c96ac1d4c6437ac39c5100091f0635bcb8eff7af0acc6278db4ebb

SHA512
c9701abf60ef20907fe2e0c836b166eb605668132cc956afaf2996c06442c6d85bec6287b9c760403f75b88e2eb3a3c5b3916e795b76ad9590932bbf89e6e0e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f38e288372255ca49628a7ac473b8903

SHA1
f8391aa57728a0c3060ce530db77ff9b33f929b0

SHA256
30a6da63fe996c104ebbb9dff29454df302d68da74b4eaf9056960c804ce99fa

SHA512
67557f6b8278fc71732b741411ff1c662ca822dfaed34cd366208295597a7d3883197be2104ab927249d42f7c094644337cb89bbee6fb841075ea392bdaae9e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
789dbf155c8c73479bfd80670b721e74

SHA1
77dc9b6fd4318624401c7a4f7187110680390e45

SHA256
8f24f10647c23034754f2a479321905479202fa90ba2fb763270a1fadb62f4f4

SHA512
55abff4fab2b5f25fc1bc97b2bef3fe45cc090f41deb5751e9613bb39981b95c073e23e07f1a29eb7def996468d705ee5547fe9fa4fba98d0ce54e6168929f4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9C41.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9C54.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit