6aa88e9f3669e11205590df54f61a7af08192879d88c710c7b9edc8b0ec7f69c

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/10/2024, 20:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43f0b9146a9133cce9759c894762d65a_JaffaCakes118.html
Size

1KB
MD5

43f0b9146a9133cce9759c894762d65a
SHA1

e17a8167b71329d3425e2e1cd342305a13819f54
SHA256

6aa88e9f3669e11205590df54f61a7af08192879d88c710c7b9edc8b0ec7f69c
SHA512

af6486151c0c1a4c12560ed8d19e0d452a7bc95b2339a9f4756a160cc3a03d612b1ea8cc3410e948db97609707767a64a65bc1d493fd22a694d7a668fa6305b0

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EA3E5EA1-8A66-11EF-AD58-7ED3796B1EC0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f5420000000002000000000010660000000100002000000079fec526f13c2ce34cb0c5859493872f5a2ba5c6406182fcc41cd4447434c389000000000e8000000002000020000000d0b04403f21326f06c4735ee9792ca74113044c6687e59b400738fbe4f0a40af90000000e969d6b795c7addd6776b0d54b69947feba1e9735ed629e54ed7fd1194067158695845f6d728e63a18f3445ba94b7f42503879ec1381feaf706d6cd5ea8a6009565ca2b4ab2909db2a879de45e7bdd0e6532fa3b0ec317ae5ff2c42eade8497044dae70e54a055640475d8c83eb01f018456b413d3b087f08dc56ad5e7b2f4fa57ef046e328b7a6eea8d8f578f9a1c974000000014ba68847da519567190eca97610f88b5c2b954bf2a68b5070de6bd12e5f5f1eef7b62224d1d181d6603174c0a80ec54243ff6dcaf054493c3ac70ae8cbcc00b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000000ab88b56e0acdd4b690d5c3eccd4b8c7c3ad152263e7324cc2978a5b5d252ab3000000000e80000000020000200000000d815d71537fa8209a8bd14d40ddddb9ba0535d998c88c6222f6bc626511341f20000000aba1d823152c8fc84c27b0beeb46761de3af2e9b9a60019d3c5fd9429703484740000000726797742837b3ebe9686c9539dc34751b04d346f3c8223f11cd6224caf55afa40bbf58f0c472247222f65bcfab8a3200ce54a26feab144a8b0a02326795d940	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435097877"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0bf3fbf731edb01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2672	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2672	iexplore.exe
2672	iexplore.exe
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE
2808	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2808	2672	iexplore.exe	31
PID 2672 wrote to memory of 2808	2672	iexplore.exe	31
PID 2672 wrote to memory of 2808	2672	iexplore.exe	31
PID 2672 wrote to memory of 2808	2672	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\43f0b9146a9133cce9759c894762d65a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb262e2308ba4b0a55467b2fcefcf89a

SHA1
248137ac30fdb0b8cb09c5f365176ef3d4c9247e

SHA256
71f4483182beb421ccccc5d549b87699c13e001d522a9d1a1600a8ca86fbfabb

SHA512
67fb5a5585ee45ecdc7066e9969c638e76326948642d578dc07c39fc33d4b211238eb433acfef0aafd8f0a68e47acb8768a3dc6fc59594faa751f7c5f4d47b67

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
42b186cb9512df827f36c77ea2f0a435

SHA1
ff11e9e0abe2cd94bc7cf6ffc8c5a553d2ea685d

SHA256
19cead854d902c7b46dfdf539cb486e5b8dedd98e21c01dfd889e859910377db

SHA512
0b5d1dc7205b71921024e05c2f5c997d1d00da3d55182bb8cad871a819f94996b444f98002daf6f6b08eccc9b79d6e06d29b1a3e265760b5d6e8f481e68ae366

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
37337c471aaee07878fa71e05c11485d

SHA1
bba1abb3202b0aadcab5bc4875062b6d2944337d

SHA256
8bec2f5fa483c9d5f5f46c88fb45fe50706c5354f3b429e7a820a5788b6feaa2

SHA512
70ccc73edee1f65f0bb437a06360e21027b183ed3260f7ab6f3a20b99ff9fe79c6a24bd2e29c4642cedc050ddaf818546d20eec2e252772dbf8db79f0f1d732d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6959923210a43f8b65426c07e1ce5913

SHA1
5aa82e502380802352345e28174146fed8ff3b50

SHA256
e5c992e8abfe01e99ebb12c64014715ead3ae5a5656279f29bf14ee382e4584a

SHA512
cbe5b1105476471f892555afb76d8163cab59b4cf8234beaa412bfa4dae136e5682d246c2d9b9a0302c0d68cdbeeb251cd292ce9ada23a9bd373db91130c4738

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb14fbd249989d4dbcc9646ea9f4868b

SHA1
5ed4bce6581dc6b6e744df613468b17c38cb842f

SHA256
0fefb3c03203989d8f38fa80f8145ad1282234349f5e9a18b6d619590918544c

SHA512
b6db722aaf7d2994ac9d5e86436c51ce0eeb952bfd68eff2734b2c55034c93b91e2ad17cc5e78bf54a6f582899c96194ca20d6ccb530f77f0d86eae2421941f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b4a34ad43802a508e5473db45c14332

SHA1
9689f78c5977c66c3843ab9216748a5308f5c714

SHA256
43e510d46c8dfbfd869645739f823eebf0bdd65b59f0946b8a81d8183d5368ac

SHA512
d09a1a82c308aad057ffb1680abe8539ad34bb51987e100761ef007849420c14a0a31e248477c1bf770a7d1bc7aae3b721498a90f40de19365f83370bb1b6452

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad402cdd0b97d1179135a744aafb2dc8

SHA1
00a78ab1034ec13763f4f48ac49ea6d18d8e7df9

SHA256
802890310a4d1ae4f6defd0745f8cb5602714955d3fe8e27b867d882557e6260

SHA512
2df34537635772f10b1dae2801db7daead3f7d0debdbcdde50bc78ba7d0f2732ac52f1d52bfb0dd24072621c955fb5069fc0876ea731a196c97f72c156a6831b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e86e22a3f1aeba0767e8f8ea1ebc9819

SHA1
424b97a673b7617ff2a78530836824468129ef9b

SHA256
b253a6b4ab6ca44d7cc25fb3357afe4e4f1158ee6d74a48edf9b82aaa2d36283

SHA512
caabcd32a77724de6ca9b5bbaa55e781375d54655a9125b3676110fd169bd7e33fde3b9f94afecfb1f7a26e6abcacda3084784e3a4e5560f29e28e691f6bc230

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e53ea770d9fc618a5291dc0e93aeb414

SHA1
8f7eb38ecb936200cd549113aad09a6d9b40fa18

SHA256
132beb82695b1628fe881b2c7443c8b2dd48d19a6eb91050ec4683fe6cde4561

SHA512
cebf2b16b17f425ecae040cc8322ca922f26950579fdf25e624c90ba4c538fa6e49375c16e9d56b48116fd83cd2e17445895efc990c2fc3fa6046483d8663c44

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
567bf1add9b234913c2a4c17f0176930

SHA1
b8a9c2f4e08ec2921d9527ef699579522bafdc90

SHA256
1b5258890f870af66bb9620eda9812ace44cea2321062a29151b59c50568e419

SHA512
694be5419fbe6bcf62afb167a933e477638d707bce936f1d4d1460e6e558e78678e36a74e8fea339faefcaead2e49d3d3ef3153d4f48229c4edf42771c53390a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33971e3b6272510790a2c6eee498d33e

SHA1
7987bff9b3138ad4b8d804ab6bfa10e2586a7717

SHA256
d9e5be5a0325b46cb03cbc25928c03c9b5ca84b5f03261fc64fcb0d5e786f930

SHA512
a52b94bec8ddc14ffefe8f74efb716e9d69281afb71c27e43ea7839eb170d9af71dd4af807395bf06c5ef55724cb0faa6687360f5bda8228919522238e0d3429

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34349d1a08f2fd1a6abdc1340228fb4e

SHA1
2971e819a0830bbb96319d8846a59e0c333eed16

SHA256
4167c8b0f74b770979eeccd1fbae90169cd53d1345f68b9a1468ef1c44cffba0

SHA512
4f4acdfe9bbbc6f483cebd98d230d7b542365058e4c74972586dbcc6f12b13d7cef066c837f9409f93ff59e9d3aab388e4db343e8a378014bfe3be3761d7f0fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
546995f2d7e790d8a7bb56de3ab23a37

SHA1
831669ba9bcea9d159c4063bc9ff812cc9923022

SHA256
3a9162249006919836467d4aa9ddf9501a5dcdf9aaac210777122dd22febbaf4

SHA512
3fdd517951c4d8bb23a708e8b004c95431dc55556144b23a5eb787a09f087933ec5efad957ecaf96cfde807660195354699bad9d1a5ad29ce67011e4b6e4f8ed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd83c1789dd6b3b579840decbb16442c

SHA1
8e7a26dffa7f2368f249da38b03984f10e90dd4d

SHA256
1076e291a8d18dbf687ba7c5b01f95fb9747df5e9f5daef1efd9dfa639412a76

SHA512
a1db3cd47167de41b1d4d91e4a5f20f0639ce31c33b2d8a40d6b9adf772f1cf7a274ea785606261f1407a64b300459a2b1ba58c21cecf748126579e3365539c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28c8d93bcf03426151d1f026a6ed4e70

SHA1
43f7fcc2ce260d173e39957f44cb692605abdd03

SHA256
35deae001e2775159cc11a7fe7d1a9bf6b47a7d06036f95c0faa117bd073fa29

SHA512
26be8a5bcfd0a4bfc38dedbd2ff8d1e9152448340aa64f3739b9ce98f2ffb5d0eb707d3b1d01d2921b8d27ac13f7e1a171a5523d7985aaa6f0677ceea723d9f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64ab838943bf2052abaa01d68ae9fbdc

SHA1
2bf5574d017cd3604b3b3644c3cb1697ab430eb4

SHA256
c6973cc285a8761888a479c73485fa91cb302142c89c5227451ebb46b9e07cb7

SHA512
19ba960914466dad5e8e8141f3c37c2e1e75526c00e610ac3eee5d78f6397a15c172b252f4e01de1194000c6074c4bd1a505f2e636f220750af450b2f8df0106

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab486.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4E7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit