47a389539b1f04a802aa7746cfc4526089ffabbcd02215b86f300ce572959312

Analysis

max time kernel
134s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/10/2024, 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5403c71d2e19141331245099ec0731d7_JaffaCakes118.html
Size

54KB
MD5

5403c71d2e19141331245099ec0731d7
SHA1

d3bf4961bed77ff6b8a9279cad273d50ca74b512
SHA256

47a389539b1f04a802aa7746cfc4526089ffabbcd02215b86f300ce572959312
SHA512

4a3780d2b20647d29a867a962752d3c94b15ec3b12142f53d94f416218a0d5f82abf20c64a4bd15fb20241c4a8833711ec4ebe0d20d2f897350bfdf8a0f37253
SSDEEP

768:BcQoXJYcJYlUOrwS2grplek7/OcX01NlLH:SQEJYcrOrwPgOk7/OcX01NN

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DF3A10F1-8CD5-11EF-BA5A-5EE01BAFE073} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000c18cd817a12dd24e1f22a349df9fdd491f2e4bd0da023071071b356777258017000000000e800000000200002000000072cbca281a5e060c76e4ab90c553f79bd0750c1d32a4579ed29b194ab9f6e9b190000000a9f587409fae89df2a6050fe6a223dcad2e4cfb53a5170d5073eb9e9b40c70e6e1683d58c244993a900bc246f1ba5a38d9753ee6ef88a9654b471b586d8b5dcb6647f4a862a55d915de7f3905d2f63395cef19af76f58f1bcf0dc8cf21c7dfb478e9753f2c1d716c4b7dd4a9ccd36e5c8d8dcecb28d24227ba8aec102657bf56286390cd0a796a618fae27b371e35d23400000003c51220b14e574f4f05c29313ea58852c992baeeb169ea6cf559990c0fa338845ac6c220896388bf8f7026e67dbd36f80b9672e9316e6b8281f1f62635d630b6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000c164fd535ac9e0755a771703133b0286c23301736449f5cf5559469e94ac1a90000000000e8000000002000020000000f3addf0184e98a93e32f4885127e85b060d29b526f82daa6fb288860c80df3dd200000008ca44ebab53d64b83602a38f3bf8dfb7b8f225ee776628cbf1ba7060d485253340000000ac2caeb457a6dae0ecbfdd62a2d17f7d83f2b61db47514ab01ee1afef2d920d2a418abeb02a6abd6bfdab958db50817d615147791f407f4f7007b42487eb4d53	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c07d45cee220db01	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435365435"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2792	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2792	iexplore.exe
2792	iexplore.exe
2284	IEXPLORE.EXE
2284	IEXPLORE.EXE
2284	IEXPLORE.EXE
2284	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2284	2792	iexplore.exe	28
PID 2792 wrote to memory of 2284	2792	iexplore.exe	28
PID 2792 wrote to memory of 2284	2792	iexplore.exe	28
PID 2792 wrote to memory of 2284	2792	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5403c71d2e19141331245099ec0731d7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25c1eedf18fc088a9a4b65f6ca9e0bf0

SHA1
72dc3126c7b222b038410690796a6ba71775b7bc

SHA256
9e016e95fae8de4a4d564c78b276b01be4edcb1b4d9dc738532c470836ec4b8f

SHA512
5c78eaddc25c9fe752915a49cc0382c2f8878a66f9bec1e840746a792d8dd2acda613d634d186a7e1e4165108828d3bf29279f77862da1ed58fa1d7d5dc0ca6c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4297942d080b9f4ba6d428e91aa87a28

SHA1
823edb4424f0dafe99e42101974fba21b7e8e473

SHA256
bc32b05134a7db9e1b393fb8362ba87eaa5b953e0419b4ca6f2f4250d799e8a7

SHA512
de8dcb3e9683b6a4f77cfc6001874a33baa8d0337ff54d22dda0d0970d3595da3b1bfa72dab619bdc79a3716faa43f24e4c9039c569c4fcd4883221fda7af809

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dadf603684c3a8ea9607933588aed0b1

SHA1
c9d49920dd3a72d05772f08b3f28e7d535df422d

SHA256
1f38d98c612ba95629ea93200f66b3a4bdd3b54c3e2d9d8ef485a303447f4640

SHA512
38a9c0b666a8315fff3ba0ed2496e8ebaf8213ddf3e61cc02b0be53040d21612d76d9514819010170c35944c7ab976ce5f050e446b8cb116b242c8b24247e7d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
930a597bb758fb4d7be25d34b5fec948

SHA1
30b15454c567772acfc1ad3b4470bea153ecb0a1

SHA256
9483149269951e942a6866d59586df615ec4acd67afd1b19002c8115544845b2

SHA512
b0776f9e3d98fe91f9f46ef3936a4c82d12917cb93cb86f846694783350f2703806ef47ee91217c925636829dfcae931fb94f1761478405410e1b39fa0176b79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45750ee85484560f596a28ba377a317f

SHA1
ce79036deda4a102f88b2e86bfd648cfb828fbfd

SHA256
400c55e0078f650ab4296b3b947d7f9badd1b0c1918dce6135d4502dbfe83072

SHA512
73dfa6da8de90a068c5276cf64f0cf14cc5b094f58f8eaa45c54338b1f27d4aba659c721a67e813a56592c78d50763a6ce8f1eee2366d717c6c12c9598547792

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2dba2b51dcee818e7e74b375ccb52ae5

SHA1
d14cf2cdc0740a9cdd4215f6c519f090568d4bda

SHA256
aa3c479ac98651254e8c673b60e6827f5af2ebcc1f39cb22aaa3de7e2b612c03

SHA512
93ede61a203da58e832ceddc4f71f3411d8c7055fdf8c426aec263b9ec04c786ad80baaab9aabf77dec5c56744f7172c5280302a32a5d91f0b38696c17b8622d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c04242c14c650ee40b40dd9b341ddd2e

SHA1
3669d8deb960b1fccd25f2692eb163ae3dcb29c6

SHA256
0e25f6cd4e812ddcc84f1929719738ed4462e47b8326500f7ac342a110ee8172

SHA512
d811361d760b640e9a70c7f409d8957896c3ebef8960e7829ad3f219d426037862acc6e395d3212f7eeb71905fca546177604bbb6d88c26b5f5125639de24c6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6278a3f336a89ba309adba2571335b19

SHA1
5925001ee722706ec2896727338c1664ef14f182

SHA256
67b4d1d63b05ec22abb6b6359db12245e8e55d41b587a4eba40e2863568def4e

SHA512
c0972f1db44129b8d413fa3c81372f7bbec13cec850e903b527ba18a37aca149be34dcdbe458e18a44ddeb8df26c9e2bc08c54f6007b747ec993ccfa7baff935

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4100b616d57c7a01f208565995faf89

SHA1
e9fcb7a758784fe744fa1360e66fa7497553ba6b

SHA256
4b0c9c04cca80916bd13d58fad678fae7a3960df8aa2c7c26a857b5e18db3739

SHA512
c1eb13530ef124b8226041ed3e3e3806c4207597e0bcca3e408e184b7865cca47915cbe3912578221132c55e5855b6798618a5758252d71ed3b53602c2070c0b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7e249ab2df89e19028269ec251ebcc0

SHA1
91946fd8fcc52f48059c718bda55b2f3cbdda17e

SHA256
c581bff894e3e5b922cf875464b5fed1ee9e23e0c569513f31afb436b2977afb

SHA512
8c00ba1358d8195cb082b36e571aadb7428cb8484b64cbb195b7beb4b34cfebc5b4f29c19503c4b5a11d7891321811baf5b162b1d5b3910dd098343e415284b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb8dfdd5900e00c26184b1056d418299

SHA1
456d6626e507d47e256d4f801c53242f61172d4a

SHA256
26a9db434280f7d2716536fac558bd5f2004110ff7c159034df126212aa6063f

SHA512
7ed5a10a89afdb2d4a5a931a829c91df35a1b4fa77a876cad752918a7ba7811b88df93f0845a72c30d2d51e5a7f9d0c481d76a173b8956a7b9876e63c1304dcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af46a1cfb3db5da8f65989cea77e0344

SHA1
8e08a1235fee8a6b89dbfa547eaf318dd6ef2922

SHA256
24c89d18382425b2d6a57fee162e919ba93dc8ffae676d349ba1ab305cc88f69

SHA512
5358e0fe09fc5a3e94a18bebc41fdd45c9d7f56dc7db20cf0719eca8e74ca00c59989dd3ddecdc82c220182522b489b93ffd094ce4d15e835c8e562efe8defe0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dd736484751852d1fdffb1516e6de6f

SHA1
feaee5261f2b317efcd200e8711c9e1f559198af

SHA256
89f4021b985a053ea51f0217e0c904a60d517b9cceda8b48ce0c57f52152a7bb

SHA512
70468a2a2cc35fd2d146a24cb6c1c2bf570916c1bf473bff07498fd33bf18c934c92843abfc86a559421bca207f289aae9cf04b39965ba4b874b1735f72f9b30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5074.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5086.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit