1a8e04489705df5db75311b227edb203312268d36b392d2897d2c58ecb9ea5fc

Analysis

max time kernel
141s
max time network
146s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17/10/2024, 16:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

52954c95e8fc780db8f7d4444bf7d838_JaffaCakes118.html
Size

138KB
MD5

52954c95e8fc780db8f7d4444bf7d838
SHA1

0dd1f06fd6352cd0c6b42dd930c9447a181ea3a8
SHA256

1a8e04489705df5db75311b227edb203312268d36b392d2897d2c58ecb9ea5fc
SHA512

1d9541dc670362430d60dfc2b81cc0294cf27b13c7cdc86000877f3d3e0bab9db1660d2c4a0269ce9070c486b04e0e5a98d82616f17e58964408856228d748be
SSDEEP

1536:SJ/Cy5fbZl12yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:SJ6akyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80621154b020db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435343691"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b13190000000002000000000010660000000100002000000091711f49355db13a9de5e3279bb420628b13a56de19faca13f6746bc7d76674b000000000e8000000002000020000000a7059fc0b4a33153d1258a0550058ef6a3058311f11dbd2ac11131b82b2d9dae90000000ceb600c494c33e3cbe57ac870cf4691fd571bbd730c32e96140083624efdf0a4836876565d2337bcf6d07010af3a784f016c96a7925a050f25560f57385bf686ec8ec3587d64e240413a510cf170ef114b3f3d5d39da9d92a71dbe4838210f4b1d84162386c396775ab774a4d5fe2b24f60b128903b1db0c890667355095059c055af27d9d4c0d838db9e46ec3a0970a40000000c0851ee2d22fbb305615604832d51930fdba9e9c6eee8f94643c3b430f86f8ace1337f3a8e9bb2feddfb96b06df7e5fb3ea8cf4403ec18dbee734662d309fb3d	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3DA20951-8CA3-11EF-AEBA-4E1013F8E3B1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000ce52f10fb5060388697a22eba8f42b0ab2dafc46b96cdf23104806aa9824edd6000000000e80000000020000200000003d4d2eab9c003588718a7094f76bc773817142c77cedaa6dd8e052c885c8575b2000000094e11b439580a8c7633476bb400673194275c6e683015dc8f809f34ab88cf1d040000000dbc50d99f0cd1379fbe687998c3eeebd027807b0b733c1202d15dc553f44e6dfc922fe0ed555c75c0f510b21071330314637f9b5dbe35e808bf16ee60742a5c8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3044	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3044	iexplore.exe
3044	iexplore.exe
2076	IEXPLORE.EXE
2076	IEXPLORE.EXE
2076	IEXPLORE.EXE
2076	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2076	3044	iexplore.exe	30
PID 3044 wrote to memory of 2076	3044	iexplore.exe	30
PID 3044 wrote to memory of 2076	3044	iexplore.exe	30
PID 3044 wrote to memory of 2076	3044	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\52954c95e8fc780db8f7d4444bf7d838_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3044 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
590176b5b27350cca4ad1decf47306da

SHA1
4e1f19b8760a300599e7ed4d148f46dcfbec6c6e

SHA256
d2b9f97d7271cc86253408c7a0d39c4bbd2bed6fae4519dccdf02a9545ce5612

SHA512
ff6ba63ff8ff7978b209a43e414e05284aa89d9b409140c90f25c78d73eb9529f17626473b90a20eccfa4e000ad17d894ee9d42fd77baf7785bc01363af26bf2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6829247515d8410fa682656a945b15a4

SHA1
a75d3c53a556d754e85c719bf2d3c2fb7a596d02

SHA256
92b085dfb01e52129c6d90b2e8f5d4254f64446bddaf1f7ba8477095705659c9

SHA512
bbd70361a4a30420acc9f0bc05dfff3ddfbcb2ccc7e6e6daeea955fc2480387f66a0d866f4fdff5c5f03a4404d260773e772a27c3a68929f2eb35ea32483db9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed8419541a8ad1dffdd427925c4017cd

SHA1
f3cb20e738a211ebd176567669f559598897ecc4

SHA256
9c6d94fd3e80a401364e1e8cf92f842fbf30602bad89aeae3a43b2a75639e934

SHA512
541779f1255d303768c49d7f3fd7f3fa2f2d3197b6f7bd8e11b108af4b1c2d64dd16336e12af3ada8d0912c78451a20942b47977fc109b5a60852b99fd06e327

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b4e50a9a62e4a2fc010e1713a895df6

SHA1
6649d2b7e1f30d34b32bbed920fbe80649b87156

SHA256
ea713165b519321be8c447d40255d75d41acd365fd94c6ef593e0b3d7f328dee

SHA512
d05813936f19b9995187cb5381bce5ffd6d3722dfcc15a90cf43f04fe677a52b32c7abd850f453236f653ceae5ac8d3e8daddc4e644debe2089c959c1ac4f450

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3643e325e18598aad912e7e58b0795f9

SHA1
fba7192579108dbbd91f20df171b58350499583b

SHA256
25233d66dc30fcb127937bce0830e54d1aba710e08785b7416334f16e956582c

SHA512
23d2cdf9c8f078bb46a65c4a9e0f86dc05ecd78ad38f53db3aee4b52f18a815f08dc97449fec1836296a79ab547c452ef7ef9dd4cf7d8ba031331fe67ec957bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf16ab2a4a19fc542e4c4d4839a6615e

SHA1
d77033c6585e1b61dcc14b379153681a0371e5a1

SHA256
16798ed93bc19cf74b25a1a9be3464fdd2db83e6c4a63007befcb8c4359a4b56

SHA512
bd536c9a5bd2add4f470d67e6e4edcad95c57b562516b1d6346982ad107ff58b3489f80f180086844966a4b4a0dddb804b11963d94dc3246e857d960a9521f34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fef3f0d9f1209a0256ec3045130d5ef4

SHA1
3e19558f1188882cb62985e6be0cd99505564a3a

SHA256
ba644cae6f48e602b856fb84489b6931dd5340b14a58c929cec4d94d97885ff5

SHA512
9b501dcfd7855f72151bc4883069c83e77b8d15f41e78f71bc561a77920b4a18bd392a75db6bde400179444f85538854a3da96be79668118e82294e4ccc0c80c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3cb0dcb065adc0fe99588a99dd002d08

SHA1
75f639bf79eadcb524b31d55d5267debf0338c33

SHA256
4b3d3e57191ce049627182030f88c474d255cc0a4e281807d3a12388ac689d64

SHA512
4088dfcdb173aaf06fded2171cd160637b817d4f7acc4264a0f064db5e81c82af1b537da4e890ee2fe2a1dbc2f3ffece9568a14cd563eabed297ee9961ca41ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6c8321124f7e703845aa73c0b6ad299b

SHA1
4e217788608dd7b07118959d0f4b41394e94af29

SHA256
fb30f78e95649b8a903009d9f2389881f24d568834a3558701c67fe9cdc702e6

SHA512
506f921ef5a10b9fb480141cd1a9494f7090a89df656601d34bcf917788bf9f75b6ac8f3095fb1aaa6430f3252ae3b7dc1cc41a2f31d917ae3248a35bfc53e32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a163385059bc36de63316f3d2aee8b8

SHA1
c8056d45441a30056a4b190b4586dc0c099acad3

SHA256
5a30bc8aa399a63be2da332e24a9a760eb26318567d0e42b412fcbbc853c8298

SHA512
e8d67cb2ff299734bfa7f7398d914e14816a159fba2dbb3270ad6b00e711e1d8ad4329363f5b03a85f01b7e14a12853280174b3dee68bafd450c6a85f0f12153

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f30a7a8c1434ed478e75486ed69d863c

SHA1
87d3c79097b8f4e3fa5e5da81dc3ed5acb02ddc8

SHA256
8c7bc4cc7b943433ad3fb4850ba825fc5a5f6235b161d2ba4ed9c7f249d4fc99

SHA512
5f9a5aef2d27972b4afcc9feb8425717e8cc2efd889e94bf5d0bc8d7503d8848978ae71f108f28825f4c00ee2291a97256bc7c70be4ae9b8992de9b4c49ade86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e56d5e7ee894128d921f386e3c71f228

SHA1
20f7f4cf93bba06b91382f0998ceecd9aa828110

SHA256
3c9b821afdd66c4bb06e328b1de8fef9a271179a01c11fb85a824d0aa371c919

SHA512
23fbeb78b39e242645d83eca08704580b27ae8ce2ffef55d24c8cc74ef2f2528dbbe4e039304624eb968a67095d575bad55579e5a9c5a5d2ff7e78dc9e5a0c7c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5063e1e430d71e57bee4d588cd36fb9

SHA1
070e302dcf7251bf812423d3333e6a4e76b1fce3

SHA256
ab99e7b374493092f839793c6c3a2775fd1312285a438f5e51a5a445b7ea00d6

SHA512
3d2dee2f3f328af56a06d8b17fb8672c5ca47f3f19793fc34abf4265ee68786133f5606b031bf18dd751eb0edb2148634696740fb76785635f793e0badc19d59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
960b875b2b83ba989f23dc7c0f8adb37

SHA1
4b629327966875b786c09da231662c237069fa40

SHA256
a14123d5034ded40a1f4996b3d12c9c359966001e3e5a30cf95789db3c7c1f8e

SHA512
62f34e9800107239b18ca39a7a83c4a25b25bd560b3c2eb3d29facef98a69ef34f01e1ed22413e051d36c1a8b261a605177ba65bd379093abde7336c69380d44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab232A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar23EA.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit