acc01f58321d69077346d0eda0d45080423b69d3dca4d99a20336fa73eb066f3

Analysis

max time kernel
138s
max time network
140s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/10/2024, 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52bf5183fe39638e705405d427c6659b_JaffaCakes118.html
Size

35KB
MD5

52bf5183fe39638e705405d427c6659b
SHA1

69ed1c062039075ff0bfb7b3c5876610ed57fe18
SHA256

acc01f58321d69077346d0eda0d45080423b69d3dca4d99a20336fa73eb066f3
SHA512

6132fbeb297b1f455580b04c2a85774185a8d98732b2e928b1f08f50d1b363320e9d5c906ae3022afbe02baf97304353a20116678645af203419cdbd6af3eb0b
SSDEEP

768:SvS5haqG1AqGZ2wQzRpOkmKJZH2JaGRXamidaGnEmehH2csw:SvSbazqzZ2wQzRMkFZWJRigGEFhH2csw

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{852F0E71-8CA9-11EF-A76B-E67A421F41DB} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f5420000000002000000000010660000000100002000000063aab13a7c25773e6fdbc02746a70c3881e34452e71c5171cb7f2877574e3759000000000e8000000002000020000000d3653c543c692590bd474aba6f3b8742608583daafc0d3b4ad5cb13b3ed688c890000000c313f29991a3a6d5f0358c7649f283927a73c056da095b66cc69885e8c9286f2835ee7faf20489dcf5aad2f03b6566d9d69d3c8e6dfc63b8b18ace88a37f28586286d63b1d29d4be620877ef34e18bcb0f7e4c6098aac660848ac2309816aee68ba75e8f850c1d55faa248e0a671cb52a2965fb0ce0225435aa4085a3e1ede706e0cead288f9e869d24f7f61cfc2609c400000002885fffbb886f17073e8eb3862be019078e1afdefb87dcf9aac1bba4e09be61fdb3a306f0daf6f961f0dcdac456d527647f94f646e4eae34a4633afe3a38530d	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000007250ce875738968cacbb0dfbed6c3a5aad6c8543a7885853d15f3bd6aa92cf6a000000000e80000000020000200000001472c1eb75774dd732069a816025c3d651920d03f5f8132ec4c927910c9cf70c200000003cb63562b7383ff2b9233ce34e9bd8800de3e9c421bfc3c14bf9fe33abf1337340000000d7b2cdbeb1e306a49b9aff77201e3ac82091525e34a2b17c306f7162cd5ecca93428b6c141c2345de2c6c1ef29b2f27eedc08c901e3858c06da2360a939f9211	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435346386"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8074835bb620db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1708	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1708	iexplore.exe
1708	iexplore.exe
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2320	1708	iexplore.exe	31
PID 1708 wrote to memory of 2320	1708	iexplore.exe	31
PID 1708 wrote to memory of 2320	1708	iexplore.exe	31
PID 1708 wrote to memory of 2320	1708	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\52bf5183fe39638e705405d427c6659b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1708 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1b041feedd5df1852b965a0dff343fe

SHA1
3246d3d3ebcbcf4c1f05c903c87aef97404c5839

SHA256
7b9cae0b11ca70b71dea5a4a47e78ea84bbfa8a8a103b6756cfae9ec086a4f57

SHA512
5dd821f8b5422b1c6b7b243b53ebb149a7cf4c3561f17e24793b6c0fa80b26397ab46b4e62ebf8e47f6c588965c88c1ab4b0732a76a7740bc6fbab0ef6ff41f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb0f5d5ab39ab7f3765e4c89ead9bb8c

SHA1
07e556fc322b8387bdd47fa7df7be22ad9500fd1

SHA256
5debb5b0ee9ce1adc89946fd53753e0af9b99fdd9b3476d29697eb6e83c3dbda

SHA512
3dc650acc185154c03bd1518a1be3ccdf31c5d413522e55f01c0bbfd15fb58e43de8b8baa06dd1a1eb92d726945bc3a13a23ba5f7764c9cbac9609ed8b5e69ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca8d4113a9137bcd9ef6fab3c1adaa80

SHA1
d6f67dfd3f9aacf9e5b64b43aef76df53a04d2bf

SHA256
b86e63f75c219014d9e9cf16db7e1cd37a09885b8c255a2b76f02cb8606bcfdd

SHA512
8644c1aefe9c55efa8ca39db5a75315d7c65addd46818f48c3e7bed9e5d2881a0fb9294d58da6f22b7a01146bf328590ee689947b4331ff3d02692d4473e78eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f540a709214421395114841ca564fd97

SHA1
98f43378b784730d96e9a17a27f2799e235f456c

SHA256
127a9c70172f4a402b7ee4a439009701eb8329fe560acfebdcac071b4b339719

SHA512
9e9ddb6e08fef4c86aa2cb38c2faf7fff3c898b4e29981c71f424c05b1bcb8c432bb0e1e1e3cf4476b7561ddbd25c8c3eb67970e6296bb66bdc79d90acd1a684

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb0dd2ff40c33c5fbcf58312f3fccc16

SHA1
c7536ecf49d168f5ed7e13c8d04e24726a3affee

SHA256
b3f817e97cc21924e169e12344ef27c4e51a1e2413a48a00d8f19b6a6827b516

SHA512
2e9a9e608070dd156d180e6c0e47382422d814db34c0b021808102ff3ce3e6635e2c3730c7e2c47b4e10f912baa4efc9f795ece50003bdff1061de4a5ecc206d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
399c911b5ea21e6a4f7f9597b3fa23bf

SHA1
8002690378ca9af4c5d5b5a7bf5264af75582092

SHA256
f0fe76a60cd0b6d7bfa1671f6e58cb64ee1e09ec9cb8069a939e50823d6a2880

SHA512
580455564fc63a8c26acd3857a8168a804e1986712e09d498b69a0058a16b3ac21a501ef40cfbdf59b0ba327406e0011576d1ee946c78eda454bdeaa76e909f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6668e5ac5ac1535bb6962ecb98e37450

SHA1
1ac8f9483ab9d756bd35cdc377e0eb095e336c57

SHA256
e2d2015651cf003c6a1a59dc942338a69050e692506e58cbe4385d66387130ed

SHA512
b60d8df87d4e3bf546747bd48b263e80ccfbc96030729f02020579c34c85de51a29605cc8266d23c537150ae70247f73876ce480dfb5ebb32295f15908c3bb23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f158a718cc91acc6ab7c8529808e193f

SHA1
7351c1a349dbc1f7f29fda9bdb42f204558529c3

SHA256
150921f1e3e4132a831a5d67be8ff681391538823db6cc928534b0005aaef86f

SHA512
c0c0182e0fd95bf6725fa585cb86b3829aff8da4d6304d356654ccc1d1a58a66232759465b40ca7551d569df3a8d30268d6c5b7caf4f7934911bf263138d77ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd84c9146762536c145bc83654089a38

SHA1
765c582a435baacdcd59aae660ab148019064cee

SHA256
71fb58b93c61f22bf409b7ad646e90294d4e25cc222f8cbc3bfbb7be5b721532

SHA512
979a9be2a4f72f08b9edac588b7c9ee80cd381f673a56a19dc14e767a8c6205c98f676798c26a1a6ac9719bba352a508bf86d61e7a28cd265f007ec224943b01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ee5b0b6e98c771fa91defc8c03df12c1

SHA1
1ecee66403ac2c6ad3e03cb8c850473c93e304ca

SHA256
f368eb7807d5109c6ee2ca4b6e128a195380911e3386ffd33ea35f0037f10c64

SHA512
54d28b257b402a0d06a7b886094e1ad19aa53e9e1039285a7bba7e8404d390bb741f4453a3f0e44c9d42891cb8a49d5c22bb68f4085d9975e79f240d93550ef1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aeb63d605d70467c7b00620d780813a1

SHA1
2471d2454a4acc2bb10a67a167673d2d1350dc53

SHA256
0cca0b0d386d76ee674d7aa890602af6279b2f698278c250ad6b7ebfe22dfa72

SHA512
f5e3ac8d9f1589a12e0e684e42be32a867edf318f84ee3ad912e02546b954df6542e44cfe6754ae9e63925bb639e963cdab459a40c849880a8da354df20ec727

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
caf7e9273bdb2d8fdd1e0ec2dc2ba309

SHA1
2680c5cb3d7de56dc6657b3ecb64c5c98b2fa8e3

SHA256
1c5e699fd2d8487a4b2d66c01c9c90912fa873c38b25da44670785fa53d472af

SHA512
aab9069750b4e48f891b1ae9a881ec503356c7d98ff6f0b30ad915a1b06df43b4146ed61be4bd4e2ebe3705d8fa36bcee2c2af3adcc15adf53967d4560672d6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e940982448c68860b081e05361d7a1ba

SHA1
2e218ca285738ccb7266b8b2995368b9262f415d

SHA256
8dc669bf57d7c46a152e74257df42a7c2366385301303f3c75bcbe7cda40e918

SHA512
9c8187a099e532858dae65bc412515dcf0f11a1916a1dfed37e52cb3b5450f0bd2b370b3c1696056b88acdd529510f20b7b981c57e23cdae3a20aa8d37110e16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cecbf2767a61821bfc2d1572a2457c18

SHA1
745a368b748aed915b24350ffe6c0569f41c6fb5

SHA256
9e60781df537aa37ecab410afd01b0f963ab0714ed8a5b041e9c7d825a3e9444

SHA512
6bd428f22c5d31f45526ad8040e8a918d79dfd7e6a304f345c7eec488b459f30b0d99655300558a5a1b1c0bef48d6a52fb94d40615779636b94b4ccb13945f18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0cf3ef0ff66333a2fab79e9971ea0f58

SHA1
ce92a282331c2f4db4505dec3624a1ebc176a222

SHA256
4b98ce1d1ba5c559c12c0f2ea495b81f1c0dab1bf19915738392d8efff03aaf0

SHA512
4b47996479ca7fab34445970e44d6848d19d2ebe39205c0f9980852887d80cabeee05ac4c1bc80c53f50dda0103df23af7f08cedd4873646c51b76c085821615

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
33545571e1d95ae42e61b3152c9e7fdb

SHA1
04ed47e17f3f139d316cca98bd87c49fdbec834b

SHA256
98d4965cad4fba85c247889e56ba0137a7f05b7c96ba8cbf2956c6a0bbe0f5e7

SHA512
079ecb4997700c2e8b185a569975275689598afdaf12e7de99c1d2d4935d11c4ef54786dabd97e6f11f71e180d13432d59fc8f481af67d9703767c1de1b55caf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4A5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar506.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit