75e73b9bff6dc7e04eec0ef50309faab277b2a8acef28b8272c87215f43ba047

Analysis

max time kernel
120s
max time network
133s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5606d872b8de5f36293041a5ea6bafa6_JaffaCakes118.html
Size

6KB
MD5

5606d872b8de5f36293041a5ea6bafa6
SHA1

6e349f264ea3f120f719e1ffb39808fed57db994
SHA256

75e73b9bff6dc7e04eec0ef50309faab277b2a8acef28b8272c87215f43ba047
SHA512

897c3ec2c40d00b49c8e0aa2e958db2bea3b27b20dd2132167cb399fa5a2a5e42c5238209c1685005e30261bfd489ba37f58f6aeaac047b12cc9603e63bdfa13
SSDEEP

96:uzVs+ux7Y7LLY1k9o84d12ef7CSTUAOcEZ7ru7f:csz7Y7AYS/wb76f

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000b5f106f9c00783a7cd324a51af89fa1b3103330340c5a624150f7337a20cdb9b000000000e8000000002000020000000511a29d355c1ba76b3ec60103a603b0c937887337a84d210b0a4c99b87c699fc9000000099ac61f98bc94d94f288bbf785ed4b6ce9df8d04520c6cf85fabaa097909417a703da1af9907c5c00fbe47a065f6b3bc9de73a5df42dd054a25033fd6e9c8da48a2ada470970b7186fbf7b810c6afc1c5277a87e3fd2fa506a3feb5c421cb76cfb5e4acb2fb203e743d3d41172368385194eaced3f983716910eed5b257e9e4c9ec0c106e0b87c135268da67375398b240000000f95d22b4d42a3e485659299f9d4f46581e87f172c8df9eccdb99f1f38da5c41ee0ea6bb87dcbc4cdbe7dd78ba78d9901d8d9b371c98ca38b825462a7a33c3c10	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{45797351-8D1D-11EF-B666-DEF96DC0BBD1} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000727ca2711c4bb33e758a082f6e0b0b234905763430c0e1cd80d7365984541463000000000e80000000020000200000001332d7aae257f134f05118025a8d11cb3dbf8dcc155b2903db403503fa6da81f200000006539f70dee21f795951a221177eebcdae2fbbb8e954861a670e3bdb333a80e004000000085962f8eabe164845378f10eec5dfcda47d0317541aab5ada3082a442e2b98fc56ba83981eb38ae8d49c204a67801b0d43e497d9b2cf396b9dea4e3b048975fb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435396102"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f020cd1c2a21db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2200	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2200	iexplore.exe
2200	iexplore.exe
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE
2084	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2084	2200	iexplore.exe	30
PID 2200 wrote to memory of 2084	2200	iexplore.exe	30
PID 2200 wrote to memory of 2084	2200	iexplore.exe	30
PID 2200 wrote to memory of 2084	2200	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\5606d872b8de5f36293041a5ea6bafa6_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3a2e4bb280daa07550b4f4bf9e51bfd

SHA1
9c37145b372caa5ee9a185992bc0622a27a9802d

SHA256
ba0504bc345be554a1a93a49e947316b7cc3d3be63fceafde4f1a48f7d039de4

SHA512
0aaa72ae27f3837561afd93633bdc8e2f4f3f96e6785ef44e81f8233a1da2e25300e75c9567d0c59b2c8cffcffb0d10e16d0e807b91aa7d31a8b8523f6aecf4b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f35296dc35a2077cfa12684ddcb0ce8c

SHA1
9885884f427a12ceaa1a062d42da0490d7752b71

SHA256
2984fb53b66a2e720aff5148cd769c7e447b206e24dd9ab728bd4005b148c740

SHA512
1c045696352f8d485bf50b7ec8ba5a078efb9e73aebc48eefc4d94070f16ae6b419f4f66359472ce00f1c0c667182880b807e767cf463aeb708012fcd4cc7ead

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b8b9fad8f3db4fb7c70277a4f26241c

SHA1
5b3cf03b363d89e3befe6d600f2c81d14addec48

SHA256
4a66ba5a837cd15ea824cdd90e6864f20118f876dfb823a0c976383545fc79d5

SHA512
b1292533fb6c7c74e4b8ebc0e05bc05e903008f116cd2122a0476672a925e6c0fe02473f1b08f1a873d648519be4ce6bfb71bab9ba33654c9bfb7335b3c024dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d31dd9a65042e4deea0bb9b08374622f

SHA1
cfeedf3e2a7e44b4abc22afa222bea296543122d

SHA256
7a7dda395a2947b1ba0abb90b8936fea2c3af9765466101bffcd33c727a903f6

SHA512
f67b34884c86ece97ccf07aaa7ecc76fd03aa517834fdf443594e29fe0992cdd23fc2d6e7e82fa8ecccccb936d66f79ceb798fe06961b7adc96a4dee605b14c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7bc91e7a1a26e07f2d5b4c9b14e8e1b

SHA1
233f12463ad318b6891407e75ef905263ee6aaca

SHA256
dc5495046744c63a5123ca8b5238e7e78b1039ea72dbd9042631c13cd2a2807c

SHA512
1d62190a9abe2fccc056cbb2b0a3633ead9c300a1111b79b72e79aed82b4064370a573061d9cf865f63f0108f075e090e8990cf9f4a3292834324816e53d1feb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
279eccea289a0adde3c312b1b427a9ee

SHA1
283b8b6853394d2bcd395fb270b26ee5f5bc2bcb

SHA256
ed120b9c4d2c56c605185e875612bdd0f85469f7ad20ec01bcc6a3a8f41fb560

SHA512
88dcdbeab1386c22ea2df51228e370d17ed31b25514b6770550557c754780682d8b397b7055878f827566f84ae50396d356d809a90e02ee508239cba9c40c491

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9151204ddf468021300be83e02bbe777

SHA1
df60b2eeca38aecc97de32d0281287964f3556cf

SHA256
8cdacbe72c26d68d8243ffd1eae5c9986f6f992694a1ee471dd25d1b404b0568

SHA512
2e3a6bd0475f7f05bbadc5b5f3974b9575302e55b083dbc5f53ade0c091cb15d69e5e5dc549dd039c7c5cae00ed8a9f7bffda0e963c7392671e9ecab3b99f83f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e3bfbd6dde7be2b2495d41d5a6319c9

SHA1
2585e066d8433856fb337a0b34b39a24a8bf999e

SHA256
bfd9993d3b46e371fcf4963236e7ba58f9dbac428596de963acc0354faf6f588

SHA512
f9777c5a444296b19a0767643e32c16b0b29672db92e53b2ab2bceb1971a8f5a6d84b3ff735590093854226773138f0a2d075ff39f42181497e9a3aca793dc32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
14d83c1fec3c77ce0795dea7d6dc21ed

SHA1
7787a95fc0d79a5d09a670aef4a8c90c0dd4c87a

SHA256
ccefa0253ec3f13304ac241774d1362e649d5b941d01b973d8fd45cbd01a671f

SHA512
636817a5eb4d401e955e1a35c51392d16c455de5d1fa9fa90c1d2475ad7e0d9c5b277662cbe4fb8b6e5ad6e21bbe43c6df4533bb2397b9c5cb2873b5bc40295a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6eddabc19cc8f1061360151d79e8ad4d

SHA1
455a0122da95279a45717fe6082c84a71bb98512

SHA256
a1357541c81d66981648fdb6328c8de158aba57630c2a25e857c7c8a2ecd7889

SHA512
a37fb4fd7ba94aa635a800ab130afed28ef6467a6dcace3dd7a87b5cbb546e29b8a27d5d9be2e14e451c269ae4e01f8d67a3e25aae511e8d6a62fa1bdfe6ab40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2b815dcd95d7069b0e9b1e576df46619

SHA1
76526b0543e2d2c9a658cd12ecf7ef6aa4d820be

SHA256
8d54e1da20d3c4b651f11a69cb32ac8fa65afb867112ce0e53b569c3b47f2f88

SHA512
42f05657413edbb0f4bb2b923108089242477572681cfb1dc6a07633b322f26d51e742e511ad8318490d46ba2ca1d6e2c572739291afecd730acd49960d66d03

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06e7bc7a1e53ffd0e5c938379a561434

SHA1
890fee610c2008fc00efd5afb57171fb45a215f5

SHA256
6f6b313cb67c4c02e803d48f1184aff53bfbd8e49ed45f130e4661f2d9c1abc9

SHA512
f2fec0f389538f632565e3fd2be3a60d4abe3e5018bd9733120b71c56fb761565ac3d8872fe1f8d71f53f4a74f4033c08a759ecbe959556968d10625c1c32684

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ccecdf03d39da5c2d5618344065054d

SHA1
98e956279d0c27c1b236bc392b8e8b6ce5db0585

SHA256
ddade305dd172021e31a047a4da37b9c38e9ba8ffb05dc888b4768afc9ac697c

SHA512
d82d379088b6a4a74154a69155d6c13026b53d12e0e80bc6179ba99ad958614e106a26f0398bc4596626aed5bd29b102644ae234aa27b12d58573e5ece31aaad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90189692f93a1e0b80c1232e1fe016e7

SHA1
f8ddd8076225c0111b1fd9f83735e9a40c9196f6

SHA256
85c8f234f7eccca0a0a58c677fe85b73b077a098dcd8454cb8c6eed84c4ca4a1

SHA512
b9009251f6bd4c5759d18cdb989eaf2f7c1725479416024c200a64c82101991c08150ff08cf05e4d046d22d0a67f1bdaad6dc56d0afcbcde457b0fe213d07176

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40f909803fb6babc401f5da8fe5b352b

SHA1
ce26acfcb7c13ef5783bd508250f690626a7233b

SHA256
2a09c3010a5b8cd0144efd83c4e9daf56cb9ac4d43f2b60028e4bf5a93254e83

SHA512
db0b8da5bdaccf8a5010b3528740478120adf763ca0be41d4e2f2ff03d1fbc283ac65b5f3dd71291b45bad7b77b45d2f7ffc1af5bc13130c68cf256599225eee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d728c310b530b41167dd1288b7be25d1

SHA1
5521bc9a5b4f716a7ca0d1df4033bc8972e80905

SHA256
df7b46ada1919fc4b71403362914c1955aadd3a0902192d1d355509184b88b78

SHA512
b8d33917ffecacdec749690464fc9b20cd0c2368781b4e50f653399d35e48f1651617ad6f9f80701c472acad82369c1210826b67bc46ce2aa29d897a915cf98f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF837.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF924.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit