b3f558ffe3b89d7f96bae7b68babd51743824d7df21fbc5207f931ff6911f307

Analysis

max time kernel
136s
max time network
143s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a15674ff7800199fd2ffd7f16efdea60_JaffaCakes118.html
Size

67KB
MD5

a15674ff7800199fd2ffd7f16efdea60
SHA1

15cd48cb96bca5cfe492752b2354be8a83aa011d
SHA256

b3f558ffe3b89d7f96bae7b68babd51743824d7df21fbc5207f931ff6911f307
SHA512

e0b3e16e711ac8c12ec37a0d38e5cc5509579973c6f9633182cf3e223fb164b7cfa2b8e1147c503fc971fcd517bdec17d65d4100a8956fa6842f62506e93c35c
SSDEEP

1536:mR54gn2/CKI7n1IvpNnD9UutlsV9QndZPrOzAta1ddKMp23E77Y:PuxIvpNnD9UelY9Z7Y

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430034028"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B715DEE1-5C58-11EF-920C-D692ACB8436A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1072	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1072	iexplore.exe
1072	iexplore.exe
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE
2404	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 2404	1072	iexplore.exe	29
PID 1072 wrote to memory of 2404	1072	iexplore.exe	29
PID 1072 wrote to memory of 2404	1072	iexplore.exe	29
PID 1072 wrote to memory of 2404	1072	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a15674ff7800199fd2ffd7f16efdea60_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1072 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b866301ff28347ce40ef5fa183bcb945

SHA1
36b7614146efd165a8cb2f2c3833628212667059

SHA256
c565448c620f11dd1cb5399dc9901953d2fac6a103051257c15bbc32c79ca055

SHA512
2d6a6cbb7feb630a49a13b85a57d24ab7932632e219a06530344816b300815e021ffc08b1e6f084d0105e07776251b220a0bc3b5a86dc35caadd7aec79f1598a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
352558f181f9f42f0fe7c0625cc3a1bc

SHA1
a9aace11438f8bbb83aafac3183a74d001dce3e0

SHA256
db6baa393d39fdc0d6d6afb90f5e456da0524a50a300c66e8ede2c44f1491314

SHA512
937981a292b8ec7c042f60258ac2e75f24bc4db76bf22412c7ed47b9a62ab443865cef27867ff5d53d5ceb5d01af4451dec69767c3bb62bec58b59d085ae8722

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c19602cd040beacc569cb90ea1a423a

SHA1
cf8ecc92f3bfb618450ed29368dcecd5ad81a468

SHA256
c4cf759ef25d11aaad4fd52957c85cea2b28c6af6b3fa0f0510f907ecc35fa8a

SHA512
57ab77f1ff5a92f17f5b761cb52850dff1c354e2c0e72c8f74e8930708ab8c8b3907f201cbfacf9c7103f37c326abe74198a464469e5da0c96df9bc8624bcf50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
724f6cb7f8eb871fdbab54862c1804a3

SHA1
827d52bd3c1d8f59a9bbe8687afc753b8093c4d0

SHA256
c207d84772450687239573cb5d24f409be2d086601818d49dd8e7db4813fa768

SHA512
c1afc59668132e2268b347fbc526ffc7c332643dac4bd7c207af3ea186837d6fbc54ab2cc44f827fb158e701f9127fc855cfe874e2b6b0dfe61cb56c9d9021bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e38336cae132b88d62961c2bb52e770f

SHA1
d40f5f2116615cf60d75ab61cc9f387d9751045f

SHA256
ac6f8fe5b421ac3a3b07cc95b9ec5ee7d1cfe2991e8c55cf54d6d9fd13970cbb

SHA512
ab7808d2ea1105aecb48e7174e8d224c98ca9bc5c95392c1c585a60c235d71cfcd7593e0eb8f4d7dfde47a6456c0c9ad04ded4edc37f48d9ed0b9d7104cca945

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac3cd7c9445a5b7f0bc36608316b9dc8

SHA1
3c39ca686f35244fe248f81d885a9ae53483681c

SHA256
5a3568fed4f085652877c5a88adce6b4d04e05d22aeb01f8965f7c31678636c3

SHA512
d679ba78ca622defb20727fe553d6065886b44964f69316ca2e45c38b74f5bcb915d41e1615cbce6155d9b9a4953458f77a5d853293f7ee4a74141c1860a596e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
782256d3385d1e27782cabb25c9680e5

SHA1
84341293e209f8b90eab0853cb74a35e1d4662cd

SHA256
090a7873ee4701aa4ba744ecb468a2cc4f4ce8d7192aa1180bc30d87004a0603

SHA512
e31f1ed19196a13e17e40875c6e607cedabc1ad2196a9000c1aac1cfb58057d753a41b158c493c3175cce0b760cd4e2822e8efa97c0b318a02dd4fcd5b08bbd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
070978ed5504f10c921e25634c9389ca

SHA1
b7c96fb92c3bd65ca33c618b286bee4a5c2054a9

SHA256
311b0f505329d3580ed812f51776d74c8365dae2aae16f55673e641e75234d70

SHA512
b517464058375b125ae3337288ab6310391f1e32a5287c502f9de13f8d5b6488d1bb8cf65e9040bc6be23435ab6d5a53cf6a2ff9e6276426befdedd37ed3a0f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
007f97c266c66b411b7c5eca90bf9ad5

SHA1
1222011ba9da40215a30d6b90bd7984958c9d8f2

SHA256
c6a3578c4218e0006272f7787c1d3d7112df9b01a2fea2c7c0aff863cba06d0e

SHA512
9a4e7b90dd6d3c162acf22ecea4a854253b9b2dfc2b7a29e2f6f3bd726748750b634189c4b903a7990055ecfd7dbbb38e9ed28a63effcdb7f00e1bd1294cc99a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0a0ef7aaf6b6ed3e632e084c7b5d7a7

SHA1
b189e7ef9cf4d03efb97d26cbe3a67074d7b8de8

SHA256
a0cf439c9af7b6da64f804423989adaf875777d6d118c7297d82e7be2274245e

SHA512
3558c6ffc29136a769bad187491d81af2d1f6322d917169c4c425bb2d802b3fa72f4d6a7012a708c3ce668bfcebd0da23f50219317d5c74eccee44b3a5690244

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3c78d296c089207488e2afca72c6fc64

SHA1
93a4097471101ec2d29d65dfe0195a659c483684

SHA256
b0417c5e2c2eead7ac036524d8a7d729c53a5ee22455dd049569810065c3c06f

SHA512
3afc728d2362126f563b267473805e88e110b36eec9bf676d96732490a8d8f6324be11139ea4d24fde491dd9b6e3bb85ed8f6a961c85774a3aac698f927295d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
36b5612176cc0c753d57919f6f03d8f0

SHA1
cbea4a1cc7c64690f39cbe639e38924df16fefeb

SHA256
c10f3ee82be69b65050e01934bec58a3df175dc5ed3ebd99a73ca8732c1d5c75

SHA512
24fabc6226d73f9c304f3c9bb99943340a928f00eab6cb4db2383ecbd2caf00cfaad0de2ad6b67f2e7fcb853c1a6e1dc3933a3c26f72e2fb40c117c41a83e202

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3265368e0c00ea594218dab0b27a5138

SHA1
293f21f6319c433b3b6195558f13b1455e9b5a73

SHA256
d5501358ba69f98310cfa865a6f64d613e8128347eb2c5871578b90feabce3d4

SHA512
022d090e39698fe2ccf03b5c40272ceffa5406e0c1674cc6134370b65c22185221c1dfef3b363d71c052660449c168cd590d8ec6d63948fe644994bbbffc138f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79efc7b8eac072344195afc5b857ebbf

SHA1
aa5877f5a6008c7e6c38538a5b1e333a790776b1

SHA256
fd40883d40a7ad01087145b8a95ed957195692720fe4edd4271a7685009373c1

SHA512
d5e11b051ee77277bbfda6ead1ba51b6157d58b1a65ac8a9d29349fde544317dbb290ab12a7beff88d6c08ccea4f86bfd5dc9a3219d4b150c971680b404b2cf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29cb29284832ce9cd20a32f70f7eca95

SHA1
a242a1f7f077e6eb1eeb7f8f93cf53e8c503c497

SHA256
12fe80a338d2cc3002c9e2c34351a28fd8b2486812e45cb36a75c48170629184

SHA512
ec4d2e601a2f5ffc3a4a2b9fede8104b79c3f32809c34688685aaba94555d6249fc04df8b681b08428d72f518203d7ecf855869fc617858b9e4564c3078c9f29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6af8ac8f0afa0d6b325ec395b7054118

SHA1
8d6331aa4ca41165b043f6bf577d65d9dec6520f

SHA256
9ee4106a02318108fc453abd28eab8269811de664c3a75c2d94cbf35070a16a9

SHA512
63a6acf13674fbdfc642ba61bdde20223a417cc3635b88490704594c6acf37edf8ae549ba335b68f06e3c35d6917ddd7498c747151f66ed2573f4e98de322409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
64735bfd617b0912c2b43b261b0c1585

SHA1
8eca0ab2a5d868bb39c4c70577c275ed76b7be4d

SHA256
db38cf7b61c3bfdecd15ae3a29bb9f2f3ce1c96d2f088c9a001b54785663108f

SHA512
5dec8aa6969bc4bd09e6cf430f48c6b2e1ae20de30260655e4d2b01c1fb83ad1e0ae164a5a6d76a68f496e352610951b426ac675aa780d87dda51c9c2a9e2bc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
90ac90c919c3e2692de191b050659c7a

SHA1
4f9d8191f09baa498495ae75c53500b409d2c9ee

SHA256
705f723e61da9528fc527b4b89b06f57ddb854bbfdc291086835c8339ffac4fe

SHA512
84e100d214bd4de0aa7f72573ee0ca91da8a7d367486a854701374f7a4bdc43ef90aece87a87ef8ac32989331c63268a4daf52bf54b634c515abb52080c08bad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f5d8bbc5b1abaee7fe076d3a70b4533

SHA1
40feb35859c3529b12f43391b217dd0e31283f22

SHA256
614340ff9f802692fc48df3c152618db4d058f02fee2ce296c46c8943cbfb402

SHA512
281514198a9a6c2395fa6e3c498df9c860691b39c4180d4b9adccd6459090c80040e8378e18c0676658cf2c2ed45525649d4cad09e068c82d7bccbca978f0264

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCAF.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD8D.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit