06e98c4df05729e11358e30eb663951c373e7bfcfcab959001adc0467889f2d8

Analysis

max time kernel
137s
max time network
139s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 08:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf1041bfb704f691d368d40e42c6243d_JaffaCakes118.html
Size

221KB
MD5

cf1041bfb704f691d368d40e42c6243d
SHA1

66e1da2f9f5e88afee41eb576ae4f6dbeaf1e6ae
SHA256

06e98c4df05729e11358e30eb663951c373e7bfcfcab959001adc0467889f2d8
SHA512

3300fa206aff77b777691cced5205b881fd271dd70c3e78c32046ab7a3f1f56dd6be48d05deaed8b454269735ba015aa00c18e376b407995d835cc1ed64ef723
SSDEEP

3072:SC3UgM4soXRtEyfkMY+BES09JXAnyrZalI+YQ:SCS03sMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431771546"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{32835E91-6C26-11EF-9FA9-EA7747D117E6} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2208	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2208	iexplore.exe
2208	iexplore.exe
2288	IEXPLORE.EXE
2288	IEXPLORE.EXE
2288	IEXPLORE.EXE
2288	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2288	2208	iexplore.exe	31
PID 2208 wrote to memory of 2288	2208	iexplore.exe	31
PID 2208 wrote to memory of 2288	2208	iexplore.exe	31
PID 2208 wrote to memory of 2288	2208	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cf1041bfb704f691d368d40e42c6243d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2208 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12b97847761cce67a2b445283bdb0252

SHA1
07f6b93980f03eb589a0f428bdc13e593b34ea44

SHA256
503fe7b8c96ed933743aa1af3b04dd79adae402849305b9d86580e95021959f2

SHA512
ff902259a2d0168e887175403248769299b83595075b38e5902b353edac9af0f26a457ff2cb230481d9a0ef253b945cf4feed6c4c5d37a02b216a571e4ae68c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b62802067e0fc11719454616ffe68ea

SHA1
9576a0b9612e58c178d725d8bdaf3ad1b4ce1526

SHA256
b0569f47a70d345abf5fbe8dc1181fbfeaa2a03de7abeea20d3c259ae910da86

SHA512
d05459c4541ebbad80280a342bde802e5acc3334e0e0b320bfd87dee19d7f5546c50ae506dcdec40b2a6353562319fa3e3cd154516924362d48096518e0856e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aea5a74f39857f7ec898ed23d3a2e2a5

SHA1
8c041a62d5df72d3830f7562540b4ab3aaf01814

SHA256
ecbe28838d65e3cfcef268c9500772f8bf2d54fca310fac49698c4ce8c1facae

SHA512
c3f7ba288e244e65f5cb47112c18eb0ee70e57eb70cfdb53b62b05d6599234b9323a41792da3de81854d14d788e436cd8e2fc12c162c568735d92593effe93cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d9d9423f3932f3a438658468d2257e86

SHA1
d58774a6932be0a108188a8dfb693622068a705b

SHA256
9fe0ac2ec67f5bbafc2dca68fe87d254b0d8ab4dcfa3cae24b00615a0b3fb10c

SHA512
9ac9f708dc428881b6dadc96f6f62d75c584a85d5f849a9d959f3240063c18aa56a375c30583835e1760397c8d91d7b2989916983563c14ecba8ffce18f65963

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d0be129f595bb83c0e2bfbd5a597968

SHA1
5e5ef2de7f5e2d5517e8099db1cf586712bc68ce

SHA256
0465db42be6e2172fdffa98291841507d5ba4ec14b2e49d73c39083110dba4a4

SHA512
f7715991922c5e50bf252455b9307cce6f3311df8dc7dd7843fee104c9067452fb270ea6dd609fc80caac8454bce6b4ffa826876202f182f96dccac0a58800f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
61f77b3c438e60e62ab2565598d61b5a

SHA1
ac49f8f65c254670d83c73e51a07ca34a2b62898

SHA256
add8c9947831dd9eb675186e6fe0610ec486d0e4cda441f769be3e644d755376

SHA512
5b56489f828e3bb0e9cdacb451d3fe47c53ad983fc1de6c566364c36efed3397a9f2ac110672303706db71fa5ff6b34a737616fafb8af72f8826dece7040360c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
600c2f572ec9486f2c29010414a718a4

SHA1
9704990700dc9d301ee518ebd73d05a011935526

SHA256
2231a0c1b2bedfdd34c0f5a57848e30a279f81e8cb932da4f21d84055e901cdb

SHA512
dac24bdc55c753fd579f369f3bb52ec33844aeaa1f663a6bf428b3d9dba150b7aa2db14bc8d7da611bceb166be0527e95b9871c5304ee4a2de7ecfd43dad14bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
007c75c07fd3dc5a8e1f0e5be1957dd6

SHA1
9cde53af5bf248feeb15e41c7a54d73bb8493464

SHA256
df0fb174bbc519a030a37cdc167a40e335b545a13816f380e4502fd3904a8d0e

SHA512
05ce22ee29f4a8e3bb12ac401809d22e7281ca8242dba6d76369aa23701d5510d80edcd2561dc38a5d0fc85260d1bd0c64f3eb144c75aacc401e626a6bbe7db2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ec18d8b28e34be3847d0a89f7e6c79d

SHA1
b0fdde313de82656c1f3b2b194893ada6f3b3286

SHA256
31cac2f91df80815729ad2b2f043a9a461b8bda6df6805438c04f889886dc470

SHA512
6943e7b2b9231e9aabb5c12b5b1926f1348bc20b4230f322c6ab791e50b6f582f842124a093f4756b8bbf61cbdff79689ba69d9b758563199804afac8b6de7cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
016f06976cd61d7e4009616d169977ee

SHA1
c0706ccd135293de8682597498bf51a8285a54c6

SHA256
b3e34f5530e8ec3d3ad86fa2e20b4f2c39591ef1d768edc946bda8cd96fc3939

SHA512
51cde417ff7edf0f31d89ef77216e4db2a99dce464df44d249c22d5ab4fd39cc664a2a00038a4578ebf2e44fd6500869a5593beefd4fa8927e618f8ba3b6fed4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
84817cbf909bba50c253e2e2141c9f1c

SHA1
de01736b49dc58319fb53fbcabeb11f3c13801e6

SHA256
397e07bd4e591a669acf228c9f03a9b8f4a3313c42d123b9558a35bfc1386c49

SHA512
d75edb27f93316be6c3ba230ff94c573663f86bb37c8376d88228b47a24072d15f5c2535b346778dedd9136fee5376cf337bc3518f69f4da63c40aaac86d0bcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc12528b1eaf20ae9b78c5631932fe2e

SHA1
8dca7a4e7bc0ffadf37aba8e875ef15aa57dc8b5

SHA256
7ad0bc176d8adaa6e513a6763df9e7b22abbd4ff6b049a15619a072eb0fc1a83

SHA512
c820882204e55075c4f890d581e4af7a2957289c36aa458516c8edc4db78ec3c7fb4416aa4449dfb20507484855b6c8299b575ce0d5a9266adcbacbc4c76cd98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
beb244603f2464e6523ac1c89a9d7d0f

SHA1
0306622e9c64058e214658dc2be08dbffc0bef99

SHA256
e791d53a81db156639376f0b79eca1555fe1f8c1c2223bbe2ee12d915908951f

SHA512
6a61db24ad1b7760f43e5fe5b595a93a44aafb14548dfce4435a0896a6de5b856f2f3b977f91badebb712502431c130f657ebfcd093f435ff4b09623ab7b3f01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e5a557607abeabc90febbb251ec4dc1

SHA1
80cab76c2baaa270cfa710a522c25ec420257786

SHA256
f24eaf37a0bc86c50238560cfb7bd680427295cc1dda8488a209f9ac8504ffd9

SHA512
9f1e2e6b09bb751f74c98684b7452bd4ddf98e32d0847d9292fa3f20ffc3e4d71a2513132d8e2bf24f389d780dc02060caac7be44012a3af70f8d1706bea05ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54ace7802b20d29700bf4a482a767fce

SHA1
8ff84c222197e40850b59774b8aa6be1eeb8cbb3

SHA256
e5afcccce6d1eecaa2c11b4f404ffd5a807f8dea39af03fe9df3da947337f85d

SHA512
8aab57dbc407d37bddab17b9953fd71f7b2cd2bb96a75e1ae4e518829f1ee4a69e89e99dae346024369c8eb9f8eb5e841b82d67bd756df31872bdcdb34b61f76

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd54202dc347b83f4d33e7f377cd939b

SHA1
32b8de288dc031273dfe01cf2d459960b77f6d4f

SHA256
9d5e8759e800300de352010bcd7579bfa041950f17d07a5f94e54a5b8f988267

SHA512
473740c7d5c56e2a159f6400026a969fc09b050268c71a38091c4034769a536ab4b0f2a6ddc70de8f270414e59ffd8b0ab3b444637a3b9812437b0bf911920a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d11d931f9bf2da8ffd9f04c1c52ccde2

SHA1
3c75be735a42139131edef55356749889ca96f5d

SHA256
b96f72b68918078b25fb66549a776e5313f23f9a8695ecf6bf4159958b448e72

SHA512
ec83e41be95f5d9e0b7929dd7be38cf522ec29af2345bc344efdbaa5f0ead08201a58f4c4411962256f0b79cfad6b48cbe14149c58f456c8c85768d54e69abd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f29cdd65a2189cf2faa9b38fa490ca5

SHA1
035cd4ad40c09a4e8666c4e9b35c9143571bc117

SHA256
05049a956e7f9a5fb0322a8eec1cbf5a19e1d35a1c9aa26e0a4118559961a035

SHA512
6cb47e43c5a651b3c870c2b0957ce173e55042f8f5d66249a174fbc368e7bc7e863524661f6a10adc36702661e52ac80c2969022ec2e9a0dc46edf1b0eef6cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD700.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD7AF.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit