b565db3ddbb30762467ee2c662ab6ec680eb5a757ad1046c7fa3347180027474

Analysis

max time kernel
136s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf297ea9855c925f70da4f3957284856_JaffaCakes118.html
Size

127KB
MD5

cf297ea9855c925f70da4f3957284856
SHA1

474e42472386e1e2a7a990cada2422fbbed3f53b
SHA256

b565db3ddbb30762467ee2c662ab6ec680eb5a757ad1046c7fa3347180027474
SHA512

fcb66f5834084987a56d443d49ff80faa3af9fc4864a3b7e5ab600b5492da4876b24f761f1ba584eee38d7be0fcb0bc3486cee7eaf6d6955d438ec3d8c6503e8
SSDEEP

1536:SuSyvTsagIy94yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJruH:Syc4yfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B8DF5191-6C2D-11EF-B25F-FE6EB537C9A6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431774778"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2348	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2348	iexplore.exe
2348	iexplore.exe
1268	IEXPLORE.EXE
1268	IEXPLORE.EXE
1268	IEXPLORE.EXE
1268	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1268	2348	iexplore.exe	30
PID 2348 wrote to memory of 1268	2348	iexplore.exe	30
PID 2348 wrote to memory of 1268	2348	iexplore.exe	30
PID 2348 wrote to memory of 1268	2348	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cf297ea9855c925f70da4f3957284856_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39c9cc472e921b30427d6854b41c4b2a

SHA1
701ded98e21695aeb8dbb5480efaa86d73992380

SHA256
d26ed798bc30c9c3832952a9b4c1ae9b927f4b5eb6dc47c99531610538a51d9d

SHA512
e99d6acedde801eed18035d4855b007f1d141d8a62a7d1bef6dbecf536435d3eed76325338fca631b8cd988c24b98f38fc45290f881af227a4cb3849591ebf38

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fbeae99667745966798ef2ce00bcef51

SHA1
72a598c04aac76cb65ea764a8a3c2835f3f019c1

SHA256
d4936d0aa4b708a62309e07e09bc7167682b4f26cdc665a3e252b4a752a47a3e

SHA512
2136ad72774532499945620f32b98af597798d316011e306ea6772ad17ca29dc5f59c7baa703721c3be064cd1698e52b7347c2d9e787cf97fc74bd97ccf06193

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69884aed3f32c6907724b05e3b029781

SHA1
750933851dc72d33d2df4bf1a56d58660636b086

SHA256
70476a9d560940547d895d788a70fd497d46f930d76767c419f41113f1b9652f

SHA512
ca92fec7ab6b6f9e876566cb735f70c4652b627a30de1f18a0d12155448db087baefa2b81384fd1ce18ef7f98e177e8f1b566597d2962582820aaf675c54108f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc7a6881dcb646de4efd869b6f550661

SHA1
7d407e5ebb50ebf5d7ab708897a5b70e10a632ed

SHA256
5aeb6583cf5e5dfb8b699d0c1fe94bed9b8efca1881cd42f6cfa2801b1981cd8

SHA512
54359421a8a66df381c5d1c753ac6f69213fd88716bf1e132dd939b9ea33757662328728d9050189a2d613f7bd348ee4b25d10c10e68844f6419b09a8263368a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e955fb265ad6c9a40db9c665ac9c9758

SHA1
a684f5c4dbf0fec86a892dbd72e8a1ed04710cfb

SHA256
c94e196b5f5fde5d61fdbab66e0463667bfdff565d6d7e5fe9bbff90afca185d

SHA512
5b8fd8c7b6171fafdcfbbfaad7a5a28df715a4cd1549fd351d0258c9d3827aa982c1163a49ec3f299ea74eff5a524853b8416418f51e2ff59be7db271d274966

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67df9e9df8c6d1e80cffc9ffd4a3d038

SHA1
ba20345d036654bb0fb31e5de962d282b3c02444

SHA256
57c71bb41ee9e9d4445eb4dadb6ec39eb3491c1df89487d6869d2518e633b0d0

SHA512
9765c96d6f568d78f8e8bfad6e8fb68d3dbfffba095f1ca141913d43c115e0a03af03abdb5a472d80f990c087abffd28d3f953cb631799ad118804f013992936

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b5c301a6f926131ac3a392360b7b5f2

SHA1
7ca060005041c751304bbef777dca4d3a8a7ab2e

SHA256
3009d9cfa6f211a3b041ec004ef460f4a4d38b3b859cc2f8beeadbfd56ab19f4

SHA512
41353f146cadfacd5c04e57153a45e128596ad80c5becc55826aec8ea9c1fc2e1ad263d7fcdcfd8631bc49093e7827be907a3a5f38376892aea1560c41a67d08

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b65624abfd297bc015f476c90deff2f8

SHA1
aa23dad1136deeddf0432d69152582472e6f16bf

SHA256
9487e933213ebfc89d391b0a7f1c44278e76c77766488bcb3ef6916912b3f9a9

SHA512
fd2000f065c34202ff0ca216316826b1df41abc1827ffa7e9815d460942c3ebb57df13faa65b8b200dd9b156ab6c676041d632b266524be9f3ee54029c58671d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d40596ccf071a61527024ddce907bff4

SHA1
76502fa3fb1dd78d99699058d86828e1da95243a

SHA256
d89e9aed95b956e277f001839a582925c9e38abdf5e3188899e2c6f2980b16ee

SHA512
f41842945627f2ee9aa4e5205a8c276e8fa55ce9b3172f1663c3070de44ef351ab7507081b5bf12004039d8463e287e577eb4e2768223a5a966407d5206bb74e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f9291b55941fb9a2f41fd3b5333dd6e7

SHA1
733c288308f37ba488e6a87fb65c88e9ab4550b7

SHA256
3241977d063d0ef72aa97c4c1e33881d6f84f2936fcc743f007f0e4b01a21555

SHA512
a91cce1a3b2ee673aa03e3b372349267fd805bcff7838e884771ab6420706a31e017915f9219b8eb22c0cd97ba299bebb72bc407fb67f85e4098d725b049fc6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ee8917709762477f41b75b7c0b923a7

SHA1
614cd255b874a9dcd045fbefe65fb0f1e5c807e7

SHA256
730855c1b816f52b41d4530b9a1f64f67fe3bfb30c908daa8aaa9cb07dbc7eab

SHA512
baef1d8c48c33b3752a579fea5a85bacb6a857f6e7246abed1cdb6238d31821c83c53f1f1e46697139a643f6021da2e5771e82391ea74ebb0491dbcd523fe85a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4644d491400914091cb50fee8d988fc9

SHA1
fcc68228f5d1da5690ef72dc70cace8663e2debc

SHA256
afbb80c7460237599f42f8c77ec9b6a444c94fb2ee85624f78eedac9ad68c55d

SHA512
5be1f40075662a426a1fe35713bdf59c22a785e769d0cae920f794e4db9dffe5797a3c7627c9aef003280d1728b2dbe4baa40ec0391b6a00b07b21de7e9824de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5d3a0a71995bd9c14c541c5b4a76846

SHA1
2c376eca79e98bca1fbfedbd6242c9afb19f67b9

SHA256
e3540f8ec3e6235551d49da6e792d09d28a25ffa9f725d09ff8da1aa519355f2

SHA512
5b7add344859be9f9964e67fa059fd4ea99e75f6caaffddbd782a768c43110ea815fe5419cdbe7c08a11b9cea4236d731893065b61f947ebb43817744e13a7ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07a1450178134e894ced4a310894f49b

SHA1
27c552c637e342b192ca65ff7d9e050e41f093eb

SHA256
df9661bea3fb018a4a1e6d1b3d2fa1473d3b1bb10d0b2b5900adbb943d599a06

SHA512
4712d79d64f4a439836e581b2c9578a3ab769311ccda5bc807eddf971e5360b3fabc674299b3beb4c6238a8afff1a5aac495953c43efe761c14eea700af52b02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12ccfc4102908d03d1c858d2956e65b4

SHA1
363dea47fe44fdba42c90776330db7c078c08cff

SHA256
92cb04829149c84af285134cbb3d0df8d171b2e2d8d66eaa38ca5e8483fef824

SHA512
9b16aec0e79d34ffaab2c146bcedb26cad47a3a72793e120ddeb0c8141243e45f01712be18973c46169a98cc0d5711edfe18883f4558940e4f1f726a41923794

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1d6cafe32421ce376aee404698b7364

SHA1
fe5e157dcf3d511f313be9c84c83511b7e9029b4

SHA256
db86f3db9edb857983ef93b5a84d35e1fda3f3d62ea36e43e24eefe2f1c1ef32

SHA512
db446c702562d2c5db4a8609d81ba5dc1bdd0032f7c69d3143db2bb1993d9985de3cf9a560b02a9f532d7703f258b85784ecd44acd6a8ef2d98c7bb85d34bedf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
795fdffdde1f4e7a6ae9326cf6032495

SHA1
d42a4d4d28c19e3e8bb1db9896c2310326be046f

SHA256
a4a5e41feee5f6841fb81979779cbfdb4e656ac39b49a78bd11f3d7e622df6f6

SHA512
a6f1386885b815e169fd9d5d1b9076778040d3c8b8a6547903b3ab1d90e42d1d1d0c77f30ee97c30deadd39abe01caa8232586135aefd418025a7f4e2255d914

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4926fb7140534254a7ab8cf89a98fde

SHA1
9e5d5f64dd0ae945014abd4ebd261e0306e23a6b

SHA256
fcd8bb2f2fe40e1d588edbca80d2454a2162dd17d043874dc17a1299d423a049

SHA512
455ca94af24ab018045ea4c5525c3d289301c7de1b33b217d7d4835a164f58df2ae9ba9746799982fcedf5c4f89d9a8ef134aa02ff584749ee6244da0a783faa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
882294972b8b2e131e2eaa869257e3b7

SHA1
f2808944b18bba09185a3b2d8d7e9061bb5aae6c

SHA256
da2788deeb1e45bfc1969dd29797987b9d3a1f9c78dc8b6078606727e8a337a2

SHA512
a222dfd2acb65a4a48a491cec8b08f6c78df51f3aea2f61401e0f2a3d9d22b641d2cfed40e68cf3d9d794a18d2a4b4e8e4313c1f2dce81963ebea36f21c39ec8

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB08C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB13B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit