fc99fd8b6cf4efa710fb663eef08fd5a2f8616789a81ba2dfd8097bc7f22e207

Analysis

max time kernel
136s
max time network
138s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 10:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf4e67046d1370cfc8e66aa2e8791a0a_JaffaCakes118.html
Size

18KB
MD5

cf4e67046d1370cfc8e66aa2e8791a0a
SHA1

c56581203a75177f347119534a71bb2ad21b82dc
SHA256

fc99fd8b6cf4efa710fb663eef08fd5a2f8616789a81ba2dfd8097bc7f22e207
SHA512

e363e2120ed87eed29a1d9c578d0af434dea1db25e7bf59e78629fef75a1d4362af6241825dfbe3299f823a2c97d9b5858a3766982e7a98bd5b2138ae3f6368e
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAI54vzUnjBhJz82qDB8:SIMd0I5nvH9svJoxDB8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431779459"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9F0AA4D1-6C38-11EF-9CC3-FA59FB4FA467} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1836	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1836	iexplore.exe
1836	iexplore.exe
1480	IEXPLORE.EXE
1480	IEXPLORE.EXE
1480	IEXPLORE.EXE
1480	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 1480	1836	iexplore.exe	30
PID 1836 wrote to memory of 1480	1836	iexplore.exe	30
PID 1836 wrote to memory of 1480	1836	iexplore.exe	30
PID 1836 wrote to memory of 1480	1836	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\cf4e67046d1370cfc8e66aa2e8791a0a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1836 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ddd25f82f1e9ea85d0267287305927a6

SHA1
1ee5bad40fa7b0f5fb9a0dbf38da75c070282f7c

SHA256
7cbf1357a0cbc83876c7eeb0211459bf70f2843360d73cad99197c84e5749836

SHA512
20c40bd8c9e5e29a51d394d8103dad6b0eb09898363bba83ff8e9be874450660cde43f7bd9d31f32534d4e66e632357fa4fc79d919ca5605b4323d267c2e20dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9ad19050c0ec6bbbde1c656799dad62

SHA1
fa6b3d9e37c042acf12eefb51bf78fbf1a116d1f

SHA256
f208d64c3e44fb76dc2aeccbc1dfa0a07027298aeee61e526b98a53b05fdceb8

SHA512
d86e338428aa4fa48257e4bbefaa0f9bd84e8661ea1a54d1e429892593789c635aff71d037a2bae9647720714e66a0fc8542e9b0a6901026e36017f3ed6d7e13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c5541f08e12370b08bcc79b4a0c4d0a

SHA1
74a1c303d3174845248455adef2cb426cfbc7ea8

SHA256
22c3cb74bf792226ccfd8f17f6c385e1501b931aec1c172ef8001f16f859e0fe

SHA512
570e650323a1759016eda1955bea5c24da2dbbe1d207988add55fda2f1872f91cf9184fb522519fc6cb0366fd7c238c43242f9bcdf97c33514c421a964175c66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a4a3bc87d12e29c84ba55c3eee6daf0

SHA1
1c9afe10ea456f06f1a8b999865a613b91ee582f

SHA256
4ea86f3966c0afa78925fbaeb635241cb1880b29356bc98e73501dc54ac008b7

SHA512
43e2919bbc8c2a3a108c9474558f991c5d24354deff9e63ced86068adb3b41d01532c07edb130074d685e5dbf0d7a67640dd85307b36e49a1f6be671ca5b2552

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4df59afe709a5ac8d7ca049b8034fe3a

SHA1
ae2f4b1a8c35cbb805e67a8380d74454bca1d784

SHA256
ba2fb6a0a547b83d8ad68ffd241aac44b354b04cba486f3cb0f83cb0ba4db2ab

SHA512
b130ac0433cc833864586d8a0029cbe4788f08548bf4eb6381d69f0e37e4114479c0cdda29cd9506eea7bfaee2406e8583424257d51c48cb7fa887fd3c046478

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2f530173359aa68e418e2934c346f088

SHA1
df36a963c6d7f0998ad10f3fc30d80ec956cb34b

SHA256
cb963d80c2d21ca2d1e6920267c8c73b03f33b1497a6de3a626b39a48b7f491e

SHA512
2b5fb0bb178f14c9f5fd42f8cb1ab31b4488dd14a61cca4c5d3cedc9c9f1c3d4ad971b57029621dac6ec6fc923773422858a9e6db21df6cea097a4330244bf30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
009bc026f9acc4d6b0709a76643d576a

SHA1
fc2e430cffedf0df7adc05e0fcb12bd2e9947ee4

SHA256
62cccf478b9b688c1c267c13ddb744641c596625a1ea173dec96a7433fc5b5ff

SHA512
160f7ce7f676f856eb80c86fba174242979542d1fcc94cd403d6fe53480a00d306a81984e5884103d9a1b48e452774abb9edcb06d04c1cb22d858fa312ba75d8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
691aaf70bb98f66fe3f1257da20f4435

SHA1
a6b1086dd01e00e2a53d5bf0059f29008c43e08f

SHA256
e8c814bfab185bc7be5a2628b0a6645ba85715f0cd9f1456f0db4681944a3084

SHA512
c7ca7547fd220e9018caa6e6da4590e8c8c935b67e7f26a416465b0bf3152f9ac7fb828cad72e2c286b1923cf8fc3e782a0d74562dc8f4d03e9c9a24e5508635

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0aafb10812ff53d63f45fa86792744b

SHA1
d3c18df0dda39e332e51618add12b0ac3d9e1570

SHA256
78b1f7c82a68bd67454c9c30e463c2155afdbf78372906e458d621a75cd53419

SHA512
59925d0747934416f9b5cd063fab1b3b38490b325db05486950f71ea97c129f106ae2ab4dd9b3bbaed2150827ec7204def2b2df0d78733dbd88db25265530db2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
320a33ab71f3c3df560eb9246b0606e8

SHA1
6d61a36c9c818ec021422c38b928b9641de6ee97

SHA256
96016cf53e6e62883774821b3002bdc78e10c035d4059d0f9854a39d60982de4

SHA512
7d2d44cd8b7d9859550fa6c48745f8e7ce37e25f5e614e4c0a47928cff01f1f56ec85c5907bb15aa8e57d611db9687df132158de9091184babd4c718e23c49dc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e7a7f3c8e97e02fcf5b449e73c54c60

SHA1
346d36b24e9dd63529076b7369b811cdc6fa6fea

SHA256
d2f829867dcf824b1eb9e553a73b8650ba78295b1e602bf77028d2daa948baae

SHA512
158fdd7f45b15d783b3d1a467841f373174014f5870f1f8523309ab99ee8124fb23129c04470f615220480144e8056ab098a29e2bccf8c175418184164cf1925

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8b7695bc107f4f448970ca9d09048dd3

SHA1
bb1956b69255123a9d9ca620374f4883f66ab2ea

SHA256
bfbb9d9ba03f0fe5faa7af36a038ad985867a717023c5fca21ad8c7840278f17

SHA512
5b086fa157e6dd3f9236063d2d874f33d0bf92085c26c6a0fb51a880617f279e95ad7f362efe9f104d8ebb599b558171def59ecca6a35b6514b30b0a3ce9dc1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3848942bf781bba09ea920b90332f341

SHA1
92094a0d0c3e8e4f6c5f25ac5f716d3b55c8454e

SHA256
90e9ceb81ad0f8df3beb9180b8e4c241cb1cab06d326250246ce84ff58c45127

SHA512
3845954fa68498f0b29a046556acaac51b7fe481665ab28fcf24ff8592e901277eb3de1f1d368cd73ac45c15a588e582ac292d4824811d6a05a8e33ba607ba41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79742ab7ba66ee6bbe7dce9ab8fed9e8

SHA1
698437eb306d24efc13487b66ed1377d44d6b2e2

SHA256
4eeb234ae6eaa3eec42fc8c62deea4101899d07448785e5fbdf4f51a2dbfa02e

SHA512
98cc65489d6730ee73d1c24b88ce033a89ee624ffbebfff6e07e5b87b815a3fcaf18d9e95079442ff0a9974278be3daa65a022f9e82a1bcc11627c1b67877546

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2e382c0c3bc49288ad9d26579df4858

SHA1
3374027d7c285714c4c281c0fb557e89b619d6bc

SHA256
6db3629b2ec1e9ecd2a814ce9349c3c7f1c98a859d164577da95d2d9d34ea390

SHA512
8c499b75faa768014f9aa94de9f2dce6ee10e4a2a9946dc50a220dbd01e2596348f12f10aa2b0cf1dcab4e3a986ec5c45cd37a68ab68d21aa511f7700ec502bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
971e1a3a068448d6ddd5a3d834e5d879

SHA1
c4843c19ac15ec6da17ce2e0b7e5fe56b510f352

SHA256
61036af0ef151799717c0d892680aa46c972064d50be7cd349dac602ac6506cf

SHA512
4751e9226cb391e02dd24f012637afbf7b72031a63637ee4da024481012074473dd138344a5900597e4fc33779baf70028c0a17835e0ffcc825cfc9d77ee7431

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
709f6dd0f6577472dba7ec18a73f3d9e

SHA1
27c98535c524a73490df74480a72d70333668508

SHA256
9a85307e7fbb370ff84aa51736d15077823c9cb423587fe881f3dc8285def14a

SHA512
e47cdffcf58fc40a9289e3b5aff7899fda9f5675ffcc06f7fc0d4ad4a0b374f8eee1f5569c94ccd1dc1e6598dd652a57e1b239472f8c20904760c1916447d71c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7dbc5ab379503ecce23ce448c663758e

SHA1
c66a5e0714bc8f47867d826ba2ca609ab4814f05

SHA256
50dde8412fdb29c6ae4b380adcf1b4553a7692ce28c8410baa9e9f6d70a996e6

SHA512
ee969349165094ec5532476ea8124cbc46472a0e00859d73a13433ec324d394aac7dc2794da22dca0c13161d781de15d0966d6d2e4d855a418cb0f98b1254332

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
664f22b96fa84fe5d6f23677d8040ddf

SHA1
97e3101c99d3466be86aa20ab3980359e7244578

SHA256
57962d25cea5e28ccc426f1662ece43bcb1f5ed37763e798d966dd03c0c68fae

SHA512
34550a163e3364b8f5d838eb0d018876b3921f361a53e24e2c1026143dc4679c7484b4ad7cfca9faccc9626f81a0c24973e76f60ca0f3d2685d57bfdff1cf512

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7005352cd77c051ce551bdd474dcd9d4

SHA1
0548146936a6b7fa6ad0d11d0d372735da800c87

SHA256
41ef3a8f76e46972006e49d511177f75dcc57bc99bc6879d057ac1ae1e20b72b

SHA512
9b4846347144c1e84d7bbdd9c12f78887e22ebd24fe8381b8722af1625e4c158671e91b6e022dcd339a98399feea2826d01ffbcac4643d61ee017b1e887b7871

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b1588dba0f184fe83bd8a415c2030a7

SHA1
5ae12673143c318206d4b7b1715fd00603cb5a96

SHA256
f184498b3c52098572854915ae7cb6024b2846a63fc67919d76ab6dd8328ca2c

SHA512
38c1b42a3e164f523e64a3b6f0c38304d6afd66f7f2bd6aa21917c5feefc16e5ac8685aaf0d2085e9c6699f2da3ce800ef428d9da9459c48782ce23bc618f9e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC16D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC22C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit