98fc8f9f59e6a5a89f729706b3a83241faab040c1a56934e3b2eaefd2f9da746

Analysis

max time kernel
134s
max time network
136s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1e2ae19d631e7d13d2fb809ed328066_JaffaCakes118.html
Size

213KB
MD5

d1e2ae19d631e7d13d2fb809ed328066
SHA1

b204f378006984e789095eb7d7d2d416c073bf2d
SHA256

98fc8f9f59e6a5a89f729706b3a83241faab040c1a56934e3b2eaefd2f9da746
SHA512

20b63e57d34446c742cfb2ffcad8bf6dd6302ead3267286042142f0ce331b50a98ae77fd255eaa775bf08eaf49339108a46755ef9948f10c6765d60229bec5ea
SSDEEP

3072:SGSd/xvylowyfkMY+BES09JXAnyrZalI+YQ:SGsxtsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431872354"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8C0A3D1-6D10-11EF-A0E3-4E0B11BE40FD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2692	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2692	iexplore.exe
2692	iexplore.exe
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE
2668	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2668	2692	iexplore.exe	30
PID 2692 wrote to memory of 2668	2692	iexplore.exe	30
PID 2692 wrote to memory of 2668	2692	iexplore.exe	30
PID 2692 wrote to memory of 2668	2692	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d1e2ae19d631e7d13d2fb809ed328066_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c44c1fb1d7b1949e273bb5f89944c9d

SHA1
3d59f0202582bc910d38c0e231d071729715eff8

SHA256
3c11436f4a562cf42b3196a94746ef069b1041ca918997f02772314b53a9e8e1

SHA512
80e5703b18c5c480646add805848212b2acc6f5dbc5139189fc62cb618230b32fe229912cc7797f450deb5deceff5e7607954e816f4928691f762880ffce4a1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a957ec3abb6146b3d5fd8cbe7d964304

SHA1
259d1cdededd9cb0d60c7ee38de0e323e9063e4d

SHA256
4db4478d1c371c013ccc06b3fde6ed0f1660f9515cbc155d0c6224ea29a39733

SHA512
1d74130744391e9b9fa449dc2d6909aa3e8f28389052f27a87ef3533ce35c8f832dbdc1bfbcd0dcfdf6bf6ba74d51d23ef0c255b007017edfaa5e8dd97b35f41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4da2934fb247fbbe6c40aef36d660903

SHA1
21a0e29f951671a37d572f5a1cd7928fed47ae29

SHA256
42af61887a312a544a5fddf0b8faec14e46346140ba257c37523ed0cdcf1c1dc

SHA512
a677e2fd252a2d6db08efc1d282572c66caeee2c6678dbbf22c4e77b8b8438234ef47085b735794cb82b7049c1baea2758f5b09cdadeb436ec88d419251dcac8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4f95ff0cc57c033fd8c602a1f802147

SHA1
99ad1bbf50a79bebda20dbd79caba7c174d8eb99

SHA256
ac83c44266684a76c787aad3d2b8e26449dbba1e5f50c2232a449df519884529

SHA512
9df5ae5e4a18ea3b996b7a6d55520736434e723a7b7b8f0895228ea0361c94027c12f8475e8a58bd01bd5b188c577ca6323b2a76bb3128eb9a75809b5dee96ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a9bb73562708ec3b1d3f8df7f8c7552

SHA1
75877da369b6e61e0bd233488438ac954e2b23cf

SHA256
268c5c2e7963b33ccdd4f7264ffb48f1f7fdda59bec2e7cf6cb9dc45f6d05d62

SHA512
33372e2d60f5f0757049819aaa3ff6df769e863796c44dde7c60296c3cffc4882ccaacd718a90776a86b06d559407885a1b78aae94b88bf024e1c6c37df91165

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f6ab32b8938baabfccdf4671ae96122

SHA1
6e5f6359d540da4283a7829d5382cd1ec136c2c4

SHA256
9510cd240949d1ad154f87a3ccb3a6d1fe5f4317d4011e6f8f2fc794b2ed0f8b

SHA512
70702826e68d56f2ec51bcfaaea6c722d11b953135f77beadd3d03d98f3743f035e58a7b56bcfc00dd581222ea693e2e1d231171811a245c0dddf1de6c821280

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b5c5bb0fad82d7a0d323933c57d8487

SHA1
f145c16db3b959a2cd8ee36882409d7709c651e0

SHA256
be4b0b66a3c522ed9ecdc65023a716ad003c71999cc833559fe2fbcc344a2f95

SHA512
a83a8d58ab004b9e266608412c4c7345c0db8b7b3b84b4297089550b946e852215e2d973ab048be30c7b4fdfb8e913f9e1e44d21c869a2b8f486256800ca30e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d0cdec6c72dd1c42b41abe940b89f962

SHA1
a705f31fc8147088155ca5084ec7edf2fdad4ac7

SHA256
421f0cc1f7a8d8bc0463e504d917064419952108fd067c54345a38738433d0e1

SHA512
54f7e961ee34d6a65b6bcf6cfb1c4c503fa665d7afe6fd769668c81d0086bf0ea51bce85e43ea0efa14815ebb0833ba3b4f5761531de4ea78c3b24d390fb2005

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
842dd2d032adfccecab49da2d7fd9974

SHA1
21b82cb64d769c8bec21fb6318ad8a74343cdb43

SHA256
794a0e2519fb5fe4b0e0636f78a2856b26201891530f1a934896e04c33cb1b48

SHA512
03bfeca458765fb8546cc427bf6dd5a36d6eda5d0384770826177fafe2b758bf3823c70cc22bf460ac1b515ad506ce2717cc0e1f47fb6c810c64242aed2b3975

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a96382e596af574fc52893500cbfe47b

SHA1
adbb1be120f27bf7e8425c593bb08ef2df754da6

SHA256
6525b01b14d3bf6fd11cc80e78f9b53171ac38d05a6b04b52ab785b2eb28ec6f

SHA512
243c95af382ff2d8a0a1b93ad15de3932b9fcb19a87a063c7e20b452cb4e7f2d73c87f16e129d10d2c9f1a234c7e8e552867418cf1d9d95b27f5a0d259e8e47b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f080482e29150616d5c75df760672279

SHA1
e61dd4b7ba3b4b5730292188c1d88c735e6a9032

SHA256
7ea016202b1d1fb13cc4b7eca54ac60fcc801581f3baafc47e06c2cf64fedb7d

SHA512
4a5612634bb3221323b775ed1458dd10888ba6056660d21cd5f10ba31502e0325cd550c40a0ddd5573b9e5083e74ddf2adf911c40c4ab57941b433d61e821678

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81701432e0163375945263b011dd2923

SHA1
a60cf8abd28f65e5aa77f2b04246f26d0239b514

SHA256
660b4f78254ac7ac1b3b9b0cc970bf6a18e8ea48b5236275af1eb994dfa5dbaf

SHA512
2f684ba1d47af434e3e7a36da190c8ea116f0be682629d77f458afc08dca490873058ece253fee6dfdfda792b1a3fce16cf826e1585543c22d773bf2c0e0dd04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
29c25cefda5ec703e150a68a1dbfb709

SHA1
8c47b0c7ed2578a0228c6d2e6914a3954d5bb21b

SHA256
c4979a4c5eb86ce7088a2f9a722fe8cbab6a9f584eab99ee499304a9f8cdc72b

SHA512
39e6a391c2e6a8dc632b8196def1474e19fb7405532aac2db66f19b76d3c3eb88f2555161729e95375413d33b7cab10b30c4df9e848ce4eb0b1cbc6e030ba216

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7f2670cfa0e96583c3ec65c5ed4c537

SHA1
25d6a2fa3f8d1f63ea01a0f0d3e8723ee0bfd778

SHA256
1612cf77f05d95c7e0558b06fe5e3cb60b858cfee2d795e055e9bae6b5099fbb

SHA512
b6baef3aabe7fe9fa6d6c3312137108ef8bf0b62d7d8425613c27124885793d4e12c9ef688ef4742a344a864b54aca7bb236824bee9eee550a9bd15c81c88abc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3d814eed8f8acace62189d6befa71fee

SHA1
4028b3045b8dca7a923387e3645b10f6d4cbe13a

SHA256
f607c8f2156ffbde004c946b1b21cc9b2f3fa7ce3861d2126328437e0d2de39b

SHA512
313f363adecff988c8a8ea13a0d3e908ccb2072452c4752988cc6e820115cbb51c763d9071b666331a3f36c156f1851a204732b67f75b44afab6546b82597aaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a238fda135be6296b16be403136b0df

SHA1
27f052557ff99219a61a62b41d40624967674310

SHA256
306e1c17dec696df5b15baa5fd0c2d2c1e9ef1f0221cedbfa37f0cd109715760

SHA512
86b187e0232faafe0d04ca4b8df55dc9ebc29e37dca16f0695572d22e989079b70b5c52a2218ba96256ccf4ad4cbe014975490125385fc5f1936f3e0c75ee006

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d85ff14f0041237c5d822f4e05ca19c7

SHA1
544871001947db4b2acf84ecd8151ef7de8af7f6

SHA256
e344c44053190ebed4b1ec6da369afcecbe13129c0ea54a4e1297630955c96b6

SHA512
f4831504add9c7b8c71022f6b80f41644915c33789319ac612867a2a78c073a54897116c09830e0bcc37551417f70d09f9825393235df32e9305c72b3df4e403

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58fa3f7d9c1aa35b11b9bb48c64f866f

SHA1
06f4e161becc011cb0702cbf5933f77fc67ec08c

SHA256
cc448ea71e2d52a3c272f7c856879c5ecffcd89e0304af841f5805c40928b58d

SHA512
3c1b3cbaeffbbc46304a1bc48e5d78febbeff814fcc7dbe6d59dfbef870eb04268ed6400fd5c720e244de53e209cc19832bf87341aec240d5796f6f2b85bfc57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87dd1b482bec598d9c3cf734723909ea

SHA1
4ca989497a8925fb8a50ecb26a05bae482005c21

SHA256
de26e877b983aa9c11b7e6013f6bda55075f7fffec8424739e4e21a033af0506

SHA512
878f09e3df8d562abffa4cc5595af5ed661022ddb765627a082d4012c1ffdacddfff9c60bb42395e12978f5a7716fa7ed89072d7fa1d86c84ab4fc098f7e3725

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF124.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF1D3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit