9f74b4e0ac57d075ca7c9a11dfee2e982c2bf7f023ba2a4f77a6e0b2c28faef4

Analysis

max time kernel
142s
max time network
152s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 07:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d5d552589c46face1d8b776734c92cee_JaffaCakes118.html
Size

54KB
MD5

d5d552589c46face1d8b776734c92cee
SHA1

e394ffea1efc5f1823917e2eae0564750c25355d
SHA256

9f74b4e0ac57d075ca7c9a11dfee2e982c2bf7f023ba2a4f77a6e0b2c28faef4
SHA512

bd7c4d31f662036a43533d0f943bdc261bcb245dee07e3fa092e9464576f88465a22d477b2ede9227a01ed555f54e4447ee878fd38d58ce866fad3d9a0fda53c
SSDEEP

768:mc3xsWNSWPr8OW5V1BhGq4jIV5Yw9s3l/yFvZis7E5MDDh2S7T:eWYWPjIhhIjIHGc7vDDT

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432027323"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B7C00681-6E79-11EF-BF4D-465533733A50} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2060	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2060	iexplore.exe
2060	iexplore.exe
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2664	2060	iexplore.exe	30
PID 2060 wrote to memory of 2664	2060	iexplore.exe	30
PID 2060 wrote to memory of 2664	2060	iexplore.exe	30
PID 2060 wrote to memory of 2664	2060	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d5d552589c46face1d8b776734c92cee_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2060 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
3ceb605081f4c9ffdcc10a296f996b36

SHA1
62f4408689b27a74fb4b32edb1033ec48d57985a

SHA256
ec66d68b54b823a2ce067f4105e6a8cbd8435b04c9441b840b27d449cf742df7

SHA512
afc71786ad9c5921fe022e72b32c35b2b70eaad827b54f9425242a84603c82271d70fa7078a586fd5fad3e72e59d2c9aafdfa8fb24fe42ff98288d247980f32a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
471B

MD5
83e036e23558cb28f9260870a40f8cd4

SHA1
6d4d1ee3232ae15ba9b8b82bfc54866bb3ccd73d

SHA256
a0049ca89063fe23a2c46e2a9cef240238c399ed4cde42c19f8e4729b5130f2f

SHA512
b363bcd1f2c77466760f04b8f488eed97304065f196b32a137c86790996e9b8d0817126b068d09e15a9f22413228a39f398a14375ee8cc421e967f99c1bd2428

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
fea80dc0b59797b95cae5c1fd760a4ea

SHA1
435bfa4b5bd31b0c1df0b4348f9f79727ed181c2

SHA256
37fcc51a0312b3478f89766b8f79feae24b97da75dec75baf5391ea4e5757204

SHA512
ae0c0bda70d4eedcdd1149b5a0cd6bc765991cd69c15f6a2aaf78219bbe561e96878603d6538ee4541c6b2cf462a259a72d4ec1f47302e81d5be4c15c668e24a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
cbf3bfc2f71b64ef3f2baf893431b7c7

SHA1
53e11a221e3c7a0082132521bea24347e2b5a1aa

SHA256
43dbfbe24a0d6f45a71efb9334ba9ec3f62da9f3bd74ba8859eda9752c09432a

SHA512
75b8e91c9803372156d57f136b5a8ad3aa723db890076ed25fb6a7cf7252e37aa57b694f3cbac4df6ccdc24665f56136ef9081aaf0b4f3b0c5f86b3ea4820e09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
55f3309985fe94b440e758638d8c72cc

SHA1
8d5cd2bdcafd1224ee3278d7b7296a64f038dd35

SHA256
6535da4b5af3067f84e85608f7d1fee196b0fadae124ea46c4442f4578998424

SHA512
8830d63bbcda729a758fbaa81b27ae505b7f74d43cc7d591de1271d2f6e621d24108bc48e292db6ea2c69bc0e773ce5473640f5cbffbb5bb6c03ad4816b89350

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
97ecd16e51311cab816e0d7d403516d1

SHA1
d4cbc16cb34cda991e0201feaa018de5024be37d

SHA256
87c5e8f2e2e731ff9734c88b43c0366959ec14ea747b91c26705749e74d9635d

SHA512
0b962131f025cbd8f2d36ac9b5a3b151d5df36a5c85211d99dfada4e5e52107126cd1a20bc31dbd9bd118d5abb3054282841cc25f4210fcd37fd78cc3fb6529b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e88450914532875a7bdfd17c0f1c4ba6

SHA1
d32607d4d7dda408cfc6424aead4a3fa2272c791

SHA256
2d07a98f2e2a6031adcb891d2f31bff796354f352dd0846d52064d90a0e67bdd

SHA512
35321ddaf056e957f13d2e4a07d91cc861f055d01b9390576ec16517136de08847f204ff77c47ba7d167113abf44328a6ff290fdc2660e63e62c320338ff23f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
020f2c187c252cd8b8951409146c34ee

SHA1
09f08d67f2c730dfb35ac175290aac3ce60d1633

SHA256
c63436a7a5c45fe009d7c1181213682372419a13d4075075229e9a56de131fac

SHA512
d5ca6f125eea961237cd1af06a9b3b35fa2ec898d886eefc58f43951d0554e3fd9912bdbdb957bb9a8d1bdb66fc9033cc78cde177e972dabf0446a6720b84b11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ca1bc26b01245c7f78144b29bf5b5ea

SHA1
c7d86523e5a25a2a214fc4ac1f4263e863ea4d5b

SHA256
c7c14733e4036b985a91bdb231ee748ea94f87323b2ba4beb41569063773425c

SHA512
2af9b3239454dcc6c0bfabe9aff3ef3e55b321c84b7b4df09d75576efa57393e20f7b9a161dfb335f1c7f2b761e5cb80c8a524cb93564612b9c89ee09063b7e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
664f0902812ab67fc09e6b85ceed0e83

SHA1
702f7319ba8a75161ce33eba6ef762ec05d69ec4

SHA256
f8c1612c0048aa57015468e44f37df70234f9503d0ab817056d02c582ea492aa

SHA512
99cc2930974bc256210f93765e7609f439d8980975c925d88d5a0f5716a18f47583057254768c6918ae0ff67e0a8781225471933ddb8aa87d7b3951d844e8139

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
078d1ebbfb385480439540e7b7ea5c43

SHA1
63d47a37f6dab9dc6e91e1713aceefbbb6714f16

SHA256
712fa89862125cb67d1ac0ae107d2cbb9c7110a7f4601d44f69b754054bbf28a

SHA512
c3a647f21cdf9b2613face73b6972b73665aca59dda5b94bef5e0c2f3556818b275a092ad8337d4c2e7b10f40ef1fa49aad8a31ca80933bfa97a2013c8f040f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a468d20e20a603d74e2ea294260b36ea

SHA1
7356739e0f62cb0bed17a22a2446da039392dab0

SHA256
fa1e56dfc4b5e10af98a548b1420638c1ebcae92400f8df37eeb468b161978a4

SHA512
0387658e808818b6aa6629888cf5a653c5970efe071eb6c532c224e2fd3c5bd7ad4b853713d02717e47dd8bea0628837da5c0baa81f0469cde5c5fa80f3076e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
912da4c6c5b6a5a961467e336be60788

SHA1
c096b10b07846ec91bc7c0bd9d956192f6de553b

SHA256
4f3775c975bfe23089fd920966d7ada01fe4f383c3bbe33463549e6fe384c16e

SHA512
00e20cd79ded2eab89bc3d6119d2fc2c55604a67c862611a61a0757c05191cc2f6230576b05154d359dd251f60a90f7887cd8c95703d84038516345a837eb02a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
daf4d3fe06daa88624d468b3fe59aca7

SHA1
35f6d900dfe1af7735f965eae80ccae272f84cae

SHA256
c2833680495301f4ab640cf91a5ac2b4d39e02f0f24c6528deb61e8d415b2d86

SHA512
11dfa81149e01b66c4534bd40c8afa9c49df0096c15664439062ec4574737d5354076c97d7b117a103d1ca5a35d2c1c8c604a9876a459c1e516f4a54bc8a02a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b61fa8b6ee18e0de3b8ee109a026178

SHA1
5abc09e6913b58974586c699c45f1ab9b25b91cf

SHA256
b82a88e48bf1aa4b8f79bff2a779e6ed432fb094caa1e69c08c8622ffcfe9ac9

SHA512
3d34bfa267139f8fb516004783d9ce303fa4685dfd2dd2c22fc05ab09d1f351827b945de214cddc22381cc41eceb71d5ac73ca8f976467de1fade0d3f9813c7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35abcedca2ddbc26d6da341c10076776

SHA1
8d01fdfc95de4b0c93721bd1bfbe75809057a3a4

SHA256
f2f4ff0ad4c931af0d6ef081f7fabb21b9f9b8f9aa3886f4f58f108103033c56

SHA512
d921c6b227a56d9b4865bf43b6bee7c5830f177fb60430734fc5237f81f0f7ffa0dc529a136b4fa1d2597e2e9eba1e0ba259330217e23d32fdbd4291f4143527

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f57e923d8a748841f422c8650f5ab723

SHA1
1633b7f1fb71f8971d82d9e2b2afc6ec14cbe2db

SHA256
fbb2b75c7674a6e43f25110c8e8b704e2b254b716148ae71480e1bfee7249085

SHA512
9d808b4798c9b212e223d4125b50ee70b441e181b82f562aabb99945d54cfb535a5e0faec82e0a4c1ae1e2de69e1a7d5cc2b49a0581b67148b2334252df62e25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
440ead16fd2bc06f906dfd01ed2bb6a0

SHA1
cd63bbf53bd6d2c68909fa9faea8dd57f470eede

SHA256
f5b5e58a2799d0b20bf6907ece1b6d5eb6065ddc007561168e0c1d6698ef586d

SHA512
b6385c6fe8779b32c6ed93aa8f573437779be8ee09c1c0aebff19e4eff8a5126eee3003b528dbf7040e70ae277128d31bd6afd97ab135b94b799619d4424b883

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4376e7872dc79eab78a8002cdc5f9cd8

SHA1
3ec3e3fa95411ec62b3b3fec58fa0d0be1db0a7a

SHA256
5a94539c305b082a9e00494a568a5791b26463ffb48786b6db7a7c752d5a0dd5

SHA512
c7f153e76d1181ec07137e7ebbe8cc3b7c5843df58f99ccd03ff1038f90de0e766b32804b30039ffe55f77307a3c6d57de015754ebcd084e2e3fcf86629b7b3f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
0a92b6848ba1a8b44105934f3664308a

SHA1
e54323ffeec7d5ab143ff7df88cf5b4a1cbe8c0d

SHA256
84d4ff42837df452133feca3f97e686b695108e31d3aa534e504029e62f8da31

SHA512
c402ceffce27921dcee98ddadb6f8538991777515464364038ad3a540043c5917b669acbc475eead1e07f6891781c1ec31ccb7336df8c50710d7f509affbeb11

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDE8B1B7E253A9758EC380BD648952AF_F968CA97A68F4E6D5C104EC7FE3DFDEA

Filesize
402B

MD5
9149ef14f504e5dbd2efb11b2b4d7b76

SHA1
cc4bf41b972082f47233e20bd912e28cf5b49744

SHA256
8cbc4f5679a5e2cc89cb66a56b90254ec91b8480c7e436c4f548f19e7c6f6d6c

SHA512
f99f7e1277f27891b06bd42f05886585ee8e2fbe2d79647b2847659e33674a8779277dc57623ba92c97739e478b68d9706222bec38c3f38cc715557f0b2e371d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD8A6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD8A7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit