a12cd0c626cf238c7e4f9d71d299e29723b6a9316debad883899e7ce5b45ff21

Analysis

max time kernel
131s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9962bac7929873c424c02665d3a2843_JaffaCakes118.html
Size

139KB
MD5

d9962bac7929873c424c02665d3a2843
SHA1

671722928fb3f2507822d0fdb8de95baf3e25ca4
SHA256

a12cd0c626cf238c7e4f9d71d299e29723b6a9316debad883899e7ce5b45ff21
SHA512

8dd2806e2b4f10164944b3af719781493fe3b75fb7627eb6b7b1fc6dab0996f522ada4ddbf383371632b303c49784ee1b3c227604e6ac88ffc80ac61bfbc0214
SSDEEP

1536:SNH20LX10dlm9WqeyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3om:SNzF9WqeyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D8A087F1-6FF3-11EF-943D-F245C6AC432F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432189727"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2784	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2784	iexplore.exe
2784	iexplore.exe
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE
2716	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2716	2784	iexplore.exe	30
PID 2784 wrote to memory of 2716	2784	iexplore.exe	30
PID 2784 wrote to memory of 2716	2784	iexplore.exe	30
PID 2784 wrote to memory of 2716	2784	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d9962bac7929873c424c02665d3a2843_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e98c657d38b6526f20246d612a12e746

SHA1
5e92504561a561bca759f6bfe91f26b1b7d1f2e9

SHA256
c0f4de6339f9344917eed7e53aa7fd62eeda278faa15db8a3a7f8f33a7f2654c

SHA512
424a2b320d232825c26a049c5a891cd3c17cd0eef34a69a182c3bb7bed5dcb5ec59cd92630ba0c8ebc245d0e577e01ae58260222be421979d96ad4c25d6fc456

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72fc9083b7561380d9e0809662a1459c

SHA1
af436f28b85058a95890b042525250d79e6e914c

SHA256
3cf9b78e5639ab89ca6a29eae57b71e8574cf0f7b5e12cf1c055a8d506f6b1f3

SHA512
d79a74b52c09a6bdf6914d5ffca44f5d5d8579b62fc91fb5141a1399b9a0181e4a22675b5b295829e3d940bacd022d1093d41c19b5c36ccf3e5ddba59234911f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
212bf34d002ddea5bb5ebe312539a597

SHA1
a6e0a37601ed970a906d5333fe704d91383ca9ce

SHA256
1ee9e170c8687428af4bdd4389c77f02292cc719cd45cfecf6c24461287fe307

SHA512
b52294973ea9078f997fd91070817360d745dd78dbde3c3b7b7774c8da68683dbd0b007a482486c473be82734ddca37a5cee23e16e9b73ca1725a907e53ca9a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2bc33c4b3d341412731aba93322103c8

SHA1
387f5c048f873ae569850cffc0a4d01d20eca377

SHA256
c2cbab02733d9217e2089cefd1dc81805f4533817dd444dd338f36e40d015d4e

SHA512
0bc67d1ed831d472b5225a738edb208140f32c9b1d60f49524d80a373527b08bad1c83ec71b84da219b651632dccdae36273c77410bf8980891f81dc8cb22ee6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f1611ecf21e35064f3592330872307da

SHA1
acd031bb7121a4a012e6980a04f916042c0eaf9a

SHA256
3b2236625a3ac0406f538f43dd09fd2c453537f56b466195e2cddc92762dc68f

SHA512
0205c42b0c09d20af7386b94ccd73867ee8b203a7318d6b80694da4c286b182a1040559d4bdfa54fdb74e12b8b38d60af513f86ea4bbd5cba1ffb8948798e5d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca9a034656b799ffac4ee54484ad7e9b

SHA1
da4876bc131c638195c91083d27792a626bac98c

SHA256
3e05e766227bfe9c210d325a450710997e116230c7de20a6fefa519be605f522

SHA512
dc2be8e5e17107ecdffab7fbbfe77f6ee9db0e056ffd2efc57bf4af28e9a225a9150dfe743c57006ff1147befcb91aa958a74cecd0b81ade4672e9fa69c8edf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69d9ad75ca8e6962df1ca9d87c492773

SHA1
a0ca109db747a613a030e9bab8040f14714ee3ea

SHA256
95804ce5c99a7eb5cad4a1f076df7a6a92d215d1259bd4612449502fa665179f

SHA512
05d103133efdb3bfc0194888fa2b2019215dcd33ae937826cdb7352489dd62ca562970037fb2e7233158a487f2d73372ffa2af0e4893ebb85b4535807ffaa012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
966a1708ac821fa4e00511dcd0c979f7

SHA1
333a594b1b96d5fadaa24fbbce7f7fd5f7f50aa5

SHA256
3e764bae10a0f1566d8aac78c87b25a2ea8ab4c1d93261366896cd54f7b7a905

SHA512
2bbc22ffb2e66e1e5a7f42bbc313fc111f9a9c755ceef32e155a73bc1d0f4a70464a4b5ea1bb756e35bfd1855b9aa09b0e860e59e997f15d4ae26e29e1d47fe4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ebbd395a87238be4fd32f8af97db166a

SHA1
2bf658293e3f823d81e7a920f210a77ff545a945

SHA256
0a941b846154ee935ae6d2c7b9cdccc8e820f5d0370b3c71d96be2ad27042f92

SHA512
dfcf34984d81017972fdb1565724478b50d2669753a7a0422c13ceb3d60762d13754e7288a5269e84defe07fea703d884662c4df10c07ce7fb984f3d12bedde6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
da2679043eabbf16798ff279c2257dd2

SHA1
fd22d07f432268d26d5c42c8051e52c07a0c236e

SHA256
c70bb171b0c4de2428611e12e07867d7e06094f3f58a06fef2917345ce264f8f

SHA512
82b0e2399d77f1acd31a500eaa48184fe099160a5d5595608a7ea2f100d6d1dff9abb3d1ed08705d72aa82943cba8a096c025ba06a84c0d36ba6527da8ef8cfc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
177458cd708e4d6d7b0c8dbc86e026ca

SHA1
3f207433bb7f29ff35f686b2b088052a47096109

SHA256
ed468dfe305297843f25c2827eec0d602b2f2cc0eced656856c59c4c564843f1

SHA512
6449135f2314d00b11dea16bad0a2709ebaa834c63dd2de031e6495b6af1ee75b15bcb97ae0a36be5a59c440fc3246840d45c0209f857b2b4a7f735abdc22113

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
562f3cb3888f21cc5af0f0e23809785f

SHA1
36bedeeba233102d08cb6a50153d4b15d77c75ae

SHA256
f64faef659e3f242ec7eb420976a72c39dd0e1719780c31ed2283d42e07ade90

SHA512
d3bfe8e79c031cc695704a2687ea2a187ca4c928b62dc8c4b222c76e272ecc7378701c1bbb85e7e11a348727164cc3a62f4d73f6d2241002a4bb88114b1d0212

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5827e18aa7bb16d95fd8cd002728be77

SHA1
7bea64bd083bb2626b2405de1c38afbc87b770b6

SHA256
56da98a037446944bbe080ef24fa1353dfe165ad38a638f421291314a0d74456

SHA512
7808693d2a3077240176864fc164c26df1dfa0e1e2a50040b8377264b4b17a8db3503d8340f268679864ca518ec64f83d2f67105d046f5741315f66ea10e418c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69e448ac47c65114af868e7097075cdc

SHA1
e523e3abf757a338e2ce72553eca454e453d3966

SHA256
3048810a6233be93ea3c5ac57fe1590cb2560e50ce043c2700d85c23a27373c8

SHA512
fa34273b0be7cc1f735ace9c8e3a787f2853189facc276e52b4bbd56dd3ddf8317d6ae60792bb6986079bb0e06dac676f8a5cf1a352a3ed134c373813f9d7bd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d25d6305bebd7e0b4640d21ddc826a2b

SHA1
878df69f3d68c2546670e29f8313220ce7dde7fa

SHA256
cf4bcfd5d00157971e52c7480f4e4b76674836e37f6e15f0b0ff30aa28517e20

SHA512
4846e09ea175d8527268fdff774f5a842f7c606b140a7224e40dc8aaab7dbcac203295ccd1e4c9bb1f9fd24d7b278d0f75ba87e5199bd638ce1905c3d522a42a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea2fb4926f8d43a0709e590681a8a626

SHA1
8fc6c940c93b7489974e643c354b7aebce3f26bf

SHA256
0dfeb25d479523bf1fbd6db9dfd5286ba3960d1e572298926eb42601239f83b2

SHA512
4528c7ad422a93f636c59c20eb56fa4d9ae5e9048baad78aad270d33ffd29e24d4aa91d77f69dce1d3fce9b8fe5bf1e3537422961c25a426dbd89b75d69df9f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c6ecf94dc4ae578e2c6b3188c62c8ce8

SHA1
652910cf2c2f05c878094f541bae6d07bea2b40b

SHA256
7aca1a6c8682f112e61075173c2f9bb3a792a9e04e380910d94f0e7b2c735525

SHA512
9851fbccaebaef22f649d2891511d3b9453ab0d3ec32072938378ce5b19d92889dfeab87501aad5772788ba406414eba8405ef99021cd5892e37274898a8db98

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b7bdaad631f15f9604333c886269ab9

SHA1
b980f8fc5f73038829878db6d8203748229beb22

SHA256
bea59156ac645c427ebfe579c68c80edae0b409a33bb12ee7d9e527fa0bd3522

SHA512
d9c4e5e5b585f022219f63f0cd89f01c06401fd65178428cbfc9085b26f40f4ecfceb458a5b697227d257a102b9df6309f4aeb72ba58471f59734ffd750c71a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ae298d5995c312bddb80b3d18b0fabe

SHA1
3ca97d4967bc32e343c5e0d7c89c97e1cf5f832f

SHA256
9d4dd4cde0dea1f879b41344c1d97d25aaacb269533d6c6cbf09d0a21f0a688f

SHA512
e9ab18b2d1d883b6d97eedeb7e7de687f689ff904ad8360187fb9fd8c31a325d75e34abd207c5ce0ac6519f7a7da8893bea10a7fb243d91357c839eda4f87d55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab37E3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar38A2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit