831b0e2b73f54b4981a5bdbae7fa721bd55dbae6a8379ab979bec5242f9dbd68

Analysis

max time kernel
137s
max time network
137s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d9a9920e25624c04ba86d1d049e77f96_JaffaCakes118.html
Size

220KB
MD5

d9a9920e25624c04ba86d1d049e77f96
SHA1

cddf553a5be5f22251e1be53c45a9db8eb0d7ab5
SHA256

831b0e2b73f54b4981a5bdbae7fa721bd55dbae6a8379ab979bec5242f9dbd68
SHA512

3836dd9f8e46ec8d127016efbfbbd14f4b315f4e95396acc6e51261373d7549f95dc3176b43ee5269122546dc920617f4e7b6917f9f68d9b80569251ca02451a
SSDEEP

3072:S5Rd2Oo5TxYYlyfkMY+BES09JXAnyrZalI+YQ:S5RMcLsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432192871"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2BB74441-6FFB-11EF-BCE0-DECC44E0FF92} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1560	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1560	iexplore.exe
1560	iexplore.exe
980	IEXPLORE.EXE
980	IEXPLORE.EXE
980	IEXPLORE.EXE
980	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1560 wrote to memory of 980	1560	iexplore.exe	30
PID 1560 wrote to memory of 980	1560	iexplore.exe	30
PID 1560 wrote to memory of 980	1560	iexplore.exe	30
PID 1560 wrote to memory of 980	1560	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d9a9920e25624c04ba86d1d049e77f96_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1560
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1560 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
577a8bcfe5da0fa7bf08e229a17d050a

SHA1
d9c26162d4175d07f966e21957c0d68b416dc0a4

SHA256
cb401685870fae698c233dfde55997925d57e544aa1b3509adeb7991647bd3a3

SHA512
c839fdcc398348a856732e8ba7abe7e13531fa42b6a90664402b881d29bbd0f998f0823452ba13b9da5e14974596ec45cfcd489a877654e1af1180a0a2778463

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eecf1ad5d4865431c26ac77425b2b5c3

SHA1
ff96e4cc9ad9d45a019f71bf6a20e59a7d2cd432

SHA256
372205ad926334ba5d3c377fd11962033b0d5b55e0e07e5bd6f307716eef2e34

SHA512
fa283fa3c911a3fe32d284be3981c0a282398989c0cec8530c020e8285c83ec817ee2fbadbc3eb7b05a062732a4cfef96f1d99e3fb3d3667a454b952a4638f25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f0459384cc14d861a4d2dcc6029f722

SHA1
708faa82a3b2a1c3c155578214300ea5488be3d8

SHA256
d69bee654c11ed680414aa5714777d07463334c31231f10e850c3a518605bc1f

SHA512
14b817cee5638fcb61f84eb2f8ebc3c15abc2ea0ee89f381ff031abca797a1a7dc44e6f8933b6e2dadd6775d46fb3e1ef35fd02eb4cbcee0001ff0a7796795cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d8d50429442461d198324e30f72ede1f

SHA1
b71e5b5af4f9ecaa0b92814d184a48de990f1291

SHA256
5ae44e5013e5d3e601e08b580ae9e63a9493a44888bd6c99356ee44dbe0be220

SHA512
4a274a79ece5f0ead187c81f140f4d695f421f855352f0e478f45b2aacd6d4a0c7bf30ca6d2f513f8466ba1ab67289f13e25cf4577fc15599bd01d3b35806b6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4e13f46b721c2c75e271db8eb5f5b7d

SHA1
783ff9cee9f325ffc19d9d7532eb4c743ab29393

SHA256
85800c9f9e8d6f5810d8ae0e4548d3fdc2fa2cbe0781d4a51196696d91c554a8

SHA512
37695ac8bd24b17252e57c67a708eeded87cc820fc8ccfaf328b4ee544db6313322ffed84a760cdbea3116ff169301c30be52f4029a197500b366c0a0ac911ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
017c7059b4d034cb1d2f005d29b9e61e

SHA1
16102a6f51959d981242f804efb68425fbe11077

SHA256
2e2cc8cfa25bfc7a1ee0699e06f1636ae025438c4cf06a839ffd9dfdcd88ee38

SHA512
81b065dfe2ad1fe62d97c4924138da8164b05a073b1dd992422df451c848291ce5f1451fff981f79f53afc732b969a64f404f7469f565524171be4ec5e909dcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
070cb57c56f3daed84f7da7dd100d7e9

SHA1
8c357f2d4ddd4da7286580f82231b8892107a614

SHA256
e0deefddc7117b7fe1f7fcd0be127eca14be9d906febc49bb75207e79290fe5c

SHA512
144fe32a0a96782b783eafb345779112d0b621539d720136de5fb0e2d15f7f86544254b6e0fe2fba60383612d102e57bcf1b8a6618eb94109b9a69ed9b3042da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20e19b54ddc3afb4e49e9dba2d619d04

SHA1
3e7712d86cc8a783216a917873cb02e67f2ca303

SHA256
cb895b93e759cf386ffc4271cb950d9766c45c3f484f73ed0368d623f59412c2

SHA512
53009f13b1612f94df73eabf97eec7400a8719cef3d0f6f46171ef79a8c5aa79fb220049e717a68a73eab6cf055c2ddf150c38f3ba5547f500138a3531b45a5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a033f25ad8c5a628826471684fc96ca

SHA1
5822ebde609c80b86a990a0195237dcf699cddf3

SHA256
068a389e41e3b4b3093e64384729d67216f38ce1b28f699c92e986121410b4cd

SHA512
d46f79b268ff24d74991bba3155d8631a37caf1c1bfc30a4b1b1f9c1330d1c3e2d7f3a35217a88b19020547ce7e51c3cd8fd7c359688a59ca04964055edbbde5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5d317e106e23e1ed94170e9cfa0a941

SHA1
fd29aa61facfa421fed18c7ce69f2625ae84f8ed

SHA256
13a942d6dcb001e9353763b0ef3a06e2ea63a80627fcc36f04dadeba732d653c

SHA512
ecb4ee5ed21cfb08ef4a9d9c6a92a7acdb2ee4f49ecd5a1f06490dcb37857c20e6703290b2f29ca588c362b9665123a9e85deb0c44aa013e715f0c28991c121d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99aaa8e9474c0f186f17438bf001c3f5

SHA1
10202c1c1b18dd5833b0b4e1a2fa8806870ace53

SHA256
d27f05e1e8b99b25f711ac740d16aad351908a8e12674562df9af6ee0f278d6f

SHA512
2dcea1c0fb2efede4ea00640fadc7478a0eac4d0e67a23a7c4a6d01c0b04fb1a0aa9c865317b42a48dfd8f8bc8e2e70e2d9d5c54035250504bb8a8cf9408553c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b17aeb80b0ea6cdad545690c8a20dc0

SHA1
db28d01ebad0c7c8d40917b5f52a1c58721cfd07

SHA256
b1aa7dbb86f1ba39799e79dc141db0cd31bd6a6eb6c51518da100ad09f32e16f

SHA512
8ca4221f44e80a63e0133b1e5ac841af52533dc9c3f11631b0f09e356e4bc6100951e98ae4fe5cd6be24e64ce5c9a149476de95ba0ccf25546ab8aaf7371fdea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24c9707b09343895ee37a2bfd4565c3a

SHA1
747fc619b4362e77ddac80778276974049ecfe7b

SHA256
136a876bbb277e2aefcfb80bf8bff4d9a500d2bf3f1aeee84cffe161209e015f

SHA512
ba527b67e0a37222c65fe2fa683d1f0da7171443bf5ee9868e2035da66610037a8c62e67dd48200bec33759ad7474b1f524dee40ec53212e6624811bf7a7048b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d43d0c8e24d22bd2ac5ed8385f4ae7c7

SHA1
0f9fa350a32eb053d53c972f16c3b0bf7067627c

SHA256
89366c9a6c99c0fa047cfd52695ada2944eb76a92ccab37a8c21fdc609f14204

SHA512
da1e8466be53df6205b3926ab07bf37fbb14b0de5bd3de27466865fdb08f46409e6d0984b55c136aab2ce46b65ec67532736f0e8da586ba1ab3be7dc8a0db0ff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4a42a86cd638685348a1283b98dc087

SHA1
f1270afa3a994fbe57d17f40a1df79138e1838b4

SHA256
79c96e396ae39c765a53d0dd043a76cfb8a1e6398ccc5aba5fae3f239aa2d31c

SHA512
95e276f48c3508e9d9b3d2c5e5a22f48ca1f231178e1b3343eb301b02ca0e412f107f813195edb9b9aef2e30c01ee4e19a394f0624ccc1c25211f71440833842

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae0c73bb1c9d67e4b89f7d0199947ed8

SHA1
f242887ad73acd4fc2962dfe2653a1e52c0d8559

SHA256
b321c63effa6a22c1513d6d421f20293c0382cec6fa291b00cbbdf4eb05f41ae

SHA512
1af9c47eb57889de8cd67aa251e1a23d4339ca8153ffe1644bebe0fa85bb6ffd0141e378a80394cd932be644774b62d4de49e4d35516945bbc57d26b327e52c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
638b835ef043a6d07a24ea15fba845d7

SHA1
5fb10fb436afc6167d6f701aff686f89ea5666b0

SHA256
d36f319ae23616cf8ead8f535912a928d6692b433def5648a12b4facf0485ce1

SHA512
39ecfb018c3a1cbb3b07d9b8624b04ec673cd62885c10bb00cb6c3783704136aa9c689b36b974f95d4714eaf1529c2d0f1304aa903186b84fe368314ebcd5182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4a08f189a43e9a7fc3337dbe5b5b821

SHA1
69da160aec14ceb201d5bb166a105197a3e332ea

SHA256
6825c835ce2f6a42478c48f26b0a9104a5beec109bd8879fa4ca092de41f4776

SHA512
fad73271148a8757d4118622bd05ab375e2679d59715e962eb3a1d755fd6474110782109053309a237622eec5340d9a86870f85abe3d61d34d05db0a2d71e998

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78c951afb36628fa4410263f13a39ede

SHA1
1ac8f038afe16e92e121aefc8bc9f222c16f21b5

SHA256
d999ded71e3a6fe69d37e4572dd745f92431ae257e6ebe869e9e04aeb3845d98

SHA512
52b2fc0de5b6e10f16a97390cc22509a8ba80f4f21eee4f1b5fc5e3cbc671b7ac35bc98b83e313f9e45d6f04c3f161faa61b0a7203fc166e3287fbd0e2945e42

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBC9D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBD3C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit