aec49e7b7ab8548a34ce92a4203f79caa619385ba862108cbdd885ed3b2af4d2

Analysis

max time kernel
136s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc9c7a927027551c17e5f543a422e287_JaffaCakes118.html
Size

15KB
MD5

dc9c7a927027551c17e5f543a422e287
SHA1

3ee383fddb2375255edbb81d65886097f098f56e
SHA256

aec49e7b7ab8548a34ce92a4203f79caa619385ba862108cbdd885ed3b2af4d2
SHA512

7661dceefe2387ddf3833fc109cbb56b0993fe9cf4eeff3033685007b7f9dbd18f789a1e6b3b16e136e17cd1de7c0090e270079c317169d013e0105ba4179d94
SSDEEP

192:SET0tq0fAGxuqfHNBOaqs9lCYLc3kfG5Oj6sOqcsPQFUOZbCrIUQlNkwXOvXi259:SJv46f77+7qcmuF0rrjxDH

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{17BD4501-7124-11EF-BDF2-7E918DD97D05} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432320397"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2616	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2616	iexplore.exe
2616	iexplore.exe
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2456	2616	iexplore.exe	31
PID 2616 wrote to memory of 2456	2616	iexplore.exe	31
PID 2616 wrote to memory of 2456	2616	iexplore.exe	31
PID 2616 wrote to memory of 2456	2616	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\dc9c7a927027551c17e5f543a422e287_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a340a2541072b039c20ef6abfdc0405e

SHA1
5305a922e4109bb198355632053b2c66d9b90f3d

SHA256
cc17a480816861a83b5ba0e9e3f4acafe6a8382b2daba2cb1bbf6c4c1af92dfc

SHA512
e0a8ffcaa1b86861bf84ddf0dc4ac139e8e49b0710fb00ab085f38f0649f65e4f498abc03fb6118bbd8eaf1ca35622db641cd16f140741e1ea399f4abb6de5b0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b295c3cc80c77f8219b622b0abb32ee7

SHA1
47e9b6444d6f52826c228ed9401bb6a8c6b0cde4

SHA256
762d0e7224b2cdecad07afa9144a02be3737c2fd782602361e9057249b95bb15

SHA512
8a72abcb0f084d22b4ca3be14068a326a2090f3f50a6a998bfee9bfb62a5c5995dfb9b8fb309b8efa7c0098e909173542bc61bf80badb6a4339493c505419ba8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
117a334169e21ad70c59d185b6005f58

SHA1
237a58682f43e9bb62cadeae57b155e929edddd9

SHA256
aeafaa211b66500bf1ee540ba8a9896382fae97fe6ac10a9807ec8c90d4c3e1b

SHA512
69e19ecfac054697537cb743be7446aab526edd012149ebdee6ef961bc977d9c9528b6904ae53b526c25d9c43c3adfd830a27bc17da4c2faefe3f21edc41131c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d64eb4252ec87af8d460332f773d5791

SHA1
27005382dd17c0e97da5d38bed503ee7114fba32

SHA256
0d1f207290737436eedf6319e5eebf3aa434538aff58562dd2a571cdcb49e1a8

SHA512
3941efb57670a5ae18ee6a0eba7a651011e5b761f26563b8144b432bb3dd22a1840d85facf7fb26a9d94d29be481ffaab6cbfbdeab7ec4e9a825528eae2b35e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e5dbeab799874bed9ad2c12bf3db91e7

SHA1
3c8bc6063e0b33373bb75420b833477fbaf4effb

SHA256
059feea36e23357de49b2474976224fc4ccb7184d405367ab3cdfa9c7002852c

SHA512
bd80890fcda9260a2ce7b65ba8b43035f19e93a0b1566221ea6a3e00386421a5f4d81900294157e7f468f1071a88383b8299fcc00d92d21757d89edb1a37bad2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8edd46a7622602f589268c338250799d

SHA1
79b9da8482e62bc5a988845793342ea7c626508c

SHA256
1120d9abd6b50a331958bcaea7e5c7514e8aed09515d66776a783f12adb2991e

SHA512
53778c69d78841cd8a8dae8af12c12aab43cb5cb630bae9096241ba34e781472410d4080345f0d81f9d3a75330098e2291a747d0da597039be421c26641008b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9ba0478383e13c35a36b76f943d3884

SHA1
af719cb91eb5c267378124416c7489b442ef22af

SHA256
cb9314d48c7652ace4e67d318d90e72c82557f9eedbd51838cf26cb8db5a527e

SHA512
d192569c4e8413a0cdb95900443457d442aba3303821f63950e2c0e0bfa54711957defa65954ba9f781004f0b36f9033ef13ef8b357fa70b8efbb46482922f3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
721593c728e08445e170f3dec44e1c9d

SHA1
6d0cb1e6e4bef118fcce8f7fb7de6ade0e6d9e6f

SHA256
30c10cfa0d3961ee14d14d7f46fd04b06c06a76d8700ef3eec6fddba4c1ae40f

SHA512
a40eb404f240862fca4cbee8d42127650b9ea27cd9d42e20aa37be8c3ce68c771c22e4f57e7cdd74cc3242072be84ab4cabc0c4ee33e7af617555d6ea6ae38fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
232c1df1e0d3a69d1d19e03d9b927a7a

SHA1
8d5cbb3707968123ed553ab8281362ddc27193be

SHA256
036b5b5a85d62b763fc927eb2e24ecc5ac69977f056a5181c36c33788137be15

SHA512
f81504252220b295cc9439fca01cc3234a77fdf6ed8e99737206482594734cb5bd0df0442a7726801f9c620f54baeeff14542a302aeb8452b5d6ee80a1150189

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
759c3c238d8bc4c16b22f925dc98bbff

SHA1
0ebb95406d3cb3ee15685998fa6dfe5a8338255f

SHA256
18061c3d346a6da8666da711330057e2f414c3e2813572799067ad35841d69ba

SHA512
fc01e2312e15a203a31f02c142a445b805d9c562a8143e2be857f56417f22ce006f922a2f33a4f432802288ca852d099bcc9cded9bd90ea876e6fa5d3d199650

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ec997a66dee3b0824b5b01457ca7528

SHA1
6061d7e16c0e6457dc6162716c2add0d4f22267c

SHA256
f3e9ebb44513d25d817670466f1a6a4d4741e123aa2d96da7418a0b8d9506ce2

SHA512
a1ba1169d3ad5a43b973da2402591cac6b58cf8bc6bf4d7da8c1cc0eadcbeaa7b2efe3f717577f0dd57506f83234195e1f629af60d5a71c6cf6ad1f370acd465

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d8f5ca5732ff9d5148c41cf78845945

SHA1
172fcc08f8cbb6e0236ab28f39f0e62601c719fa

SHA256
ef1a7ad4ac3078c5db4dc7dff1bfdfc34fee1c35e49b5fe1727003d910912d9b

SHA512
0b625341862e7d39ee1cb5c90a5a1e203d09a46eb72e0b6ef64b59f6254e743a737de1cbcae5bf1f66060a46ca058ac56ea173390d033fdc496b2ef862b4cdaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
45e86938bb9c87d8efc64f3b7119612e

SHA1
d995a16b9ed59a883ebc5847342852e6f42f5605

SHA256
f85188879e8815c2fb6c64a24c4daafd1c707e95f7b2384b019ab447137bbae9

SHA512
fe172498f73b9f8028b6fc72199c55b1b7c2c72fa503779775d0138e4a8e2ac643aa4413e2b10a4dfb959be9e0b7cce7d0feb21857645921c6f8d2bbff73a31b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ef2c37bfb2d70636324124775c32e0af

SHA1
8b410b9ae0cedbadd3281fc9794bcfd2baff5ffd

SHA256
4867df08353923bec2d2d53032b760967fce91c56a6f37a9c41093495dcfd63b

SHA512
18f6666ce50dcb4598ccabe40b30e808e8be947afe14cbf7eb0f0428617ab5992486cabbcf2a2ec8725f5ba032bfd43743237a67f0f4861b86438702305a1ddb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91f39b2cc1b24ce825649c0bbde0f647

SHA1
9ebbb24b48c93ed3d1682185786085c8ad025fd4

SHA256
620832b7dd7de0330f120096ff660ed47dfd0cc005b8a448bbf38ba7a34f7ac0

SHA512
f218cc28a96e31956838f012cbbbc6541b82e4eb060229212cb04d63760925b8efaa15a1a1f9f668fc3f43c58980dbd139b7ee310c621e8e0dc56c48b06341d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
83a67f680a0034ca71ea8d8079687e7e

SHA1
a22cc6d5b49060d087ccea6d23d14d8fba84286b

SHA256
7f18d05ff5707a1ee8c810c3964b4b9fed13d6687a72042aadee14a54884cd27

SHA512
be0716354c66bd8b83ea9dc952f7da18a7a8484a0a59c3ed808b5a28143ae229e03837509c493a4c7e79cf1d28ab5782c4f6d466d98ff4ce896df5205a8e63f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b389316bb4b71cbfd3a369bc33ed1c5c

SHA1
023dec10fac62657d4f63743238920194497dae1

SHA256
a885cf271fb80a53fdea6f0c806c2d2ea9adf96df0eda6b25defef04edb8b864

SHA512
0dc68a4ff495277f99c6d618172d4ecad9278ede937eec54438a1217ac7fc82dbf1252bcd5d7595b68fd060e4b0a5ace4a2c027da5cccf675240f3fc660e5d86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6858f2d2f846c18799e37ce7b77ce775

SHA1
a498402084b225f080426d9fe13610b725eb0ebf

SHA256
2420e9e1c8699b4c0530c963b9c1477de2894a37d44f24637a54183a989d9a1f

SHA512
be6ab9a45579b8cf6d0005c963c59a1d74d9768473060bc368a042769cb2f5a31f1799c67ac00e91f4d8e0f3ae4569d1393d1880e6b2bc8e5d9d4104e3c12d05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
003afddffcaed087bed67a3aff5f43b2

SHA1
f58b34152dac051be98efa01ddb53a88c5060a3a

SHA256
2809b8fbf1378e06a54321b87d0c66f95da2cb600103295d39401d4ca9cd3e6d

SHA512
d667eb424c7ba05b51da4d1d2447d5d7c34f35cf042c7a24c38dc98ecd296c77a7ede723be4342b3bb100f4899743a5e4ce63b3a3685f9ce58a542bc6d4d7667

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDB25.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDB85.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit