3ca6b210981b55bf9e25a9dd1217aa51f6d3705f021d8aeba7d2adba95508e59

Analysis

max time kernel
68s
max time network
132s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-09-2024 14:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

de64198091642141a87246a5fc562a94_JaffaCakes118.html
Size

108KB
MD5

de64198091642141a87246a5fc562a94
SHA1

c3b6ed128dc7d4bd532f636445c7e4cf110f18b1
SHA256

3ca6b210981b55bf9e25a9dd1217aa51f6d3705f021d8aeba7d2adba95508e59
SHA512

f85923c89a7483fa62a98fa8eea62e4a9652a4216d8406b5a0b1f81251cd2a36499a81229f7d74cd1bdffd2a3dcc7f4a3b9efbbfa72c751b8a3498b788b731d2
SSDEEP

3072:3+AWDA/nfnf2Z/5yg+t8aNS/DAzl19jOCgThDewOpR:3+AWDA/294g+t8aNwDjs

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C56DCD11-71DC-11EF-9B59-D60C98DC526F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432399717"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1140	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1140	iexplore.exe
1140	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1140 wrote to memory of 2172	1140	iexplore.exe	29
PID 1140 wrote to memory of 2172	1140	iexplore.exe	29
PID 1140 wrote to memory of 2172	1140	iexplore.exe	29
PID 1140 wrote to memory of 2172	1140	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\de64198091642141a87246a5fc562a94_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1140
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1140 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
3e0a2dfa849af2c90f67e5b5ab170734

SHA1
62438e307be086a7ac6e3a7a29e9cde5b2bc8241

SHA256
634e561d6abd99763c9aba54eadadcd28106462fd0357d814caffeffb97029f8

SHA512
46c062406616d081f29a5f5970fb08ad887b8c2a08152348d80502a94af761e96c93db91629d836fe0b966e56e6b05d4d41642c1625caa6c8fc5cc82360c6989

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
3614babcdeb9656db6d84a17afb62d9c

SHA1
ecaf213455c13604cc0df52c91b075ba0c015012

SHA256
9e1db60c9406fed7a752ee5324db1119b8b111aa06beb1caba3961cf3b5aa825

SHA512
ca63932087ee3f9bb0c06a3a0d3322908600f3b6d0ece187a49e4bfb1103b375cd22df67dc8a2c2585eee05d752b532aa82c975c374c2e882ae0c9696414edbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c58c736152ae87e93a983b38f7b2618f

SHA1
68210f01387c25bae47518e7b723e2a889a333d4

SHA256
e271edf37232ac59014b31743f40671a6ef2f80b7b1964e11207a29fd92d402c

SHA512
c755bee7cb3e122328dd91bc12b31af22ed90ae9fad98fcc526c7c63b84c8349aff6a50c493747f48a116a2cfbbaa0b474a0af0da82fe9891a0a5cce5f672729

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
70534820400c96eadd11027f11e154dc

SHA1
6036eac4b9a0c37b1149257e618a90c52b045614

SHA256
418a507fd5906cc0881805a7041df282eae64bf7f5c714eab137bd370b8ef13a

SHA512
e5454e17232ff7615a9fbac4b684c0f756263b4c71e3863d29b97f1440470914693f2eaa0e575cc35a6e5543f9ecdfd727e8c2668a94072bb70fbd9d41c8dd8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2346acbd18d9a32403b315d8bd18b01c

SHA1
86ac620a4c523b467eac41206b0ae7dca01f1ec3

SHA256
492dd02899787c849e564a8322e2f36a1f161d3d242544ea764701d61358c40d

SHA512
320ac5aa09b6211d0f32242b7da88a7d08c91bd325eedf68adba061544f7ae341ba31e14eb27d277a3e6ba0fb74174a61d20828e4aa2308da3e881f679836c90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
114bbe91c25f6e271cd7ac4580bf453f

SHA1
d5eeb4d5aad8c88e2a4fa00ab9f8c6bc3eae3fd3

SHA256
edba59cc47ba89f1aa0d1dcd7d8433423c9098d4c52a5ec3e8a8882185b41357

SHA512
962cd5af5aac7334e0bc468cbb854844946e5784d500e936ed882caabd1f7a70b3d0b9c9b43bd6de13c5f2c64f472dcf1763d72377d94140eb550d120f48f5d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cb5a8ff0476c99d97c5ab20661b8383d

SHA1
aec26d4b205833ce3de7194795df94a122de5023

SHA256
9df241596475a668d4a5da3d668425f5e433c917f7dd250f6a321c9508c3612a

SHA512
cd74ce7cc777d20929fec2d9153e4ac03e7d371c82f7795ea3174de248d8ffd54114c3b748661315a5251b99f64de54429b1e1b964fdf780bea1e89e64c68901

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5029d7b215937e435372871b164b5229

SHA1
20969173f63fea9c08627ac8b67791aaf17c3f0f

SHA256
3d8b39d18690fc1c5f7c73bfb9d33b11315377534f16f74b1a5e25824f1d20b7

SHA512
3782b55f3a416856e6e02d4c3a9e9e429c3599f769b9b12e21788539b204b4c0f0c69b0d20aebc2c3cec6f246b907b37fcba7029758f934e47e23a7fe0e9de97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5ab77aa7f20e94c56515a8252a6655c3

SHA1
fdfeb94705e8081abbf0d55268900a29e5e3cd1c

SHA256
73b58b723d9c744ef938ab0aa0efdab0fb60618d9217cc21e99d1e5dc8e3f0d0

SHA512
9f121b9ee76c8dc4ade7402891527ba14e28b2dc35dfdbefefa014bc01a7c3100143077e58efd3dcb61da765a51f2ad5edb7d926da4ab0cf771e311ed9444340

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7970dd714dfbfab356dfca4c2f4340c4

SHA1
6025a2e8290383cbbbd6777914ee31349b478be5

SHA256
0131610ffdad160ddff514b68b3611210585aa48d250d837d20e99571813e32a

SHA512
df704abf2b25ab8e5332320a8e8e631b1b61c5e1ceae9adc1abc5edd6e3c1d6f385d9fb05d4de2f38a527fb93bb1e533e7a2225d6c7e50e2aeac1593f87fed1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6fe9f2a089d538f2dfa3b9017b4da34b

SHA1
54d68fede4e61476b70c5cfd742ea7c0dca79ad7

SHA256
1bea98f268d6410c4b5272503de2135bcc9869ed2a10743b2016cb48d005d46e

SHA512
438543825c96373ef5bb1512620885be68c5e81d3a6ce8b4626dfbd5897462bf61753509add164a03acf382e6c6337f92a60c55afe8937cc41590a952f690f32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d6ffc591ccf00cddb66cadf21e26782b

SHA1
9cc640f03288c84158cd3bfa572dd790489072a2

SHA256
4869e9951a019df90edec8904008c2e7c7194e65e16a209cab8a63eea02fde70

SHA512
b06e9de0a0ce2875071add8c0a784f424df8bcbbde0bd4e44cfbbdc13a882f0dd565de1986d2b6c0f9993dc3e1c53f2f77cef63d717c17576bc243fab2887aba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb18dacea3682860464e23d184a9bca0

SHA1
37acf45aaba356c26eedfac213aab011c3ae62e5

SHA256
2c8f8425851b2df8343f4ee5f8bb29848f31814f4c0a0d3df15636dfdb10e815

SHA512
38e61924bcec4aa2d8ec5952fb1e7126a2f273a76b424aa6d81cc3f5a2b78b6f63ef1334ae141e1ee3d0269f18459a17ce7c4f3bd077be520a901763e6c2f884

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
95f8c03093269b84cf2bc4c3cc5d56b4

SHA1
d005d6b0f2a93d1eb3e3346562a7f4adbc5f7939

SHA256
346450682d0965d3b36075db44a258265b7211bc66255fc074b42ccd29be8afc

SHA512
7daa95805599a14aaa505118a6ed70bc8a2968fd5e4fc15a9882ef680736d6dac2e8c9aa99da06c0677a6bb9cf071236b2f96496383e364433ae158bd20a5159

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
330331739b7a6d16764eb11f3bccd73c

SHA1
c439d4e4399030aac73c7f1751987042ca478099

SHA256
6c67a15e422e2bd855361f4b62299eada83cea4dfa8d1660c184530324b5fa43

SHA512
a9a8ed7c0f7ecefe2c9b3a5d580bc7c7080024101afd9a1f5b356aee3e1d335c4d157e06d29aef8c7925c1f8fac364b91e868d83bd2b18dceb9f433b72a54ec4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1bc1a243cb00360f5bf110f4665200f9

SHA1
bf5ca0591f5f5e35bcd8a858d1c3955bfb57365d

SHA256
9d7b986f644a236d620936d444b40e6dd5a48d98bc05dbb9587da65eaab077d0

SHA512
143a1d6d299ead547ebf43aafba93dea0765e2248d09573793d21bf0799acee8c09cfdd11bcafec848f90fcf8ce88e57b5bfbea90133b61322247b8b155c651e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e083a92021e0514daad368100fe19b4

SHA1
b5268e2a1303a81f1ac566c61271dbf591eade81

SHA256
7285f011dc728071713c99829b04c42851230b70c28e8ef0ead8c601aec3210c

SHA512
cea1806072ef6612b9654e9af94f9b6db98af275ea1fba7cd82d9119a5931f66fcd777cec64f2585454d9effdf2fccadcfc7aa0f88d8f3b4295be4e883a0de4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a3dc450fb64ca1f6af1cdcab7574a38

SHA1
79d864d0783dbb02fb395ce6feb88875e5098fae

SHA256
6df2e17f02464fca1efcfa80bfb340ed86f39b4cb309245eab8a0e4519ee4dbc

SHA512
ded46997dba1ab1b942c09e155d0f4038a9a840c4cc1520346d239d82f47d1e4d88c4de250fdcceab2623499fee7b44761bb989324caea111af7796a83541a84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af04a5b3f3e056e99932408b4e350a89

SHA1
a004e36329b85dbb4fcd6acefb4a62e52ac506ee

SHA256
0bf26adda96e982599d8bf51c0c4d79c0209f4de2cdb3c424e99494f55670ec7

SHA512
940e1a9152dc4cd7b7819e03b1b9d6dfd495ee1a44739c96f1e51a7a47415734a0d9a1d013ae4d4ee1d8e25a8b5831a85465e3f40d16a4bdfca68b1445c64239

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f516989e9fb9a6fd289bdc484ac6d800

SHA1
ab8536fcd615870f79030d99ea09a5435db47866

SHA256
ca4abef634b4b8517ea98e7a7681b628001da25a93f834eebff442470d3822fd

SHA512
118e14a127e20c98ffd70270bdc816b7b9a04fcd2217d080eddb88e83270075e0cc23730cef3be7eec002e3cabf0e8a2c7019c261e06483cb77754603bda9176

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ca400340af92f05e5ee7d71927ec202

SHA1
6a429f8491ef96d67ba23da31d8ea9a1898a07b1

SHA256
a875ca69715ba53625c228a1fd84e053c482295640b80254e326ba8d19c1a301

SHA512
2a4892b61606f01783652323d7601b3d56cbb45f95fd714917f82148a613c20c3d9b64b680e3cc0a279f1709339cce38af9e11b65d02c279b62f49d87bbaec8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabAB40.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarAB52.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit