aac766333b3fb6851a295b3d478f09be61bf6236c9a149125a0b8bbc5efe7ce4

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e135e291a03ba03273bb61c543484c15_JaffaCakes118.html
Size

142KB
MD5

e135e291a03ba03273bb61c543484c15
SHA1

f7fb9191cf6879e1f3ac8583c483dee1bdf56ac0
SHA256

aac766333b3fb6851a295b3d478f09be61bf6236c9a149125a0b8bbc5efe7ce4
SHA512

e0fec29fd1224c1aa72af0bbbe11f94beb10afcf43a45559fdf2e0c735b4cc862dbcf8ff223def02063ca75ee94ea6b01dc7e7bf33574a1558d732fa59c06169
SSDEEP

1536:Sxc8x7MlS+x76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJA:SHMDx7dyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432516798"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5FEAD5C1-72ED-11EF-B9F2-E62D5E492327} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
768	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
768	iexplore.exe
768	iexplore.exe
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE
2420	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 2420	768	iexplore.exe	30
PID 768 wrote to memory of 2420	768	iexplore.exe	30
PID 768 wrote to memory of 2420	768	iexplore.exe	30
PID 768 wrote to memory of 2420	768	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e135e291a03ba03273bb61c543484c15_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:768
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:768 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb820f7229a97673a7fdafad06d710ae

SHA1
ae3b61b1edd63f582c92ec3eb4db913ded673540

SHA256
a6291bff2aedea0d98bd9cd5a7fb1a92bbc7cc9a5fc13a6a1db8edca6df3c9e2

SHA512
5571ad06bf7ef9765f3375615233930f5d7388e17545ebc6a1b1c841ae23dbf0bb1f5a8fc34d733e31b76227729eb552f50d225804b9f00559d82c8d94bed20c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e221dc50fe34d418184e2795bef9ab90

SHA1
616c44cc4b37b115a13e5320f9587aa477b8be78

SHA256
136bce2c03ace79cc54af06bd5ba907eea444c29140d5e029cccdfae534a5c44

SHA512
1b156f56802eeb959c234e47c53458db841e6b769c3f63b9cb71d119cb06815e6c3eed7c04814dc9547e0acd8dc55f70d272a3bd9b30c5eb6fb80d51ba58ed96

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ff5dcec3d52f28a657eb4c32e47b775

SHA1
9c61359b725d6949d0744559e7d949769193affa

SHA256
07ac86964206948eaf88478e55a798d91b108377c0fde679a5d06b15b867eebe

SHA512
dcf9fb9157e47dfe546408fc01eaa97b2648f5ff24a46898193472664b5e2d98ed8d664bb88c25eea1b2c33c18750ad9c8f66359bc4953efad564d969ec17b39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e8b3c79db0be46f08040e85faba845b9

SHA1
dcded5eeb566178881d7bc34d1b574cbfd5c1e76

SHA256
66a1a3281c8fd7d54e41c663b1249c2147d385f64234d9652df6b7fdb1cc4b2e

SHA512
0e72c9932591549ac014191d390ea83ff662cd19a5d07fc804ac81b781866f0a3e62740692cf67292a7a57ead5d2ff1f3b7e01e78cd38f654f738b5e7f2463ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96a92ae5085f12edd5abd94fce753b83

SHA1
aa792d53885960d39d38e000d1fe12d317b85bc5

SHA256
2794ce656db18018da68a227835370d588fd2062e65541b98c9f4bf0e560075a

SHA512
8129a43639b41866a01d6d3692732a10e1ce62cd0e257ff328b9721653d2b324b4c10d562eccd1f10f818e4c2d0285b9e7cc9e1ab390c23f471099f455799297

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
421fa22685a925c6bc1d4a6ffe5e71e3

SHA1
a85a531b1de925b68d1decfd07e74a6180c90e6d

SHA256
48ee89f313365ca3beef766e46616517c0fbe20f3891812053fd884b83a4a0b9

SHA512
bcf2f1a7f81ed3f43ed1326fa1f1ffe6ef63747a9c9a7709e81288aa59f8672e856bbb000c90e4a4fef3a08f4fbe263228dba18aef1234eef86077e4540d1f55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d9ab0c26e7e2ea69f9ddf78347a5091

SHA1
12e5a933cf75107e55df5891c6414b61a16f0a60

SHA256
03c7adb53dfc84b13434344f7bbcacfe1079a66670c7803ae84ce8f70445ef9d

SHA512
14968014d8241f0b06948f29323f7208378c32a7be339cc049105ef00c7da56ed8f9906a970876de63b1a06b3f2632949990b42b661fad2bb4b745c4692c6e62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40a2ce7c8ff6a53bd5d303bab4f039b0

SHA1
01bee7b4749a9a75abc08277cb10a694400aa72c

SHA256
1475e9db70b940c345ccfbc3942452b4ec0ca2e445008bad2ef78ff73d8f5251

SHA512
512a491fa528dc5e1048ac00a396c53d01fcab874c37c827f2cd1ab237c01875a252dacbeb91af5b5642eddc9553de600c74b58c1e35c438cbe1a75a3f691610

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3881f372e63c42eefdb142e38c62361

SHA1
5e37a35e187329fecd84c0723a6b321ad23ebd2a

SHA256
58d8651419f3f778b3631c07b7d6bf694b3dd647a3a2d8356b41abe50f8a1740

SHA512
fd09bac9901af61fcf475e29c87f9c0d0686ba8ba92754dd29b2b5f543dcf7a4aa2b787f1c7b07f836aac4994578d346fc685cc5538b14ab18b543ffab898092

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91f14d6d206d4259a61d3bdd9c0f5603

SHA1
eb610d0a38c7f3de69e1b1b8cdcb1b87f902e9cb

SHA256
56cc0c6693705f52c718540e0f1c07b00a9de973a32f913f7cfdf6cc13dee4c9

SHA512
d659bc8fdb61bfae6be6f2322b980cc865c6e539bd2d77071f62f18858662e2dbc9c444f25ccc9e230cc295a512c4eb5cd1f036227eba7bffbe737ea7ed29420

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04435f875ec3861e415f0199dacaf7cc

SHA1
5df0e9263066e0302a65d0f86809c78940c51179

SHA256
32c78722abf894f79a2ad47dafa3f95845fece113f5fbb9b09a5234dd0767516

SHA512
9d5451d7f991230e11f9c7f0976fa761f8cf1386e738ac8a1c7f233203b64be78496e52d70bbdce4d7aaf746047ce4eb425a08ae38dfa0f1e597874bb1c92c1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9676e73a6fccfb3145fc2e3b32f16037

SHA1
66e1e1df5a17e77932180a762359788b7881b580

SHA256
25ae4b56d2d4899079f7c4ac388c27834fc37e3e3309664726bc01c87fe1c2f4

SHA512
db043f3db857b91678f823eeb6f36a6e20cc4b96f867df7cae6bda855f1543a81a1e5bb7dbdbf98b01f2ffb51f2d2a6d97e12060d3ffda37f4c418346705e368

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f34b51905f06713e2b35afa60672b9bb

SHA1
9d9373f87004e1014c93a25373b2097d715f68bb

SHA256
cd51bca3165d11b8e4b4793817a811cebba1d0ce2d8cb4cc4437e9c605aa1493

SHA512
783cc5128d1591f22f929bcddf23ae7ffb24c90426160e477a06d26b9382e627abcb53aedb521e5a132c374dfcd8fb41326d541235c672f99a3aeeed07464ca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
58013f730a49ce1e321a4438082087f8

SHA1
0cd221d4a5b7c1b953baed66463cf5582f7f3908

SHA256
ab774cddb92d1c8ca8a7c0a82ce78a09e51e0c9deecee090d209a3aeb174e270

SHA512
89c6a6ab8d703c8c8fc81bb0e617c016037b91fceff5c745570d5915685ceaa995df66720fa697099549325309f6d9f156141344d41ec1ea7ea2ad40b87deb55

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99acfef3c499c8a03c7e47737b918355

SHA1
98a5b22bb6eef43d96f7746ca656243c753af7cc

SHA256
41863d7fbd823d98bc6acab9ae5905725f45d65864578802a5e84c62d0ac394d

SHA512
18968a1b7e0a74722c6ff0f5cf73ff03351443eb00515c48029d84176591f02ba8d93f6088d3c94cbf7a8b7e146d89a34129376e70e9cdb09f7a3547b9371747

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91a8cf282744d32b4c46657d5f7b2520

SHA1
aae316bd363040b35e2c669a8fdb53b9e79e500f

SHA256
ec9ceed632bad398e25b4e20482155efa77abd23af5146e27a421b9194a29ae7

SHA512
6a6ac91c5df19b04bea8890c1a9a81935d39dc08e6cae61e66bb4709b834cac2bd2fa6abfa9544ea29344a741198c238258f7a552959e5f4060fd1c7a3c2071f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4b2b3d2635e37e1093cedc71e1fc7868

SHA1
642e35336a71d3ccb368d18261bdf6ad951ea558

SHA256
56d38e046a2e4f6ac80ca912de5e364b90609fab499a7ba4d1018c5ebf8feb85

SHA512
81633cfc7210c5e8ab3c9ad6cc8e61c70ab444e6af12de9ed528ba578c8887dc7822f8400a8234cfe32429801c85c66a839aa3c4fa4b5867be414953e76523bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
527407011528c626c9212a1ad04e1ff0

SHA1
c13fc68387ba2bf0ed4eaf0dd3b5e2233f0d0e87

SHA256
bb332687c1da757ab42f14a07ed154c023ef2cd341dde11a56c7869b804c7e12

SHA512
6bc7c5a723766471a2b687efbb33fd88fc1d7686890243237ebd598ecc0641c29ffb09621fbab6a89ff9adb1268b5dfae8a5af594dae9d37552fa7f56ec51e3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0021e7ba7e6c86c9ec0302bd7ab21474

SHA1
3d9586672b469ff546b045bd4e80e2078fb550b0

SHA256
3f0452b28bd7307fbeb55b0310f70449547389ffaabcb34d277463230991e056

SHA512
44bad2bf23d47816722bad8a4d95bfb0e6215bd3b58feac5c7d626683f66973aacf14fc12744194fb202876179c2f1122c5b2d5c5c6f01b8effcd10a96f9ca09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9205.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9265.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit