98f90735f7cb3b33bbae53ec739d321356bb32178f8555f4d32d5ce69783375e

Analysis

max time kernel
134s
max time network
143s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df4b8e8ce308f7affb55d1e92884ce1c_JaffaCakes118.html
Size

89KB
MD5

df4b8e8ce308f7affb55d1e92884ce1c
SHA1

8ecc6c67f0cd1b97a9d835df007c95456ec18d6e
SHA256

98f90735f7cb3b33bbae53ec739d321356bb32178f8555f4d32d5ce69783375e
SHA512

d34f9ddf018403b4d4859c36d620b6c726b74f667e671efb7af59fc0d69e526a71b55aa127dc87fcac3a4cbcb6224ad6b3398dc723a854307f5c6a8a767b6650
SSDEEP

1536:eM1IZDuHI0YW+MyFn2GDNdjw+AhYN8Zg6ydhr1L1VvK3mD+3kivZFpcwNNdY2GhO:eM1sDuHI0YW+MKllM1sDuHI0YW+MiPEH

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D7F75991-723D-11EF-8D6F-62CAC36041A9} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432441408"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
584	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2464	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2464	iexplore.exe
2464	iexplore.exe
584	IEXPLORE.EXE
584	IEXPLORE.EXE
584	IEXPLORE.EXE
584	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 584	2464	iexplore.exe	31
PID 2464 wrote to memory of 584	2464	iexplore.exe	31
PID 2464 wrote to memory of 584	2464	iexplore.exe	31
PID 2464 wrote to memory of 584	2464	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\df4b8e8ce308f7affb55d1e92884ce1c_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4B7B5950275D2D43769455B2A939558B

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4B7B5950275D2D43769455B2A939558B

Filesize
418B

MD5
6ec7c8bfadb613328ef5e425372df455

SHA1
f55a8ebf523d33b35ef4c4a7394d4440b61d8c4e

SHA256
cf267b0de587268dcea021530c7892ea1cbeafb3cf26c4457239ab51a63f8453

SHA512
de8971aff106e35b24d0e7ebe90704cb5060a0803c89e80aa1ea4fe33ab43940bb4a4789d4af570ee6a08b9d3912fdfa9619045bcbb6ecfaf02d7b2e15a48f2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e4110bbd30227243142107e96352467e

SHA1
430bb93ec55fbbd723ad341e19f3c56a5ae65949

SHA256
74c7c24844738cb321cb571aec5cca06a464a07652fdd7aafc63d3b56728ae07

SHA512
7379b69d69a776a9212201f5e6587c5dbe97b8e2ac6ca266d7a4a2f01f5327a87e039498d03695f4e4c70a8cfd7eff425ecbf7a365d8ab1d3f0da2e8d206bd7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
743bd345dd29ada38609219361034e7b

SHA1
ffc89f5b58e937482655c258f60ba42b417ddf26

SHA256
becab79209a6c39aaf5accf84f13bbd12f0e0d04c316bbddbed6496b5c4fb906

SHA512
bb6494ea884a32e63a0776f4abe034bdad77e4678fddacf738cf107d81388e8d42161e159d45029cacdce26ed03acebca3f95c0db45eb7f4e29098aa2d6d6bf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d05d9c7d20e91e041ea4c4773b151ab

SHA1
f0d91c211c9573ae7bfd009812f015ca8014f652

SHA256
0e200bc6d3e2e91f40fa66cd830dcff54256203e09da0b50c1c2733575773164

SHA512
fd5034bd0423e3e5bfcb1841ab389ffc5822d79dbee4b943a469f993fe760b96c82baf0a892534850679aae04d8739e13034d3095216cfafc57388895008b7b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0eae6a8f9381705f5aea9f6c7db8b752

SHA1
2f1a33c2f3867b63cbdab8f0cfcb72505e383946

SHA256
b1c72e664f79fc40b48fad054b33b73237968d0cd79a69544d9d1662b509c82e

SHA512
5dc4ec09802c3f18c804ba66bac1bd54c5c6d45d1f38795723ba503116ccb1941b7695010d41b9359cf05ce220e506297378a9613392f02306b7c492fb1c3e41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fbfd301a4056a97c28507202be19e69

SHA1
00d41ee5066f98f13bffe6db720b6d0a2974d11e

SHA256
3d782829c51a449c5d70624254eb14d64ad3e259d8181af90efb22b6f9518eab

SHA512
9f7ffcdf5e72d3abc5e2d9325cb8d7639caeebfbbf0aae13802da7bcbd5fc4ceb32414fbd267a355de962ac8dbac12a7dd44a19bc13d620cf918ffdb859f729b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2134a7b595d41301ce5c701081b1d27c

SHA1
62bd15a8c4eb1d3f80a557a05964eece5ff4677a

SHA256
32c616332923c9e4f9c262b038613214c1b81845750eba43f762f22b4c854675

SHA512
9d09f1ea55c97aadd24df1ec5d32d2006536eab66bd49c181a8f47422b464642ac69274cf1b656ed1a494f72776269bf63f10ce956792f37790d8a2771ebdb1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4bf7122578eb2ecb679a2bb6e2fbff87

SHA1
48462739dd91237c5eb4b822135f6c62b9cee5f5

SHA256
cbf35cb6c18de56ce0d62297c455a53f1ff2778bf59330c5074976b64a92c393

SHA512
b0411802fa931f7161945bd9357a6eb3ca8ae7c81b8596125c29dae5f81f0b6372865d35448009e390eead3e82314b826940eb39da22673ebd4328fe3e3e545c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b423e92b15309d18e661e8ba4d2b9c3

SHA1
65b71984078b2f00cf06bc5ab4dae0e8270e1cdf

SHA256
26d5946a4cf64d0a6ba69dd3b73ea1b6c8064acfe4b809ae616e1225afe2b9e3

SHA512
867525895e0f3e9d522e3d8165ba8d01e6a155edc786bf0d0791baad84ecf0ddce5db5a5b3b2111664963cb745b87342c90d5911a1da9eee4c6cbce38017753b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d11136c7d55ce8bf5946e06bd024cb92

SHA1
c6ad7af61eb48623a50a79ac8820560569b452d5

SHA256
15d88caa4f5969d0e6c6f6ffd2c6fcaa70df03e171ad8b9db5c2af389091f520

SHA512
667a84b04337c75bb41ee328efd8391377db03cf015a8f3157425ad5a62cf02ae9c5fae2f5e16f4e3848a153c5c7f33ffe997ec3adce128d903a7f60e52046e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
81376e21ade35cbc6a9f0fe46626a519

SHA1
4f7dd41cb3656dbc1ac9a47a56e34adbb0b03f49

SHA256
7c8c3c1f278c838fe8b8ddebd5d5f0e5cbbe599235cf5e2ab4bd928d8a659594

SHA512
a78ad27c32323a7fee007130a9dd40ef4dff79e81b7353d17b19769a10e96c985d68464291d8b23f93b32d0360fc7e7e105c9c4d3aea3caee0c1eef8c41db5c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f6d1a7de84bd80b74df25bc52fe87f4e

SHA1
4a73d35f2a00e4105e5f25dbe42ad574379fc801

SHA256
0428128c76b82e1a3461b0688e2ffa018354a88e750bc32dd2e688bc587823e2

SHA512
00e6301e96bdd7ec4a082087e893e7078dd2cbbf3559377d87f8355487ef65e3c14c333095f25d0b43a1f020412715f725151009a3675446f601fa27879f8d30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
05519c8efae192d8f336d4b27baa7461

SHA1
d4c88c589dcf77c1895c277849f6a03f3539dfb0

SHA256
ac2be327f1cd0e35af01715849209ae38672764a21c183bd406ea947ee908cad

SHA512
abcba15b7d7ac0d76e5fd039a35fbb06880f15241d0432f00cc1e157a9b5d9d670eebfcc6711131e8cae8ae6daccee3aabc73759e821f9866a2cc9d88f3a9399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d7fe03c4ea7fe8df5b35dddb135654a

SHA1
a7726c4b289dc6fc788966f9b7acecf6411a5b73

SHA256
53751ec39cc1626ba21e3c8bff60b941c108a6a009229189c7cebaaeb036c434

SHA512
7f93cdb55306e85777a388ee59b6ebdf4eb024c62f92ecaa7d3b747c0672389b5bf8c0e7437426490b71fbb0e2541bbbeefda782b2b7f6484d441e236d1fe451

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92a0f7570b21ba3a4d9d3bcfbfdc1dd7

SHA1
0fc4c8b5fc97cda555b995aacf2428e6c42a24d5

SHA256
5d56e5ccb4fa6a5bc4b65fc9d8cd0dc5c6fb77ba632f328f3be6a28c748f64b6

SHA512
b19246ac9e9bb59884a2f29e1ba99f8f835b40f706865a3d94ae40befb93fa0635eed24b050414ec7733124a5e7127456a4c17cecd7f5fa433a103e59a865d2d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8823d6428d5fb7d63fd094f52f75b736

SHA1
1c055c23b92a9738b1c1f0648866a3530aec88e5

SHA256
448636b0a7a75563fe09303de1f6c2831566f1e2457600b56aaea4e487e3bf97

SHA512
6d0d799c9b8feacf6dbea67631a17fd501bb3541a73aeedf6f653af833a90552012963f41d814d5c5f30649c76af284199dc4a4fd2db3e8b2fcc9406ee12d3ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9bce50f87e99034c75a73b46df0c431

SHA1
ec3b77e01f65d66fe87a95de9c7277dea85d758a

SHA256
c26e3a258372979c5ebf5e88bb2c681163c4b0dfb155695afbe0b656bb64858e

SHA512
27e64ee96bfb13769399add5e32830e8b5fb5096959d8a037e882cfd5de77c7fd28ac621bcae9875090bf93d27a134aff1ad31f747a044d60523f03d00dd9a3d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
49667f5abaf6a5fd83aeeb3e6e4da9e6

SHA1
68c1bd8006e0add759e30cbd39245a0ae4faeba9

SHA256
661069b69d6c11ba4abfa0ac84cd81333f9e956f760a580b3b1f48d7ec579cad

SHA512
d8c9b5f82cf0308360546cc5dccbdcec4136660bdff947375355352ed1481aaf670428c2fe118fab42601820e12b2064f9904d56fb38fe2e1223fce87802bf37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0bd3687e07a70aa0284a5826a2438500

SHA1
ce3edbed41b175f2519ef2e84b36b01911a16c76

SHA256
31ef9571af4b2c4ffcecf956ffcc399bbbc52bade44e80396abfc12041e87e73

SHA512
39c21dc1cc116f8734794896644c5f84bf07970c4ac944269c066bd217b56a8ba89f3ee00db038a2bb00131fe2df4c672e70eae83a83ed8225df314984a41dd1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91b8329d2087f23aee77b8c2b6980654

SHA1
87809a692d28f344949dc2749b16e73704ddad5d

SHA256
fa95d94dd46368c42ad682cad3800b271e462e15779a03abfd133bb32aa82bb6

SHA512
56f9d5f55ae857b4acd596419b6b40a1d1b127a104b2dc1ee99116c92815ea854f6e78def3031186142f43bcfc299f75fd9de49e44c06cbf1304822cfac5e1cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFFC4.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFFD7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit