35eb7b89f93ba75ad16ebdcf823d0592a5ae438a8f04fc3111893d132e1ac77f

Analysis

max time kernel
136s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 02:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df5d15607de9244e1e378ef6ff3f2217_JaffaCakes118.html
Size

213KB
MD5

df5d15607de9244e1e378ef6ff3f2217
SHA1

f49537dc96b36046ffb961725795fa5f6791cd20
SHA256

35eb7b89f93ba75ad16ebdcf823d0592a5ae438a8f04fc3111893d132e1ac77f
SHA512

0d08210de45290459fb370043610f241efb3b8294e6fb4b007b2aedaa88f9804eb618a2c79dbb0d4cacad3be3835c21756b76d7f7273eb2c65f1b842fce3a0ca
SSDEEP

3072:ShEg1v8UKw8OZyfkMY+BES09JXAnyrZalI+YQ:Sh3z8sMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FA309061-7244-11EF-8252-C28ADB222BBA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432444473"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2296	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2296	iexplore.exe
2296	iexplore.exe
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE
2572	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2296 wrote to memory of 2572	2296	iexplore.exe	30
PID 2296 wrote to memory of 2572	2296	iexplore.exe	30
PID 2296 wrote to memory of 2572	2296	iexplore.exe	30
PID 2296 wrote to memory of 2572	2296	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\df5d15607de9244e1e378ef6ff3f2217_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2296
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2296 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
99b256c22fdc59a2f09ac9104930b771

SHA1
80d96df4a91b0cce8bd43743b215944aef9e3e0f

SHA256
22e8e87836be54c2404f41f5143f963a7f96be4c6afe9450c6c27bcfdca2fc06

SHA512
6364821d4085d9b64ab6ade293b1a9f129bc9c8f1caba6c414409f6bfac7644ca69faec878b91e27f3f95762df36d1158c4c4039e7368fd52149053aaeb39442

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59cd2f6ef63ca7e0f42891ddab788d8d

SHA1
465bb573a3a70e8c8fc60ed54de58d05fa7f4460

SHA256
5e5767097c9c3cfab1f8f437705c20d1c23f310debefb161c429b0dd4a18851a

SHA512
d3948cd0554ca696a38f9e5fcb965b3cc1c698ccb8361655347b85e7a890a0c35c727a94cb2eb174d59170fce54d9de9160eed51fdf0d30db42ef154e2e443b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
13db7c44587a5a2c301f38d00b82ecd0

SHA1
28af0cf3ca3256fc0ce19d03b6089023ebabaffe

SHA256
0366e6899dfe78279e6807baac1b6f88c31c464d0971d1b08989a4c87115a14f

SHA512
bd95fed4fddc217aa03365a142c0a748c2b7180ee307232788d489de2a3b29297ec4d37024ef4f99c6dd619726bf730ccc21a11aef1a9508259acfcdc730da91

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca3cdc6cf7a086ca1c2074f49acc0ac6

SHA1
b2d5e952a90a163253c93f90d1f9d89383a7e708

SHA256
1c55ec065c4d55fcf12eabaf4880966cd58b25b5c5d07d2b10e0ed78e8c12d95

SHA512
6540400ac08c89e41b6be9f987080cf2cf9760ce0af0baad814b5c5650e647b75006787325c243c8b6fb28c1af7c895d148aafa1b72263e073f84ebe444e95fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8839219a046480861e7f330be2e7dbcc

SHA1
b24c958ba78865b24a95b5dc85f6c371e89fc4b9

SHA256
33752bc27a6ef6bbbd6138e22893479c9238bcc15423ba2c35d4f25cd2c259d7

SHA512
755d64a366cb7a7f538e64122b893d9f569eb96627ff77224a5a7e97908c36e76225f7a9baf9ff9f4398b61323406d0c9ea034a54ff82394220eabe117b5f7ad

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
267bf341e45a92fec2768e46e6c37ee4

SHA1
966e7da7afdc4ed932e6d1941b5f581be69ed4cb

SHA256
40007ec916b2607c54b8033f51a50aeb5177cf428fcb6997fc5481fee1b914c7

SHA512
d01208e9d532ba8eeb72650b04b99215647af406c37a67a01fd2188cbe31ff22f3d69a0b326ce104d3a5328c914a011df2002eb71efcb27851b8f5954df50ecb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
19860e7fb11d8414e660822bd8259003

SHA1
4fd94865ecd67a0edf7bce17013b927293352421

SHA256
31c6f6adb87b7f259803d2879146bc36f25317795dfab4ce54358702afe0b301

SHA512
d950bcd3ef5d0a5e0a3b6a6f8de7a03ad95fa0cd7250a78c7abfb9722c2a831653caae59e4b2cdc231fb3361489490c118b8aa0b625b5730f838177f88a90a4d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
acc272e3922af5fb03f054c8877fb5d9

SHA1
f49b6548f171bd6cf675800205b882536435e5c9

SHA256
4ac733b1bbb594565bae053b20888706e048bd58f8276efcc78c0ef38aa632b4

SHA512
4446f0d1f64228a3bb9b86f22a6d00e7d8076a2beb677517dd2ef0d673bb9a948f01896558b55f1a20dc65c94caaad5a158300c27a9f08236ca670073f0ff7de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
47275eb8ff641b24c5086502177f9178

SHA1
6c46e4db09fb8c928f139b202697e0e42ea94cd6

SHA256
a6ae076f832e7581972eb4a83f2480e40a14532ab2a1c2f5d9d76686f9146bc3

SHA512
8aa868c8890d2a4583921ed878bc88c5b0c55bc773631b871b459e47de147a36d902af68e0d1dd1083f962ac03f46e5c216c25d10c767bf1f3e4b8e5b502570f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa7b09706430451c4e9236f4faabcacf

SHA1
ec66b5a71b5bb9d54c383f5eb7ee80a424fceeeb

SHA256
e5cb2ad734c4d0212c237ae00b38359e57421b03671b8ef619b415edd0e235b9

SHA512
f36dbafb434c5e1a64dbca72e917f1041229ab68d422a5009a378e1c68df64f8dd599498ea8d4826c171619948d06e83e73b3f3412b3f796303f3904ad8e871b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
044c56ed90d649247486fcf1d51bcd96

SHA1
8bc90bce40bb65e84751aea7e46cf0e721550e93

SHA256
93835c64022543405e53ef64196509f970e18e66ac4a84a94e5d88c5b0cd5633

SHA512
705a93bba827fa5b2de50c1669f2ae221ad05ed79cdce2efbe2a9dbd841a2487d00033d0bf70f3bb8b4914a74a9a8048de9048dfb38e24a55c5cb8c8150342f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
432df9b43c0d880325f0e0b2eaea6fc0

SHA1
da34c36040930253423e430eb868e5ef8ab5a169

SHA256
1dd90eba7fc5f6474073f19fde56702ae544908414a05e481abdb3a5c1345204

SHA512
0c5ae1b4ddbab037f6a1f8688c805592c6a4c2e2643023c5727b6c5ee4a3a57077961da961429a273d08b1ce78958fa53f2848fadd3c4f7e19a96e3ec5adc6ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
997fc5fd36da3b6f91116376d9548dfc

SHA1
90cbfa88f4739cf28e2a3ea1b064b347a8db360b

SHA256
dbbeb559ce17ee7c728c0c449afb4641adbbf831f0a2f69e9c6bd9549ef799ac

SHA512
ddca374f4cc9283f0c9bc0ec8be60a6149965e4055566e866290827021a7a788a70680dd51c4dd51b2f334b8b90aa5d092908627afa1a0e560ecddb8b4a6bfa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04c8ef8f6a8b2301270f5155d8e4f5f9

SHA1
bce2a94915cc12839738e31f3de9a338549b5ca3

SHA256
324a676a2e1b1fcf8e8e941b9e12900821c29419cab57684c2792e10d3410926

SHA512
b337e8f81ff18811b8842e9f762de2319737e9ebf8a8a8f72b002ed7305e4501b11dafea9b356b4e63f8cb85a798bd8a120a26f5018b7d312563d40d9246002a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
741519578c75a58a18d29632339da169

SHA1
1b5b574a22b9ca4714074aad94c64eb3d0d79ee4

SHA256
9041d0219b60387bc14a8d0ef77f52a4395a56f2f4f84a1b6bea63e83206a8ab

SHA512
e6a4762f8c318c3d967244b1830973621f42e2c4b35f3422d9d4ecd81d9825d759d01981e2a75321a17cc9e7d93833a91c32fc4ab7a4e25a6126b2072cd8ef53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b74e129402c91472c12546bd69a9161f

SHA1
0ee93f193421bdda306e44625153f2dcc882d424

SHA256
04ddcd9fb8cda3f18fca3353970c443ad4861a2e20d45b9f5316009ea80d72aa

SHA512
db403c44274aa958b030f1cea45b1c4567fba8e0700d7b79c101a63d3d7db6b4bf86bfc693a89e2b67fc798501a6811d5306763d443a4f74540a71a4b99d22f0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
230bb81f32a397b7568c0c7c1e605336

SHA1
8a0e53ad5ad88a10daf7a53eae76a16ecec8dccb

SHA256
570e35a355b3fcd2f78b14a6638176adc6a2852a7d53f92b997561d412574404

SHA512
b8bdad86e505c64ffee3d6eeee914bb4d0993953d3d72d0a72a8729c7ef2f393cc8dd93bda83d12968b2c9526f1d1480e971d616ac2c3cf6d568d69873010fed

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca0b86acf74db8211dc770c8c80e6b52

SHA1
c3b58febf95664d50cae2761910163afb0301546

SHA256
d546dae26f0315f56e15659d67d33a7264c003f2a6e8f77432f6363cd0db0bea

SHA512
347c9425c7ae89b73cdd54ecadb1f40f80c7b7d65caaf6d8242d56123bebeeb3b07b5bb9820de275c1303dec9979951b31d92490ccb550f23477927dacc9f15c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ee2cb3e46382ecd42ac7021ca7411c6

SHA1
df55ea6b0751b09a9c2fcfb995240483a8a6f98e

SHA256
d0fc55300e0a007738d26e1aee682dca0de0175b83866b9c0ca3b36e3b6391db

SHA512
97bc0be0e60122dd83543f6a04be9fca2c693cd6e0b797c2908de9dc15804a1390794a48bf9e51e9494e8942f77d5c6e5a8046584c88a546b0bbf39f0f5c1087

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabBC5D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBCFE.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit