147c2a229bbdd0d3a13f3f0ce8e61cf85ef3b959ec5aca479222f57bffb848e8

Analysis

max time kernel
136s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-09-2024 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e07f3ff50c86df0834203b87ed851889_JaffaCakes118.html
Size

214KB
MD5

e07f3ff50c86df0834203b87ed851889
SHA1

658687bdc5d1102cbf32b7a5a992680437778f46
SHA256

147c2a229bbdd0d3a13f3f0ce8e61cf85ef3b959ec5aca479222f57bffb848e8
SHA512

be855f2d9c856825e2ef4b8aaf28719be8fd10322e664708a191c874139191437e9adfe9582063bb7289e1e0328cfd8f61ed5928fc9b2db012b97af2003a1638
SSDEEP

3072:Sobr8FC9JN0ByfkMY+BES09JXAnyrZalI+YQ:SozuEsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432490346"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C8A3EC21-72AF-11EF-BA23-C60424AAF5E1} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2352	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2352	iexplore.exe
2352	iexplore.exe
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2060	2352	iexplore.exe	30
PID 2352 wrote to memory of 2060	2352	iexplore.exe	30
PID 2352 wrote to memory of 2060	2352	iexplore.exe	30
PID 2352 wrote to memory of 2060	2352	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e07f3ff50c86df0834203b87ed851889_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2352 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
00ee4789577eb8b1dc248734635a5f6c

SHA1
3da051b5e83e129f8bdd87284ae2be4a7a93bc48

SHA256
510a6b47a6e02bbdbc18b3f494c6c9dcd12b6ffec8bf75f93dcaadfceac96b05

SHA512
3309890c25ece5c9978c77af13c6f644b71ab000e63e2ede3bf5c3b90b57bcb5409835f36986f76454eaeaf13ce0e05d96614e06efe47530c559d42cd4dbe44c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91ccb93da4185eaaa1f87b28afb3508b

SHA1
fb5f9b60284be1edcce545f5d5a46317a48ed0bd

SHA256
a7dc501b5714eb80243ff822f91bc1e8dba8a90cc05c7b016dac2a132e79f608

SHA512
5e53f632bcbf326e654d6c70fdcb05a9dae66f6faf0b56698f08b93ee3812df11578137ccbc52e0efca8d008daa43ad6f8bd0734dd7276df9a4d0e2a2ad2d793

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc6b34eaa9bb562d7a8eff67db8f7d1d

SHA1
6473db4c83c470cd8b087fbbcdcbdb5c0a086c16

SHA256
79e6b0e27d11596b1779cb96e5f19ad9735e4751af0b79abb05cbcc3de707ad4

SHA512
2cc9622b5e0e6490846988f1d42a3eb6316cd5777e64a740c785fb64b916640d284232ed75eb28549a500308ab7ae8f0aee66f59eda751431ad92e19772d59d3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b11083ea061f49a84fa900ac883e9bc

SHA1
41d9d9abf0b48166fb6fb95ba173fde8a176a2aa

SHA256
049b259bf0c0e9ea32d7fd6be542231d74136d7521671c5258b79bf76ca1e824

SHA512
6ae15c7a9c5eecd8e8137ca3d8f93b9cf22ba78080f156134ebbff6cb0b8d7165571c618f62a7055470f45a0edab7167c31647ad3951f48d15aff9a4697d115f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ba47d48a32fe661eaaa8de19c319497

SHA1
1fa974cb00284536c728007f9db437e377e833df

SHA256
768a9b05d93e91adc772fc2aee4dedfec0065119fdc62f841345df00b0dbb6c3

SHA512
66b54c5afbc7bd1613fe36c170d6ce3e0712d64c9823047c02fb2d7eb27c8b5af568267962eb683352a17889ef977d11e70da0bed4cc41cd76dceda372f6e0d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c9782f4ee193540295befb39505e3e1

SHA1
658e192669b52326b0e8df246e36e7d3790289af

SHA256
229260cffe4b529f5093d0c3b93f31c568ffd4a7c9127246cfd7b27cade1e8ee

SHA512
89b5770e3f7df0dfc50eff7d7fa5c95408e6243fd99999781f65bf5141f4ed1bd7d711b0dd9573d59b961f4d62f2f5ff8aaa1c8ed88de7934e20f41fe95ceaa7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39026b60596b9ce1697f3202ef10eca6

SHA1
99ab72fe59c7a149be2a5d45915bf66ae7c7a97b

SHA256
c73ef31aebe67ad25aea6ff979ee0df1a10a9660dde0203ebbe15c09e69b4f4d

SHA512
ab88cf598a1ca5be30a69ba64d92635afe8c183c32aa0d654f8535c9a6349b28cb4e09565fa7c684e647ab004c82f55d00b9c00d422ee9e7ae6f7943ada25aaa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20b24c906cf4375b14cb35f37ebca955

SHA1
22abd4bc672fed50f2c9399af16296684a2ec405

SHA256
20a746417233b7328fe9c81cf2c167c8b94b8bec98e6662691d7a0f9b3d4e31e

SHA512
ea76cbd6afd6c073378394a17df38ee44d90439992dea60fb931e81bfd80fbfef6539e8a48e062b3c1a45080c61eed03bbde50ef2dea7b858f215fca249e54eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2c01c65c6c8c3d5757312413e182ab43

SHA1
6245b901bcdeea2f76bd2b9662749cbdf4cc3427

SHA256
5f23387a5168cdd3de3cf5245fba650b2be83ab57d70e3c0ee8bf2cda0adae87

SHA512
269e7b34e337c53dca2d49a2e6467e0f7ef9ddab1127fe78865f15ea6f5bfcf98cae9002df58c032191fd1f3e7570d55574f60ecc31c95c5ad4d628370cbae1c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f8e7100c976130b0fff813fc31ffc69

SHA1
90ad7a834215c91f1a97b6b821a3c43b685e2110

SHA256
37bc8fed3dc5657c5ac810068b9a4202e53defaa251c959a1f3f33843f6a4b53

SHA512
2d9d68fa1dba05c703875e7965a8b7ba991d254f5b81a8fafc0e3b3de604e7cf698797cf474449d96daeb115d5af993a5f8a9b1e41ce4f9b32719c4db387f659

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd1b47de74dce22df6b67161a397b445

SHA1
b02ea38d57b950dd9649aaf6207ba3c1d678a675

SHA256
f20103980f1f5145f4444181b962953e9ccde25de96267c0e3624335022fc39c

SHA512
937a8908334bb6cbae5b845d920fc336cb0a7b2cabefc09e09c7209e8068efe2b54c7f2acbe70243c4245fe7a008889b2101acb684376e78745ec71126bd5471

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9e9fd9919c17813ecfd0e9b9944276dc

SHA1
ffb4d0be3284a2ae9589c78ab812fad2e2e60529

SHA256
9e21addd9a36943283ebadd7411ca604104c4f626cd915cc86ad40bd59677b04

SHA512
659943ab5e897996e19871bb2deac3cb1fd05eed2791b48abae727ec550ebe2181583399a996f9fbe7240974ba58a31817ecbbc97f3903bf613958b1556e88aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a282830fa547b3ee89486f39ea9ee88

SHA1
538c33b3b5bb769601a285dba619001fdf57438e

SHA256
875d474e5ead547b27f3d9b36a2b6ea9891a4e8939a3a6b69e18541e9871cdea

SHA512
4c653850bbf0a99d183e556811b69e1ed83d4db2ed3f952e922a076e41b09036d75c5b024c3458c250afb6a63895f9efc98e8b0fb586220428b966af4a719037

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
868d1d56015b5b73899f677251c6e697

SHA1
be769214148047e05e908ea233a552685dcbcb23

SHA256
4e6b3a09113a99a9b1e6edf16234d842129072baa9d3817be6ae112e39dc99fc

SHA512
24daa8f419e9011ca23d2c2e6d11ff342ff9838ac356070c530e65a41ce9026de600471a601ba60abf02fa152964499399c301cac2addd45520b7101396b9ad8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e53ade739d193bdc77ec18cce3990830

SHA1
ef6e196457eeaf6f345e9d09b6795bb271940e68

SHA256
2d7a199f8cecc4b78f6b56099992528ed7f6eb978959e0513226bb76454f318d

SHA512
1a67944052264e4413eb9ce64a0aa1dff62143b020f501797889999fae843f15a1590a46cdfc594af0d8c83c50e42d0b7a4a8c61c2fc509cebb9d9b46d55e32e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
96da6be2e6ba45de1837c56a566bb3be

SHA1
58ae507e3eae0a15889ad6640b781740d71274dd

SHA256
74451038c8e637f0cafb87941122bf25e46ea42454505ea2e9a6bc70addf114c

SHA512
00c3d5dfcce6e8d14efaf746934c25ff73fdee88271ffbea8944c74eedd076e8fe4f4f9ef6f372d1fd391ca2bbadd7a120349ed01006d9daf21094023899fb8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12ae857330e5a7443d079030a5e375ec

SHA1
90dad55994a4e6b1f3c30960bae86b5e0f16eb59

SHA256
7c9baf01d938b77b2fa175dd96da6b2206435e0c6dcdf7a79f2436097a7475ca

SHA512
c7c3819c59878a976b40753cb591454f10a40f5bc105e894b9d6336843c5f27273ae9eaf18c557f346bdc810c65e674e9fb3092de00982f4edf915aef82134da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7d9e5928ba619cd61c71195a341f67fb

SHA1
6b27c6af77a1ae4217b74b6323d73e05c56ebddc

SHA256
b62133a0afa9f762ea2c70311058e0a374a0f3e991d761710700f25af6b094a4

SHA512
af3c163d9e161ef5875cf65bbeafa858549f2c084b6e97fe1e5b4aa21e2da16c666ab09fc8fa67f5b808d631859a93bd1002a3ed81faf008b0f5d05754ce9cf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f5cf95375b7b5c5a53a8f07ed38942f5

SHA1
49ab6a946d715a3ae1335b32694015b3a36b6a7a

SHA256
8055ecdd844a1cb5d7c59eed5e7481056ac4ad41d92de17724d9350f1cbd3c16

SHA512
06420fceed594a51e070625786895f7d807e07662bbbf24ba95ec0719f3200c6de0cb171ec5898bfe477f0568a84520e39b9defe06bdd59962c60d97a3dc3b70

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA508.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA5A7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit