5e6ccb520c6b4d55e2fb5e33562591cedb4506085368597c8e40c2a09bd23b6c

Analysis

max time kernel
136s
max time network
142s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e0932b369e4434e7209e097998580f3d_JaffaCakes118.html
Size

220KB
MD5

e0932b369e4434e7209e097998580f3d
SHA1

9bb3a8712405974566281e39aa8463aa29ac4304
SHA256

5e6ccb520c6b4d55e2fb5e33562591cedb4506085368597c8e40c2a09bd23b6c
SHA512

f9f41aaddeeeb595df15c15407defeb429e851a5fa3e1093a9be41a9440ffab5d35a970b4076772ce658aef615e73814b554c24cde6cb8fe054a6f87970c494e
SSDEEP

3072:SF7gqjUlb5wd1wyfkMY+BES09JXAnyrZalI+YQ:SFEGHsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432493199"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6DC9E911-72B6-11EF-91D0-C60424AAF5E1} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2136	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2136	iexplore.exe
2136	iexplore.exe
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE
1652	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 1652	2136	iexplore.exe	28
PID 2136 wrote to memory of 1652	2136	iexplore.exe	28
PID 2136 wrote to memory of 1652	2136	iexplore.exe	28
PID 2136 wrote to memory of 1652	2136	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\e0932b369e4434e7209e097998580f3d_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d17c809c554a9cd4996276fec25b0c55

SHA1
0837195cd618107b382978f1da7d027a53849c7e

SHA256
e60616227b4c1be7f1f0ee7bf689620e760d8ceb6df2d30d52275828965f5f1c

SHA512
245acbbce5e60089ba490a2d2056c891c1076847bbab9406558412149f578fa6b9bdfac20b5424e840f4f7218798d4add064ed9bf9f0220db9e10ee02bb39443

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cbbe41312cf624e1e48d71e92633e6a

SHA1
71d331d229590e90000090b24f219c8cfb37d20a

SHA256
230f310b49158cde701e78e114485a65fd842a8632a1542405392daf5a284415

SHA512
213903e99bf5c182de723ba5197ad4e36790ca38d5811c1615cc9372a0b2ade50758d4445b70c929e7bb0770b235b9570fbdf43d3d24fb94449b33526e10c83a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d9947863af432bbddd6999196b9c72e

SHA1
9510472ba3ff864183af4910257c426b2e3c4a2d

SHA256
94a977e308c5c3212f83d961dce433832be90cbffd97d7948b49e22d3dd7114c

SHA512
ca6e63d723ddacb29761f938c099c33914afbac603973edc11e26d86386ae6b60c12803fbe6dfc9293e19bb1786f7e1a1902d23a2eaa628800f590e47f4ed984

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93ba63b4a91d6f739ea8360882aca6a5

SHA1
2685358d23d62dd0d6b95604761335dbb1cc9548

SHA256
4e0bd3f29e39a6dcdefac5407dfd13c37b4598aabae86dca8f217af17ad376c3

SHA512
6b979ad1cadd19b7cb6086b3068a60efb43e4e92fd5e64a40cc5951a0ac0651bb1100d2141bea15eefcc6a840f1fdfc26d86fd4a528377ea17e4cf63779d6c16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2db63a15ee0949345470593cb16f36ee

SHA1
e41bc4457e121783b52cf12b74c1d4c6e73f74a8

SHA256
822ebee03cc8d9ed1889295800024b31d32ea7fc2cafb96f595a7973763b62b8

SHA512
5387ab0b6d05afcbfaf96f4f35fb47790a18dabc96d38e845470817e43b0b5756c44d7ced191cb5647e82d179291587a1b6cd6997cf4009d0e25975fc47b7fa4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93b04128d6f2ca965c799fd4a6267156

SHA1
6055bc49264c7a65dd372e8838a33918f0054ab3

SHA256
9ee1970aa045213d12df9effefd334741b54c8c160b3e2fbfe063e99f061ce77

SHA512
746a66ecbfa19e812403a40db8f22a1ad2bf081c0fe5eb1d6b8dc078324b1c0992eddddbc0781d1da8081e58f368aaff9eca91d2085e36d0338bd0f6bfe4ad74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8d7983fc2b4b918900ae10b00a7de9a

SHA1
941bc070a86d84c463993497a51383940aa2c6af

SHA256
a5d067710ea4c9bda6e522a466d9aef1458e62f858f9a70410053afbeecd8f56

SHA512
5b40a8692b99fc51b48adb5376e0fc058ea2c5b120ab5f5289c46e74a37b106b39e7621d83a5a720406c413a87a2ac442eb8ae0cf5e953717d50625e0f97f3df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e97876253adfad66a3e740e2d89d1736

SHA1
8d7bc59a169817f64ca24696fb192a25a3ec4738

SHA256
535e036540a85e86ad7875db26b0703089a332831ec764f8d44ec42a92a27593

SHA512
5152991a6c68f030f66bd27052cfc1589f98a30d3b07648592bd20c63f57aa57b5cd2314422e6f62344422be01a40e991e6f38b6389afcc86fc71cf1ec7f7cf8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
420554c47881b035be662f2bc668110c

SHA1
b483204d0f54dd551f9becec4157c2f72e8fef1e

SHA256
7d529d268ed1e7d5433bcb77961858070ff5a89ffdb1a5f8e29c4e3b854eefa6

SHA512
77a92a24f6b76dd02a61abc76f466d36ef9c8468fd4787d467538c06ee3fba8739d01c90438566de0aa587c76ca812784ff01511fa2a1992e7447880d6f11a5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec237e1a32344e14a0f5ef02eb61dc00

SHA1
2663884ce9dfc0c5253d3c874b1477a4421b9e87

SHA256
75a757834f0e87db8de067f4b4a0d0e45e99a6307fb1ff74ce8fc817b6405a4f

SHA512
4df57418651c8735f884a368b368598e2ac44e44dc61a86965b1bc82b204f188b724a17b2c9a7b952db9425b16d9bb3ed952e0c46d301d5d756ecc847755e3de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
693f33524e84c83ed85afdc7269ab7c4

SHA1
fa1156a060c6ef0cdb912ff85451135f804c7f06

SHA256
57617a55440efde7bc85184263c45a6644cd2c868a26847d9f3cbf2390e00f90

SHA512
bcc1a153786b4aa18f68e2c13e762b69efbf7108a67684ed96a2e8dc1ed122826ebd068ba59654ca7efd44a930e2ccc1c1cd0d63879a04c89403469fa36a6c81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d262877ab13f496086e2ac154d2ee1d1

SHA1
141be08d0b6ab80e0b97a0572e508e09136ee69e

SHA256
0be0dc0f38133b4cb1f7b9348f134c760630a129cb240faf989bf5a55c5ad069

SHA512
67c761f23aec96fadf151218cc9a06e54ef6d6e4650288f1feced30c5ea8fac77034b5b9540a2df1b659a538e27660f3f32adfa41f9c437007869f5be2b6cc50

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4375cfa7ed67cf6cb4ce42591f6f4164

SHA1
cbbc725f2b09bf300b49caa05a3304dd0da83206

SHA256
b09a12083082dc95ed0df1c4fa58fa526c33207d80debf5e3cf04be075b92d36

SHA512
71f53439daf74d67bba492f061c34a73e57f6300470d03d8ed1642e26a84c5d738a81f9b659b67ad6cbc59c27cdb00f188474c9b40ae7cae2e05583a69d4be9f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ece04fe675ba5ff4e559c138194309e

SHA1
20146b27136979e5d989d4612e5417d68f8da095

SHA256
8e79c87ee96686d96fc40bf957ab3bc6365721e7308ef8a3053c977117b66a49

SHA512
0b1c74b7a8f6964f558f53bc0cb18a0c455bfd0585a6d3238854c895cca9edcbde936bd1432f3cb700cf77b97b241249476cdaef82e6308dee0419c9fedbbc74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c669fdce8ad18582611a54ab698cb005

SHA1
3da519d9addddf1ca60cdeaf8bac0d5f3706df23

SHA256
6f4881e154c62406d91f8f8ec4f6e6103dedfd62598de8fa0646d76fa8079115

SHA512
c778cb5bd4105a8bb9161c5cd33ea5504bf9abbe227e0e084614847be2f67249658e507f19b86d4210dada6dd3dc150850ac1b0e1a8d5005275c64459118df12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e9033c75a1d3f88d8d45dafdcd98ebcf

SHA1
e30763ccc03d7e8dcfd1e28fccc309f4bda94bdf

SHA256
ae51aa543d02bdf3e32a96c8e4661138646cf0319777cfd026f1bde83422013d

SHA512
7cf086df591d31f8ef6b8091916848d7cc7f2ea8785521ed10a4e998e6761e2b10bd8f4b28a3affec7718c7c2cee04cbecdca75a6045a31c4455bca31134a537

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ec6ec977b4470f10df361d0dacdbc2b

SHA1
fbe15f70b73c0f7160d716eec9c5dc1b9307439f

SHA256
410d2d67b1e79da934461927d73aa93a8e349cf532052466402200fffa0f088d

SHA512
c0f18a1ae9e553a0ab9b8252b43ff884f011b8e1328b395731987a51cb7df969686a693219ade540912f96313ccddc7f19e5d9cb3981325124d2e161ad7c0eac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d17f7ec83a19c98d08ddaedcd7799de

SHA1
83d07ef17b761237847676697b1314a3bbd81f6a

SHA256
6ebbff7b95f76bea43954b42168927af3f74f22f840463786ada97f7506aa12f

SHA512
a5871c8d09b21a1a22452c91ed0ca762a700381a62646a2518c4901c9683a45ee935eca603b50b9a0b101d4db67636ccbbededd7140941a9cb157bcbd0688734

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d092aaec7212e2cc2df3eee6e130345

SHA1
6f5dbe7daae29e33a4b523c103bfbc1ac35a470e

SHA256
4751b27065d250c71830bffa78d108910293991b8fa62bfdc22e743cc9eccc82

SHA512
3cbebbaf839ce1a34c6b9b1191e916e6394fe3803a07d0e5ac41282c137c150a63f4cef8e19b4c6466c5260dcb8819065a1a40f2ce1e5f02f6e0490d83d2db12

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA017.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA098.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit