8604119d07dabc19c625e68c883530ffe7060a13b7bae347c9573e5822de732f

Analysis

max time kernel
114s
max time network
128s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea9c247084503ad1d612351665067fe3_JaffaCakes118.html
Size

32KB
MD5

ea9c247084503ad1d612351665067fe3
SHA1

ae91bbfeb800180afd970b439ebfd90cbd8aaf10
SHA256

8604119d07dabc19c625e68c883530ffe7060a13b7bae347c9573e5822de732f
SHA512

4d19f2c237b227a9bfd21b47af3edb9a8bf5c504f8e651bb53d2360690714f9215cafc0fcc0757aba9283736e8f7d25fd4736f0ed12f1fe675d6cf7434f03f14
SSDEEP

768:TPlHO+goxSC6q6uSPve5jgCaOecGsFZExcKXLrc4TxSF:TPdj1gCnecGszExcKXsug

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432882966"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EB141381-7641-11EF-A1D0-5EE01BAFE073} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2724	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2724	iexplore.exe
2724	iexplore.exe
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE
2624	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2624	2724	iexplore.exe	30
PID 2724 wrote to memory of 2624	2724	iexplore.exe	30
PID 2724 wrote to memory of 2624	2724	iexplore.exe	30
PID 2724 wrote to memory of 2624	2724	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ea9c247084503ad1d612351665067fe3_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9294cd53dfc2564f3991cc611bd89c9c

SHA1
ae58e6161643eabb4f6b1b7275a6c510aa0c2381

SHA256
7cc6baa35a32c70679cbfba082eab5bf61699732eba824fbce7a6d393908751b

SHA512
efaf90b6453638192667c1979ac8dacd8d10b6e5d207e4675e46fc91afa1ffb64f99352871274fde679b71e7e19afd43dfebf7a27a47faf20aa988c3f75f7e0e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
20ec4d7fed3092e01ad832274216dcd9

SHA1
a5de35a8297bee7b1d7b6d0d65810812cd3d0553

SHA256
1958ff5bc902a9426b6c7b921de199c51c2ede9b0a5a9d516a8d3a043c53db8b

SHA512
bc86e21b23b4a16ceecf3db39438fcbfdd004ec2c1560c56af6be7b6c43d08be4e8d4a4217cd87ae4c6a61df4e8b37be5d4b1455b26d83e39c8a42592df71716

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d99c4ab7daa4be72c2019e1c8a27ed5c

SHA1
5cfc382764ad06ff53fd36b75afc5608150c7397

SHA256
9556101ad3393cffac7aa3c948a2159b5b18756164d6a89d860aa3ff23233691

SHA512
a1c64ad5cae4e4e530ec12ff487e01a055a7a22a3b7517b46d602248a8e7bbc0c2d84f1b45736eb76de111bca9a1ee1cf4e30a91bdb477d551e57e76024f48b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7e84f805be4ff84f2691abffb7ca34b1

SHA1
4ad812f463e93347ffe77242f23fd091ab96aa4b

SHA256
780758ab755f9676a0b52cf254867a5e513d14df1e23a52ffda579c1edf74abc

SHA512
1eb2bee4dde9e02119d65b2b88b7f493fcb3dbd19badf68eb06177bfe6ab94802d9883087be92244d440d2b192df4793c910ba7c25d2bd3c39c4b79bc3ddad80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
557eb532aae311a5a73e0b0b4e32b2a3

SHA1
d2f858c81e00d663ffe75ce7ee30c49ee320b814

SHA256
318918395005fb7d42c145cde563f64373c19f89953a47884b3d8dca8ba64dc4

SHA512
ed923381dd4596c5c098b77bc73c42793eb9c56cac9fbb5fd8d6f389117c6a09aafbae609750987c72e08b489ee568d6c4df96a75c01e1b138dcc921a5509996

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8d7d65c653f238c184f176465a05de9c

SHA1
f312c93e5fa3a494e7b24208b3e693d081246fde

SHA256
b78a569ef8bbde490235a2d4089d9af90dd27d1ede4c0a2931114851e2d8d2d6

SHA512
22ba92d5e02d3e1b57f8e2c20d43ef2210591b933190583797c6e2d1e04eb84139044db2c93c9aab78b3886f29e11ea4c28e23b4e11b4d14ef58ca00eb186991

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8fe87892f0a7195a91a0acb0bd9b9524

SHA1
be6f4547bb3eebf4c9e05b50b5b4021d1b86baf5

SHA256
57b01fd956c4f2abb5566c5fcc7c8f35d03130a08c8517b6c3b88d1e44cfdeee

SHA512
a9c8d1685b3a5c8f86c97b752a5f3b2da67ed9edd717da64e4ba28688b0550055a8cc6174c01fe5db48fdcc21eac2542ddbcea669cd9b75505e6e7b87656d407

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1b1d569391dca38232850a0da087f91

SHA1
b6dd390daba2d1646a4630dc048013658df483bc

SHA256
19f6e8548b0aeaa30aacc8cf367e0796b687fe1fc2f0bbe781b685f5cfb833fa

SHA512
23fdf97dc40e45c04f881b01c36a02fd72324c15dab1a66978719f9a2d61f499b89e91b755d8e5a49f22f679f72f1fdeffd2f9441d48b8b1a724ff7fe13ad076

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7c35f60488a5a9a574f6954ba55e7b4

SHA1
1129cedea36de0a8597a3ca67271505ad07ee679

SHA256
940d0a06facb719fc0e88c4589c221dc70a34ce21bd1fa3fe049402579117fc0

SHA512
6f0f925d30c56991cc68736f3d9d9cf4b2a90be6d500cc34c131734996aff4d73192e8f205ecd3d1f5305b99589fb575f198262496db6c6c106db048c6b53e7f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
982b9c08de3e66a006c195d41d9161fe

SHA1
af1df42bd25035c2bcba3674f254592854826e1a

SHA256
3f0bae2c48fa757ca35ab75ecb9b81f2663547102311e084eb7d13958a5d3266

SHA512
24064f75d38410024a61ae51bb146d7351d9076b870e341bd631ed765115f43b87e5ac0e34c11812394b933a4f8bac2c23c6611452c14189dabcb55bb83e3ef5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d22dada18ae91b7f91959883155c6df7

SHA1
1a09c675601b71171d9d180d58d77eafa9f5c5e8

SHA256
412b18cc4db6f5a29b3939af6a43272aa1a9e789a2529437572b77bfbfd9609e

SHA512
c15d3f9eb9d94841a82ed2f7b51dea5412696c9d47b5d56c736819a969b5fb88875e3358c166487274d49a849c17c758b58db6c5cc4da8949ab966e51d7d4a6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4213674700ee0adcfb8abf5c06818593

SHA1
048b42b5de8597e31d3137f21e99bb06a33dd549

SHA256
9ead9225d5a528d6b12c60c09546445ed537ea748c23a12a0f7fedb8170cae6a

SHA512
0344b9813a667a48b18031cd8d35769a937c0f15e51a6d1727e3243e799ae0cfa9a8b8f5cdfec8ce26b7fcaab01ab7695ce50eae8846271e16d22658ee433848

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
214fdea155765d82266351676272d229

SHA1
2769e6e9c4c258eff075b9e5bee2e769f97d9f4f

SHA256
b3c79f2c8246f574282c9ae38a76fa7debaadc0c154df8aae5294937330a42e7

SHA512
19a73676f1b0045bb914f19c6c0c031f4102aa0abde8c1baf5a509838a7190c7708fbb5a536c2e5ad8001e733af32137a24f432a55220ec39ab2d81c171ae79a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
217241dd3913ea106a4de49d59e365b7

SHA1
8b83bee63d0287790280a689aa23353328ee289a

SHA256
04d723f86836e8360175ffc2aa872874a86b852d86e37922d8e5e7264bb5b9ad

SHA512
40e88a4d6ef757a5aacd1cabedf6617d4ec86bc68b0d048ccc687506de2aad36bba917ad92acd73482d0042625725a5be8440daf1f23a55302a72673b31d23e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3423ed33f330ab1d8e53680abe25450f

SHA1
931a12e5ac4e946ab9356eb7e3350fc97169f466

SHA256
4a0369e34bfff6180a01b3ddf668bb5cc13f19c44f13d2001ed844dc0cdc1589

SHA512
7c886a6c0c4827d0772c00ea7bc2e0ed900b8d15e1ccbfcdf8e68109bae8d6abc3545325bf3e26843c5b215ebb9e5041b98d2a6c41a3f8c8c6c4df16ddc15353

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df89acd01117faf130dcc427f7c3bc19

SHA1
53321451c0b54fa8b867e58bb5effb85dd35e235

SHA256
f730c5b4e5113bdeeb1859fd9bcb34ec7065caf37effee2095effe15e73a0eec

SHA512
6c3cdd19a1cc267675519d91b66161cfcd021299d698c963c6b76abdf387f138296c57b143e71f1b96bb2f1651c246bafdc127c6297ec3d52dc108e204e12f0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8099e9f460f5719ea9fdde462046efb6

SHA1
264b40a9115d22ac417df8f45e8b57ef70257b29

SHA256
badf56573df3dcce1cb34af861904648868494d6e5aad1b25708bfd25264b5c0

SHA512
3a5e7c81747e2707e3946fdf06b80582a50772eaaeaab78fa3b38df7776c7bb5b48de65487d9e4ed8591c8be197a6493b9909ad448a7cdf950284c2f01c6fe73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a7d0144da5a78f5bbefd2dab68bfe11

SHA1
04be75165d88be1ed79199bfabaefdc6166eb56f

SHA256
743c7f4cba44abe7a2fb82b9d873b22db132422280fdb339d4ad4204a8514895

SHA512
e46598e6cb3eb3e762bc1c68b15b0148b6edf83968561f668d6c5bf89a0438d8176d328828a12651acfd5415d418ddd3daa951b03b6a6f275fe3b9bfa242215f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2436c2b7015a49d7832b2f1f9b5e26a

SHA1
b70c1db31f99eb505ca56864cb6fd0aa999251f9

SHA256
83e047933c61ec7b1c9d31de60b3ea729e4e41006f282ce5350a4aef047f7ade

SHA512
61efd922bcd175dccb14faf799d91cb01d18bc523e416d5dfd42b9b1cdd99b23aefa2b6e1d8d56886c51686d43c9fbe8708a386093d4a781282d3b3db9985b2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4443.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4520.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit