846f302f078fede117210011260413e4010c54e203c3135a2b04a2a639ba2b8c

Analysis

max time kernel
136s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eabdabfd9f246a7e68e8b600f6adec5b_JaffaCakes118.html
Size

213KB
MD5

eabdabfd9f246a7e68e8b600f6adec5b
SHA1

6a031a50cb26d60d4553057cbd50b3d8db2004a0
SHA256

846f302f078fede117210011260413e4010c54e203c3135a2b04a2a639ba2b8c
SHA512

f6d3b25906f488086a012a912c82eee284ab40338a402203d357470de93badb192e3796f351f7ba977c3ee3c7aea3311a94e33818c290e95a84a3d83a5ebb261
SSDEEP

3072:SHrNu6r2U4ejyfkMY+BES09JXAnyrZalI+YQ:SHHBGsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432888354"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{787E8191-764E-11EF-A7C1-EA7747D117E6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2520	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2520	iexplore.exe
2520	iexplore.exe
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE
2540	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2540	2520	iexplore.exe	30
PID 2520 wrote to memory of 2540	2520	iexplore.exe	30
PID 2520 wrote to memory of 2540	2520	iexplore.exe	30
PID 2520 wrote to memory of 2540	2520	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eabdabfd9f246a7e68e8b600f6adec5b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4316c0bfc99013b5003c31d34b04b3e

SHA1
34666f572a472c1e91cf3a03f5937ece268a55d7

SHA256
7805fabc351da660c58b249d6b4aff34e8aa1e94c92b643cc6cbc0ac41111444

SHA512
1343b99186e4e7267f8b9ad588c2e9512af34d2eca879f5ae21f6ee8cd3bf5f688f2a4a1423869c68923295da7b5f8c97ad7a96de75dbc3a4910c6d4cb824905

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
309459ef658e5b192138a867c7254b38

SHA1
2096604a2dd5d489881c5500989b91f0424729d1

SHA256
ca1cf33c9cc0e5c9a43dd729f3bf6e45e21f5a0607cb95fe8aea49b643d24b4c

SHA512
4873f9dc0587c8e917eb631700b455a061e4fb6b965846c848fd0d28e53dcd06684c00d1015465a1f2d304ae271b365779ab78d6fb0920b7cdf5c1dc6bc4eca2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df9d07067ba87fbc4e6bbe59a4948c57

SHA1
642f3248f1f6911bc530e4c7f3628645b72f53eb

SHA256
fd297d05b1b5ff776d280087982ea7fd396e1e8e4c04052da7dba4f375993231

SHA512
88764e9fb52c7ace5c23437c6ec314e6563199491ee5d7187377b061f70b8650a411699e37ef4b9b8f5ff74aecba630164bc7f01ebb86c68fe7698156d936ab9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c065634972189bef5adee963f75e935

SHA1
c967b2a3d7599fb29dc6e7feedd4e61544896d83

SHA256
520f77e1848cbf4fc777e90a1c38578ba1282e3f9a7552d7def29495cdecdfc1

SHA512
332d84c17094916d6a835a3bb00375c949d121438cd79a1b4c05063f525dbe3f3ff93c7ce94ecc5af4cc7884667b56e77b5c8750dd1792484b3c64ecc7781728

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3e37e4ea8de3dfe260863e40a0e3688c

SHA1
79fefceab6c5837c4ac1aa6de8e95d5da20c3a64

SHA256
5d10c897ea0fe8758e549ca06e7af735b4162da5b2beed75d1dd6b81b576c05c

SHA512
8b509ef7f039fb13edba0f660ffb681758571e85e109544b821ceadeb851a68f96a7ef12ace1ac1c400b9d3db8cc67dd5719a519d9f10b4623496d4241105e01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7a05a176480839c40abc0c7b237582d

SHA1
bc3633ba68771351a846a7d2befb651337f7ca31

SHA256
a0b0c9dd26203db27114ce5ff29a0346c120eb28b686ecf0c11771c75a8f9370

SHA512
345bb308832ee3717c2757204a97a9b6772bb1270e386e26d20f002217de72ea4dc9d52a9d09e75cd4a8fbc5ee61ec82029cf9854567727ec9c76b9a616488b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2add45a711b62233955742f85a080975

SHA1
7f839e37065ef1f26282f6414019317a6709c1d2

SHA256
f9d15133d3363cab638d2fc1d873921553bec1c991620233cadb9918f1d21d72

SHA512
5d5db3186c541a987cbffa466d5004e81939387583b367338926b534fa0cb7dd1483207c6274847d89a8e448b0c120503ccb996ce104c65c643b9d22ac3df8e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bab71ac5f01ef654abf89e4147322945

SHA1
f03d910ff9bb3ba122e86105bae73c7663b8d40f

SHA256
7ca90f64a4a3f33c40c0c888975aa98f621758cc5e3ef28167ef5c426bde9675

SHA512
4c8e5947ddcda384f3ab7c8f5563a516a8d2c32ddaf22720c46745540cba5c89c9049097d6146fa9a47ff8038f8f19f81b19ec73779915b5e01aea58c57fe392

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63a9e90a695f8ef694bc4bf0502fcc91

SHA1
a91071c62b6f8470e624327f0b5b1892a283fccb

SHA256
1d3dca2a3920b71890b0c4823231a7c49609c50434886ac96ca5d2fe361b70af

SHA512
4afa34e5bfe0bc0f0f7c69e990ac60b7c2c9d474d7023d18ec9b798d2b7d0ecf1d08540fffbf09ec67fe7b320753f10396e41158ca89ad7433d36a2a88f5428e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5d1ab80c742abdcc5147c9430aa53f2

SHA1
e3498719e21949bbabeb56f09adfd4408ebad8c1

SHA256
0a59cea74ef17ab8491498ed40dabf68ecd290dc3ef1e8e496c71b3937d37c9a

SHA512
f41b88b85a84da7513af30eea1fe69b3cf32183381da5af7990360c7732ddaebd65f8b30ce6d1a5a6047651f19c87a7d1dab6d4ec5730d670d86313ac8a2a338

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb4846e9f11af48cc1aef44831ed648a

SHA1
59375b11009b8b416bdcd48b1e736ed92056ce42

SHA256
7c8a751380294510d0540c38138a811901e68cb956b714c3145db2437c8dce99

SHA512
adfa0489d44a2ffb065b23666cb07edec51bd0b67718334a54019f9d17d3717b9849f86e92b8fb76c8a6e3d39a056007f008dd04476a878783671623a9669d60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c9a853aedb7a3fd2f6c5ac5c41dc3593

SHA1
14d3dde6f4a35b8de7015fdb28bf4902d6e89271

SHA256
1e7693fbf409267ec4f2618ad05e65493a7bbaf432320c8ed8f7ae6b85896013

SHA512
bde39dd6029817f3a1dea3ee59c9093c1f3a6fe0f6a4ec5fb98ab0875a69619db7cb7aa1efd60cab6ea26d04b9a1a4afb7d50b1c9196cdcdbe1ddc115af2ddba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df407babaf534517aba22f225ff3f8e3

SHA1
1dca8813128e361e53223025cc79a7b418f3bee1

SHA256
a2ebf41ed1c31738eaa0cb16baa66e9cd71e24869c89c0bd173752d81e417f6a

SHA512
315734a48d1392052e0aa7cebace01d966f976e3b82df67e4813375d34d6c882210bc787c792b26926b4ecdf79d380225e73d6ce7ac2697fbdc8fb9811cd22b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e5a59dca3a2af6510c9c14e0a3b1f3b

SHA1
a7a42922309e9dfd2e4d42c615eab3a7887ef899

SHA256
a01d3f10d5bfeddc80d2b21e09e678e7269d0026ca80f8e631d39b22293045c9

SHA512
4fd607b296de018376a096ec63d0c377a08b6c4541d082016d053e3912fa8197d7aff1ad741d59982bfa6717778705998ed4cb35c82fd7948cd8e148ca703bd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
22c900a7acbe9b53649fc9033e1beff2

SHA1
f4d6dd97622e24f13a9ef8458f5e0b19cc990773

SHA256
bc5b80ca4eea31810bb6e6e1d7cfbba0d4fb5f34538b29b779db1cd8ea5a0d26

SHA512
663c9c24efacf8142d5417b2b8ae67d07a41db31f0061f3783e9a3bd825177666361d027d93f94158cccbca022257a67e32661144b825cefdb6230b4552d11c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dfab9365bff656ba58b647d3b99bd38e

SHA1
b77f8f637b12a6e4cc4209ae40213809336cbfab

SHA256
6777f225eef0eb12d454f2e3ab4229a842157ee986ef576c91211beac17b5292

SHA512
4b192765cfc3922be910f8a0be1f15819442f83b3b2ed09dda20c4195bbe9353beba6b1cefcf2641d68fc232a80bbfd7259b61e87993fdf693c03001f0c24a95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdf2c69b798ccc4f87b8c548aaed85be

SHA1
2a7f4a90f09270340cfd2faf35ccf89f94e759e2

SHA256
e0466210e5f3c986a8724e6141e670e0e26d40674f4c44da8eaa87d930a62190

SHA512
ad64dfd9023211617c32ab0056446909a42736be44aaa24aacbc5e9bee9bb029203fa53405cd9cfd50c2f565e43697d1042e350590574008d96a355589b3e963

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d16dc1f5751118cdbdc4305d69e363fb

SHA1
45827574d990d9e76185210aacd21eecb9fb8f08

SHA256
6bb8f7ecd3e26128196227fa5dced760b9fc0abc8ff85a3bbf6b07e44258c45c

SHA512
0c9f75ac88d8c7bb1e9fea6f9757b6f38cf2027147260d985967ac38d5855d35656230d37a17d1a4e2fe8d4c5429e88293fde5c90bea8dfa15507d64331560c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d99ff2dd8d340cacf4b9f4d1d116f8a2

SHA1
ee7f708404f5ac1d7ff433e1499f7b1593a41cfd

SHA256
dccad3be9075d3df9ad87cbc0857103719e54899bf4d45aba1e8c6932c51e889

SHA512
e680f65f379a99eac24bac0b2017bba248c63617175eacf8d1094d4362ab621812524fa01a5d41eed205a4af6603619e04d2afe879a22cd9535556994d1798ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab84DB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar853C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit