e9eb97f5a2510e2b803c3473ac7fda0c029dd6f10ed352b8b236ad6512447e90

Analysis

max time kernel
130s
max time network
131s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efadbb5a83146950c88888ac256009f7_JaffaCakes118.html
Size

113KB
MD5

efadbb5a83146950c88888ac256009f7
SHA1

1d526710aa550f66b0bb4df60423abcf5b9f65b7
SHA256

e9eb97f5a2510e2b803c3473ac7fda0c029dd6f10ed352b8b236ad6512447e90
SHA512

53bdc63b0f86f443a1e5434f4899ca82da3ab2d74f05235c8a70ca838f870583729bf383084eae43469e7450eadc5333edcf92e679a3917a959fdc2bbd5d5b11
SSDEEP

3072:8EsLLNo/zPJxs/P/AXS9CBsujpx03xTqrCW5iXUgqhjy5+leByKNv3vYa4jRZ:8kYP/AXICBsu303wL

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433079412"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4FF18B51-780B-11EF-9982-5A85C185DB3E} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2520	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2520	iexplore.exe
2520	iexplore.exe
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE
2060	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2060	2520	iexplore.exe	30
PID 2520 wrote to memory of 2060	2520	iexplore.exe	30
PID 2520 wrote to memory of 2060	2520	iexplore.exe	30
PID 2520 wrote to memory of 2060	2520	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\efadbb5a83146950c88888ac256009f7_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c780b1fac8d6aeb46660ab3a9978ee99

SHA1
7713e4ac5be64b74c218ffc3a2033a3876270e2d

SHA256
cf887c658753b156e4b65b4b921ecb995ac9cedcfba0141657ed2ceeb87e1c72

SHA512
46100dc20b2436461a9003361fcc934bbceb95eadf886faf83578f013196735c61f75ee39f9780e76b7712fd6b2b93f1ea59f39f5921b3ba7756bbeb28a15823

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b8451624e2c68aa69a13d8d89ef8b1c3

SHA1
59422e24b18c923761ae2fd17374b04556c15294

SHA256
2e877b838cee6303a7586a1b62bc87aa6498ce9c277cd80c53531fbc19a4ab66

SHA512
6826f5d51f02b62f0238e261e6a6656adb9809f97f81976c75f2f7eac21272abdbeaa26cdba7b98f306b7dd7cd55c29c06f0c4eb137e13ded1e3ced8361c8e86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f610794cb687e8a6b92faf92bd6dad8b

SHA1
ca5d190d03ef6b9f9b531a1355829ad169299380

SHA256
8086c441d4244b5a90c550f5e387e556ce121812c9ab9f4d0ede3ec8ae37e462

SHA512
a3bd96529d4bdfdf357edeea5f6d292c201ac2bb9d56d479c3642bc368e35c3c41f2737a4c7f42778e48b920d83cfefc0cd96e1de4b9c674bf2d95dd76e2dfa5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
62fe4ca658f16e6e056ec22166ea9473

SHA1
87753c1013ed94b256205d07b19c803af61803b1

SHA256
61273e454e9e57f094b2cfa036bc05a5372c8c98036f0308e6e786ec916778bf

SHA512
b4174faff8baed2458e45b2b6fb47275fb120cdc2f0fa109c286c96a822a30ac0d63c0a2d6d0b5281e0d3741b9d433d76ee9f30af4bea94057feabd6633ae177

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a9672cb447181acb9d7bfc0565338bb8

SHA1
d0fbc56ff4e42fb215f0a4f0adc85922f3ec03e5

SHA256
7784fe2f2b512ce26518e75b29b3dc5343916affb3bcb7df02d69362db3f13b4

SHA512
625d7a60d9259afb73491cf35f0ed35d695b4a043a5aa8fd08ab17993b96bbb3680e9d0a043513793b86f16215dae9aa9eed30d61b86178e7e468e3bfcab3713

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c5ae6486bd37fa065f17170233c11a77

SHA1
c551af60ee8e6c4ce7a2e61a657c851771e92e14

SHA256
e23a8731b776e57be6622f040f039cb2286573916d3885468c5bb4d2b466a5b7

SHA512
52c494df7e0fa9f7bcb9b299921072168adba9c9b81e571445255a7ac77eb618f42c6bb8fa526529f1e02b94d3b1398d18c4ea3d85116b030042ba592bd67218

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
649047d0e23b2901e3a9020331fb8fe5

SHA1
ae8294a61a9ed93e5e9c6e4e44038668de56adb4

SHA256
9fd59fb8d5d04e0f0674f3db6a2ead72ef15d2e9aa02d10cb1fd48d9e00d4f8e

SHA512
083e49dd82d92d901177ab91337c23fc985b359c56e29551a7d0d95c8c8ffa29998af19818cacdceefe38ed8da7bbb867d75071c04f17a01d6ce9328ae9ff8fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0541dfcf7e722f6237c71e85282bad09

SHA1
e1b7fd3eff2f17225ddcbfe03df175353b2f841c

SHA256
127f43c8f072e643438adfd391a75b9e303ab590c139e05a253926abca15b1cd

SHA512
dbab6180891a05dbd662f0980ada9b2cfb579f0310ad97e60e6a58996f94454c455d8054bd091d409fceb626a69fc21733bfc1da1039e8f625048b8ef31578b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a904732631ac5295ed21047c519bcf1

SHA1
7dc24b5bd30190ede97c5df4c5acb28dcf1a36d5

SHA256
4d2bc4f3c0ad3a53a97b56426acb85dfc0b6cbfcc39c6dc7bc5bd95520af184d

SHA512
4fd06642e05494257c32ffa30afab7a8a4bf0b30e85640b00c4a47204b7296949a8ef569198103d27d79bbf78f255726bccb7ae0c1cb4b92d977b400a2480bd0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b605b3fd80eef394ec0e6361b607b8e1

SHA1
6d5ff491fea24cceb3dcbe2f6b6b89ac836712a8

SHA256
2c0cc92f112ab980ed2aecb6e04b590e238d9cb395ba04779303798a9247c1d0

SHA512
071ec7990a768b172e96cba89b2fa3013c45e79145edd56dcc082d47d4d74174642df156a9a0a7f185f12edea4a8409dabbf123a00164f298571b8507b2d4dcc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66c08e8e6c658c70a89b185f94c31abd

SHA1
6110fc4dd1b3c4b90cb685df89bc40537b88d317

SHA256
25b7cb90a33d1e35e59e3f205e9e0548c51a83d7e12c3a4ee46c18840570de91

SHA512
e6fc9a6c63a456cd59030e4208642a18e52ef42d3f9efb2c179cda9f88d0fd3cc24a520b6c172e2e8cb5d60dce3c20fad255b9ac44cca717fa519dc6653c1f79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
312f049b9810c103a42fb59f22753f01

SHA1
61e3c3fbf6c1704ab490af59283715905a3d30ae

SHA256
634011882c9033388a90fb1d501b5a1690e7fd96eb12402adc62a38b89a8e404

SHA512
db9a1c4edb7d81241fe5f1d975824041659e66526b4991c33dd8c207b43d87ba0fb332aa11df4e50229c29e53a3e77afb7e2ceb5f9449305c6790c31267044ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfd4d390257d819c8a0aecf38ee1bbbc

SHA1
e6ca62d2cda1243b06d062de66627957ecc2f8fa

SHA256
ae75a7d0d2acc0841eeff3734d2a24d5cd5add72776bec61ca5db07cc0e05993

SHA512
a9766a02f9ef8a37fb66f50204bd230d112f671b1fe052d6f508c5026d2e2aabaeca8d6c934850533df4be64973b48aab39fb6903aa07c4112baae9757b61492

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd397aaa8ba868b83fa84ed8b85d07a8

SHA1
07e335597c17b97349eda5831c3eeffac1c28e94

SHA256
5b97fb74bce09c07aad9dc4e1c8e2eae3088974b7db9a7d3ea53f727620c8dc1

SHA512
ad96ff2e3c2ba2d44de88eff0491b896094e9ca4fa6baa5ef101997c7fd8078c1f6a45e649e72a09a9c5b261a08fa5fe18a516cb272d812dc1aaf6b94df7ee83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6b66d92bb626d0f578ff9f0774263d3c

SHA1
39940de9b96248c37e672602f7f920e503f44722

SHA256
9e856e12bcb423c7a0099e49ede1ccc55aa347d60f67379f7eb5398b6083b12f

SHA512
3a38f578864202f98011607065b1e5265574bc7cb66d9ddbbbfc19c423f6e451486c4c6d264abaf29bf0df6f2f4a1f1ba8c20bd026e446268bdda0ac93fb705e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
877969fcac2f28b5752f36ae67b71631

SHA1
08dd670c00b3dc298a537a1ff5495aa3493f20eb

SHA256
fe2afe9e437b215f9a8331c67a1271fd66f4495878bde61e02d6352091b773d8

SHA512
59b3a178504fd6ce89103c2ee815d3c46b264a0713636632d67623a2f4df2fdafab8fe6b6d9e049fdd91a87abeccb54364a0dbc1ba29c1ebc2d8e2c04d164d54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bd9306ec6b0e060830473788793a7bf7

SHA1
e2c069c139d631023df91732c0b2e59a61c8ecfb

SHA256
44588efd3598df5ef23e8e21bf1b48570ead07e85bcbc0fcab8eadd85da4d2a6

SHA512
d3bcfd47d41a6f0e25c42db592c3a6cb55db242f2361ebba110aff3c7508d6a56c805fe194b6c4267fb9ce4451235a21779d5255181a7a9ac8618e1fb9b09fb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4ff87b12c5ead86a781fd7f9aab485b

SHA1
144566df4c65c970a49897fd4170bdc259c7bd09

SHA256
b8c689b52dae8874bfa7f0a144ad7c8b2fb2edf75da68dbd4f6e26f4a560adee

SHA512
121eb10f0f6346dbb51f3cac4b6ccf599c58524bf8f62cff6f768e8a1cfc32ec65cc1075d1f258e4070fecac5d1c1a69c94df9018a562df3b15f8fff3f01a82a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aae86a2268ee81e90ac7dbf4c00b3cae

SHA1
7d3b8ab9a30fdd86ff83a50d8c0f1f58b7e1d5ae

SHA256
6fd98eee8d5a10e9d0592cb5f9d5381b2ff0b06b76a8b5976bad535010a97c83

SHA512
84424eb01f25e5226471db7dfbf66a7a88a1950975eeb6e0de84a9c30c1a3cdf61924950fa053d7dad538dea82a29c9925896d0d7b9dd352fdba953697606e68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a524a23b902ae21e5771abc44565d303

SHA1
afed4341ef429961afa9a8d58d7d9c823c6a0e06

SHA256
9ea703b0a98db53b10f7b34bdaf9aebe79d5b86393a82ff843366fe80eaeb958

SHA512
d9f9896b9ce788cf17b9e5e7335b59b40c70e20e3ab33bd250a959f48a014c21ab94d8583c22de91851caa6a4de5ff0425c89e76fe0bf74f049b067bfc75ccb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabC7D3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarC7F6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit