5a3fb219300201b24c233991ca6d0e1e4724341db780789965cc26460f85e5d8

Analysis

max time kernel
141s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f659f18e471614cd97ab9da35fa21345_JaffaCakes118.html
Size

10KB
MD5

f659f18e471614cd97ab9da35fa21345
SHA1

7e96b8916d72b50426eba6e396dfa1917c4973e4
SHA256

5a3fb219300201b24c233991ca6d0e1e4724341db780789965cc26460f85e5d8
SHA512

4d9aab84c67ccc25ae51eccfb40376f77739c9febcbebffd7e11a83a4217b55ee1778dd19279afa0e1fa8a3a410316974b0fc8af40b87514897295a60b43ffd4
SSDEEP

192:2VElIsr030l8k/w1wvqVkZdBz+nyXJKuV013auBuLbdU8d:sElIcu0H/gYdBz+nyXJKuV03aguLZ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{74FDE171-7B56-11EF-968D-EE9D5ADBD8E3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433441546"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1040	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1040	iexplore.exe
1040	iexplore.exe
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE
2228	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 2228	1040	iexplore.exe	30
PID 1040 wrote to memory of 2228	1040	iexplore.exe	30
PID 1040 wrote to memory of 2228	1040	iexplore.exe	30
PID 1040 wrote to memory of 2228	1040	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f659f18e471614cd97ab9da35fa21345_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1040 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfbf52b8ab6aa0a2138901a3d661743f

SHA1
9c4320494479215cb04fe37ae6a24f827c6c7553

SHA256
b7ebb4a80f1d5424fad7adb14c077e9388b472759a50eb8ba887f721163cf888

SHA512
e7cfe579cc813342081d67812686d62849bdd1d7119f819ff016fffff5eec0b449d177b52a333f959876bc7ab85ba24e6eb6b77fe13ca9350a38ec4f318184bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f2c265ad0505a9732a55f5dc6942841a

SHA1
b5d16e677f13621e9c64c2bcc9d50643c2c11489

SHA256
6deda96eab308d57573f8080e013aee306f55b435666c8937c8936f882802194

SHA512
5e4882a13d9acec25c687833c6f9c12272ea73d20ea56f7812184a14a0d5edfde8ae823e0b183e14df22403673fc663c533ba521f6830b91ee4ac3aad6f84ea5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8738549a519d259df16fc432f23fd1a1

SHA1
5976b1f06784d948e25e4368c3e39ec08b595926

SHA256
4e7c650f8131d113a21471ff44a861eecceefde45468f392b8248b685216dfeb

SHA512
708b3ac66b33396286137ded986a420681d44520a2ebc9d17b6e39febb3ffb3a0bfe32c0c8b163afb4f3175b880b6455669ceb48f810b0fcf3a01117fff39409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ed88ba2f25548d95f3113a470570eb5

SHA1
a2f39a1507bb637d19ff003a27253871545b9cde

SHA256
c8e85fa1efb9aad47ea9b917870913438bfd3f5132e9f43345dc6ceaee96e7bf

SHA512
28c7fedc14a7d9cb0ce815f761fa2cfa3caba8b94d6fb21f627765bfdd806a5131400f97d676d8d7d36202c84a5e23ebd79476668dc2a21d0739e8e513d8e8cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7134fdf372d858d0d001e72c0b7663cc

SHA1
80d75856b6d6bffcf48a0911e33a06225ea65a88

SHA256
b90e1027ed4dab024842477b93ba5cf56a362a1f7e9849c3e13d5451ae5ca01d

SHA512
d75fcf1cb7e7ce89960bcfb1d517b2ef7f157a6311d40751d64545a9594719bacf2a1d2ae156d74029fa44a2e9016fc8d57287deadec683a8416d51815c28b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3ce619c971e9303225f526ebe360684a

SHA1
76986189a0c829b5196d2d4793aa88ee35c30e00

SHA256
fa4fcd5ee081b4fdff19e08e76bce1e33a9380f3b3c3dcd4221f986efead4326

SHA512
571f8512c8456b0033e626731974b95db9795a9c49aa13648873f1ba32adb81b82a5317742170d480048628522b8914f8665cd9c73bebfe14622394b181883b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c80c8896e83a3530def4379755a9c50a

SHA1
af0a704d9e8b837e13576a3a76b2ab3273b61b23

SHA256
922651f5d67ba20f86841a629a3f1ee155a07873dc2942edb3fb2942007249a2

SHA512
3f33983df68ced9f7d48f8953d4313a015da2f7b4965b8f5241d6d33b2a0099ba1b806f35e3a55861619ac3c8048a1ccb30378c505aca7ce9487c2bca9981ba2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
255988cd87c4e996f5c1e962b80ca8fc

SHA1
676753c7934fa8af95b9dba2965ef09198edc0b0

SHA256
81455355f6143b08f82fdffd88df678cc30b28343e21e5819e209683ca6e57ed

SHA512
dcfef3fb2dee59e056454b779ba7edcc3aab37947201d17e4f260afee0b67122745daadcffa7e4502e6f4c3fc31e94574980d15a99d5bd476df27616d7f3c919

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
123d4ceea348eb500b24a029f55d35d7

SHA1
80cb651e15ee253c17c28bd2fe43f733d679dd43

SHA256
0c429d819ab7b65d3c9004dcc304175790452fdbfb0e732f19dcdba870e7516b

SHA512
06e2782a704461516bcc0ea3ec0c203e77c6acfcd926b4cb27005886093ff5d02f90c9afaa485dbe7e593ef56a3bceeae12914e5b3dc1ffe16fb46dcf14c86b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b73a4eac934f22f731c32ed8b471b07

SHA1
612ce5f41c991f4d24e7b1a017b6b0d1e3390d6f

SHA256
7154b05377b2ff5a7c21d3ce78ce11d8a58fb9b9b88fe0bc61afcb477a9d63f7

SHA512
d6324a0340c8790393df56194ff24b88687e8d8dc00f3b3d6d5b92147d4253f715e094ca6da49108634b992a5c97a90972a6dbfd882b9e03ada3a9732f7efc79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7309e30417998bceef6834dd6b1ebb9d

SHA1
28c27b0d7edb27a0b7c984647e8bc6a2c3c58da8

SHA256
c55c97685c9f387bbe3f95c4ceb89768a26af4562a8e40638d3683640cec2889

SHA512
4f2a94a80655b98bec0b34af1773c94c8bd8a648ce5f48c2cdc35d965c28dcc24590812db2e9b36436b40268316aa4204e1c0bcf649285e603ee81f710089bf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d760110ef00313d06b6ea9dbeac98ca1

SHA1
8daccbdaceb96451d66b05c3ab696722b32dbdd9

SHA256
00af349a04ef4c39139a6c0a941ffb48f84d99b1b54a2059191bd4dbe4898ea1

SHA512
9f43381b615c536aa36dd3074ae86223ebe2aab045d1f3ab9e3b0955b40849c9d8694ab4463b101b3ea3c1e86156e946c687797c750cb3168865fa65d34c7a39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
72d85634e9d1487308109edbb5ee6688

SHA1
02319c8252055e6ad1c0ef644d4e548d9850f10f

SHA256
defb1342594738cf49349ac225eb897c875c99c8125899ac094d329b18279ed7

SHA512
c145492acd4fdad58587ba75e64e63cae151b469e0f9beb7437158ebbfb7a2d7cab3ab85c40705fe429479261cf15e7f3d36d47498880d6805bd4bbe83f5b49e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc05cad531cc7618a28ef88172ef56a3

SHA1
cb26bf4dd60e27b9aeb36f9f9c85227c90dced20

SHA256
abb20af09a5b1d57d335b17feb678317c6fcd0e0f4e37db176008eae94fe508a

SHA512
7dbe0feba8078ba4f319b4c28dbfe93bc2c4e1cfe533567c21ca8f326bb7ba2c2ad17df2b2982c9523ec084325ba9093bcdef27ce9e5254e903e98a775202864

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f80c2bfba4367c1d94cede9038ff5783

SHA1
0894510d5351ae89c9ae3c041afcde0eb04c340d

SHA256
769d50628ffb7356166a6baa529237adfabd81051257ee7dfe7f6c190927e223

SHA512
3bc3d6eb3313b53220e32d5646b61979ad3d60d54fcd391ad4523fa4fbf0bc739d744f7e2bddeb28333947c357edcf0802ab7db2eb6d910432aed8cf3280dc7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
43a75ea1cb1a5cec0cdd4b8e5d581c49

SHA1
17404c9efb4edd0e2658a21e26a6be4d140df04c

SHA256
cc5797227d1c0af3cb283ecfddb28103f9a9bc1798105a3692b7a61551c7b381

SHA512
12befa751fcee987ce111a151d40eda292d5199e9467a666ef9efa66c762023198cd022fd5024e519780af41feb08850101d8fa11e5308b1a7d71fcbd4cd3a95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0a860ac7a7541db764fa6ffd1b095282

SHA1
417c248d2da29b54058f539681d69d1ba276edb9

SHA256
753ec5e10aaa74adc47ef27fbe180e0e3b311f56653e1d201ffe79b67409e799

SHA512
74e65510cad1d09f558cbb32e590ca13b5ed310f09ed126e6198c701be73c80dfc23c7fae53711a390ea21d4721e8851a65a9743beea9864e37cf8f8a466acda

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e2a36c797ebb4c5560bd49007664c9ea

SHA1
99d35f01c47cc670b7a6d6a3893573ee7c4cceae

SHA256
d00b3f773e0baf989f88ce8152a737c83bca2e47e81b4bb45b4e2f8669a77604

SHA512
6687b987be596df5ac73f635d4674f75b7d9037408050cd85c5239d0c35288950a0ef1e5e261c0703f3b1ac514f6e8b2bf0c2290ad7a40ab8a280f3877ea4403

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb36f401d4f043ff48243156a6717bf4

SHA1
3bac6bb52bc91f6acc11f80fc64eca5f4c1a2069

SHA256
5e451f7e17a93619ad3068cfc1741080fbca2d3159d7a475a8abdb0f5088b2c4

SHA512
9aed7acc1da155f6d1462b38b12e91179b51f03b2c589e27fd0dac6531dbc3732ba0d9e8d05e167b6c1589e2092e27474913c88b0bc9d5ea7347946be5b81123

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabABEB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarACB8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit