e7b34641335928c4fbba3758e5a09ff7eae1efa754689697c8c3681d59e34081

Analysis

max time kernel
133s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/09/2024, 21:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

faf91e41a3910aecb96a1dd8c882e2fd_JaffaCakes118.html
Size

213KB
MD5

faf91e41a3910aecb96a1dd8c882e2fd
SHA1

0f0eb84cffcb663261827dd893df4e1fee9ea8bf
SHA256

e7b34641335928c4fbba3758e5a09ff7eae1efa754689697c8c3681d59e34081
SHA512

e6e06b0fa5f188a542a390658a24d16123248ada22a0e47f75629b508853c23db3d295738feab6d93f4fcad16f6d8b5a26fa317cd1d226762a87b447f74ef81a
SSDEEP

3072:SwK/11PGKBI0YyfkMY+BES09JXAnyrZalI+YQ:SZSOVsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{53140281-7D1B-11EF-B945-527E38F5B48B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433636046"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2124	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2124	iexplore.exe
2124	iexplore.exe
2824	IEXPLORE.EXE
2824	IEXPLORE.EXE
2824	IEXPLORE.EXE
2824	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2824	2124	iexplore.exe	30
PID 2124 wrote to memory of 2824	2124	iexplore.exe	30
PID 2124 wrote to memory of 2824	2124	iexplore.exe	30
PID 2124 wrote to memory of 2824	2124	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\faf91e41a3910aecb96a1dd8c882e2fd_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7805f962bcab7878826e29356cccce7b

SHA1
44bc0f2251cd31d3ce37a011b964c92c4c8354f1

SHA256
71bf960ae1e83e9febd18e01e0f7027fe7d316a9d525797d6232381b0318aec6

SHA512
e21183851401f661091de54831bedc0b411e5f722b27d10e838fa7c3a39ed37b68ef4edf7e05e6fbb5e0d40f19d7aa9df51568158b6c624aae1a6d2c060a1326

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
353b35aa6293360dbe609c6fbdf117eb

SHA1
ce67195f7efdcc26f65ea2da6d8b6fb724030e75

SHA256
83314a08aa5a43e1ccefd64c189072580ed8283973a7145edb18cc7d986b78c7

SHA512
e9c04e55700a934958e2798329cacf835dc1a8c1c9081a5758bc1e8637c4f497a3319f9224f928a0d4bc1ce5b4779cf383aefcf1976cece00a7d6aa52df98475

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d67518f5970d62a430ebc61e5e7291f1

SHA1
5337f4578cda67527eee3b2a9b2c67da1b6466c1

SHA256
6e4e205bdd7f5a9ae412c7e2d9d86fca8bef70486cdd4a2ff083392f2cefb93d

SHA512
247916014bfd4f7cddf461689739d7c9b6d0c5792328bf01847a9c324d9efc36d83d291ba944f0c5fa3f27ee10ac735c904858e93bb5c75786c0a17510cf5490

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6973a1939e9d4cea214b0700cbbd001f

SHA1
62b8faa800b1716ff8e88439d5f86b7b39a28411

SHA256
6bf1a9c9a2c8872a087c50e1e51f28bd3b24018b70ac4b37e8f134edac5d84f3

SHA512
becfde9beef488fabeebd6e3af94a27138d93aef8d134204df34093c7b39218ef033900b35cf8cbdd865953a2432c08f6f905058e210161e6da5e0caf3079bc0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f6368e9720fd28377d3dae60472436e

SHA1
f0342f94282fd66452402c4ef82a7ca34946576a

SHA256
3f3182a50efba21e55fc8f055c9b399b1d5d08630616050db16b9157b02c5d02

SHA512
06fb433627cec4a9d33d1eed7485d655c215f92136565c0d0dae451c3c8dbf9f9bd11144f4f7626eda88522e7c11e27f726b1c3f9fd5263fab1dc0815c6c1650

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
78f0e7c33d0c0cb7c058a3b32daa7219

SHA1
63a38b372c3e3c015d0444640e0bd1d0369327fd

SHA256
a108cf521640998bc58e1092acadfb73c784210649f1f6d8887f8a7d170223ab

SHA512
d4ddc3a7fe768ae359b8f65485393d064c38915241e17cba0726460118d3143466c584f1af61962a360d1e54bea9e485e69b3c42da0051ab1ee6196dc98e53a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76c828f3a5c903b675cb8d4d02daf0cf

SHA1
2162451008700ce7716664da0f9ac5057619a453

SHA256
8294eea30f60e952dbc704ddc350de2922209f4bcdc1af33b621e1f6ffa047fc

SHA512
4f28b23d69d7b2824ec97bd582e149f59b1b692b5fa3fd78fc184af820902e5bc81f390eddfaed762c0546ad91102e20010bf5227658737f11a330129d5a9ecb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db759430c57c474b98e15de26d40093f

SHA1
070126f7e92a311770a3ca6639069ef451ff8931

SHA256
a598ef35f1c23ea70e4f16767f83e37d8dff1ceada28cf7b54264847342f7211

SHA512
118d13ba75f9cf6eafe40bf656a1e2b3f14e6868d95d32133f821633bd3c40d5d3f362af520db3a4dc6d79aaa18a1b506334b4407d268f99df8a13d234d1f3d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fb6b305e231c42145fb76728ddc6b0c

SHA1
d1ad0284ecedd17a85dabb87f0fc883ef466c799

SHA256
c3758f7000be7723071e456a830dad15bc28e79cf6f9de6917b86dcd5c5f3131

SHA512
bcbcdfa0dc11de3a6b42291ee3245ba0bebb59820416abbbdeea4ea0581ff8c6ed294ea25155fd75dcf30c27a03daa8fe6702b82abd88ceb80559c94084ba8a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
340ae49ad8c7d6c2b886c4e626d2c787

SHA1
2839f0f0b7af08b72997f50651161f9b0399aae0

SHA256
f7f97e9c43154342c693ad2c4e49d83cbe79b13f005ccc72d066a363771150d5

SHA512
f97e1837ca6957aa827c7ce6b134fb9ddbc0f7cc276000b8c3447b3f8ab13f1e5843f7b7a4c19ab40a533a854d07b8a8e4d8a5336ea3532f612f180bcc643973

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0f0ab07f4429404d439f60e45ff02d01

SHA1
52cfc869954a1d2b8694d85be5ab1322fc2bffe8

SHA256
176f5e3f115d70915e402005811217e579a9b5a0008535db5a016f83c69aa42b

SHA512
19740b06361f790cce155f0ff4e7d38d30d30587f214d7bfa087aa6d1279f4cb321f4f305848ce02b75c40d8c7467e862ae850224a6ce76f52ec3300e2a3cabb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
89d7f6f7bdcce853a236799849374ccc

SHA1
b6929fdb5d012ac9b1acadeaaa2139ff41acc2db

SHA256
eac91a43ec4a2494272a47abb8f974fcce43878f5d385548647996ecdea9b4f7

SHA512
e1dc09d82e0f71ef5f502f4c433586ac15c765520c9d8ccc96a66fb5a5be2eaf074be71b9c0758d47c21c420759e2d4b3064ffd2d6430b46846d5b201d26c8e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
621702d6e3e272082772e90c57321750

SHA1
343d5a7a264929bd5c6a39cd4fd18cc4311b705b

SHA256
8c6e6189e8df74733153b74fba2b35ce3ad627e607c0be098fbd6d069378c0fc

SHA512
9aacfc511cdedc27f3db0eb3a3678bd47ff895f20aaa038ab00f833180cc9aad1fc0da7a29f6d16f9530984c9a50b4dd7bfb58a3e188f0ba6fe9cb0bb048c409

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5fcbc7c1f41ccaf4c3b55dbb35975207

SHA1
2f26ecb6c3c6583db9c098e73a9cab081521ddd6

SHA256
c2462d28f7da480bec076d6212b63ee7c3762be1a58df278535d374cc613b018

SHA512
3f9b52ad2a35c8bdf8902cec5f15b78778814aa2eefb23fb34d849fcbb81e7e3d8d7af463ee4b4d31aa5568bd8d8a1b718f79f97017f14c7b7ac9a58fefec295

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75edf80382692f381e088281c73b784e

SHA1
1f067cc08ca17bb1dd0c52601ebe0289a2ced740

SHA256
031e3d43cfd1ae094da3792299138a03367db664eecb7775bc607d2dd7a90eb8

SHA512
86421523859c6977f74599ecbf68a33096fae31efde222b7db452e59aa3b3969a138d5d7c0881da375e80933fe457dcad8df92dda23efc5aac25b62c7e0fc199

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4599bcf752ee6505a5395e147cf3fe25

SHA1
fb694aced4c95b903c7c349e8b5de11535de576a

SHA256
e3d0df4d144f82f916006c959fabfd0a9652b0f8fee7fc508247aa77a9640880

SHA512
fb7e2803b5d9f727d033967ad718e7a54f7c07ab4cd476df8dee171480c016f35e8b1ae818a7827afec8f52bc9a4beb1a9fd6c83c8f482da9a75c9ae3b696b57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7cbd25d6d9ecdc644c0c7857c79e1b67

SHA1
94367d44dee0f5c198bdb76fefd4819f8ca2bbad

SHA256
25799979e594e6806f7b899c42965aaf7bb8d107b310824f5b9b10ba07d21d47

SHA512
f791e81bb9ce8e384eee60925901722749385b3d33b874434ef924764708664f4ddb2a4b72703cc47bfd9e2bdea12e7f6d7557088ba9b2b2857a289441ef77d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e50ed6d5faecc0c20efc34529f7e3319

SHA1
2ed1cdd43d6fda651dde5fddfc49b94accb941c8

SHA256
7926a27472c992d4e77a4afdf0b48d276d87180595fb5aca0435167a26ad68cc

SHA512
516dff027214a338067a3af1fb03a840b0fd7106750bd136762570852c5b586062453cb482f4e6d623a77a61328c53cc2127f4a9fa96771162125075bc0698f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF8C2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF913.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit