754a445a54891fdd873894c0d073d694ed9ec102c64ce3022adae4992eda2cc8

Analysis

max time kernel
137s
max time network
138s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29/09/2024, 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

feaa7fc6e643dbb77d024c401ea63f98_JaffaCakes118.html
Size

213KB
MD5

feaa7fc6e643dbb77d024c401ea63f98
SHA1

765e0a139333e2b7a2f6d6b99f0f38cdb69077e9
SHA256

754a445a54891fdd873894c0d073d694ed9ec102c64ce3022adae4992eda2cc8
SHA512

ef6a97bec05e1ba00d3b4a852308d6a851eaead2be352f6472c7b65a6d6e236514677bbc77f98782f5970eef1a32f8f792d6d2bafdae8fa07f0c1384aa789a5c
SSDEEP

3072:SNNvWnw/w5SFyfkMY+BES09JXAnyrZalI+YQ:SN6+fwsMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{49EBF3C1-7E6A-11EF-91F6-D6EBA8958965} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433779912"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2604	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2604	iexplore.exe
2604	iexplore.exe
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE
2576	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 2576	2604	iexplore.exe	30
PID 2604 wrote to memory of 2576	2604	iexplore.exe	30
PID 2604 wrote to memory of 2576	2604	iexplore.exe	30
PID 2604 wrote to memory of 2576	2604	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\feaa7fc6e643dbb77d024c401ea63f98_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
943192d3d57c78ca15fd352f236f088e

SHA1
36c85e5713bc880c73d4554e18f487a236eec9b6

SHA256
83ea98600b67508480045ce01ec2a726d9a5d3ceed76c8e227aa7125bed2fa60

SHA512
30633b70490e769cedbd207dedd8fb93e6e25430912da3f9eada1fcf74632059a3cf828eadb38b13022823470aee47db453a55ca84531873dd6c84cb440376b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
549b596f2dd8e845ad3b386828e129d2

SHA1
221890f672e34c52d8a7daad0ab105a40d4ea65c

SHA256
fcc3e57ab3aabb916433f6ae91a5d22d2fbd9cabb175c758429b6273b4ea24d0

SHA512
cb045bc9becd5e04ae64d0f39cedee52d8da916f8058c998091ce2128182b3d1de046f51d4973cb3490ed20dcdac3ea99e2daef8ad1086abd04d87757320baa1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4cbd58d8afb517758ba8a44094c27cb

SHA1
18fab4af81286cf09e54b331c9908a2938314be7

SHA256
08534542758fe549e712e25d382c99e4c740c1fac2d26f87f1f1f7eee9fc3d49

SHA512
04e832f469c68ab58c25ee1f8a406f1bd12efc00a06366fe66d781a7e4a5e327ae54b9198415e39c5433514bf9255453605a5da7d1c2ccb1b2e09b83b6add399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d39ef37cf91e2fd08f4951dec3651853

SHA1
be3399d20cc3f3b9be1ed887c5c91e5cf3ad1de8

SHA256
0a5cfbc797a4fb4e10de363063b425e8efdebcce5ba13250d8a3175f6af2ed0f

SHA512
66d10f2b7f0a8f4fb1e440162fc16f2670c30f529b5c8bb60ef7dfbd158e02634558a86e4bc76aeb966924187fb30261c671255a21c07438e3be9e5cf48cf2fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
680c9379cd88740b3bb80e66bce3a209

SHA1
5bb5493b9a7c1a36e0308ff08175d83bfe48e5d2

SHA256
06ceefa37baf250754b37b2d6087021b721d76c9e4332491b199a06aff7ae988

SHA512
0ac4d6c6b39672291e08d5dc9a68e5b276c4780b94987f7770b3ebbea8852dc29ed59fa50926d496f61d8405921081e6084b8ae929e3ad2cafa61624ce57a9fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba9f6fc7eeac0ab779d6bc57363802a9

SHA1
a78c289ad68cb18255c74e9c19804f2e308294a5

SHA256
efd417bd1ec0c577f4935576bf0f18b55a4e5c5a7adeaf169fb4583692d7f9c2

SHA512
87b7f0ce0082c9bcc28027e3703a040d6af145674fadb5ffd0fdd51a4547f29a5ebc7e08a8f570d2134bd13a081ac91235aa30033d962381da122d39dd6192f9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d833ac632daea7b9ba60356103fb7d5b

SHA1
4eb6e55e94d41055e5047aa3c16a504cfae4d909

SHA256
641c7f8d1b25a0c6297c41c0934433f1358801845b7d47c54978952a0a8a5448

SHA512
4f31333251dd952c54da87bf4e8e28aeafeaace17b21d56662e209d05f1194244ae8ceae004b0fe5317ea7ed8434c5c6a1db204e1fcbdf3667ccf4c635efa0a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0f750e91a3012bb2c78d10ad031ce87

SHA1
61970a3dabd7c278b9aec7e392568a2abcb099bf

SHA256
0d9cd876f28813dc9417c7854dab747b0e7be3eacdc0e8291bd233f22af1e6fb

SHA512
9321448c26d41c158f903d96d47dbe5c513b83da492e5a83e64cc6062c335e0305ca2fec4426c82e9a5ed857478450c5f48287e104ebbc619224b32c16ba6ec0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
75b4fd33c4f879fab67dc4b1b967303c

SHA1
685c8d02ee3a45f78fca431ef44ed9a2376f6132

SHA256
818f96aa3e03e71597252428f75ddcb4d3d42306da3370a5bd23fa27b7057b51

SHA512
330633aa82d76a5218218d9ec2a72617f36176f465a203afbfc28dbb3c9245787c606c31d08ed073b148f43689477123caac38c6513445fb078266fa0ac536c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
427b73d003cb81355584c4286b5cc246

SHA1
5662350b1b67d59beca741f153608c8ff6b13ade

SHA256
daa433e928f5044f446fbd27cad206a0f7f68fc1782bf0d33499802b203381cb

SHA512
0cf10713cbce55d55744ecc38ac7de6922dce40fb57e5e58fd8e73d13dfdcfdcde3caa625e57bd8a6f8bfab8ffdfc3c5258e9f22272384b5dc9d07981b5e1e3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
545f220c4d715155c2d0a30977dbc5ac

SHA1
790f09cd4ff994fa04fd27b9adc8de9456647dcf

SHA256
2208145a2d5d111e2b7f7a27250c733767259c0ff6d1460ce256e4bb68b000f6

SHA512
9ce7c798f4f3ced8325e0f48fcbbfb0a61f76d81aa9b07f7eef355d973b1df80c37840592d4b00054cdb894a288e88bd83c277715370deea348232253664e23b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d754bef31e6cd7dbbf590cd16596bea5

SHA1
3cc3ddbb364115773f8c11a321bd4c01143740cf

SHA256
72bdc51e5def53218c36ef2ef7c572c0c9b6286579b3a3c900e822c4a7c3da0b

SHA512
13bc4e56aa20dc3fdedf457c729437726c54ec718651afdd27030b9f41ef47c7166fea5fc4d510b53540fcae41fe9a15bcc6249e2baca5bbf47b71b70b877c04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9bc62cbbfd5db728e8ebd7479aba166c

SHA1
a491591161bec79b375c03fbd95683de844801ef

SHA256
a7e4614f3117e0779150227820b1e7b2c6ca87cfb3044200cf586c29f9008ba3

SHA512
897650afa12c5119ec55382e7f31880ba501563b0dee2e63bb120a38867f0d58570298c193ca5f2ec603733e73b29539a0100d1c6734e8be07fcb8a5156c2d59

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0955f13ac6d88d5497655548bdf9d949

SHA1
9426fdbd014cc6bc532a14b62b2fa1762352382e

SHA256
b898ea892dbb55de61b2fc7be076dff4e3603be1d695d46fa9fd73215ecb76e8

SHA512
77661e8474b11f71c72932962202fe3bf7d8bbe3752b3e7e19e69b2955ffe631ef15ab1353325e5c8c65212630a11c18730e55dac1717ef928230a644106ee1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a142738aba18b044da53bfe6fc0cbad5

SHA1
50a11ca3741cc8ac8be04a18fba31a8806fdda3c

SHA256
f57577e9ce649a41997d785c7d50b64ef81f279e129abe6dece09adc8144cacf

SHA512
92df874c69e49198b272c6ac585ec6ddeeeaddfd0348bcffdb349f4427f24251312a292c73555affdd9f3cdb8a36d24ab7feadfda9c0f5fe31ca68c8708b52f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fdf2186e6ae0a339051097e8b13dc743

SHA1
9f48fde8f74d530c08ec1b4dd2c93d05a95debb1

SHA256
5572862a4ace80aabbe248b3c4a4b2b5d5b60b48dd3f04da6809be3ad58c4f5d

SHA512
a60fabdc120e02763dfafd3a531743bbbea13ff2ef2fae13db2289eb73577089fb39a6037ea19016fe959b1c1f77b7bf7430d698c5df80aa9cd1688d8f62875d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c30c6b947fc16a55bc6f3b3e30fce1cc

SHA1
a03314342d8c861a816743371dfcd6bc69cab29c

SHA256
a64df1736f391ada245f114c068a15092e2ef073f793224daab708ca9a0f60bf

SHA512
9d559a8185a30b274c9317b6e40925672615229de2cd596799ec5d4fbb55ef93a537c9b5401c3777059818168596bc54f5ff95ad1c433cef5c7f685e544c2a73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44ac29b25852c426c51d6b148b6a1b2f

SHA1
0d71c9df9c57326ed4a30ff4ff6134bdbaa76ee6

SHA256
b2aae2a41dd1c4325f642b82be107e45a6a9713d4091a726eb02b1e62e6cd565

SHA512
e9f084e9fe20fc20bc9874913181a0d3d63b20191765fc9fa2cde5a0ea29e1948800df3492824953cb169bd06f2e51164522873bead142c36561de4ebb42f944

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c999a930e945b93012102580427708c9

SHA1
19616c35c0cbd35e74db473a65bccd064c077a3a

SHA256
b4a6755fbfc4bc53d89bbe85bad6e60672fea7309f0d77b17baa89f4efd2c159

SHA512
dd112a9696eefd1c9894dbe1eeea9793b7fef3ac19a6ba5c9d332284cfa1b29ac1a1505f54356c16cdb116ab27d903c42e2a2b686eef5d060d0072a570c8a8b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEB7A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEC28.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit