cbcf8c5819e45f279af8448cba72d1263f1683ea678d56e567ada4d9da29ebc7

Analysis

max time kernel
146s
max time network
151s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30-09-2024 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ff9854a9634f4110d26d340bcf0b246b_JaffaCakes118.html
Size

143KB
MD5

ff9854a9634f4110d26d340bcf0b246b
SHA1

ebd1b0bcca78c4936f0d83ed08da1cec791ee20e
SHA256

cbcf8c5819e45f279af8448cba72d1263f1683ea678d56e567ada4d9da29ebc7
SHA512

7261018960d6dfb7cb644107ea2668e2bec9d778cde9b96b3119acadbf234d6b2251f87fad9ed1ddc4278825d8aa994e2d7285a949d457e02460b435815ba5fc
SSDEEP

3072:SknCJphx7dyfkMY+BES09JXAnyrZalI+YQ:Sknsphx7osMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7460A7E1-7EC4-11EF-9527-EAF82BEC9AF0} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433818638"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2648	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2648	iexplore.exe
2648	iexplore.exe
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE
2744	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2744	2648	iexplore.exe	30
PID 2648 wrote to memory of 2744	2648	iexplore.exe	30
PID 2648 wrote to memory of 2744	2648	iexplore.exe	30
PID 2648 wrote to memory of 2744	2648	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ff9854a9634f4110d26d340bcf0b246b_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a33b70bbb290d6719c83f06d68215ce5

SHA1
e854bf4667626f5485dcd088d40f2de69f44aa20

SHA256
8e1e1c84637a543dcf8299f88b183753ff13987728f72c487a2ce0e4708f57bf

SHA512
f4e73396151ab0a8fc0d3e1159f796fecced07c96b2d37df92ff4bca536c3324b318541096d4be88cb9a720e8c023a20bb6a6f290d6fccb093db2a722fe25007

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
017eef5facd40791157bfc2462ddb7f6

SHA1
a1cc4f1ce65ba4da8dc37e370966e8d4f848c963

SHA256
2c1228cb039424e90b40d22422954de8f1034480c11cd11c1aeb17fe25078d3f

SHA512
75bf762c59044b0c20617e3836c0e99f5e52d24895624d6b98d369e19de44e66a852a97cefa0e159caa11251968d3b9fa427f73354bf015b3450b3d8d8ae1695

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6270f4b9814bf261c99407ab43f23a23

SHA1
2e11f52d577dc85c496c65d15b7755c8c68247af

SHA256
e7f249d3b9bde49a2a6acfe9d1d7b215aa26551097db93d25d628289aeaf97c6

SHA512
c5069b7e25001eaacc3b602d50134b60012d9482bc294b95a5ae930fafd13704db312c027669f61771d6e72810d247f64700c678bd5091ce4fe8a1d31d1c8480

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a2f6799beb944fee05a45f749e0ae13

SHA1
2328637f1a953657d7443d78e408c23b8a24085f

SHA256
12b6cc348ab5683cbd41dc41afca3ebb18cab8dd9b4143f0e47cc0047dd8f431

SHA512
a2604fb883e7bfbe829d0f20bad8ceeebe55c8e37357cd9fa3cc61d0f6a0d22e0c5c3e0e1e37410ab4ce6a0acbbe6e99ade8aa4b769b38ae2a1f999c165b6e3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1e1a785919a6bc9a8f506af7b6b6045

SHA1
d581709e5bd778bd45a497c1840811d5948f59c5

SHA256
a908e116b450b2d740e6d320bc326d544a89b133dbbbef68f30ef5b274016b15

SHA512
447d31c8ec5adae4da7661d4b66191dbc8849096a783d7a3b7ef9948d973c351f92d93117439c545858226cf14499009741da5de0d4151f61464eda9e94c7583

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3effe29a0d286514cad4656f17ecaa60

SHA1
8af63a61a3874e8315e6e50a983e14d6aa007c00

SHA256
5a48a43384811b281e0d87a9b74a18007e9f945e01592f253779fb5e6f15e46f

SHA512
5bb014db87d23837d0aff56f48c76d278d64159e72caea573fcbaa940d2bd80bb17486ac73f8289b6a3d5ea179fc2f7530daac3bece49c0f0cd4a6eea04a1053

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e117dd7043bc8a6a6d743ffa99738b33

SHA1
d20d20ee1dd4928e28d822351d9ffc6e73f2a11f

SHA256
c44db26283698956f45ccdb5319d984552076ccaf934f38a144e3a8b9f27988c

SHA512
7b574ecb6f81f35aa49421998ed6b5c6dc0d4956a8194a3aa27eb1e785a3ec85ca6c4de25998ae83a0c79883457ce7ad8f34871e6e7ffb31202aa6c6affbc008

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
faa856ab88657f2daa705f4988d8df83

SHA1
7e9d567a825b70099e104b2b9303adbab378bcb1

SHA256
db246d0f6f0222f0c568004b984520927e9eb33c16cdde7de7ed5379c80a4667

SHA512
255ea99746c29b7d01a090c60b9302cffb3ab95a3b3d16d714d8f4a10b42c0262ddd63cc33957a89128336646735f46f0edca595fe3cc406e82304c82f9f3160

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
880115d8e91a14f10d5deb16b2bf9881

SHA1
5e1f38ce2211e3e152a487c31ce97ef15b498561

SHA256
300ae3bb3290d0e78c350995a2c227247a3ae8e29dbd62821d6227952c985b77

SHA512
7a125d5f5b9aa9e777a33062543087de643e501ea86bd7a9b7fb20f6ae1389b0bf1e3aea17c24d92dd8515f6301256871f2a795b13a0ffb9e47411b324a04027

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a180a68249866ea083a1e695b4bdf67

SHA1
c9f06c9dfcf6a6864a25987d00be36452b3f6312

SHA256
14695993a3f8954e49e540d28c76845af9326437da03a37f1a5d2e10b95288b7

SHA512
98b8486c7e0a0c081e1b37b924d2b88ebe82cede5fd4795e5e0b2e443e8963cbd8a60423dd9f913c25cdaaa63bab1cd2f03021b4434ed585e6774fad39d60a4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
637e3bf13ea74764b305f4c65a6fb72a

SHA1
b7d5552921efb2aa567efc9003c3963d4ca575f6

SHA256
69d19ef05c7154c2fb357fe63cdff9733328c7a5e512fdbd42c4f8504f8d6244

SHA512
2d86d1f06d4f8ebce431a6f8c4097bd0772046e22fec490491b46358dd2d32679f77ef944ba4ab2623148e4a56c854e6507735482f1b40e1faf4a07c21afee1f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f26199e963a32a862255547343abe0f

SHA1
60b03b2da14a425a4d658066be1f55661acadfd0

SHA256
a921ca8e31fcd34392bd6024ea046a9c429247e888c1c20ed7be30e480221549

SHA512
d9d607e4984b32ee665ca1cd859488cf966ace7ba313b34c2d7b137719f66a453bfd379118167ed071f5a963ce7fe4c04f947718179d015f72023bfe09a4bc65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ad14e3631f2030890bddeeecf195a9d

SHA1
9bb7bf5d23390d3205f8daf3da8c1a741438b22f

SHA256
5e1d338ab2f3000c29a3f4983bcb2e63271e0d921cab93bfadd555649643e68f

SHA512
e45e79b79fad3663fcd8154362d35671f798b64cdb748925f5a2a831d6fd66a4939448d1aa9dce0c03394a92e6609e73065c2b69985079da1daadee88536a7e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8726c0526d14039ef7cd64ef6b76422d

SHA1
612e2f15d7935a4cf36b69caad4d1049c869106d

SHA256
8ce7dae47378fc90a40119e156c2d84787be10661b2292781cbe0042a35f4872

SHA512
62ab87fc8c96ce9515493141a606b525ab26aca17ed818e0107824f7baced007821539bca4cf4ed9791627edfffe8940c0efd1bdee081e1817d009c977d8e8b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3162481429f4c620f6ecf251785ce4c3

SHA1
cbe59fa6ce25cf0a291e966d35a6bb34183fd2cc

SHA256
05fd6e705812c7b3eba6de4d4932c69e92dffbfe6c8b9aec94b5274447ecb687

SHA512
7451d000c39f7da8b753c4ba8538a87b6671aa670cc6c0a053f70a1f4523cbc679fe359c7dfe63da8a1bb5bce1d46857667aa863ed172283ea0a17fcc34dcc58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ca2985717eb0ac97abe24aa8a1cc84e

SHA1
2cec5aa78818eed33acdfe6dfcdd142d34884a89

SHA256
7be1877f52b12dd690f3b69e2a2872c70ec3d53010a21e975d5b3ce1f461d146

SHA512
1e50aed60f58236c24aa063b3e660306917d73e0e52712e66723988602623368accac21163211472f59b3da6e513f27f97d938ff66e67c4d6efcbe82093b340b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ae36a4a8ab4f09fd142ad056ffa32013

SHA1
0930a309613259e7146f9a72ffc23b431a407ef5

SHA256
720dddf9888a4afece84b20140bc90a7c14cd6764f57f49b014ff478d245358b

SHA512
eb70e512cfc8d6745e8279788db5cdd87b28d43306fed4ad5d886e68ea28fdb10c208ea57f178e6965b3a8534c3ac72443338e25e2bf4949af0c74e60f6f85c2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24c1f03fc89037c2e0a2e72dddae6047

SHA1
d9fa912bb5809c441005379a5e2f9fb7cdff48fe

SHA256
def3176441c270d82f01c4769d17a0e937deb7b5f30b1a6e5e3a2a83f1946442

SHA512
dbfd83cbf453920c2b0f06952cc4ffe82a0b0f68f4123da95d17ac1e6e9dd4295b128f93430ef29881ddbd3b5b792f1f571ecbbca348e0dc160628ce3a82920b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4fdc3b1be31948554463be1b108e5a5

SHA1
acb8cb156dc11117858b4a5e2d32ea7f1ab0da4c

SHA256
2a128b8dd64ce0af88f0683e4e3ab8afbf6287b1aae6e2ab9e8bee7e00e47b2c

SHA512
3deac51f5b549e4d23793de935136835323e33f30344eecfe8924076db33e03e0b85ba8cf5c9884e48a9a960476c389c1aa1b64e7523312c467b7281417caa19

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFD83.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFDE4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit