3eadea7c050b39b3b36e243c7a539e90d6c569d6adcd95a64e8db6b9a3b1b843

Analysis

max time kernel
131s
max time network
132s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 14:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

01e3c96689d2f271cbb0d51bd27f9921_JaffaCakes118.html
Size

48KB
MD5

01e3c96689d2f271cbb0d51bd27f9921
SHA1

d8d9bafed468a265af5afddbabdc91a7dd3b1a60
SHA256

3eadea7c050b39b3b36e243c7a539e90d6c569d6adcd95a64e8db6b9a3b1b843
SHA512

264da530fb07ba1c780f0a42a1732e61506f3cbf17d66c7b66006fba89722485f2902d346c7e857e250780b114aab8517a47b7ad8cefce72954d70b276bde1b9
SSDEEP

768:n60YnclOGsf7fEkdxs8BP6lDyYPWUHps2dD67YOL1iQWC35CT0oD:n60sQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433869488"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D953CFD1-7F3A-11EF-B40C-C6FE053A976A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2652	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2652	iexplore.exe
2652	iexplore.exe
2628	IEXPLORE.EXE
2628	IEXPLORE.EXE
2628	IEXPLORE.EXE
2628	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2628	2652	iexplore.exe	31
PID 2652 wrote to memory of 2628	2652	iexplore.exe	31
PID 2652 wrote to memory of 2628	2652	iexplore.exe	31
PID 2652 wrote to memory of 2628	2652	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\01e3c96689d2f271cbb0d51bd27f9921_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69ce7e7289a30cf690b316dc11ebada5

SHA1
76500d783d89ead8f0578caf72de72ee616e01f9

SHA256
31601fdf138bbb8fb3fbd35f51337e6fb45a8e19f28867d39d9f0fc7419e124c

SHA512
dd19c2f3b6513330c2dc0fa0327817748c31484c0e2043cad125b70dae77e6e9b88310afd4bfd8cdf6a2a4b8c3c5f40378c1d64b0c7f06706cd56531046e445a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4230d1e12e58ba5f8c592669eac36f04

SHA1
4708e2bbd6c227a815dd55191153a1cafc082a53

SHA256
b43652a449d4e042384f38055e8d304e947fdebad87f416a44b06bea93d5dea2

SHA512
9ef2c0bcffeb125c9a3fd5cab9e284c098a5ade5f088493d63dc68cb76193edf78f528802ea54cfdb09373e408bbedf0e6fc180635a2d11436504b058fb5166b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41801662e696a25d2fef5e21e7df0c73

SHA1
526c04b9a6d3cc7ade80194f1b12032e7a16e7e8

SHA256
3ab1593e07b4076a57f433650f256de606407b255c0a437c9ecf88fdc8adc81d

SHA512
0766ac8c3f81493c4f3c43ee6d25a76c999617fb93f0f5e30a48c49114aaed8968d8ad035fe09b413392cdcefa03937f6a7b2ff86477dc0f753f4fdd407769a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
adcb9ec727db334c34eb47a98c669728

SHA1
4f6ad5d3f8da817237109f0170dd8f8ce7bc044c

SHA256
d1a3fa61dc0ed3985018549121eeb7b1ad1bbdf713e7ed5614ee5aa9a9ddc7ba

SHA512
6e7e4c8022a552b91fa02ef1b9745f5cc4ca8c8acb3fa2f87f3f3fe517be4351bf1f76315f62f74cf56d7f58c3420029a31e8521a45572879ad1fa890f7f1efb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dd57104ac5f87c4b64a836f625b53055

SHA1
20d99939c1a0445b1cb7842a9c4e6426313803f3

SHA256
6662672b73b156ac532aa8b0ae9540aa27c67fd31149801b5b22c757fc64a296

SHA512
5c71d24da6c9f764e5b013a569d2f40b707b76261613133f78440ba91f2cb1f8d1ca646dcbe658800fcd46cf3785d9808b589cd519187e973efd8779c589a645

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2329a252fc915f55e5be29bea657d772

SHA1
1dc1696a144fa25ba0fe8371cf4f2701f5716363

SHA256
359318f2d3112e1af544bf2aa1284b48e2678fc78b415cd32eff3bc84622a7a0

SHA512
a52bb1fa4e43661c934bd23fcfeab7668a3d0c736faa8a176f2dac8cf4e85bcdfdbf2708d3f2c5cec2498f17ee7f82eced64a7898c600a7bebee2a005dd891be

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c26c213eda61af1843cae7bf7f60625

SHA1
3ae687daba5bbfef9dd9c66f9761277bbf9a46c3

SHA256
3bc56fc9df519ed47b4e0e8b50bc62738c5024ccc567903adb1bc3c8bb7d89b7

SHA512
f7ce1d876fec8d1837dcd56c2931c1b1653652638e9b2c753e001dfa88c0f88cbc7445cb60f2b7b534c5f792464e46008bf0d552e7f48c692f9237c03b08f86d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32e9cd8f774fa6643dffeb4d4f109bc6

SHA1
4fc9b6741cabd62eab710c5d44ea3dc5568d908c

SHA256
ded324dcb8203b436c2d55dcbea4c6d929154bc435455e9ce40fb7d10da05934

SHA512
5c770b4946362ec60b04d4539a478fe26d9e4402d6eec92141008271152861b726657e60e08cb9f05fa345a63dd837ac4d46459676d975f13f51a0ca972b04fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
12f653a0d0fd86cae7d1daf15b77272e

SHA1
5c1d755615880be242c12338323a7c3a25e668aa

SHA256
8bcac82c2a8cd269af1eb40daaf1874cb341dc1b8e6542fee0bcc33b31a038f2

SHA512
5e0296c6f87f147bbd624dde992397e48f5d2ae2bde32e2011ea9e2da08a79f0f63960527939062a448c9fbf90eee77c260f1b48d90ec9e45963153fa68d5218

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85e71d6c59d1920b3ae0d214fc20f15d

SHA1
a074a603449fc2e885d482535448661b332644f7

SHA256
a7d25f2a36b519c9c32a745dfc3a1c5d304250acbdf8e72c5360accda49ef648

SHA512
634f81ef26c4d6bf19b00dceb6133265c0e6ceafd76b8d5825ed7e5494f010d8da4aecb77192b72e375f8314aed48b944c0b06aefd4798c14e002e5f1097d266

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87918e50cd26aed656873b7c89d7e3f1

SHA1
b89d2cd11c61e4f13324d124c62ff6575b016222

SHA256
74408e7c7070de8dbe068cbe04dd978d19fadc8c44b9818a5eb1adc72998c98d

SHA512
49b6157327f1501cac551a4b3f36e60d6f25f782734a6f75a4d8c4e21417c5a7de89bb5a656576b10e15d3dccef002d14f7041f2f457d1388e0c57f35b6f900d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1a101882b893423624cbaf2b3e9f41d

SHA1
1c6b7018f1528f8372effe72827119b9e5d5381c

SHA256
53eb11865bc8b28a60bcab4466c60ed4fb8fcc55000e23cf3e62e7ec0aca2ebe

SHA512
ffb4118db190d80ee471ea0b552064b4f24c8a40ff59a1fb7e350d864c8fec2446d3931ffc76212f5a4c81bede7eb60e70a9113317b8fb43d28abd0ebf99bca2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3dcca599d5f1fcb0b712e5af73bd8a59

SHA1
ac67958d520a34292ff1f7ad5a05947576d602ed

SHA256
5f65dec2491dd977b0e03b6f2678f8d42fe7bcc8621180b47d206725ed133ccb

SHA512
cf4fb497e45e8d189f66a54711b72581aa9c86ff3231202897bd042940e4e3578757fb5900087f796c930932a41e5e1b53c6d97ba66f06a219dee66dc9d8f21b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ff9324f83fda9f8ce239fcb73a1fc43

SHA1
9ec7c11531ae551a6529d63837297319f3be8ebe

SHA256
12305c7e8a9908a42044da08e2d25dabc2352ac0bc22873863d6519cead66ade

SHA512
1b19e48bdb2cb6ca50b81788108ea85673eab341156e2cd41527a102c7ad15803ead4bbcf6b8c480547897c003386b785810694646a229220fc2e89c8d78704d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98d412071fdb8bea436d57054d279cfb

SHA1
7015343760c4e6f15f50be8e2f52408a65430fcb

SHA256
306d19379f32e752276a453761609040c30572f154a85ad2c8aae99c9432cba2

SHA512
52f81184fb6bdfe70404fea23a31f002b4b7c3e97e4d0fef3e713db4b0cabc137f3a85148c66bab18f567939dafe0e86b2604b9708acfa6132f7884dccee6f7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f99dda5b73feaa6bd6c3b41ac8ba7ed

SHA1
1270797b8a5343c3e039e891f04d2595ff9c5f8c

SHA256
3c9d5ed2584083cc299d10e8eefe23a5330411eed611cbea7f978fb05df61094

SHA512
eee0cbfd43cdd0c4db56e4980e3c58c8c8c3b4aa634e262e0ac7dd3e931630f8a665adc16159da4238dd2d6f17d22512def1851580ee47467e1dd4b6d411bd24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3f6024ac7c805285021d1a879d3f6c6

SHA1
0e4555da8f1de34f798f1381962eb18704acb9b9

SHA256
f1054490ce31c906556d921b24ed5fefd33786915ff37dd149b39bac7884ff64

SHA512
e8ba0c00e15a4c021eacacdc50a4c6633cf480614eeae8df772fde52400df20d2f032f3224a281496684ffe8e56a40037b793b311a08b5bd54f33f28f684d818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
892428fdb04467a15b81fa172383c6c8

SHA1
ee0f1ae3756e9eb4faf383a34d8cf8bb86a098e2

SHA256
73b5bf68155b5b59d034d2e89d40a23b8574a7242fd7c3fb554604c1126eeb76

SHA512
1daf087d581813f0c62f32573f70baa5e27625511774f4b18de68fdc7fc6572a059146cac6f4145be4317bb6cb90fcbb77cca96ec9a63ba3b5badb7ed686f329

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f696f933631b625b06738eedda24bfb7

SHA1
dec30d7c835f418b6384dfccba3f5f2d2d2df9cb

SHA256
d844bff442098b2e5fccfa5d51fd6aa1fd0484d1f0ca088f7c261b7dc35c84e0

SHA512
0ddbd9f9f7b7a8a0ff06b136c29b165f7ebe90d6b7b60fc53a0cab3fa71e30e43cc83959b0421c6e7eb68ef7b0600381e2c14678148d59c0f4d404e56f9484b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cea0554c61ef2e395b3ede2b85b6eb3

SHA1
8de358da680c6d6ba5dd0fafdc2b9158121d61b6

SHA256
0c3cabde94171206136e8c2d1bf5a60ae8a8adf7d820b0aaf5c983421574fe4b

SHA512
bf290e3a6a6cc43d22b2b15946cb6f00cfd7bb21a6c9423f2b5d31d62fe0e94b9d94ff13433750019ca17df24e69ebac202f791d7fbdbc80a1f9275c04672f24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bf1cf7476125ffe4f1aac5332c7e9cec

SHA1
927ab6c6307d33cb42e25132763144b41dc508e6

SHA256
981ebfbc5af9c1c387d57d71a7504401fa610ccba06ef034c2020262e4b2dba8

SHA512
100d6a0a65f13062f698871a83324855533b34b8b662214de51031c6d97fd26193a7d42219c685013eda72b72986ecc55faca14f6a76b0401606f250f46089e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF52A.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF5E8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit