0f4fa3c35c42b87005a9370fbbdecd47fa653bb814ed4a6455f120705d7f3494

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
04/10/2024, 12:22 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13587e153a97083ffefca6126b9d7a46_JaffaCakes118.html
Size

15KB
MD5

13587e153a97083ffefca6126b9d7a46
SHA1

b953bb4924d8f756a43d59ce91811e3606d6c033
SHA256

0f4fa3c35c42b87005a9370fbbdecd47fa653bb814ed4a6455f120705d7f3494
SHA512

ed31be49ac01f614bc436515ae70d7a958baf4f6183084dcecb5c683f5105cb50c76fd1ebbd4068013cc5792959c4f7dae5e6e97ec11b6af0f6801d16c50d1a8
SSDEEP

384:SGFfWcHDLPrEiYi7oL+LMYQvI8xF5EK5m6zr0cDzBws+HulzCgn5qB:SAHDLPoiYi7oL+XQJ9C

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434206441"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{61072131-824B-11EF-A14F-CEBD2182E735} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2516	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2516	iexplore.exe
2516	iexplore.exe
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE
2704	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2704	2516	iexplore.exe	30
PID 2516 wrote to memory of 2704	2516	iexplore.exe	30
PID 2516 wrote to memory of 2704	2516	iexplore.exe	30
PID 2516 wrote to memory of 2704	2516	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\13587e153a97083ffefca6126b9d7a46_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2516 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2704

Network

DNS

www.mistervinilo.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.mistervinilo.com

IN A

Response

www.mistervinilo.com

IN CNAME

mistervinilo.com

mistervinilo.com

IN A

193.70.44.58

193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

747 B
7.8kB
9
12
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

152 B
3
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

52 B
1
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

52 B
1
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

52 B
1
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

52 B
1
193.70.44.58:80

www.mistervinilo.com

IEXPLORE.EXE

52 B
1

8.8.8.8:53

www.mistervinilo.com

dns

IEXPLORE.EXE

66 B
96 B
1
1

DNS Request

www.mistervinilo.com

DNS Response

193.70.44.58

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
25c9b1c75764ae8fdd76ba13dabc17cf

SHA1
e3dc6f6f0c16f5efad4f5e21554934fbc1134b0f

SHA256
2dc0aec560c5ae667cb356667f2a12ef629c638bb4a17007bcf876d4f5b35c0b

SHA512
b29ca43c89c4c66712fe6bee1fdd793f11beba900a6ee55cd6fe5c29768c4f7249d81c1fa871ce71aea9a2fd720c74427af8b52565981d86405d62dd7dc1cf68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04a8a6275c2395fcea1b595bc5b7e433

SHA1
521ca46b72b4eebf39209c45029a4aeebe3f5265

SHA256
cc4b5379b2ab551f5afa7ff74d5ce57e4245647d7f1b6ba1a7198c7b6f07f308

SHA512
7a910efaefb8312a8df1fa3f4f7c4180d53ef4a0374e162ac4a0a38f97baffecec92d3a474b4c64e1c0b96a7663bb27f51e2d81eedb85c521f37757e1f638fcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c905b65483459797a6fcca42418a665b

SHA1
8d6674348d443017c2eeaf7d8f305ba31fa5e6ee

SHA256
1bbb1d0089d2cc6eb769a99933f10d279c39e5288e906a05705e828beecbcec1

SHA512
cba0d1fc127b1fe07fcf96cd250e51e3082db963aae7df9a1b6b55bd12f48ee9a2fe743ee685d3e6394159547378afb846bec4dd3556f344f6435828892d278d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
587e779e6559b678ff7dc759d46bccf6

SHA1
1fb58862e4e287c94d039adc32b2f1278d178b51

SHA256
51a2ba153a40c949b0d7145710e038eef6af3f058765cee4b4f17f2bf9ce5154

SHA512
006e42855832aa1ac61c30c03c93e3ee415d6c38499b88d1bf342951b3984583b26cae13074e9cba12dec79d9b00e483aa1b56d5dab33bdcc47079c9e6985b80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86fbd2c2ef8cfc89ad43fb41cbb2a074

SHA1
f6b29d7ef4d49a00592c31ab1def7d454afc3232

SHA256
d28398bca806158d0ce82677c3dc62be928228e8f162bdf19c6806a806ee128f

SHA512
8606be70a2aa3ad81f60e2fe65ad717c22fbd54377e711572aef1a09424053ef0adeb15675461672e5e8689922b16f9d498a3c548302ed3d1d50680fe424d868

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56cd3e13fa50facb3bfd51414397af2b

SHA1
da086e748fb3c1b89d0dc75bbc24c40f7c5aef32

SHA256
4c18d9b79545827f7e38fab0bda499780c67f726a4a733c681e17513e04e8d65

SHA512
c8b3369a2b815feeee524877b6f0bd7c0672cfba1d7e8417ec5c4647679dd0017d28fd84faf0318c9747588bf5433d7df4b19cff876f0838accbffe14bbbf24f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
538a40c8b4549ee98d5e586022e0226e

SHA1
cb112f63176b8540134ed10cdf900d9baf840d42

SHA256
a4665be2de3d7fcba1b6d08f0a780dc741133579bf0c02eb25e723917920dc1c

SHA512
bcf6c4d33265f0654234034207506b4985762e5f81fae577314e13d139f26e8fec6b37f737a89ee466b18af174fc1c7957c7d65e607119f9a8e8717860eec872

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74c444a7b609a8331669f59ab6aab9b5

SHA1
9a9f2f025cc28ea6c2702149135654aab3720a50

SHA256
f1db0707b0eea163c9752c8f00cfb9362ee5a6a965b0dc75ed21f50f94548c89

SHA512
34fb06e4ad3eb7b05305ab62aec28edc57c56e86ba709d2e16de25dbbaa9cd8af6d38e27d320d09ae93434d7b752a6213ca4a28c35aff1140d540d851c1f34ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9730783cd71409423b12878802c3bf8f

SHA1
1abc574cb1333ae12f79451b107ec1dbea145b12

SHA256
164c7c71b1db011542641cb9ce24d6e540a6e0f3f812d9b217d3c6d17d317f57

SHA512
cc32f8ab315ac49324de4ce508c9817c0d069de9cf77c7f068d2acf838edfc86998e54e274c9748e2382636cb568e334c67bb1f494d5447126d55adf7e3bafe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab74F3.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar75A2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit