90658188b98ab25c649fb50ebcdcf9b3cd955db2dd853f6a1e953089f6e0eec5

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 01:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

15b7beb851a0d1f90a0804f5c8239f6e_JaffaCakes118.html
Size

2KB
MD5

15b7beb851a0d1f90a0804f5c8239f6e
SHA1

2d2579c39096fcd27f44a530be189861416dd90e
SHA256

90658188b98ab25c649fb50ebcdcf9b3cd955db2dd853f6a1e953089f6e0eec5
SHA512

6cc9fc5a84e2efbeda7431cd8adf326cf071324d39e69073fc41b137a5f9e47529da1622d23bb5e44626772e688505a2ef15b31c50452204ba418b66f13e35f5

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3CEAB011-82BD-11EF-B233-C2666C5B6023} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434255344"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2212	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2212	iexplore.exe
2212	iexplore.exe
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2560	2212	iexplore.exe	30
PID 2212 wrote to memory of 2560	2212	iexplore.exe	30
PID 2212 wrote to memory of 2560	2212	iexplore.exe	30
PID 2212 wrote to memory of 2560	2212	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\15b7beb851a0d1f90a0804f5c8239f6e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

Filesize
192B

MD5
d55c11587f21f137dffa4c6021271811

SHA1
35062c023adb49061aacd6591daa7306cdacd43b

SHA256
4edecfac2c004419649ed3c3c5ec13b7b48d96474bbf613b239de7fc45624657

SHA512
0f169aba8c7ec753637a16daec021b85f4a74948c9ff073f1219313a728918ed443f577176acdfae2067506f9a11bf58ec8e79ec2bbfbd734579603a932e17cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
cada3cf6b54627314abc361aa78b3d1f

SHA1
16d5fbaff55c2a9f65774bad6f6c30a113b35ac4

SHA256
88fc5e7774203e7448809864fb74af2c30a24599f56998fd5c80b3ff8117e6a4

SHA512
0169840eb74928b69dff3ddd1211f1cbab30d6b7d1560829a2fd554d684ae635381f90ec059978a4d2262fa4f929f8854b36f037397ed741fddf952f2c2a51d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ce5abeafe82a92e7c7703f0a37c71d1

SHA1
7bbe4fb7103ff843aeb4892fe96ee5999c243813

SHA256
5aa2057cf96d56ed675254e06843df9ef4a6da53bf1cb6c20b6de4c3ee08df51

SHA512
ba86db6ccfc1d0f3c393fd7e2b18b539d3156248d4bbb957a6dc979f63e80c34002e0219896585ded2a0f26edb390a018dd5987f3ec773b407bb3a1823fb633d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34e7c561b7f963d33c654043d72c692c

SHA1
f657f144c8d0abad1b028acf28b47228149eee1e

SHA256
ab2af6702dc239e3cad3492029df48564ef9112c4a839f9744f71a93471e677b

SHA512
d32fbc505b2d9202f606c548a13a118b901d6e9ffb968094f68966a0119bb3a3c466614c5299be5b47d313d6316826e5e89fc2f5924a20ef0980c767fca1edd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
54de3b459dd2e0d1b7c59b772c82a8aa

SHA1
5ffae1601e382537531a660d8e81f8ceaaa016d6

SHA256
43f4569cfb00f8756eb1ea1cc127ec34c1fd846c5ae388022b20ccd304390edc

SHA512
e30ee64ed70c8552ad8797c1ff6402e60f44d7135990fa74c6bb2423f63c006702970efd501524c0d6d152b057faf5f541a515666709466f522fd8d91627ea63

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c64535d9094fdf69a58d7c1132190e9a

SHA1
63c874f3e2c9faa87f08fc1b46a550898827d602

SHA256
25525a8d33f8b7e6d222ea53fb4b3bfe8dbda70012b33b74fd0489fbfae9e8a6

SHA512
ca94b0e459cf1537cc114aae43bead3a2e0f0c4c4b8bfaf3e5e4dc735516a59aafc9ffa777d1295f3d50f24097922b6347f853e0216f187095480d13d7e7b750

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
809bc405ff540d403de008c3aa38a614

SHA1
0f5db58347be3cf2c616c383cc2c923f02b557d0

SHA256
3bfa334ba14281e79a67ea2ccac7285b7e602662bbe65f7939c22b22f115dcdc

SHA512
08d7eb7d8c87086cf0dc06098a886548d71ca8d83fd9b577f7da9321f5d19d536305d4a44a5c0cb9b2ed5b506f96670d45d1b5e5b38e4b022b7b8e29876491c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4ecc0184105e6c7c8589cc0e094380e4

SHA1
2a2bcb77f1cbd03b6dd23eda7e26a6b1e7131ce8

SHA256
3d5b8a52572e01809bfba86bde21025c3488d66ffaaa2fd02b0c9a0c1db4c8ad

SHA512
53830a19c76ef3be4e1b73ee6259e1113d92095d6b28ea4b3d6a58ae60e0dff358c938d5f2f84af797eafa1d1d573fda185b83e897c7636ad58aff0c0ea71c3c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3aa4accdeb777044622fc0bede17aff5

SHA1
a2343e0ade113401c9925a80be3d578793c8d67d

SHA256
47bf7b18151ee8c26b094d367d055800fe7872dd1f0eb1b456ee6314d38fb595

SHA512
4e9b38af40fd4d16c516f1e17406b15036ba679cdf44f5bb041f94332bfcdef345acaa79e10f995941c248af3d81347172693b97acbb6b8a448290a339b5802f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
acde64cf04a0613b90684aa6651d3e98

SHA1
033f991e5cfc453fcb0324ae6eac7e9adadb3317

SHA256
bfeaa4a8344327daf755ff1659c72528fefc4986454e55e9e248b43c4e19d9b6

SHA512
76ad11e7ba506ebca9fe9d4881026e2e2174bcea2d4c8d345c139d04588393503dc885587baad25536dff6581351ae51362b3bd2327b9caeaecabe8cb6e286a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
38b26e5847c8443f5094e8d4f0fd5158

SHA1
4476bbcfeaf846c0ba4e9e3add3607a21a5bbb6b

SHA256
eae9f3511ce2bb0e6d1b286fdafb4c8d49a4e4f1d62ce17850eb248c660a91b2

SHA512
29b08ad5f1b4e59bc00daee4432fd57a8735c4f1b498fca7145a08cde5d451dc31cd26864d6a529cfd410f7eecc83d0cb23f93677acbc751a20fee45698b9e35

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d97db402f82afa732e810102e707174c

SHA1
2fa07c9ce187486ac8e2edf763398822cba24e3e

SHA256
2f5a01c353b192a16f53751abc159b1257fee3b8b2e836b02b6fbecf17db01ba

SHA512
51daac48beee5dd303c7f4896aedf7626183f23006fbb3e5970a79180d261e34d04ae41db3aed0fbbfa343a87b0ab62e2e1f4f94e4efc0beac5baad24a3d9444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f50b3442a55dba59877ff59d3c517ac7

SHA1
c77e5edab1847715d30e39686efd8395a05f5a76

SHA256
ed396b9960a78d371774829b4f4e41869dbd240ec6d09dcd3ea46b4c0787284f

SHA512
a42bdbd09911a82a985596a07c86356cb95a5cff9255ae51ffb581ce4a9a683788aa569a7ce36fafe41f39b91c50b7e4384a0da07066d3f9e544be1591746f7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a181f4ed19311a84c5e9cceb31564709

SHA1
9e72852851d05cab55e09ad0017ad73996b822f4

SHA256
a20c4112edfe77ea594d622eefad416173106dc8a43dd60e0a1aef1900174c92

SHA512
38ea294734e4d6e0cf5acd0e62cb9ff50f25e3ae3dfc8eab934bd4589bc555569b2c7146cff5b3fb2876e162d403fc65c9b0b80f14d83c355fb17d7dff39625d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4769f56e8f57dac534b2f0da27745831

SHA1
b7e2dd14f4bb89e4f00bae9df5fa19e1a3d52580

SHA256
64e6d061df38726d960d71e3905268daab6ff560ffae1307c5ebb73d318ffcad

SHA512
331176bd36d79acf22dc03fd4185a975ee1013b9eed7f863b882b398512f6a1e1f536d170a4378afdef346d5be396d58edd43016e580218b35970718bc097604

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4265a6691897b8174e88852e5d2f350b

SHA1
9b404f0bf31ab95cc444f3147ab9e18efa57caaa

SHA256
8b80026ef9cd23e1456f16da79716a9b342b1bca7f9777a4ce9128ecedfbde66

SHA512
4bbb7dfe8725be3ad0365bf6b275effd4d93e6a1e89e0ac935afba942b5579578a625b8890d09eb6d9085a61ea2e1d69aa5e3ed783d73ede43f60d4ec1ae47c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
2ae1e5d1691a20f7dc673eec701dc113

SHA1
0c3cd400cc0ebadab14338269720c2e1d156ab2a

SHA256
f1d261d1a91c9f2f077df4dde3dd31f1600feaff29ca4e047e57359ca4c03eed

SHA512
c4bda26dbbd8d98ed3d86550d200d2049c4a4989d3e8121130f8f676b7b4a197884952632633aaf5f0e2ec20bc08c8c9fb3becfcab5f16dbd75e54f171bf0ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J7FHNNOW\agnostic[1].png

Filesize
5KB

MD5
8e35b75274a33a695fba6a64c5e7657c

SHA1
d9f32ab5b394f813eae4694506471b5833fa9bda

SHA256
f79f609a341100f90ac809f0440cd810a6a2377cfc99b50eca6e915b82c09ca4

SHA512
0ebb9b14ce6cb96bed5f1421798a4c9b1a897a983678ff9840912883b603fe82f7b4cbe2b20f18a4880dddc07b643bf6e027cb93a55527bf083e7bdf6ef17c19

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabED7C.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarED9F.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit