e3e836c1f1bcbe32614882e9a427be76d99d7b8360a5f520c7d7a241bc9131f1

Analysis

max time kernel
134s
max time network
135s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/10/2024, 11:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17e985072232bde2bf220556db539b96_JaffaCakes118.html
Size

214KB
MD5

17e985072232bde2bf220556db539b96
SHA1

77630fbe1294c02050e892a168aab48d57eb35b4
SHA256

e3e836c1f1bcbe32614882e9a427be76d99d7b8360a5f520c7d7a241bc9131f1
SHA512

04096980fd7540b231afa1191842e0cbf65df542397a4f1f007ccfa302bb2ef12725a9927dc44844a73902b7c48eee0ca25473b0e2abac16d091dcc38992d469
SSDEEP

3072:krhB9CyHxX7Be7iAvtLPbAwuBNKifXTJs:cz9VxLY7iAVLTBQJls

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434376220"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AD1E9F81-83D6-11EF-93F4-C28ADB222BBA} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
800	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
800	iexplore.exe
800	iexplore.exe
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE
2356	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 800 wrote to memory of 2356	800	iexplore.exe	28
PID 800 wrote to memory of 2356	800	iexplore.exe	28
PID 800 wrote to memory of 2356	800	iexplore.exe	28
PID 800 wrote to memory of 2356	800	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\17e985072232bde2bf220556db539b96_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:800
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:800 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f89507636ed1da776dc5ffd078e35de8

SHA1
0712145be3782d0aa4aa68288b8e59282923f868

SHA256
f02bff173342d9ca2bc0a714d7e8e45f714c3338fc783e74053fb12452cf53d0

SHA512
b1e3b4b2cd94bd359d57428b326d4740e7b463c1100e50d7c35edc9eedee19447a8205f88a5972e6c0a42f0302a0b045dc523fad3c6be8509356c7421b1b7ede

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92502bbe3e0ed4596161b9db6ecbd378

SHA1
d640f2eb5538bdeaf1c2c015f71e16553c4be4d5

SHA256
8ea89526a86e24f3b94eeb912effcdc10c18d4976b0bd2bc9c5d81f44f6cc8f7

SHA512
9a06a1abe1d92d35b21830cfe877666de0600e870e3e9f89b2d571b66c11273726ded010370693ae468ee7414c31d518d5cdc67926bb8d4d5a06db62f7cf318d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
63c6a6b839fda419b3946fb91047838e

SHA1
f5f88fc895251b36efbc32ba08d55a2c1d76d841

SHA256
4cf3821cf45f55ee044d03a84cf7b21afbb2b8d1194f95de67c76c045d33b80d

SHA512
5b06aa0a823609b7423669dd438c25d739ffbec548609f1f5b968baa15ec4b6092d7f522508042171fbd80c09a01c4e372f7ff97f7a5af0207cea1b8b1cc7b8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9670bbc640829c9b0f30a97943a0ae77

SHA1
0156876a8fb3290856ada48bac6b2247f6b10063

SHA256
fa1ffed4e93be60863e6dfb102f814cb4dce5826e0148effe085082e84b5da0a

SHA512
19b274df94cc2e62f7a37eeca6baf06eeecf71110faacb6df904c56006b3d1fa4c0176b5cad1d97814454326fb73ae660bb84197b9ff81b8be77aa372cad3a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52c27571925e384ca6fd7d9472748408

SHA1
2d19eebacb336e1481d7e6d7ccb768674be9b8ac

SHA256
ff5f32fc1dedd8306ad06f247b57f711ed63a8db2a0b2aab96492762355940f3

SHA512
79cfdbbd86cb29d721645177fe7bcd12c78adb9605456aa37fe4948ace948fbcfa3ed5e4b0101af1604690bdd78822953b3a81a5264ebfbde4f8c32f19b99591

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fb7e5c10525b7109cec7f080bdd2a880

SHA1
70d46c97abc948e9936ae6c570911c365ee28b7e

SHA256
c5b26af99a06bd6b9b03f9af3dc83e26591d6743922d90b4e5e1addbec895f46

SHA512
cab09705678c7f12803a3ce9156a33343d3c8c4025c1b98d240890b8c1420f78a20cbd55b5451c68fa1d086d6fe9a141ba5f523b1b12bccb7cead5382b71d374

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
08369d7d2ca12b1dff94aad6f06d6a83

SHA1
36b54496835229941fec58577b960f24e90bd84b

SHA256
e7843c11fcebb5bc2cdebe31334c0d8b0559c002a8b018416e552a595b5979ce

SHA512
60ed0a5bb7a3c0e18035d471c6b948a21c8b19e9671eb6586e3f56f61e62b3931133eb14a53e9e3717a9090853872f900ad4cbdc9f3d00bf405495af4d93d5e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
34b50551dd1ca457bb77f21f2eaee978

SHA1
fa5847671cfc7d8fedca6fb9d04c47d64320d13a

SHA256
57ad452d05a61b214f51c2fba3be03f2f71575dbe68feeb8b80b76032bad3414

SHA512
fb81e99e484fdaa8032935ea11b94e70dff42be1e0f9c7b5eaa782d97c50d591aa36f2ddd88c3546ea7b70e1055c28ac34aa3f34e93f7fa940d7e4f7478e70bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca66fc2492bf49a5b0cc15eea2df6be8

SHA1
f788798b2dd943c2556c9e6ffa04a44ff80f7d72

SHA256
5d593e16db3167c1d0e46cad2b6407582938d7b4a606d2e359b2354ec2d8d228

SHA512
cf586173edc21940f342eb59ecb584d0f349300d13149cfbcb1b96f5141576516c0dcb0a9581e2b725d51dcf2cc2e92fc167bdf06e8d893c6eca18ed7cec36bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
59a54344bd5c5c03ce1632c15f9c7c7e

SHA1
affa41d7d00e0e371acbd86d57fb76e7322f72c9

SHA256
0f83260cb7818b24ef947d3c824ea2565fb92e4526a504007e78ffb3df79873f

SHA512
9eae468845b3225c5d5555cdbb9e71026e3fda55287b1ba367d0ee44a75b908637439dc1b0224cfcd5c1176e3b00a082a49d657a199191a813a2d169d3661cdf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9ae1a6afb36929aa778efc0c4b4cc51a

SHA1
b4ada4d8faa173e8dac0a912bc54caaec4a3ed08

SHA256
47f098d7efdefc08ac8826e26569584a7d46cc89b852a0349353ce7f57313669

SHA512
cd6cafb31f7016e620a458972be41dbf9662df39a46be137f2cbf64cc80e0e7b45fc4a3b04cb20d2c7d8d19ff2929c9374b28bf2f1feef442a7bd37f60db334d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2da757770ea300fbbfed3d755b3c55fd

SHA1
41d1ea278b1bf2c49888a76b1ceebbe768ea00c9

SHA256
8e5119fb550c1583c601f4f3a41e4c14a4bc7779ec707ad75ea179e9cbddf46e

SHA512
dbe911fffefec0513433d1a590c9eba1e4166c2d3ee597b66c96aa065be7e74c319691d5c59b8adbe7a3485ccc1fbe59f72498600eaf9fffe9e08c38830e6ada

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ba81906f0c9051803cdf582c09efd255

SHA1
f6faca2ecb0773171b440992ab6278b5c7e9394e

SHA256
0681ffe92f752a6c53f1cb424dd0882259f8e04e7e656bd753385c4b06bcebc8

SHA512
7d72d4a1170d640af44ac1204b8c795bd60c03c47b24d3e722e5be9d5ec21215152daba33fe606bd26c7d64ae82ce4130ac2b10b1bcd95f4af5769c9523306ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
276f479fea1349fdf8d8985ef426c0f2

SHA1
ba1593de605c435d81cb3bd98462041b3310fc59

SHA256
22294b158b44c1466a46df9260f894659ae21d9c8f113fdfa7fdc2879c089d8f

SHA512
e35639dedf038ed563c727faf0666fae6cb763064f560dca61ae96cebabbc197c9460e35b0c0f4bbaee1d39418c310cb3b50f5e2e4324e076f8dd28109a9a85a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65fed4dcd10bdb398ae542eb9c9f79bd

SHA1
d02def8f9d4f48a821f54a8cbcc158937defd973

SHA256
b851f270f8f5b038726045e94cf48123646646e6b284cc4bf239cdeb38a9fc7b

SHA512
cd6b430526e184a85d56ac4ccd88268710b46faddf73eb3a29a93e5d44caca09496bfd07fe6245b275210748ef73ec43b96bcd077943b0c799c06d85fc7c3ae1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a7555d8c903f37ae578e1924c0ba08fd

SHA1
e9dc79d18070e481b42f5a54efa9693064c50552

SHA256
1bc74ce35498128bb9de27d0cb4a735729c5e06aed93eb3c588f1bf4e8eac680

SHA512
7e544affce362f1e38f5d36e325e55617f600dbfab6dd3dad5db81fa90e0a63161f869eae8179db6ecc5dfcf9a09ce1c5d32db286e616af015c9623a4fe67228

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41b0a07b634b4568f058e25e904a8941

SHA1
2d64e29024b66ca664031c8ef9afb62f4007aba9

SHA256
f511cce9f0d76874421d962d444e40e0a6b8092abbc12f3c25c2da61b642879a

SHA512
9563a026e804bf5f472abd54db7087dc5423cd45fc61dbbb756865b22bd4d7530ec7fda069f9487867080bbb459d77eb9109963de25a66a8b096ef89fcba0707

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ca9a76f20a2971a2c9b3de7ea0160778

SHA1
870a7b2646005f82d3fd68def3e65a962ca9bb20

SHA256
92f5f30de3c79125e770433e8b4d4c1ea3024db6f82b53f2ed60af977b74662e

SHA512
dc73f0bcbe846a1471abdae2331f1418b96dd37f61a34e23aea32cfd21f6fea7d8c9738870d918dcc33651fa50fe33f04d18e1877ad20fe671c4aac0ad19a95e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
39185e982077ec253244380e6da7ae42

SHA1
93a96848c1f5773b9786ad62082e587aa9f8fc79

SHA256
9f0b397641902c4c8daf19b37f30d375ced0d25d98095233b087c49b3f64112a

SHA512
608cb68b7d82458fc895c37983468a329c06f7af770799b93379a41d4b1bf3050b092022921b47b73febc3aaea5f32662f71526ca12a7e7cec68c969e84939e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab4CFA.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4D99.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit