a5c1c0dded21bf1df136d6c83cd4c7f069fb01632e76361e1564d19accea6feb

Analysis

max time kernel
142s
max time network
154s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 23:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ca076a69daf087e43c1db8236b18fa1_JaffaCakes118.html
Size

56KB
MD5

3ca076a69daf087e43c1db8236b18fa1
SHA1

1554f23d201f9b242e8f88a11b6ed7691395b911
SHA256

a5c1c0dded21bf1df136d6c83cd4c7f069fb01632e76361e1564d19accea6feb
SHA512

02ae8d7607112e79c1eee9590be42d727ec5c270cc5cab5a4c281153a8c7e3d77db2ae393d2d12be29210a85b6ec8850411132125187da0a518298ce9834fb01
SSDEEP

1536:gQZBCCOdbl0IxCABny3fVf8fMfdfIfHfvf1fIf8fJfhfJf5f8fcfTfWfX8f1fzfD:gk2T0Ixs9EkVQ/HdwUB5hRE07OE9LP9Z

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D2DA4DC1-88F2-11EF-A5FC-C670A0C1054F} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000053fd6b8cf8161a53834f2b4be656329c0f2d0edda572a039487bff638363335000000000e8000000002000020000000b36dad49f65e86bae42198e97d73101f16c48f24b28c29e048bcb7eb1a71574c200000008780f3b1e22a728308a81baa1a74be1a00578ef502e8e653e025024f93c496024000000056ae1d1261636ffb1905652bac906cb058f8b0d5db88dd69c52349fb8fc93ed5cabea240e9d3459e7f54a9502cb2ea5c5b94b15ef33d38b121908822530d3fdd	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0fe93acff1cdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000c7acfb50abe9eb8ab8d960189c44e7497a27c3b7a6b08f21e336c6755c89401e000000000e8000000002000020000000f319b180f477f64bc47c9881c8847a4047d16a3c2aae56c15083695ad041911190000000b0d32e6110d1da6154aff37824a6b8e9f8744a3474ac5562701d83ff28869dcfd3108256c9b95eee66d929b662ca4a5f98e16f53d94405ae60b0d4e293b5d6bd6108b80c24feedfe38241a6afb69133d365971564cda34641b23f9007ea6649c19e4c247f850662942b6564f5ce68fe48ad7a1bc787aa6016585c1e96a2f263623414bde03ba8f80db6586aac2e8d37140000000b9a8c71b1950893e9202a55df5a7e831e31359ccdb0b35ac5f1c3d5ee808570d07e6923d09a694677c801a397669e60f6c3b1eee3ff0283beacb8aaf62531deb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434938066"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1832	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1832	iexplore.exe
1832	iexplore.exe
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 2560	1832	iexplore.exe	31
PID 1832 wrote to memory of 2560	1832	iexplore.exe	31
PID 1832 wrote to memory of 2560	1832	iexplore.exe	31
PID 1832 wrote to memory of 2560	1832	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3ca076a69daf087e43c1db8236b18fa1_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57904c23c2c3e6a1ffaf27dab9da7d8c

SHA1
c54336eda0c530945f8b7530b605aeb0ad97e8e0

SHA256
59a34572190e232206001acc7a43145f6839597a557ab7f6373341ae1719e1d5

SHA512
5811c948a2a1bd1609d9ec1b28877e9388c5ee7933583f873fda2fe5ded94613c80e0b7eede7112f9454673123f2285a4155dcaf35bce5e18e6c2e54a8d4cb97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
26f2ed93a368c897a74537bc740f8d89

SHA1
78044ae504092f9e22ba25a4a8bc8b18d2dc8fdb

SHA256
4e716ddbc20945e7fe125c6f4559c4f4391114077b213be640ee74dc3d74746d

SHA512
09a5d41c87bbff9699d48c785e57e25335f5cc9372db8b0cd6c1978d0bb5e68e74db9b997a208ff49b389aa15cb431225594bb799fba475997efd9209854ad60

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
56cc27a1bb11c513b95f8ebd8d3fe09b

SHA1
6f3bb387844ffd81b0a94716d6accfaf51a5da6b

SHA256
552427e9154461cc09ef9791e39b2e72b5576cf1f0a3a8cc5d8b9f39fb9ef16d

SHA512
09f9c1aa718319a0f4d8baf97df1b585f2f8ff7fc8790b410ed542775dd880087a2d35661affacbdcf54dc4e1243ae93b7a8b0afedc263c87fd29aa4339caea9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
67ad475441be4504ef73bc5a48d86bc7

SHA1
4b1b097de713b971682569acb8a8bd9f93889529

SHA256
e73ab8dddc6440765ae77d4dd3af4a23e6c5684ba536e70d3e7ab019dae10308

SHA512
ed3d2bf56d4a07321dc58c17de8ab3292995f721fd82d1746a7f92e7aba9797f8c158411a793b06464d8a177464fde778cd115f7cff4f31c50bf9f312dae4056

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f390943868e076745137e95626346486

SHA1
7efa203cecbc5957d134fd5885efb657fd1dd2f2

SHA256
7c0c9e51cb54ae24a53d30663844ad880c04d019abb94abf54b98a8075c622d4

SHA512
4da61c9e3aadafb77fde4f74ea722c18fe8bdd190a517ec8e83de5765b8b0e08d3bff882bc953693fcfc1a6003ab9c686782c5392dcdaa9372020addfcc850b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0fd11d9bb527095c2b482a9c2cbff23a

SHA1
1c1a2b35c7821300016759fe70cac294ad65c571

SHA256
8d60ec524a4b2f989a06dff7c9a886adf3d76094b6e8376c6477a518708af70e

SHA512
4329d3121f41523acaddeb65e81b1e9d56b71680512f434159a1a69d21758cc93472e8127b30b1a278d6cdc8d3db57c93c2f556c6b69806d861412e7c7558f68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4a1b2449dba9c8ed3a2b1e298389598

SHA1
280c14c895f9a12fbfe4cc2a288e86983cb61a11

SHA256
9a2b6c7484265a1be900b3ed61f3847b389cb37b6d2f39f1f1b9e4762efe721e

SHA512
cc09c18b93f3f606865638a1643317ec17e781b3d4a6c21855bf91ccc7b35ffe2366e3eaa89fd83ab5d6e01b077a7085e8926cda364dff915dd8f3131e3bed72

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4c1b6162c4bff3b25dc50dbb1e8a90db

SHA1
8f4a64eb2152cfc9b7a3a25d19647eca96ab4336

SHA256
b95840403266217a6028bdc248eed8a0cdf67f0e85f7952fa6cc76a5df73bcba

SHA512
892c07d2d175ccb28c76d0fd960649dca10d665d5113e9a3f0ae8db69d86db5eb71b62557f5f797da43ae1601b180a1176ba43e14332b60838b6e338e65f93e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1dc6dcf4530fc4165f3f49fd9aa7a5cb

SHA1
5468218ec9a99620bb2784f7a20e2a6ce36ab57e

SHA256
fb87ca60dd06574a2caa404aedfd993031d61a44696c26bf09bfe3ea5e695169

SHA512
7cb7523aab736ac2c572695b22770d0b1cf98d1e906dc6afef23903cfd9032ede79d27f17bdb95baa04846709cf6e1c87fa887b35afea5f233b50ec87262e45b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
02796c42d0fdb356594e90c768c610a7

SHA1
158cc86f67f9a39da6dc868c7776c0d0a9938b7c

SHA256
dd41fa416b393c814d538a8dd9beac9295bc11d55ed4d6a1f6bd86263a1ae80f

SHA512
d65281d4c7baa67a3d5b3eb1a2f9e7a4f8197025d690dfa7a7c36ca40dfcc71874dc36766cd9d5c159017f0b980553e67dad0d8198315f8524c7ba51fa878bba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
380ff734a12a66cdc6af3dadabbdeb88

SHA1
f46b792cd5c0f95475ea4c69879428317b5799d2

SHA256
405b116bb5de9268e7a201a51c5b2d9f31c28f3cfc33401bba693aec9344652a

SHA512
3f6717ca6d795230fcbc7377c159ad695ee635c211bc07f3cd229e3c2045c8d48e74e09bc3abffe84890cf522cd9d1949ccb810774d252f8790e07911b795b52

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4910c572cc1ca3a9f5a188a303bc16de

SHA1
bacbd45dcb4f2781b0954caceca09572714fff57

SHA256
fec87daf981078efb6cd93c14a45f3dfb6fac681838766897dd9d0da34b29645

SHA512
f8275f09239474d8a7dd8259cf3cc3245c047f024cade00dbd562fa3c2451d99b5501b6752c3e533f927be7270eb5d53bf9d7a73c6ac4748ef4a24b8d6d1ea8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e150a53762346d12b1a1585a9333ea57

SHA1
d408e7480011d2f61d9bb9268faadc6f88b0459f

SHA256
87ee517f8b529839d689300258b5c4dac877fd435e7e0faef6bba13996cfe201

SHA512
afd38d26759d5c67b4c2c9af0c0130e10a98c755235f493d0b8b356e1a3e4a3e8bb02a61b961c2d593129efad072a944d59c33daa3bcbd0dc76d9c4b099a4924

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a799338ead876bd98f8601616485b4d6

SHA1
291852737dad8ffea8095f41e7261ebc4b679cf4

SHA256
349b19837da678c252fb7987a64b8f2dea5a69e8c5eb32b8e8108023b14dc542

SHA512
9c85e268ec9b7f34b70422c53709c7e2fbf79602efae3ea3d1197885e4d04feed18b4dba19f2fdddf1d96b92428e961d98f028622927e51ba31a5cb2115ceab2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0021d8edf9dabc7b4d2d6d5dc244c66

SHA1
ecdf4dec4666f116e706d96af3621d9c2947bc34

SHA256
6a88070907bb15fe12b30df5979a74b4ffab8dd05a5eeb9d65878051f2c6f1c5

SHA512
8e7505383491566f8226ada2e4b321e659ee0072606bb19315711519cab847e4ef0d0ad545b43af4596ef95ace978fef647c3f20a860d20bcdc8c1c8afed0a7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c0580e555c142bbcce32973687d233d6

SHA1
7333f1f054656817534d2d8f874861e0239865e3

SHA256
78d32b7d88829e481a2b674abb4d9e392fe5b1cf7fbc1f6d9a127e1784516cb9

SHA512
6d98b691ad26605a27e4de68e7d7bb107f23e6d1a89f8641d52b35b4fa75ab4fc8d9969cd1a18b7c5792029ef062f824f49e22a059645c0bb659f86463a53fa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1E5D.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1E5E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit