faeb759cc5373c640f20ef4e7b317bf9f2d19194e166f1ecef4b6c727f6e903b

Analysis

max time kernel
144s
max time network
145s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 00:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cda6cf509ad9381882c68c679cb9863_JaffaCakes118.html
Size

13KB
MD5

3cda6cf509ad9381882c68c679cb9863
SHA1

2d9f1a7b24e509c05dd095ba9f02fd60a0503bfa
SHA256

faeb759cc5373c640f20ef4e7b317bf9f2d19194e166f1ecef4b6c727f6e903b
SHA512

72951f8dcdd8e5f84d489f0a94b362dd34af891feebe994c2970c9f114eba53f0acaff9478051a8709124b0c8bfd3ec98704e70f241b222efd2105e5e9c6d1a8
SSDEEP

384:SIsW3eSJQY8Is6rfSnjbKzr/laJQaa9vu59l4T2:Sv8eSJQY8IpfSWr9taa9vI9lR

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E4C0A271-88FA-11EF-946E-F64010A3169C} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434941531"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1732	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1732	iexplore.exe
1732	iexplore.exe
688	IEXPLORE.EXE
688	IEXPLORE.EXE
688	IEXPLORE.EXE
688	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 688	1732	iexplore.exe	30
PID 1732 wrote to memory of 688	1732	iexplore.exe	30
PID 1732 wrote to memory of 688	1732	iexplore.exe	30
PID 1732 wrote to memory of 688	1732	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3cda6cf509ad9381882c68c679cb9863_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
13759d8784480ef6b91250e26313a1d5

SHA1
e458a1d6f9cce1fda9390d0bfbd4cd40dbc3aea3

SHA256
59e4ea4424e88825ab4fef4caf58c31436c24118873c83cf659692da82c10328

SHA512
8ecb64398ccb34922d523dd93a1fb974b9e8f5b35612f06094c9661c337bf85c74074cfabadc6ee877cb339dcfca47ac3bc6041520097f72fc39b67555caa284

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4a90c3192e9565f13bc1ce973d7ac27a

SHA1
3ba92d7ecdbf2729e67604564d8368746d75653a

SHA256
161f4b2af4f694cf9c89ae561a5bac47e4cc58d5c4a74ad69dc2b306a47247b7

SHA512
d049b03f99313b83406c466e1090fd44dd7e13d09151b090ae2fe661dfd071521a43deac0a6e172a90f8a09d4011a750526dee84b9feda81e06c746a12f347cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
082f07373c002817c6c2ce7ef5475c39

SHA1
d98f3e00bcc8d5cc59b7e3aa85e12cb49b66f30b

SHA256
b489eb24476114ec94e7a6c3bb639db7184053abe4eb49a5e004e057c0b5367a

SHA512
4f10836365d1b6cdda832f439bcfc97911d85597fec1af780a16018dca39a1fe24976e7c553d6b9dbb48c88d10e46736005420590964cf2d139813c9c9b41258

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0807b44f719c8207f73d0a0d756ad4a

SHA1
1060e84288889235c58006b6f34aa56ce73f9f1f

SHA256
d0c059f24d73d03772845c4c37423a963f99ada438a758317fea0e87cc21ebcc

SHA512
02c81011cd3a4ec242b85bb140fd5e0f2bfce88c5ba32fc2ef054003960abb37beaeb310ac95a20bb4f63f4efd625a7d71799492bac0ca2cb425671e9ff02557

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b8a693cbbe4dc2e10f41339341a1c4a

SHA1
db9c267e0f8f2164b0de5352e13249f9a3785fde

SHA256
c7575ae6cb5ef736bd0bf8efc4b62e7bd14049356dd12c596ade21eee585f065

SHA512
6b8b1dd2079b1eddadd816959f70797d3ae7d184097216adcb0d8f83a4370005ec200d009ce0df1965a3000d5ccd105810c395e4b3ed795c58066b93fb8ab0ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8565dc9fa0ab83442c5e5a26f1879f9e

SHA1
21332f12bb01b9155b60a343ff3ad5ee3b1a1204

SHA256
c56cf7f162ea8e291477bd399832595fab0cf5e7da666d4ab561b31fe93f4576

SHA512
54226d66c747383d8aee34fe4ea2f8b2b31e26a16626691d3ac353835b82dbe52abc7873bad5bb2ac8670fef41eac386679fa182a1d394b1ae7c5cf42859b044

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e659b73e3c805c1eb13fb3ad75cfba0d

SHA1
1c6d44838a07af4e50b17a60d317cf34df263a13

SHA256
ba158c7b26975ea49941cf58f0b976d6cb4837ec3197b562cbf7af0bfc310e7c

SHA512
cfd5bbf70444d594fc0f39c0ee5062c872e7ffd9cfa701e56bd9b6b72e239acb04b14026cb9628c3e7bc1c2c69ab3fd1bdc4fbb98e34ed6fc1d7f844ab9727f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a5754e05d1dd48f8292c5cfc0c56cee

SHA1
69b718950202440e45e5285e2a4eb67c19b615e8

SHA256
0d1d88faffe44c8995228787d1317f2ae2d21fd9b6ada744a569d0a19038e5e1

SHA512
d11fa9457f5bf2ec181d26f1a8cb480990ed61492cfe8f7658c44a376a07051361357697d7d5686d887871b16a820cf3978a5c19ec5c352a19b0b9a848a8e67d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1e6e1a924561063bad83cff170e014db

SHA1
76e5fb673ad8a995babdb8b63e2294fa48cb353c

SHA256
9bf7e425ce26bdfc41b32e14e6b372c0cade6b39a695a329d383de867b84e5a1

SHA512
e43b2d3f2fffe5e8632d1e90f0bd7f7f2229416a51d830caa356c40b2c7ff4d8ca47ec67e3467ca8da1a7309313c8348b9459292d9eec0f542fd9a4400d1492e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ecff5644aaf30c9f7846eef105a16a14

SHA1
307597cf678713f30e5e14fa693e3a1e625d57e5

SHA256
25c324e5cf51b638f2f6e18697d20dbe232f2f680d60dc1eed02c75aadce8951

SHA512
5b38e6666685d4da8a35b10c4d0af55638e21547ec7647908e4aa27592fc6143c920e377e087782cf8f0ba4641e598cdcfef664ccccbcc00a21f97aa9153e60d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
69738f238b1bbe77822b675ccb31ad3c

SHA1
6a90c71336ed01b192fd0791567c64c5630c5280

SHA256
f457c0631decc1b93fb59e7acdc3bd60ef40fcb9b7aaf60253559246ef12a2a3

SHA512
706493213d993206a46d3c192e9f003058e56ec67624bb1a8894c034cc297453f6897f1402782e87524a0a4db24733dbe3619191e9b9ea01b4288dcbe677d3b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
53aeff7b07255e45544ea8c3f1b7d79b

SHA1
a5c5cfd2ffe15110c2c3183f54a25fe806175811

SHA256
f95fd416e0aa83f7d2e8137a03120352a8e559805d9ac4ae6429ca1b15a7e292

SHA512
574f239911a67f49d17044e8d783bacbbbc56cb6e32d4c66c998fdbc600a12956de000f08dece3cd8f5ae99164e6f71c649b4c90065129a69791cb03fa25e820

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabCCD1.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCCE3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit