b899e1f77df81b525882fe8ad26e02895b0dfaab6e5c8952ff5db6c40ecce126

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3ef63488fbe866ebc3db92a21c97626e_JaffaCakes118.html
Size

141KB
MD5

3ef63488fbe866ebc3db92a21c97626e
SHA1

76b2cee8b70004b8fe8d3ec479293546e8352380
SHA256

b899e1f77df81b525882fe8ad26e02895b0dfaab6e5c8952ff5db6c40ecce126
SHA512

90c164bba9ebaff92dd4902ce7f7252a0f5fcd842a610f662915500917d1fc74467da6bdb0595d24494c41a9ccfa7ecfb12fef7b230086148b4907eb90fe03b6
SSDEEP

1536:S3QFJPuw+tcKQx76vuyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXAZ:Sk+tIx7dyfkMY+BES09JXAnyrZalI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434972029"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E6FBCD21-8941-11EF-8BBB-46D787DB8171} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3024	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3024	iexplore.exe
3024	iexplore.exe
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE
2332	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2332	3024	iexplore.exe	31
PID 3024 wrote to memory of 2332	3024	iexplore.exe	31
PID 3024 wrote to memory of 2332	3024	iexplore.exe	31
PID 3024 wrote to memory of 2332	3024	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3ef63488fbe866ebc3db92a21c97626e_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3024 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a832d2dad1380bc54c181a818fb7938c

SHA1
c826da317cd9d8735d34438455a4775976435ef3

SHA256
8089887692bba3c42f60adf9718479d85fe69b975a9416315366bf4bb51b4bc4

SHA512
8b04f664d48e116869592e522519a39cc535bb4d02eef31b9ae8da8aaa0eb9652cde7e449271f9d03a5e6d6166ae2d9520584c16c5a1f8831e6128ebe15f88a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e399330a8395e035e100e0f6263f4026

SHA1
3a72cc16a5bcf9160cbb9d40908e09b2aeffe42f

SHA256
16feb2bd06ebb23b1266a49f6b2f68cfb5271aab56d71b8c764319d8d9877e19

SHA512
ec257bd7b28036091eafe96e7899bf23d63477b31ecfc787331ab60a39fbef0017df0815fbc6cb17d7f9406d6debaca8cf9fcee256134fb22c612ce96659eb3a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d3ac77dc2e112ac16a8f3226d29b9195

SHA1
aff140d3eddcc2abbe5225049e0c4ef2476d24f2

SHA256
be5dc29b282a11bad7c8947b05575e7975657083fceeb61e82f97d22656c6adc

SHA512
63c93f1eb9d5bfa46d5426e7ac304ddc43aaa8d80115c9507052c362799fbf83081f58aade08a6021e981f75cf91f3085d89b44d8d3af06a5db760e9d2456ef4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac6895287e1b37372a7a93e03a5bbf99

SHA1
a11dabfd33dca508d5334ecfdccd81ff652ceb12

SHA256
7ad5445bd3b121af9ab9de56bcc1c9ff65aadb542ef37659006fec13940b9fd2

SHA512
6ea844e88bcbb9cf4b0fd6cb45652595c5720c3403d5400e6ffbd3cb4a48871119d5a0aa87c6b9e8f8544825a62576ad1b23542302e119801b1782ee1d5ec8dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
189f1ef052a41ad3d47baeb809af140b

SHA1
ef1b9d91000b35488d3ef474838d7b319e279327

SHA256
c1adc564dc57a8f7888f3c3b1232697f5c33b8e566b34f8f5c01b0580634a141

SHA512
dae3468259b25525aadd96dc96ea78049ef39bf1a0c1a12e63b9fc7e231d0f9d29d2574ce99786f4b6b0873fc2c6f1963087744a887503841425fde16cb34b7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aeb5ca773279bf865729108d49d0dfef

SHA1
7cd5452f58c06710211d1090a80b74d3de402e52

SHA256
2dc690023ccfd3ce8dc6d01f25b4e52e54c24f3ae0ee4921f178ff5082ab63fd

SHA512
0b395d3db7bc9cbf523407b5eac001f7b7740b35e4adda822ab5f82f455dce9609af0e022f8c980d092b0ad50fc5844e31a83bfdbbc0c99ea5fe289f266b1026

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
384b6d662f145445943172dee81a1764

SHA1
5aab1b00e846422ab7a37a226159e13c32f97292

SHA256
d7be277cb569280b4979ca19561bcf016f4b9b749433b82fc0ce8b4d9fc20a39

SHA512
7ff158984f83a4f1c20db77c97d28c4ad81dba0a9bdd43be55a326464f796b639b5e295c59abbf662b56376ca10bdbc32dfc06a8c59812e66ba16457bbe58367

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
558393c9988811b50d06f1f737bbc35a

SHA1
f17c2f5f1204bec841d2f19115a739130136e378

SHA256
1bbab8de760471bed2abad52b153f6c3bd25cf35e87b52a4252add37584505c1

SHA512
790237acf3aea50fe7eba1416ef9870e682b589f13ccf462f93a6064c71e745abe36ab89a37f683e386232be5633fcbb8433ec2f22e754e372026595222ca038

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
86c60589cb4c82326c7bb34556998009

SHA1
23b50ecacc0af1c5cb5fb1ac5bfccbfac5ec7535

SHA256
51ba29b57fd2952758ad44fe9f190de2e634e601d860f127c0f79dd429e3eb3f

SHA512
612024557572614e05fb00ec6b033b1a1cd74c341a2ab6b671fd36baf2671da41fe9e0fc47c950b9dbfbe397e901eeb5fab827f16bf03faeede0bb70e0966aa9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
82e19cff76eec513ac161120c08be7b6

SHA1
f1bd469c3fa7e40ac63aa9be29b68284ace4c3d7

SHA256
a46b8b5dee920f52ed420ad97b5950dcf9d4a8f02a6553eb4500579e104b25de

SHA512
e4138d43c2330420c91f1edcd78eb40e64c71824f723de961fa9cbdef0c9f70a8b69c450e3c2737ebf57f28d88b1295473244afd5c3a85931e194323d3f648b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
98dc7c8ff8773b48f701c009057cb6f8

SHA1
f0599dab65add361be68c091e669b03a533b3717

SHA256
654fe4c50b22f83751b8a98530dd1a60fa49f99f1c74a8cdf4a346fc90c14e43

SHA512
728b01c34a0643c99aae0da1ecabd243ea0696434cc0a6379cc5e5b3c31bf752b6e38064571bc3dedcabdf3493597faef94862b6fe261e329c22ac412fb18fa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
21a1654ab827cbd2b7d59ff6d0c98298

SHA1
c9bbf359bc47003659258f1d5113139533d2e04e

SHA256
c46c85803d9570c41e06cb8b5cf77769cfe19f6cd3df6ecbcec98261ee9a846f

SHA512
afe764e937576333c353caa8669a60793044c793e3f5dbe97accf531ed4b000a9fa360d1bf16ac7dabd2e67051668d1c4c5243882b9a97ec2f4dc10d6ada902a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
605d5943bdb9d3d88b1297e8536acd20

SHA1
c4bea6a0724ac77a0983bf6599974e655a55cd75

SHA256
8e9d661e745aca6b0a2ab3512e24c85b4990e01cdce09c407fb175cd67e4a3f7

SHA512
e6752e3887343f4b4739a53e49d5da93fa20c89c51a9f73d0c5e39790703ce12390a986663cfd96137a265dbb94e4a68e915f137fed5827dafc7109f0c11cef6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aad0892c2bb59c2dc301ac9f4dd74319

SHA1
4b062941075d39cdf06d42f573e48ad695a6a104

SHA256
11ab4dce6ef0dfef67436dfecb34808b25d5bd9cf6ce5fdbae63df9c5e56c79c

SHA512
23f1ee89e6ca19134f9666443f16c53c766a779d879b47482083b53aa533fe7b73cf9627cb9c9650eb63cbd6660593bf253d53230831176a7a79acc42e2dd53d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15981442027d74b78d8f7d54a0e12fb1

SHA1
a0b476cd9ae6f3e8bd796cc29d0ed820157965a4

SHA256
35617827bc11c3e132925499cbf02cef830f3859d4dec317f92a429767f31c5e

SHA512
cda63cf11ec14a4b1001159b031aa880dacf18f8fb9a6a78fea798f8609bb1c1825dbfa6b743f6e7a0cb0e8cfe36d0abffb395fd55da1ef5ded257cea885afeb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8e051c5527a45ceaa986e1b0fae15e46

SHA1
75d6fdb67655012c0505ee94f6f6787d6a6cf22c

SHA256
422e21a63f8769473d53445846e841dbaa02e3335c6c26002cf37a9184d42f26

SHA512
1537a27ad44fecaf7cb0e1073b41e322f4374113b2ad56e1517405d47f26f865b5455c967ca4226629a4097a30b22bc01f65920d3559e391e1ffd83c8ae86912

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d356f98df2c2c62417e34f8711de1766

SHA1
c2dee529e509b28c70e18d50e5c68da136970799

SHA256
a13b770dbc3baeb21015e27ba27d8c3696654fe19389948a8cad2a1f5f519a40

SHA512
87b3caede94fde79f7658cf9a59167b18358974a2c9b0c03a3917181a0c23846958db99572df7dcf9c949816a719e79e429b80ddd04049a0217645d12c3b4df5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30c40b709bcfdbbc0469925362b1a950

SHA1
7b1fdbbcd9a887df4177a2160491499b58c86758

SHA256
ad1661a8e55a49aa5892219221242d983335fc3a018aaaaa94978921c7791578

SHA512
c7ea3865d60f95317cabed3fba4af1d75ace7949c68728504e39369c492176ff67c7a87b22bda596de2ea48ffd5d76aa0ae61145ea24b24acc7d2854c2d9ba39

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
732a663525fd40f0c4463d8487cd99f7

SHA1
9a98a150e88bad1d35fd28bd135b734160d2ef33

SHA256
826e01473144f2b3e6065ddcce5f338bba6cba424039fbd9098f8e05f62de683

SHA512
f0e1c761a4cd2e67e76d86cd2ccce9afa31639971793b05560805115174b39a4c0854e2378a12092b0aa5b8122df908ee1ec5197ef83db670d428d666e7599d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabDB33.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarDBD3.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit