b363511716e12edeea6633a1a89dde5d3cd9385df28f8d5c991c2d8975214541

Analysis

max time kernel
149s
max time network
150s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
14-10-2024 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42a855e6154da60049ed759c3ab05a86_JaffaCakes118.html
Size

141KB
MD5

42a855e6154da60049ed759c3ab05a86
SHA1

874c52fea87f9e8566bb742b0a2b47f5f579f4b6
SHA256

b363511716e12edeea6633a1a89dde5d3cd9385df28f8d5c991c2d8975214541
SHA512

73adf8afaf8727cd7c44ad8bca861fdd08824644b136af20bbd939719a6e4d2a10f6a8a731a9766df6964c1a46aa52afcd71c7d9d2a6d3f1142a3ef181647613
SSDEEP

3072:SzwZ6wyux7dyfkMY+BES09JXAnyrZalI+YQ:SzwZPyux7osMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B864BC21-8A35-11EF-B467-D2C9064578DD} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435076748"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1700	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1700	iexplore.exe
1700	iexplore.exe
1544	IEXPLORE.EXE
1544	IEXPLORE.EXE
1544	IEXPLORE.EXE
1544	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1544	1700	iexplore.exe	30
PID 1700 wrote to memory of 1544	1700	iexplore.exe	30
PID 1700 wrote to memory of 1544	1700	iexplore.exe	30
PID 1700 wrote to memory of 1544	1700	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\42a855e6154da60049ed759c3ab05a86_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1700 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4afb9f6b2dd575033dd5f8f31988b837

SHA1
9ccec83e4e33c7c0286a23dd20999a2fa46cb50e

SHA256
ea36a24c85ad40aeceb0ecd56ae139925c1c79fe31309d95222a9f8a97c3b142

SHA512
8afcdcf8b05b04f84c0c12397ced58bbb883e880453fde503343b5761d8c446e66e184506af4f438d1887d516418844a0b48b89f572af0cf6fe13368751391f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e7b157fe4593f9f5b751b0242b4932ae

SHA1
a8aa7473eb90ae1e9ea683e8c360f6c223efb1a2

SHA256
c202be004bda4a0188b8104d8cffa108bc3128f32f66820eb3c6f75bf4e5b6c8

SHA512
cdbe3849f1157520ccb1ba5a92fea8ad36e8e397eebf5a289917e5850481e5019105efdd1eac04a275a54f78d14ed0a15cdab5847f56744849dff3541037c598

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
60f9c2eb5d8ca05210d0fb9b937e935a

SHA1
f5adc06587b5f778beb714ab9b7cb569a3c6d845

SHA256
831d4d70a8134392761e1e45d888d38d551d71af0ca4b95aa06cb3decbf5a0cf

SHA512
3b5ef1c2bdf4efb4e3b7e984fef11b5a18d21a9aae000d67e23381b4cf3ca4fb33412800e0e010ec904e4fb42bd8d3dde8161182f0e90f90ed77757dc82990fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2462f79339a8fff8a0ad8071e4ef67d3

SHA1
d641615aae52f9e647c2acf60c2f8aaee270a71c

SHA256
80574a4001a676139b930bbacd20108c751de6a6699ff8e0594babd26f8f6209

SHA512
4042843041c25ce79167c9dd71b4e0c04455df7ff21e1edf62076edc584731b744d35e1ce112266dc9c26ffdf1bba3b13683655bc769bf0b2eae241acbd58f34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
786c7eb83b53426f2b57717b91caf9a2

SHA1
8caac5d7f7ae91f99bc1742725ff48b96f301033

SHA256
0223139ad36dcf16ea911aba78565bcb4002b3200aab49d01a4e7deee9b1c6e6

SHA512
164449ca5c2171628ea2eb23709319a2ee65a52b6899f159505ce20229c0951c07dd2090205740df3641a2cadbb100ba03ca2583e4f48904a1d7dbf9d9ef1c84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a532166b9c4e7d3025dc10d0202c1479

SHA1
9fe5ed20366f2cf26ed28c44e131032751dad002

SHA256
517391c848adac3d04fd5ccf7f3e0d8961de8df025eb06b93648cff873612859

SHA512
47f5be95c4ecf40e6b0d863d72635a2d1d9a8e031f90a23bfe57b43dfdc20fe2406686765e2cabc58bd73f98804229e6c8a2a80c0d66e61fd0405b85f4920c5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd58a94a13e6b604b0e16ea2498af5d8

SHA1
8f55979963e6b9a863fe4b72ca5b5051d63da52f

SHA256
ebc1738b3ea4944cc8ac06c778ba6205ce98d83520ea291cd2f69e0a529a6bd1

SHA512
d1bd95d33ead6f4fba9049c9c330de0acfefc89fe47f0015d7e6e3d18feccf2804b719a9bfe8bdce8c23245c9cb09cc281321e12f735932eac3c0ff5714c442c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
483d68b0728744f1ef3f3ca06141c68c

SHA1
90b90278534636d4a7b9d3ac6db6340d4427716d

SHA256
127afdd6578a8db4281a44979169385a4b20d356fb0b45985b13b2db4b4f45d1

SHA512
ea59504981e6b510e51da4ced3e7dd1253cd35e58dd00150dafac34fb80133d00f9bd815a6e1c7e14b14b9a19146560dec798860c5cbe5cd6cc9ee19df569363

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ec28e21873ba73e83bc48dde5220cf6

SHA1
5227b9cb781ffdec1129404b98527ffc00ca9fac

SHA256
eb4809fa6260cd3a59f55b211490478aab313ec0ed23102bb6c9fa34596cc85e

SHA512
91278e550d7db5af709d0750b002123e1a40fbc51eeafc3b3e06d9d9a7352676263cf9f7dd43ea47e47339fb27b7a0e105ea6131465f28e795235f7a0bd7064e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
566e2ded416cfb244047f688d9aa6a93

SHA1
7935d617529f0bff56f0228abd9825b155c6066c

SHA256
f6f591156d08ae5a62bfe91ae00b8f13e912e4242a48fddf83baca892731ae64

SHA512
3d70c0bfa100ce653345801bda89e0b903667ab9e684ecadb0b463ea113549a367ed580516807bbbf0220f036319fce3b0ddaddcf8e7c6e15117c09aac22fc95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
556d0bf408a51691643e9272cefcc123

SHA1
6d25d0c891d28bdd2332fff9f2bffa8a6b5805f2

SHA256
49cfb24acefe297590789d8062bc0a684aeb1c685a732cb13b0fda74ea89b35c

SHA512
e9d7396c832025a5d2437a8ff10c35b7ce96a0675692312dc771562239c660a6d4830bd54d8775d4731bf5ff2709ffecc0740223cd5a081f7453df380a852617

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
93ef6d3a2da391175c0f3155c0e573aa

SHA1
1afe0978e49c190daa4f3f754b9de69fe27a7b33

SHA256
0adcea75c667cb64c67ba31aeb20bfaff55ad30492511a243b49b59c0e98830b

SHA512
cbbd3f5905ea7ab8266795e541e4aec37ca181885c346f8febe808abdc7994b4c3c057796aa866c28b1196067d169c5b3bcc5ec23a1aa4af197be7c6c8e955bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9fd0ed0f741e96d05596c47668ece0dc

SHA1
d248700a2dca31f211559a08aee6c458ea52ae04

SHA256
eb08b4df4b8bed6d426abd53e2f59b7c036dda4f98f34cfcd83170084191cdb0

SHA512
faf6de241f76866cbec8f617e7df3d122c816698f5ed54e584e2324001ce2390061de301c3076d88cc272ed8c5a614eef48f2141acf9f2f7bbdc8e93ff5f71a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
915d5daf0209f4e473398cae3d8010d6

SHA1
29f2109df03bd8f220ab6b51e80fa0a15f2fe168

SHA256
73a4ed0819c29926e17c05665e4ce0746c211ea7e82a5692cc1d0f8c956957ab

SHA512
4aa59b96ef3431f9eafb1d134abf2e34eeab320c829f711ac85634a8877806277269018a8379bdb74d360ffc6f5852b8d1d29c64d3fcc9421b074d806d4acdb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
32b705383301b2bb4625d82faa004e67

SHA1
0870e1cdd3bd53ab945d3590d0e6029a1445646f

SHA256
56db58ac0bc5720e006fad8138bfc8bb6067079820f52f6ddbf90f98b5a5ff06

SHA512
a924d99a710e0c0dcf800cfc898968c847749ef8524c9674e959072456df695a7ba8e6510100367543b6c84d14873cc6d5162ce65886ba2a8464dce7748d3e73

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5807654917d75e3d5caeee35b46f99a6

SHA1
5e175f0a6d2d075d699f149c42464938b1c021a9

SHA256
067785c06bbf2c1c8ae730f48d2e33191a77d0f9592540e95f1e9fb8fc7d4567

SHA512
acd85e1dc5447aeb8d0a0c342ff20a175776f378032310e31d5bdf8992a8123586fb78d813673b14f54eaf0763677c11d7653f9e6af3da5ebd5d35ca0a75ea56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
048311f4f218923127cbaa5e76066616

SHA1
92e3c9f05ed6fce1be4d2d5a658fbff552e1de78

SHA256
5b01d19dafe50cf47bb65aeabee25a634ef1e2f1cf188ac9128069eb184f4aa9

SHA512
6e99ad2b4fb07771a5d2f4a86aee9f4e22418cc5aeb33b4bfc7e90b7796b00ef8b3e57333d919437d1533d2e2d74e47717e347f589152816d01233dc0dfcc125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a8cb4200b9c74b0caf910f2dd6e51c1

SHA1
b6f510ae0984e700e6c7ca17f49cccd432547cd4

SHA256
8a96e425285fe59f3ac09f583864859dbd190e1ca37ce5a27fe5bfd5f15ad621

SHA512
cbe357a01e4fa952dfc84893845c9e88771f2a1790f0fe01ee9ea9d8627f2ea853d782ee46a8c647ff3477019bff3ccab9eecea9938e97a33d18643b92d7dbb8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6accaf391e34f2d5207e087b5acbfa8f

SHA1
a7a4fd42f67a389bfe2f4eb2f465de4cbc015dbc

SHA256
625a5c27936560c7523402ae3639904bc15270bda910800a2fd36748cf7b6c8b

SHA512
d81f219e134e4450e52d5c461815c8081e7239d8a35d73695f8e7b344d1d3b677f610a65f7c72d169c679802b5342c64e9b6e7914d8541c7f5853a4bdb5cdd3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB1F2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB292.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit