671e7bcad9780fcd9630242c7dcf4cf904512358e2d610b9950729837a0b9511

Analysis

max time kernel
111s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
31-10-2024 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82733161496114562061716d60a14595_JaffaCakes118.html
Size

214KB
MD5

82733161496114562061716d60a14595
SHA1

1a403b4a1d01dbf2ca9c20d090a55bad6ab6dad9
SHA256

671e7bcad9780fcd9630242c7dcf4cf904512358e2d610b9950729837a0b9511
SHA512

ee3ae6822967c6553e1eed707c97df78f3f014b19f1efd95db87e1512d5c6237598b7f9e7fffdaaf885614373a8a47d678c8ea6a4e0c31406bcc37b6329d5191
SSDEEP

3072:F1rhB9CyHxX7Be7iAvtLPbAwuBNKifXTJk:Fpz9VxLY7iAVLTBQJlk

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C330CAF1-9763-11EF-8C8A-62CAC36041A9} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436525887"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3064	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3064	iexplore.exe
3064	iexplore.exe
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE
2664	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2664	3064	iexplore.exe	30
PID 3064 wrote to memory of 2664	3064	iexplore.exe	30
PID 3064 wrote to memory of 2664	3064	iexplore.exe	30
PID 3064 wrote to memory of 2664	3064	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\82733161496114562061716d60a14595_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a968d2f164350542fa8c101b69c2aa02

SHA1
1d28712563e4fbdab3c14d73563f54774ca12916

SHA256
007a4a838072e8b524af9d42023fe8ff70927eda6e93c212c1ce74e55b627e92

SHA512
ca9a5edf19a6ccf0581f21b61beff0304461a6fda84a8bb2019633b4a11b663e0c6389424d357295bb69a3bca9dbca5e323d98c8fe86a882480e40636f25a5b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c82a1c415e734ec52d129a7e3dfe5aee

SHA1
3047fe33beb7f47f800dae67539878176e5bdc56

SHA256
d334cdc485d9ed0097b4862dade353d235240a235a6fbd7857ac589524b23a2c

SHA512
f9272e559414538173c115f9c64a647b8e57038a49162303f06be9bcc11c484536bbbf78bf96606b9294d7d9fb262620eba2095a2397c3cb6c8715ba76b1abf3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bcdaf065e779408242171e2caec8b2a

SHA1
64eb603c8397b6f26d1ebec6007c6b9c1ce2f139

SHA256
2dfdf9f26aa387754a689a4a58b9230c822cd4049a31211009a6fba288ede145

SHA512
8ecbb9fca5648ac70869fe0c58f4c059ab7920034a02af39e9cd163b4292e110cbf6798d076f4b15e83bcedb3c16d9116e1d1528a36ec53fb6cce365180aba9c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7ce4715316e31f35803205932366a656

SHA1
2b943446bf15eaadb048ecd6539724b3aedbe72b

SHA256
2bb9433e93bdb5802d9e9377599624162c593706b9a916c433850263db61f771

SHA512
a0369209c8a80be741a3cf5e304b5be5f8f78deccb5475194a8cc4de4e0742596f4cd577077e477dfcc35724aacd53df3960eaa4a3f2bedd6d3d7393ca7e1dbe

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fa33dddef892841a7f92da1f88ceea6d

SHA1
4e4bd150b03c5475c07b5762a86b31739ff38258

SHA256
8e609782ad2438e9fef7b465613e525e9f78cff9f3f6a85ae7922fb34cdc4195

SHA512
52238a92acda5086babb119f4116c2d6396a507d544a93dc50bda2bf716cae1b4192cb5169742c5df8b89b484e4285b1baa17a01410893c0d0b1ed25d3dab2ab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d71d6d9f3aa9d352a0080e7600ef7158

SHA1
028e23ebcea1a67ee54b4261d0a6ea15d8dbd86e

SHA256
8422673a6e6340ce23ba0dc52bc86936aff772f50ebee5e0afada6ce2274e239

SHA512
dbfa70ed8b32493e8a1792f9fb7e3164d1ba33f911f6e8610ffe4179f10fbd968b3bf2a816badea9b364511062a3ed296de5eb18c1e681f56f0b189209ecbe12

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66d163043ec1db166beec9b697c86d76

SHA1
651dbe0872a2e08a6609f98e497a1920436ca1b3

SHA256
05481445bc634e88cb9d50b2ccd9133a05047b8002f7b93911d3d6808f99162c

SHA512
e7f9389af9287198e6cf28fd662379c4c2333af9c991cb3e30d7fbd27c1d141aee4e72708fc396495e289786d79d8771037e4891f2f6d5a4b075b350555ce1aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7c6e95279e1db98052be0ff2f89b2a75

SHA1
15d7edf2e12880a7b1357d5426cfbb07806f6edf

SHA256
62c1430e6a8679e3575994f86c3fd1152375fee89e9ca0cf944507135497fddf

SHA512
d793231e6c5ffc4c5bbd1ce942ec152aaacc9f0d3abcc51d02318127df1c6df5d347994172a1869dbc692ea75a67b8713497cad6e1aa34c0a59055c7d88934eb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e52287aed3141e51ddb1941e0dad32ca

SHA1
1b3d365febc72af7c8b688b9060419e0ea48a3c0

SHA256
b0519659e6c47ca386640b026e524e74edc782c509e0a7d60c10529ed059b8b9

SHA512
668a30ce8235c51122a1fad6a44f22889ab7e8825f31d7e83cbc90d966ad24ef0f978603c8c06dbd7d3566c4290ba3f037bd0447db81564addf2766df905140b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
71de50424b72d24cddc1ff1273ee0e8a

SHA1
2b168fa80b9bb74dc2b90ac541deec15745f4f55

SHA256
82e3eb12148a62b4661487f9118947fe1abde3caf91ab4729c9c654fbdc8c336

SHA512
800d427bef2a60ce703198fd2dbb0117306f236c412be2a1eabf1aed6c77cac785ab024b1853519a16c886b759305b6df33da31d6978dca2fcfbdc1d6fdfb7e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5905171629ad39005ecba93ea8b2e096

SHA1
852b6c8f9bae8a9f42894e5794c66aa54230b0d8

SHA256
b8ea72e7ba62144d4594f596822b8668b0773a2550b595c4c8f2a1df868224f1

SHA512
9663055eeb306979913a5250f00152f66fba016bc3cd7e2e973605153f34270bec9b7e19d9050d675bd0f5c267cbb7b410638854f1d103ac34099a86caa382c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6f9f4cd267b92571b6a4862598fbf113

SHA1
50b5b5105cd6bc0fe2cd4d667e29dd2db112f0c9

SHA256
1c148b8313e3a3505c8640037c1c141c8b0ba05fe3a697e5216d6c2227a2aee6

SHA512
7387c1344e7d5ab947f0962326171dd76d62f1218748a9c87ad024d321261025fd7277cba3b077cbf8abc33358dbf062ea6a1a5500480f989bf3d99747a56583

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9eb6771b190a6667547af43b353685bc

SHA1
d80366db91bdacee3d3eb1206ea39d10676b95fd

SHA256
23b9e37d015be373d70cbf217138e65f3d9eaedb4f3093cdd4b936c01d46ae6e

SHA512
9d6b872323c69d019f85d57f37a26b8f3e3e846ce4898c422c9077153cbba6bc068f3d191207642bbbf44c9665608038e449cf3722b1b44e3a72b984b217ee6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ece99fc8b99355b5a272c04726253dd

SHA1
b9b5e7ae1692c29a12f8a459826c2e0883864f6b

SHA256
db38cb5d0e2a5a62ec1989db4dc384ec7379e212dc2388f411e58d4646c274f9

SHA512
9141bb9ef260e7d27da2f9859ad8be144c0d82e532a13054ac8647f9094a77660b7a0b9a35f3af6b908226474e75e7ac44d06c116083a23ab09d05a891a4f259

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ace5c1523d46187c88096ffaf62a8b7f

SHA1
d9ad3060ead36422f176cfee196a9341e98519d5

SHA256
83398ec9293aa4eb4eea85dff03989b85d5dd9f7e50124b67ac7f600c6a31dca

SHA512
da783d119647ff5e5b1b909a85da35764990af9da25851181739e13884499a2074e7af7bc3840fb34e524d0d73f5778ba6caedf58115c4ef58215a6818d3fdcf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1573eff6d24f799c051b442512115e94

SHA1
aa0d7bc60419fb25b44b5f6cf1b769d259ce167d

SHA256
247fc3fda800ddbeab45e7b0da9630e8bf81f1f13f28f0b84834d1160b0b3fb6

SHA512
af5c150623de1518c50ec00020b62bd2ee3045fa97d2337e40aff11751d0174b190d032f31fc19c0cf62b1b506ad949724f813850b16e1b89ea4957470c8712f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b31b87807369be8aef140a8fe86b12f2

SHA1
26409e67f33f42a39f1c4c738ebc27d44269ec81

SHA256
ffce775fde27411c50d5b5e2fe1f6413095994072279bbeb7308e3ad55fa8264

SHA512
58da4e0d8f134bc9132b7841c9df23120605ab1e4f3c47e5a1a1872b0b9e0284c2f16131d0b9d524b57604ae0e9d5a0f0cb6b238db311f7c385557c44d7163e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b574bb81c6d415b47bc9fc67a04c0a84

SHA1
d8ea32c02449497d300af5443aa766d106a30c2c

SHA256
d80d7b3f97de4b5dfda028b99d25588a5fa3f1a67db08665fa9a3e76518dcd05

SHA512
ca29be6cc3e24bb06ea96052f1eb4f613a646927c4fd9dbe659b9fcbb59f6cb825f79ddaae5dfb73b107bb5246cfc40855b8cd8bdb0cf671705eed4012c70246

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4d7e7404bbd5df9227f3683a74eb427d

SHA1
51b41a9098e288ecea26fdb38eb72fa960fdb3a9

SHA256
e9db681d389ee60a5f68519d5ae5a7dd32ed70fac29769bdfef8747da2733e65

SHA512
56d373318416f3e96ddc89d7bc86712966e06c07f37d79364b2c065318e4ef5ea907008ce59cf08a2d552732646ceddafee6f4b7aa77c65940f5d291eb8c4207

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFF65.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit