96ad3161fd5dc8cb611ae6157411cb692241446c12a36e4f7b2bd72c2df7f0d0

Analysis

max time kernel
143s
max time network
145s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
31/10/2024, 08:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

82762ad9f787b293c015d5b820fbd908_JaffaCakes118.html
Size

141KB
MD5

82762ad9f787b293c015d5b820fbd908
SHA1

a1e974cf7ec850dc938fe4e4e344c79139c71ab1
SHA256

96ad3161fd5dc8cb611ae6157411cb692241446c12a36e4f7b2bd72c2df7f0d0
SHA512

3d1a31964270b485555ad7f4e95e09c6af4d4972e0eafa79e1d80d4060532a037623f2ffc5f8fb14dc46cac81df25823749dfaa9ad6db3b0a825440f52c49d4c
SSDEEP

3072:SY8sGSqaBx7dyfkMY+BES09JXAnyrZalI+YQ:SY8sGTaBx7osMYod+X3oI+YQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2C0E7721-9764-11EF-8F09-6AE97CBD91D4} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "436526065"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1163522206-1469769407-485553996-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2176	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2176	iexplore.exe
2176	iexplore.exe
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE
2596	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2596	2176	iexplore.exe	30
PID 2176 wrote to memory of 2596	2176	iexplore.exe	30
PID 2176 wrote to memory of 2596	2176	iexplore.exe	30
PID 2176 wrote to memory of 2596	2176	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\82762ad9f787b293c015d5b820fbd908_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2176 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a31ce56ff759c6d65a3a05fcf1c37d43

SHA1
b76151efcf0fe11f446c925ab47f26d7490ac85c

SHA256
6903079187ced863bca05d24cb93f7b107c456069744de6db87ea1528d2526b5

SHA512
7c3642ef5e926b8572cf01f1bd8d65fc72807755cab1429ed86996939b2066cd0e5b583575026aef0e0e2b38077d6ff5fb8b04c32afbda55746c08bf163da25e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5d398ed2bd0921bf584cafbce5aca42b

SHA1
88b9f4d63e641924d3fc72800312a9d02f6380d2

SHA256
820a04dc957e53f6cbe39b83e41bc8cab3975401227c86da364b7049e4df1e54

SHA512
731d031d37cafe190ecf5028f41aad5e79976993d9d66181225168f0277406142c28f11b481af3f19b468a4c9815a0ca9df01565544ac95c306a47dbce03754d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
aa74870810269adc23902c682cdf91cc

SHA1
9233179893c93c87689653df7cd21fac6f2e4c84

SHA256
86e1c5d986c0f722b557bf0ec31692424e90dd68922428ee271d7b3ed767c2c2

SHA512
c2dffea1a028fc68959ea74c8cb4b883177a31bd8fca35cc868439d30c8625f8317de15a4ed995cf88d863a4056f1d11b817014052e3b3532400a0c7651d0ad2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a6d4ee3166242bf2523832c999ea188

SHA1
b0fa34f5ccc0f427dfe98c3bafc23c08cfcf27af

SHA256
ac033cccef581bb3bc07fc76f504f1fedb77919ecfc2f38bcea02b40b21741bc

SHA512
2e6b6c5bb366a7652bbcd9028656f9cd7ec47c4d5ef6b72c76467a882b82a9ee8595cc31f2540dba0dd9f2f9a466ebc338d8a3d836140567e7ad6c0fd465a95d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1fc0fd669c74dd10b1d0b91d212ea850

SHA1
a38e680899b3b72c8d43b53e52f2d8b8ee11c7e1

SHA256
40a6114723a8cc34724153919d8a2b2323a5c377250637f141beb265c5a34c71

SHA512
2fb81685c72b0a5409834fd37ceed628ac09b1e9a0fb9c259b700e88a8ffa96c2253b70132c5481f1a67ddd7266bd283a085cd2c1ba12be1410cd5c6947a0695

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b243ae8818e91ef3abd9ab300d4feb7c

SHA1
d01376f92f2e2e3d1298c22dc86a9ac4c2905f39

SHA256
219b10dfd6bcc0090b31fc1d06711d3f1b6d78f324532c7e7dfedaf03f6c65ac

SHA512
cf03ec16cb3b85e852fd4da198c2eb0f384633f6cf252a6f98b7d1032939a8bfcf40914236936a1efcfaa5b292d43e0c0b258c7194381f77d03c89b9af253bb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cf24cffb50922bd7e4087a84ce637047

SHA1
56b8341a174471db8093ddd1007bcc5d0be3b553

SHA256
93c5d0274e01742614d8b2c9ece01fc04a949f47af4f6954a11bd1db6313c99a

SHA512
2db049de026b06be232348bca1a88b89f25850f50c7eddb538fe64f1487aae7570b847633f9dfeeae03ae2ace5d7ec04f34be1663f92b8e0d8034dc29208b0c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
04adc4a5722973b7cb20a539b578e4b2

SHA1
7aefc2fa3f6b1586d179f50954c0dc34242c31e2

SHA256
7abd9f1d4dbbfdb7609eea199fc960367e4b9f9aaa4e3346382733d0338f0758

SHA512
a0e303fe7de525dc5e23ed49778296a70aff60cad77a05921bde73c65454f307060dfb38cb488bff1daa12ccc8cedac3d2315a27b7d64380ca2c0f079abc2876

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e91eeb5003aa802daadd977c1e51bc37

SHA1
3272ea043c7b8710830e6a42b348266e7e325b89

SHA256
0c85185324f7175a2e5b3b11e7ff80e9911dcd92b7b10599d6dee2510171bf42

SHA512
b6cc6632f0a3115fc02ff86b474d0fc67680439e313c105e9f4d193215ed5ded8bb17585300b1da0750e5a249cc7e32b3a84d4b3e8ed6cb6d7c0afbe4a134c45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2e9bf7c3fcf63eeb94a9d222ed9f9b4

SHA1
26b21c6d03ad1be96691413773c91d680c49357d

SHA256
4bfb8b9ce428346224c0a940fa05e7c451435c51d917acd940c43319ebf15f03

SHA512
40edfd17591e545c1cd10a7e25ba8788d812278ba8d2fb9c28c080788429d12eeb0056af2888b3c2b793744b9c12c372bb14837265433e23d7a81a8df3311f37

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15cf806b2d10e5dc30c548adcabe39ca

SHA1
f7d23a932c5c00137a0e6babb07bf6e2dcf11256

SHA256
c1d724492e16be62b4fcbc68660fe9ad2e5830e9144b7df75edfbd7531cabccc

SHA512
5115769023b57e2217db1190a82f77ee367226f696b32330b8a58496cc530fc5588916e85e17e222e03d881ec11bbaa38516a288d565eb65f0ee1b146b9d6944

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bb8750ad95a0d173fd475e56f6bfaa70

SHA1
a7dca1e229ac0878ee52521e7e009e5a22cc3e8b

SHA256
74290ab91500c7f6d68944fcabf8212d570e8d6f40a55430b8a03ffe0c19e4e1

SHA512
086df6986c05ddb0edca4fd65334cb3be8940c24f7c6fd4639d5f38327f94f54cd76ba4c42600c2d977795403c51d3156c312a7f422e93c7fecad04bb0f50e31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a3c609e34290dcc03a0d0b6e67faadbf

SHA1
e338645494f40f2d26bec805456431cfd755994c

SHA256
5064c1b7a481b78b586631ec9acec578fe9d87bbed120eded2c37d42c11448e9

SHA512
f085f2c90f0a22a75d58a63fe25acc2f3bd483d4653a1e71743ba05d19cac84843552a5badf78a243eb4b982823124a123c050138fb29438e7551e60dbd28d89

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9046358764d5fc0c4fbb7d3c34a0ba2b

SHA1
edd9a1965260214c2b473eefbd5f5772a40df3e6

SHA256
02ad0b9261897e4af27ed3d01fa532cd6574079b597c3dd875a2c1b7e1e1894e

SHA512
fa7090418abab95fcbf9fb4bd21f5888c537578f84f9b19dfbef8df9f8e3e208aa8f11416eee97006cda30fe45ee0c50267592c9138368a6ee090cd31c730241

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ec69b8fd6ad5de5095a670d7cfa47622

SHA1
8e463cf1b9cdb907c0c8f0be9b62aba1653cce9f

SHA256
7745639c6565c9410e06e6243c8bea86e28e6baafc12b5a54abb37dc51b00175

SHA512
0ac48565056a45a59259dbdffef9107cfe2bacbac91ca111673ba0436aac6ff8f407f5acfe630c14723a0f7828318ea0559bec7700aa1406b8c1582c56230073

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b6b4a2206e098414c6660dfc965125a9

SHA1
f4e8c3c62f39bfbff1c635d943f419c0c694327f

SHA256
3cd0ff858ae6f4bdc7f4eb2682cd27cf21d27018393da5d242b7596e2058242f

SHA512
da82fd94050cce60a18097821f42c2dced453fb592bd99b9d2ab7b6e13c6b9c4b5585f8a658c8e3e2e4d53927ab69d3865d56b70a12735302e753d56ffbb046e

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB656.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarB6F5.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit