bf1786cbc035f06cb11616c388c4778b3937771f063779536adef52d8bc4447b

Analysis

max time kernel
136s
max time network
137s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f0b92d815b605ebad1c76acc5adec2a_JaffaCakes118.html
Size

214KB
MD5

9f0b92d815b605ebad1c76acc5adec2a
SHA1

df966be7e29e4affcbce1e9249e33b6556a72da9
SHA256

bf1786cbc035f06cb11616c388c4778b3937771f063779536adef52d8bc4447b
SHA512

af31019056255bdc44c415e6c1ad9de394e1b14dd0863d9534c150d609d9db03805b2586e73a38e70c6f8f3bfffd54ac3c44bc38937d7d4c7b48e1b0beee6a53
SSDEEP

3072:erhB9CyHxX7Be7iAvtLPbAwuBNKifXTJc:mz9VxLY7iAVLTBQJlc

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AA1AF181-AB95-11EF-8CE5-7A300BFEC721} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438746345"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2956	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2956	iexplore.exe
2956	iexplore.exe
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE
2936	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2936	2956	iexplore.exe	30
PID 2956 wrote to memory of 2936	2956	iexplore.exe	30
PID 2956 wrote to memory of 2936	2956	iexplore.exe	30
PID 2956 wrote to memory of 2936	2956	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9f0b92d815b605ebad1c76acc5adec2a_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2800fe7e7c8799e9d1ec92eb5c9dd02c

SHA1
c488b53ae45d795d06f9f4745450bf6cdb7f0850

SHA256
615b4793672c7008bc5753bca00eb9e7e4273f74409218411adba48935a390f8

SHA512
21dc0ffe0b95ce9c0a14ffe1367315a52d38ecac1fc44145ad3157e482d266944f9760862e7aadee17d98b6bbfde7acb7c7a04adc6c00ac54748abe134cabdee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1089855669824e4e5ead60a0950b625d

SHA1
3ae8003382145a1feebbf6885e3959dcb8d6fca9

SHA256
dd29e4b3847680656a811e91055b7453f72ff24c93d458ebfcba8df2a5debd54

SHA512
743f14b57c2a3367f4b4bc0914720aeb6e4a40fe5b11a954f97d0d42726d88d0c456a9c10eae322b68a7433f0407a9509211525bdc4542335ef5af5d1c5b7fd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ff00143a58e628b23adc00f4a40a42c

SHA1
93f0d3f8bb3d451d413eb5f48086c1c4fda92969

SHA256
7a9edc9bdec6dccdbbaec4b25b67ee6f95421d6e856eca99403f27c5e5fb2252

SHA512
88ee6b1ed42587aeb5aa246cb136673db5ac0dc25fc504bdefbb3fb012c88636c9b2d592180f870e6a08759119b4f7787fa6dab7214473cdd04760295e78e5f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41b1898b7aff21ecde1007c155ec66d6

SHA1
3d0f7faf8082c5ad81d87918030ceed94799aec4

SHA256
bfab48a1e8649ad7b76deb918323c846550ae248f01c60e82b1d0d4e11b0de97

SHA512
84783f47cc11b39f3d53bc208b55cec4aeb3c215facb85492126ba5f6011a36bf44ca9f4b832eab5d2023a49a233640720f0f15487a17aa841ccbbab93ac3401

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
03a96850976f7bcbb4e314c8810f832d

SHA1
f7e89402f607f49b50834b91cab9902fa3bc9afd

SHA256
b0790a26a1f1fa2a69d15914af75223786a35c410944850ee795eda0cbbd0591

SHA512
f90f336518e4117ed4bfb404439bfa54386d155bd9176939ea7726b6571371c94b2039dc7474e7d1a3f20c41d5aa5e7919c75e1a6b62b743c9e407bfed544e5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8a379f3b106b1e0c327155ac086c82f1

SHA1
0218c3e35c9c8c22a22c46429f64da041d43656e

SHA256
936a05600275dfa7fd78eaadea387103720c2c56ef564eacb4576cabbf04012f

SHA512
a4cc10f30ccd132761d831e08525fee67182ffa902c31e32188b7060ed64422a0a02c1c058a744201965c84a3cfb18171ea4d93843efc9ac86ba61954d8de934

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2fde3fa853f3417964c740767a29aa65

SHA1
f730a0627ab540adc68193df9baeae43ae74f4a3

SHA256
d6a70ca4eaa265b8272094fecb6646b88293326534ee99d3ff67893f9dfc82cb

SHA512
5924c948b7a4c6b622d0321868ecd8f576eebf1eef2166c5ffeb5a3711dfd7107761dfa01a472c0e3a32b6fde17fc8cf69ddf48835de6a57d91de7526a0f012d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b9f37a9345c3970976fbe25bcb4f9264

SHA1
824b4d0ba166949f19bc217e8d7d6d5c6a151e93

SHA256
86eec29bd976d49612aa132b6d4b67ae6a913b1821293c8ee1c471b1d5a16093

SHA512
1f574bc8ec95da6bfd40e07c0ca9645a8c0ba7ac61b9ee8b76c62d0550be1fdc720f6dbdbc21318fd25400151aa84e22afb7b11fc2b54a2591c09a300c07f0f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
417c3f413b51c1b00a26d75e14fec0e4

SHA1
06bb297c7faf35aa14a0817d150d5202f382a189

SHA256
f63668f74d20146f5bb4047c8ac6cdb93575693db81f310470c2bb67001aa4d0

SHA512
ee9ddf3aa96d9864665d533421cd842e6b49a684f7d46a1c0e20f9a9035e547a3bd3d93effcbf2c5468e625e7780168dc7546665d6aeb6dea2dfb731b8bc4315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0dd9ef2135657bbfbb35fd28cc78c8c0

SHA1
154bd13572274c498813fba29f1406f0d63ba339

SHA256
4de7781fc5ef9451684747947f3e77661c88346a0d209c163b70d206206712b5

SHA512
77b7e9c587df38c41ab2afc46a936f6418201efc9a1e3a34af965b13bb69ea411297b80320d9a8b085e7da2b0fecad81d77c210514172e1253aaf34487305ca9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d773eab5d84d3b123c6ecaebf2479223

SHA1
85c3e505a84979f5e9a2076a84d5a9431580c623

SHA256
c85ce60579314e162a70fa9636764f9d0f29221015ca39d0f537e85e5fd17742

SHA512
8f0307eef1977e445f1f2c0f94a5dd234ffef6a742d8d19c28bf060a46168d48a582bc47eb39a9d77ebefdd9116742d2be4d4b398e2ecc2b207b4a589f20474b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e3ed8320c8b532490c3110b4421c0bc1

SHA1
d2af13d314b74eb4e3501c7771d3b0b2c4befb65

SHA256
3ffe73b54d6d5af3a8624d0149ec23df8d49a8e67294dfa905b71373da074611

SHA512
c210a8722006ab8c311d04eb562dbf66304060361978601e92b95228901fe848adfa6f293f572595bad59fd3920f747eb25abd6c6e449974211fd978d612691f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
af3431de9f8a8ceb979eedd7b5a34491

SHA1
63a8fa52750803494f8a04c78b37b78ede580d40

SHA256
cf53876f81bc9f0580d431dd9f8677a0262502d7be538d55305f318d5fb081d8

SHA512
5e5d5d4ee3205b62d9f3b6837b3b07d15dd338ff9fb29b4aff6859e420f8c80e4b551dbbf708dbaa05ffe6553fd4c5d78be128d0a0320467314897fbfcf3f9f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5eb71ba26e9efc12d6dab767894bd9cf

SHA1
fa8eda931b754f014a09b3c1e40291a132c085b0

SHA256
3c4bc3ecebf9ac0f3f31468b4f1674ea6d487a1cca47395f173e8d4fe1502b7d

SHA512
835166bfb91d2231156f60545f543e240b77b00055f3f0fcc118f50abff3c3bfb2525c7cdcd6c1d8b9c0cb57f9c2f4ef671e26cfeab12499d34a8ea283bd1db4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e06d21978b318d6115ad74257cdadd46

SHA1
28f5a2dc69fcac8f77553849c5bfac51b57b25af

SHA256
57fb1c8647cda34263d69f0ce3982fbc2fac585a8e19492c082548c21a3eaa62

SHA512
5eb79248332790ccacca9d40ecca281b87851783331212db95c13f90f90c53ca1083a88eb9c9df0733ee05b69ed862f4cbfddb356160f1b64d3efb56c36374b8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3fe83ffd10e2d43667d72f29245f6c78

SHA1
433818c6dc978ab107968c61a5498e61964271bb

SHA256
96f97805de724e7418f846ce891caff3cc78a0e7dd77aff86ebe2853225873fe

SHA512
bfa66d9cb1a288cdb45de38307688bb6a892e2e40a64feab07c87da2e4fac64ec0ca0807fe3e72e32ff5df0ec8da832e2bdb71febdc54f2be4bf3376074facb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9c30f0bcb6263114b31aae222511e932

SHA1
63d542008c1a7859031d31b5604bf28a733c1e0a

SHA256
5dda42ca5055fea870d190cb9f106c733ec5cb5851ec236b6b3882074b3da197

SHA512
a15c0a4fc9a76c1626e0fa0c574f686b36a4f9bbc5b15c5eb8c210399c7558f305da68f5318d44956e677452a2aeb4f6ab405d0664999379654c3f3b0cab99f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
85aa3bab5925692fde38cc09a15d7944

SHA1
21fbd137eeded0f644d918c96ae84529805400e7

SHA256
018508fc5874c2323744ce0faa8810139fa34062573340ef41db5e6ac33affca

SHA512
adffeacb35393c61af8b12d32fb1d356fa8cfe77330f0b9bd69c713973c38d440e2c115dda1afdae7fce6cc9272d8b34cf9ed16b39ee0d7629af1a867a4c5dc9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4102c62245d39e5c4ffbccdd1e1192c6

SHA1
7ab6e49b94aa79aca5bb08d6ec60903b56115ad4

SHA256
bf5ec38a9a700d811b50562ca1b63c0d3e56ff9e515f0e96c6fca98d2cac9d2c

SHA512
fe475833f8c44ea15504db8f8563e143646c047a0909df8a3e1b6f86c97d604db31c68828821772b24c60faaf9079735ea36aa911369bfe2ab8e929cb859c1bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab63A5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6482.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit