1e81b782cb18d7f429ee78e95a22b575befa9b6ca0ad31833b9afc318bda176e

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-01-2025 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_e289e2122ce2c38c78c675b9c4aba47b.html
Size

1KB
MD5

e289e2122ce2c38c78c675b9c4aba47b
SHA1

9c79b4a63eb2b11417230cb3afe1a3c22345700a
SHA256

1e81b782cb18d7f429ee78e95a22b575befa9b6ca0ad31833b9afc318bda176e
SHA512

e9dc4cc18e56e013c83a323d6b9ee6aea9f410985125016770121980534e4ce4d064c52313fef98012b5074b4f22dd9b3895b8d66603523f3b3c3f20e818b971

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 34 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006dd91aed9a97aa46a21ae79b7a17929e0000000002000000000010660000000100002000000093b82f6553caf980008d55d52740ee576b0295625055d4cc030c3e63838f9f1a000000000e8000000002000020000000ef559ec8f5c557e735213dea6144ef858e7d34ef134368497436c1cd139628682000000075adbbce281b285870267ce2ec5ec2f5f990f15cfc22acf5aa76faeb89531b264000000022e87f4477b8097e897f26803a89e9e13b0aec64abbe125997cdef990c16667b07386a0f0f1e419522891ca2b16129ba244ac1a3ae90aab8db527844201b88c2	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a070acfd1a6bdb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{27736291-D70E-11EF-809B-F2DF7204BD4F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006dd91aed9a97aa46a21ae79b7a17929e000000000200000000001066000000010000200000002109705f01a92bb0b4e1a40e57fcb1d08a9694fe7864077060ca8a7af7eec213000000000e8000000002000020000000ea7eb783b16ae7d903794952e0c25c87a41f764cbe349bde417c8a15989b246b9000000028c1296afcfdf84d2944551c26d624f80580286a59d216f0d7c70c9f018ec8e187e69318e37244dc8ff76e3f5d5670f022844deda1563d453050cb31d916ba35732a41d9e9915e351d59b84fc464493665c6ce0a8722991aac161a973ea87b774f3cc598327ba15a2f0f60b18b933c2f6363044b5687e7da669eaf7ec62128e4ee081200663434f9e347b8e59f0cb515400000002995f01e63f38feb1120cb2a4c8773d67e16881a2e3a391354153a82011844cbf603bdab19c0903b32773c01bab8212ed291284b9bb4e4778ffc4390c7ed31e6	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443525994"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1992	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1992	iexplore.exe
1992	iexplore.exe
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2340	1992	iexplore.exe	30
PID 1992 wrote to memory of 2340	1992	iexplore.exe	30
PID 1992 wrote to memory of 2340	1992	iexplore.exe	30
PID 1992 wrote to memory of 2340	1992	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e289e2122ce2c38c78c675b9c4aba47b.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0e07627e4771cc791ceaf06051c17f10

SHA1
8dd8b6a0e1a0bdb57fd6ce3ddc27da7c8dc4e90c

SHA256
dcb428fc9bda254abc6ddce76fbe4f3d5c570af464c4f8dcc7242b3d99db2ab4

SHA512
3cfb45d16dac7c9b8155d72c26654a0efd7237683ee7067523d93570d362ead4896fd7f8304ab71e8714455256f1cf1c5e1d62e1930ae02e76ff4ac6517dfa23

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b146fdc5ca602e24259b88c19ef7da19

SHA1
243f523231dc6787303649c51ef51a189eae423a

SHA256
024c40c0ce5e814a87d0341a536641ee2d0fb8ce3ef3d5f4e049d25d2b02be7a

SHA512
24a01ffa5987b969cca5656af3fce45161819718442076bf2cb1891140c60346285148031c150a82f545e73ffca6d00ce84cfb3614892b61021ee24a755d8512

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7c37900f5ed0302ae31866aa5f25043

SHA1
dd0bac7191f6b5848e2e5253f76f283be8200d12

SHA256
4848326ff27ed465e4a0755d21d4e6d145195ded250f85e5880daebb4ed99481

SHA512
ffe07f8c1b4280be711e436777cac98bba1595836357bd9735524bf6019c4ccf604fa3543aa3e45c93bc294e89708ba56a981c3d6e84b53cac5754bd1605d760

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
088607c78ec7c4b35a8e31a79df836da

SHA1
6adb99015cfe99654d29ecfd741c5edcfc41ded5

SHA256
a81b54afbd899c7d3fa321f6b68f9e14ce989d20e4b0e4b9f45700d936465616

SHA512
6efc83c432923aed02dee220de6375a762d0bfddc9d4adc5c01f771f7915ddddf36d3c26b4d531e168a5fbb6fc5e3ff4159d004379bdf4682d61f58f56532560

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6ed4250c5e33c3fe911f0fc9d3b411b4

SHA1
0c458ccad77304da4e85f5593bb4ad66afa09756

SHA256
c54cd4b1f0c86b42530424ac7b077455b7a9f4f05b878550454c1e437f11f0ac

SHA512
78b24a17521d4e3cb65efb23aa4e5a702f46c54fc4b9293d59985d3d604c35ff3cd349acb9718bf8b1c480a147deb98c0247a2bc5442c1dd6b60920a06bf94b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8cdf248d05e2d286fd17de9104aed60f

SHA1
71d559bc5aac4c852bc068f01ea70fda89d03806

SHA256
90e6ed0e26933c8449d209c1dfbba24717eddda31bf75f41fc83ea221e30daf2

SHA512
ad845e643cce3615217df0dba467f4f402cf4a5b2d7107ad5351fdf24632411a50f8d8fc9a0efd48a21886bec1d8329f7f1551f79ae9d9ea081f6222d9f88516

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
41eaffd3bfacd4a02378997d048386b1

SHA1
4f73b9a16e6d66d80269a44102b4a55beece8b49

SHA256
281c1f86337a0228ce87cde85934a5abe20d92fa196967be24a3f6a3902b90c0

SHA512
a737161eae2c10df7ce9fdb87571789dd240154ab9941e4e7204e08b64a076b6631ccc65c0d0e8977f63f515acf1644d221a729815bf2fee783fd4bce4686dd9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3b3da13d7bda3d83e54894cc0004d911

SHA1
4bebe9e9e99f462da88d0be774f8469ee700f9de

SHA256
4a4a9928bf61abebea1143a20d59383cde0748bd5e35927ab2db778e068c58ac

SHA512
931369f1e7e5700ec6382b5bf07589bace6ec2c632cdf52cd5f04fb4716a09b84fd2279e7f7d8229ce416f39af72e96b29ae2dc29e8649437e390276ef323f22

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c4fe0e9153f2a7b8dc1d6e1451f8fa49

SHA1
3592c7b812e12d94d3da4561966589e9aaefe7c6

SHA256
14c51d2025420ebea74e45c805f805248f9b03c8d78869fffccfe20891a8f7f6

SHA512
e1f9847171583b384e52463ae1ae63aacaa7ceee1c5040e50233a1488e19f90c998800b4f0f035b2c0b9c18741e42ea2e99a17d997b104cdacc85ca9c31e83b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6384fe05cc611dc31acdb6d24ea657d4

SHA1
4f03d9308ae9ad23d0397f1a5fc480e9d56c862a

SHA256
b18a1a9fd85e9e135b2eb1b68d804fc6df16f3ff8b748ad90d9886cecec701dc

SHA512
4a99a26d7878588a6f98152a02b269c965d4ed3b5ae6349b06f07edbfc78d81045007edcf106132d759681834c245c49575d6bd74d2d43bc40e955a32324d876

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7c58a0f02486923303d00e0336e1064

SHA1
dfbb6aac13639f5a83a1c0d627844245163f0cf2

SHA256
b3033c4ece033de530ee0cf4fe3e72e35d9b0d53e2b1e5c6ed6743be5dd71d67

SHA512
f916beceea22fa11b588fc66e94f41d1c1df1b29d87962b24a08898b395d9ef0f159560241c3fac05df83c3fcb5e47a838a843a54e5b736ee308b96a6d141220

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ea7689ccae7c34b37a8f7eaacc780d36

SHA1
7eb84a0b08130445a25862a34c305f722233955f

SHA256
4fef789c43f9b6655797fa9d38e5a7aa038bfa6bd10eda2f5f8e3326e1fd8f03

SHA512
b9e7df5e80fe0e2a34ab388be62570da6e19ae2dadce855a5a8547b20f84d677d050b8e0bd216270722ed688553ae70f23f7d47b4747b7e3030faae1da29c2f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
79c15e6be502dc03c93054a0ad183e46

SHA1
42efdc5209ba389d80516d49d89757ef8bc0c44a

SHA256
935be474c9c9852dd75bd88cc5311fc1a97f4882177801123ed8325e76458595

SHA512
19e78549065bbbfa94664a9f1249de3d05748be00c2e971344df9a00a311e4701be1ecae1590dfd0d7abd825ec952cad794b8f08bcdb5f629106b8a858df3009

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a68bf571a288d5043a8a4d7e8822b66

SHA1
77ea0747f1bfe58a15906370acbf06049bcfb315

SHA256
d9a49d2bc30cf1cd5a7980658ff68f9032d7c1d78caa53f46e94e624ff67db3d

SHA512
f5223671b52f8a2aae1ff62e53487ff93e02868694755ad95bb37cbf71603cd4176202e93ab839e515070ebc089cccb5b2ca07ca3b8cea2b533e60086bdcc0d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
555fc42895e9afe131f196176c7dcf66

SHA1
7d9d7509ccaf5ee7ce935ec0d42692cf016944c9

SHA256
90c3e07a0743ea125c066c43d783f00c81a318e6049dc312df32771c5cc54f07

SHA512
440a89af91c12b54da3b3574f9063675acbb8bec0d0cbb55de7c22831a54e5386c4a7dac19cc86215ce6bfd9abcb2d6ba4cad77958cbddd13dd6e85198529219

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fd2b0716444d750b5186e81355698cd1

SHA1
481ec80b20d7978ff4257158c965c3b04a348b58

SHA256
6fe5f7ddcf4ddda0f50e9887d12aa89385c728f90944700ac57bde33c6a73bc9

SHA512
e6b33549949cbfe4f3398e821535bd3d85b5def633c74a3bd86d5976365a8b0c890050d4f02415e52e86477af01386735c74536f4055b97287ed116838b6da84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0b826bd81ed5fd58d34ebb5dce5d1d29

SHA1
8a3a2e45925ca731b472687da7b09ca7dbdd775b

SHA256
7f45f38662e9c34c028db9d68923ed41679136915c06af5ca1743a202522fb29

SHA512
65dee4b76b207345f6114799b1348581df963841c3afa3fc44a38c636954b23f5f0e1c057c220cc68e4f1803bbc6751544673d1a6c2e7a0efc80356a1e4d5c6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabE469.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarE537.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit