9c1eeabd0b8284cd2489421627fffd637494e8d6841c7ba0ebd4550b7890ffac

Analysis

max time kernel
119s
max time network
146s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
20-01-2025 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_e2c44c52204c9f9dfcadab32a7a3267c.html
Size

63KB
MD5

e2c44c52204c9f9dfcadab32a7a3267c
SHA1

4cd8f5c0764a4be05351246432b70d0e83c93785
SHA256

9c1eeabd0b8284cd2489421627fffd637494e8d6841c7ba0ebd4550b7890ffac
SHA512

ee582a70ffeb454fa8d39a4fafa3db8bd1132030a1d566b42e7e08ecaa90d531677ca1126456b000708c68625abf164a417814f5f90fa8aa36b8d4182a5a11ef
SSDEEP

1536:SyP01ZLWa3yIxRRIcJLPFjrrfi1ZXOF7pND+/7FbLKNm2JnInKLvYBR:S5cZR

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AC937181-D70F-11EF-BA44-CA806D3F5BF8} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "443526649"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\International\CpMRU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2732	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2732	iexplore.exe
2732	iexplore.exe
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE
2340	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2340	2732	iexplore.exe	30
PID 2732 wrote to memory of 2340	2732	iexplore.exe	30
PID 2732 wrote to memory of 2340	2732	iexplore.exe	30
PID 2732 wrote to memory of 2340	2732	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_e2c44c52204c9f9dfcadab32a7a3267c.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
c9be626e9715952e9b70f92f912b9787

SHA1
aa2e946d9ad9027172d0d321917942b7562d6abe

SHA256
c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4

SHA512
7581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
5838473c3f6d588eaaadf501cb2d9b49

SHA1
24803ce9b7a17ede8128814737ef53f3e1fb3b14

SHA256
51d0f23865e6b63fa82889d03d64c262910afab9f5a38c41a5d04fe40c32c7d5

SHA512
e4546090e65d4ad9e6107de69ddf22e151bc078d28588d8d1b3dfaa9b1496d226624c71ef3dac1fdee737babe4ffdae6be8979483c40ea4c2225edfdba4a3d42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
907524198f25b09c337992595fc86cc2

SHA1
ee0db7a7e94df0449a597f02a186d1a81ce6b69d

SHA256
b136f378559a3985faa5350d724769b504f01666ce25613b74dfbf0b19f22567

SHA512
547ce5cb1b891bbab0d7414d69fb8ad9fe71baf246b0a7da409dd4f56c89b2f3bd84f7b9126f7b757e5a6e3b6f8e896bd10a111b7c63484f082da364e5791726

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
52546a4eaa73d34246208174dca88e44

SHA1
51b7e5ac6aa3a0192c9cf4bcdd1fcb70fdd4e8c5

SHA256
9c260a39ac3665772ea39367599d6534fc745d088377ba05730875ce6457903c

SHA512
511ee5d87fa2680491e7410dcfd1ee769a5c8ec89d725d8868451438af8ffe4ba2cd26567bf550640e44854bab65fcc49e9e8d8fd2b60345b152485e6f8ecbde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15924c57c76d8ad9a16a778eae078c04

SHA1
c723f319e53d5444a580f5f575390acb31e2a012

SHA256
d83a08578f93fdc69c44ee2c5e13be9c13e1408a9aed74bff49961034f8439a5

SHA512
48c7ef6b9c6fc21fe618a025b7a1db3c7f5aacc2416f3939c528e370b40a708ea9bb23adf6b3e2386e0b81bf0045874ad7ba8d3ab6a27206e9c0afd07e7c2150

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dc7a8cf6563f2d6acb1e3d48109d9021

SHA1
a76be4a01dbd74740e9951ec1b385717bf9e75c8

SHA256
7e189fc13d033fd238c911d2d19309a57b8308930a9580ba3796ce293bb20ff5

SHA512
5511cc336cb1cba1c219f40974b472b8068dba3e5d80e0dd5e1adea84d5e416a88a2894bfcf0bf8e11d2c56f74a12fa2e2fe43306ab0ada7e86131f1f9b1e640

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
15f8b45a54a195e9746f42343292f1d1

SHA1
10a10e38ef82e74435ca4e0bdf53419987c866dc

SHA256
0ca73c11932e79414d37902b7dd3bb8f7444d704c8d05bd59ab34bbe74008f6c

SHA512
08fde7d6b9cf337f9c12125304d1912ad092eaa5e74f901906806a7e1d32b8576edcebc2a6f2be5f9fef1383124716000bf29ebe54a5bca4809f0f24d7e7f983

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7a76498a070c587adcfcb07df27ac4e9

SHA1
b7697e914f4ec5d3744907c650e5635d6cd23cac

SHA256
b3662b319e64d5cf01ae43eaf7bd6f54ca8159c82d8e20adbb87f7c921b75f01

SHA512
37bcc952d9cc11e501e1f95ff58bbbe1ba548f8e6459b0e30e68548f937793c27b04390f0fe0f35cef9c335031e61722b15624d2ba786a6e17c2548ef9a22589

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a72ea871d89098e550fac2caf2ed177

SHA1
a89a573e8ac580041780ab680d40cb212dec4245

SHA256
f2b9db1693577926d94c0ced096f40ce908594e841fc97b954bf017ec3daaf44

SHA512
f0154eeef05decebe478acf90db0d394e84ce697257a93bbefbc4fffc843708a03db0bce5dd147d679114aad44a2ec9ef94867511663f910d3fbca3ef380c954

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
65a3dd2702ff126db106d7ff6c4afd76

SHA1
243a601908f4ea49cedb039833641c672ef88110

SHA256
d23b386e20c3d1706b033d9cb53948ca912190d601097eb219c91a47cdc86356

SHA512
d2722e3bc0ede487755db7ae33ede3b90aacf750f6bc988b177029c1e0a4678ac0e75bb1bbce7c18a59186869b3f39db0f7aed9474e9d70c211bb172becd9d5d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
851f8b5616ed8ea4f75d3d5250b3feb3

SHA1
ef0e7a9b52232a50bcdcd26f462cd09fcceac23d

SHA256
31a3bffdad391e1d4bf42167aaf2c7524d0da34b541bb41553927022bad48f42

SHA512
adc4ccef8b5e2b5744db58aebb7dccb4c56a0fec5744f161b9b931fba684f270c0334a458f3317f2488264667463834a1f5cb823fc9402f849f1e2fe85fcde2a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44d7470727b3575ab7e7c8065b4c837a

SHA1
86f80b7e8166a437e774968c462f1cd05a343bb4

SHA256
db29b27cd8db0fb55b6b30aa0b9254e2ab60de20530022a9b4543562e743f26a

SHA512
6eabd0bc04d44aa0cc343b358952a7763dd370709b4774c0c3e57630173279db758890071825d682922d2f37c8373c7d90c4eaf757194db3e02aabc4b9a0f801

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
81197352d6b2a557ad47c7afe74bc1a6

SHA1
f0e9726efe3f5f850a8cf2aa69f61f20ceb5d945

SHA256
049553bdd105a21e4122b50266ac9b4512448e2f9ec52943f51f2f3945b9380f

SHA512
42f03fb86b649153d77c56a7b5bf34f917a0f61659b178f4a55b0ebbd838fe303de31665bcb77436f878aaadf5602972450fe1884e6ddaccd856004a9134ea5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
b7d3c82dc2ccfe98d8d0313a0468aa6c

SHA1
f72f41f7f89f77bc85220d680f04a1244b373d9c

SHA256
5459e2d23a444ea416ec379fc3791c6bd4895bff755e0a1e9bec8f50c6eb52da

SHA512
b781b368043c827b1f71db57a87e07bc8d9eb94c89292933a67baa60f742cd2664c0a1ffb08930da36b1bb254dbb18237886db606ad2cb23c2ab6843c0cf0dab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
986b74bd2aa766ed3bca8694fb982f6c

SHA1
bc02eff770e196029eca587c3e3a178e3626df71

SHA256
78432aeb8a6a21be828f1f06c8b787c5e75998b9c9585d8f5a5fe69fc68ad978

SHA512
03580cc794ffe6468b4d4b2387b8390a5ecce487ee1cebc97611f87cfec84a7819e82dcc03df11168b8f63e1de4f5c73beac479a5331e784bf757d08c2a8f5a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7C15.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7C27.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit