9dd923875d0a042f5bc6e03b326b48056c01600b24e03b7d0a3d974ceb785f50

Analysis

max time kernel
142s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/03/2025, 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_949e16b7d4f5bccc80da716d462a50e7.html
Size

87KB
MD5

949e16b7d4f5bccc80da716d462a50e7
SHA1

2a570059d433595fa14b3e91ee6bd72a84b84605
SHA256

9dd923875d0a042f5bc6e03b326b48056c01600b24e03b7d0a3d974ceb785f50
SHA512

4c6aa69053c274c3f93879edd2b89a6f4057413f97e15cf8bccc833566d9e2440f704cf15fb8d43561b6acfe6dfc3c036ec4b9b9af0ab9cd1419bd9282020ad9
SSDEEP

1536:3NVBi9gLY3a/euUkh8J9poK93c49nU3MhMSVSZKZD13odPhLKsRtH9M:3NVBat9pr93c49nSMhMSIwFodPhLKsRQ

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "449470617"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0E509A21-0D1F-11F0-ADF2-46BBF83CD43C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1200	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1200	iexplore.exe
1200	iexplore.exe
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE
3060	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 3060	1200	iexplore.exe	30
PID 1200 wrote to memory of 3060	1200	iexplore.exe	30
PID 1200 wrote to memory of 3060	1200	iexplore.exe	30
PID 1200 wrote to memory of 3060	1200	iexplore.exe	30

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_949e16b7d4f5bccc80da716d462a50e7.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1200 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
ba0ffa5e0d3adde830fcf8cea15fc6df

SHA1
0af59df4190554bc94685afa37a4909ab49beac0

SHA256
6652ecb5a2c785c84fb20085e570d5a32649f6fd78eaaff32ba50958648eed47

SHA512
99605e9c85c3a4899c05a5c4a2f96a900f15531635c5ce83f59f5e69b942ecea2ff1a522853f460b475591407869894bd2bed30955f102d599cf3d381ad58d81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
aa0770fc269ba6a37fe7cfc4566c410f

SHA1
ca1e07293dbcb10cdbb18088559febcb467e404c

SHA256
ee6fefb152fb1d4a4f3e7bc5150eba81b109cb28c9f141560d6bf3f3a7841c4c

SHA512
9636521e2a427f8dc1e156f0f6d7bbdb03e1014c74f93a65bda3c42652a95f6816a43aaa1b5512fac197c4481c1be3e33fd26a40cfd367bbfdd8a739486638b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9afcdee570b7a8164804d348b8879ec

SHA1
819062169040f631c3053865603bb201a2d8bd12

SHA256
47397f700c7872d6d14f997d4d90ad5090ff25ca867559fb1868fd7b7744c586

SHA512
e428c8c733beb978e15642f26331bf92adda4071c0458911c5a78783b97d2d05afae289b860a0b6184f279e9b1a63c654e92172e147b6cb441cd28c795b48acd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c3e7a37a8bd979f6ca0c4235c24cfd8b

SHA1
1eee3c35d1780f5494250e2b831e76f68500106e

SHA256
a5c36b98d26cb3930e739d9100110a46733b01cc829ea2244341060422e63749

SHA512
06af69b2d509a33a8380c7528af52a6d86f153cdbd3780677b8194b94df9e0c0b11a874f87d3257408b804308c0b42c37a137436b062a79b1356600f1b881bd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6a0f7d59871191051a317840162bc54

SHA1
6c24b3f56de8ba834a4fcd5fabdc55f87c355ee1

SHA256
58bd5df1be65d62bcb7e59153fa41544aaf15f958ec18b308197a3692dba6582

SHA512
dc68de2fe5847f3ee54d43c18e60f84ce878bef594a281e69acbb737cd4c95f427c105081722944f160b3141049997631c936fa71714588e04edb3cd6abc39d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
73210b20e66537360a73426068dbfeac

SHA1
a0d80e601e992b1c3304b5f467bb0cb86f416979

SHA256
7f1040cdbed4323041c574aacd2c9dbba5fc300b9567401a143a30479fd509e6

SHA512
0222d27f2df24af489447459fa0d3847af764a1590a2c778e29fea0ab6a36404e751277b4757a88066bdbac1c4b0cfb3e6d07ee04852d6c9a48e58254e769cac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bcc8ab0abf32eb3598e9d7849c5976a

SHA1
64ce6ba20df400a64b2c06cc04244a5b6a71e9b2

SHA256
e903b4dffc785b71e478bb5ce2fe5805103b0da27233b22290d87164845abdd5

SHA512
32f432cc929d790c3d578e53087db1bebf69f2adb4ff99efe36f7d9f01c2ab522909f3548aedfd370a29eddc56751129d74f197db02448d02ad68ddd272a9441

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5066d496351d48afe1a94d7aa3823fe

SHA1
a473e5497798e5f42e39304f6ceb347431f06a57

SHA256
2396499930ebb4f51c315efaf59d71776f1d2c5b74c0e8f0f390cb1f506bddfc

SHA512
eb1960108c08875fd96f22cd81cd288cac18493df3c71eb27c8d5dfb8fb450f47d44c64e668dfd3257db409af6b5d0a6d369e9f4e3b42876267eda7041a0ffb6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
902e039baa3137deb11b56c8bbbeca27

SHA1
593bcbbf2e6f18eef16069ed82a2e7aa321b6ca2

SHA256
ba4ec296d6b3530520abb44f5e6f4c1d9aba306f13c449a250d0bc8c4ae866e3

SHA512
79c3b9eba9b6f51ce6288d12dee69602cdd957306e8af5dfa3be03eb31463506de74f579d70c647f44984650bcb72e54852d825edb6fd5ed29457f071d8a86a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33ecd4e349c8df26d5d76fe41b567f3c

SHA1
a22c6478a2948c9df0874b4a5eed7859c4afe7cb

SHA256
ec095d6391bfd49786284722ec2972420ff54889d01dddc6f591eb4ffb5fa5b0

SHA512
3fd3555fd67b8f63b5020458292e59ddda4af4cbb746d61249aa6f0311f905104594a798db38cef09cb10b3026721e16f622cd73cde524fe7ae897c3d017a419

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b0372d1f5a3f056a93c689caabcf8931

SHA1
8a9abf1b47987812b7aaa2cc77c99e0b6f3605f2

SHA256
bd949ee9382f012cd9acd9c7f4779683d268f79b4c31004ffa15aea1f1f9738d

SHA512
801aa0b7bdfc1576c659ca757cbcf354221d3330592e1404df63e21769762e9bceacadeda24f76d62de098f956d267af22ece97a97912c64aa11ccba346bcc02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c817361f0ac2bf9b14e97fbf4313639f

SHA1
a23c9118a45c72916bfaa64c74008972f388e356

SHA256
c96b15257fc0ed128956e47605490e587efb043d08fb36c67d95fadf0fcb96c4

SHA512
9d58c441df44b2ecb5a7cefa3595b16035abd6d4f53f2d0c89e62dff842472e0adb5cf59640dd4d1ff13a474c423dfe6129617a85b5ac5f7ae923e45fe8c4098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\f[1].txt

Filesize
41KB

MD5
d2d182ae44e89a395c6a5c7c3370aae9

SHA1
3d4abbd4a135785f7f5fdaea7e9d6e9eb1b74613

SHA256
e4300cf2bf6767eb3345085f09d8a606c7cc9924a4f4129011aae19b2134cf97

SHA512
63e981694c0f5d7f9911d63b4a4efa9460123798f62fb279823ec700e4ce583b44f3011689379dbcfa260fa4d88d778efb91245df3e56395be41ed38f0b8d007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D6V88JEY\glide[1].htm

Filesize
114B

MD5
e89f75f918dbdcee28604d4e09dd71d7

SHA1
f9d9055e9878723a12063b47d4a1a5f58c3eb1e9

SHA256
6dc9c7fc93bb488bb0520a6c780a8d3c0fb5486a4711aca49b4c53fac7393023

SHA512
8df0ab2e3679b64a6174deff4259ae5680f88e3ae307e0ea2dfff88ec4ba14f3477c9fe3a5aa5da3a8e857601170a5108ed75f6d6975958ac7a314e4a336aed0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabB912.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarBAED.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit