6111151f6feabaaf64b7e7117802439f3216a8f0674b9e3e3e437552be1a645e

Analysis

max time kernel
148s
max time network
145s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/03/2025, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_934c83041a7896d3b7d32a343847edc5.html
Size

73KB
MD5

934c83041a7896d3b7d32a343847edc5
SHA1

1fc8c11148df7d87771a20d3907a6f769c658e24
SHA256

6111151f6feabaaf64b7e7117802439f3216a8f0674b9e3e3e437552be1a645e
SHA512

c2000fc2e100a5a6a25829787f0e287a09627f21a72ba33a8d264c9a60fd50bef1d78781533e7eba006d0f56420fc94725afa203d933b50a1c929c844ebea492
SSDEEP

1536:uzwTiMRR+Z7CCCrP44Fvi4KEYcn3xFTp3eSXkLrV1odIh0fZETHPJi0p2NodIhdZ:u6iS8exFTVeSXCrV1odIh0RETHPJi0pO

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "449464422"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A1CCF0F1-0D10-11F0-B432-C6DA928D33CD} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2016	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2016	iexplore.exe
2016	iexplore.exe
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE
2320	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2320	2016	iexplore.exe	31
PID 2016 wrote to memory of 2320	2016	iexplore.exe	31
PID 2016 wrote to memory of 2320	2016	iexplore.exe	31
PID 2016 wrote to memory of 2320	2016	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_934c83041a7896d3b7d32a343847edc5.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
42690443a0889d47cee29f4e67babecf

SHA1
c29c7b38a794c4bc345ba0db8c96a1c5948295a7

SHA256
1e262708ef46be93df6874c21877c7558abb875c7f61ebbc163bfc5628a604cd

SHA512
acd03e4df609e413324b140129a565e7543aeb17ee604b24ba119e7b47a0e7447a294ea81d61d7185dcc38a28ccbc77787de7132aef9108db312ab2acd0815c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93870b597b502f44592af75906936ac4

SHA1
a274e8d6d4318a01f9baf44ce6a39da9e9575b34

SHA256
fe0b8e9220bc1cd4f81e39d87e6133a4c94fca95ff5dc6826dc17484569eb91e

SHA512
331b00a9be6e7166c197e6629c47d12751235a7fe828bc24c1d3993beb4d1f76eb0f6ad76a37a1a2e58a3d2cf5e7116388eaf7ee0b243397491f01bb15e27bb0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6415ff761788b1f2819fa32b728efcfa

SHA1
0c623a031eeec3c20de0564152c84cfce465e101

SHA256
385b9cf55d056db32e6e1101cd99232865d938a70ee833dd6bcf0348b05e8a81

SHA512
ce17ea154bd14eb4959e25354ff8c9dd904b523f8cc54467c17ca85dcb0bf91cf888cdf37ef8d45e7d64cb83e2fc5e6e5d3f6379415819b0bb23c06f0b17069b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1f51949e52cd1e43720c7ec952337e97

SHA1
409338e012b66191d26959f0346f8cee3ba411de

SHA256
fffa074997d8dff38414369a73cedf49428e60357f2164ccc2f717562c64cb5a

SHA512
4eb611c8134b27e10604c61b75765e3abc87a61dc020168cd0047392c2a9dfa02cb89fc10194f0b496d600c55224def065061c71d7a7fe1f79e47338c9a7954c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2d23e72f7f0f41e349799440da68691

SHA1
ff34b4eaee560c2e10457bed7811e0726663c0ef

SHA256
674f36526fc128491cc76e9f336624b6021de5afc83cb5da1f12c1cf509d7a14

SHA512
f06fb27acc2cf5d47cd07efad0418ec4a4b403544ceacfacda4433b9a9fbfc5503d20f5934ecdcd645f3f30b3c85e2da5c7532e4d3bebdc0f769915ccd8ced49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4688adc0d70c34caaaf9cd3df4dac4e9

SHA1
995912a41f758c4e812282d6b32440419d6a9b39

SHA256
a5e3f98d052b234d205b33a66d9ceb31212fa0cbf0027d7e03dea28e742b1122

SHA512
2748419b4f01d620b086a39ea8f345a78207ef17b30d1f2e4413d9e5450a616abda68a95731aeb57ccefe7a1d635d93d287ffaacb618f34fc25683e0b140c8dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9c2145dc49eb57d9c920e4cf53d19bcd

SHA1
bf01a9e9c16c0a0daaefa3f651dd9d7b4e287f6d

SHA256
ccbe07cd8186711f773ee42dc7d459390a8ada89c6fc7913828e845dcf08fe54

SHA512
98b6e107c36714f7b4fd84d60c1582002393e36764aeeb713123ccb1260d72fb2ab7245288f3377e70d93dbaefb90469cfa70ac2233ba721e0e9c6ed9399d5c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
26de1e6f5fa5a1f6e6aaf83199d97d61

SHA1
67d7df6133c81978009d680577d12f80647cfdb6

SHA256
f9e13dd687b7a88b4f4e07cfd40e604e8859f4ffd573fa791c1e89a9b1bb12f0

SHA512
4e78d5a27c7c42ac1a041f4d09af42981703005b85f79d466318b2d94775272d1a8b710d67578a4da5ea8f5a8e9da3788a00308add45e3ea7e65355d41195e8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a3c58ba18f322358c2144b3c935385b5

SHA1
8744d041d0c0c5063fe0635f4b6fc479641edc9a

SHA256
96f546ef91af136b1f20446b40fd2ee004355173a9e363cdd3af2c7fa9975f5f

SHA512
8da4110751d9158e5e83f1f4ce5c27619115d390142c1589c03be8c9255d2f21c02dfed2c049466c49a4ff2b8321f7c49e1f72d0959ca5c0946da1ac99931870

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6429953e0de47abba054eb9b2d888255

SHA1
a7fb050cb2e0301831b2afd326a370bfc816291e

SHA256
34619653ce2bb296d4cc2cfe16f5ea17c62f86d906f31d8ba2745af4348a8410

SHA512
3ef4d12c169c2a1ee53da64845ca54e443abd8cca2ba5321d369a2104d6fb515791e7a49c033e0a5934c153eedc983c88d8e6be77f1f0f6c98bcc33ca8b74846

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9987911d54827b8313d3919e32bcf153

SHA1
ca2b0c83978cade2fc2d8c70f72e245d4edb309b

SHA256
c6809998cdec5b84268de3e4802945e10dcac60efee58ad58abf28c2a5163053

SHA512
df0a96aa7c2c44c0abc9f7fd21651e7d3c26a8f19f44096517461e9ec2dab0e9d5804bc5d96b678933e5e1d44d9fe03e49bf1f475dbb96f9b2d532e841141ee5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
be4e554175c47b91ca8a67c9eff8d875

SHA1
f21998b88e09b4903ed9406ebdad034ef3df3249

SHA256
5e863bcba8106aee7d49f5967f04546a7e890347456c5b18bffeda55c8d0c494

SHA512
d6c256c41b9793d126082384d1eb0e93a7ee5f56413b7e619b9e18ecd93c0df5d94ba257cd74ddf9ba254dc51bbf88785d3705db3e3bf4e2f5ac862f9fd8f3c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabEE86.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarEFE0.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF0D0.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit