f3c0b5d3db9bc39bc3faf3800ce8ed6a494db823237ce17aadbc73bcc71fe23c

Analysis

max time kernel
118s
max time network
134s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/03/2025, 18:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_934efac5acb127c51ac19cae87a404f4.html
Size

6KB
MD5

934efac5acb127c51ac19cae87a404f4
SHA1

ad22f66577de7be60089e72440e5e5f513d5dc02
SHA256

f3c0b5d3db9bc39bc3faf3800ce8ed6a494db823237ce17aadbc73bcc71fe23c
SHA512

5435670215796a145e9d2f3f38910086a48599cca16fc12109ea5cb5f2da66115599bab2117f17f38bdb697a164e628a1c9e22ce1d430d9635e5ea47e6797d0f
SSDEEP

96:LatvXaQj64WsfLJT/G+oZy6wcpMax+wIC/W:LadXaQj64WmJzG+Wy6wcpMaoe/W

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b2fb851da1db01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B1541991-0D10-11F0-A322-62CAC36041A9} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "449464447"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000055765cb3314a934cad898aac41b572ee0000000002000000000010660000000100002000000006c3b320d332da8ced3996fa91ecba5db289b378f40ce7c27fd29ee7d5ffe898000000000e8000000002000020000000515c1e22ff66df34aa1eb5a659c5ca672713dd9eee1023bf6feafa4a2910c588200000005ccfc667f42f6272350497d38a05d43854db5b466c787d2e02112bedf041d66c40000000578fd4db16846eafb0cfd93c5f4a812e36cb2f0c0a9f0ecb6ec928cf49db5d20284e1d41ab393941950ba5afc382d53fb2b503dec33757d61d091fdaf0e22324	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000055765cb3314a934cad898aac41b572ee00000000020000000000106600000001000020000000916e4b77d318cfabc9e280c0ffa7f4eff557893d6f48c25c516e9b788920974e000000000e80000000020000200000006d1f31d92e55709c375d7c3db1b97e0226b5954aa7f3355d7efcfc3ab57e818c90000000584c8b186211d2c6542b8a8d897361a4bfed9294acff01384c6daae0d4cda8c47b5f264495e92d8b0449d2db6aea869e1006d233a52b81553fc4a4072f2949519723a44b142b62f43a8d877c30900fd9dafa3b76eb496451dc613a4b878600eb8cdd9cd54966a088e82d18c40f66bab5f0bcbfd7c622aa2fbf2fa7cd0301d8f53d8f54e8f758c6db8b8144a2d6d995404000000020c1f6a9c4e65a3724fa56458fa07f2905a41c236af2b7164a0926df7ab192e684d06a446f2d2fc804bae1c1590b73f6220fa35cd32148e6a549e1f0602e3375	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2868	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2868	iexplore.exe
2868	iexplore.exe
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE
2456	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2456	2868	iexplore.exe	31
PID 2868 wrote to memory of 2456	2868	iexplore.exe	31
PID 2868 wrote to memory of 2456	2868	iexplore.exe	31
PID 2868 wrote to memory of 2456	2868	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_934efac5acb127c51ac19cae87a404f4.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
50bd1a19a6807d1584b68649aef1f3f8

SHA1
1f61e4097444ad8e1ee8a7fd5061d936a4177bab

SHA256
e1c51f2c24c0726570673507de383d85c69684c127c6d716220861aa7df37098

SHA512
1df6318e4045407bf01d8985a644d81017b85eb09132b6efcc8c9c2bd445d2214cd590ccf64e1d8f49c0f51f04be4eeddd97362ef57f40995e5473efe5223927

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a97a7711e6cc4efb6eaee180397fa204

SHA1
fc9319640e5bcfed4dea50221be1f8a566428b9e

SHA256
8a6ed2778b19b91324b69d6ff237e1a0fbe8e31bbd8bb2e69ad0c59f512fc09a

SHA512
3067ce35cdfed5a9062d0844530eb4c005eb6fcdb23721ec457e7d286265f815c3d22369f52f905c29b7997be3dd433d628fef611a4610aec6ebd6ed2c36c7fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3005366c870dc3c242b9802f5eab03ce

SHA1
308098713eac9ef35d229769c702128fcb3378e2

SHA256
34d6b4e4c38cb98f12de8e11ecbbfa56e664fe863bf39f653eeeb3dfa8eed4dc

SHA512
d6440ad8515f902da8983dc0823e9c6e518054b2de9663f3cae896b72c096a89c8965f182382afc5e4f657be86cdba17893378309c97c533e87b3a875398dc1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
38813438fe9f42137f458100bca3ef84

SHA1
9f1f57d55a9da7c0da4c3c13229b714ff836eb49

SHA256
443368f684c8497546681a684e37a5c7b68b136f4fd1ed24cb3c146aa68ce206

SHA512
a79a7583319c43a9695492c076356c5625960df5ad533356f457b7e3c4cd695b52990386578204db8b734cc5d8138bb3f3de567ecf9a5e0c091aeefa7103626a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
445f0504a207bb819bcf7f75e55cc626

SHA1
9832ed97366b44783afaf98d67b8d45c549b3fa3

SHA256
6a21903c0b220171d89eb01fce8a17052700fadcc29d940af0196a07df0761f0

SHA512
eed04619dff3137b22b1c19b924e1f7adc7c7d7ae57b2f2ceca3b1fd80b88cb83bb22e53c2585f6f41d67af4dc3892bd42e4e3cea4e0e77ff2c35fdcd4884fd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6327d291cb88ca7cb6fffddd3fb09132

SHA1
10334aec2c3a9b06c2566568f44c0be2e25e7a7c

SHA256
6571d22cc4ba51ceff93bbb59114d5fc69f3fa286dbc913fcca014c7ef7062cb

SHA512
16932b258e3ae3957f49f1fb97b41cbd1b81c18418080f8d5285242d87c0341e4c49a0b216ff0bb0263908c0b0b9955d5c3ca33f626769e25e2515ed1b86c8f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08df72d5a6cbab77f57a9edd3225c926

SHA1
18ccab0ff6fab48a8b663b09faa519148e15fcdd

SHA256
24aeb05196cd7715479d9e44e4344c3b1ce936eb7af12c48f2ecce4670e71b72

SHA512
23e2969dc929b96ecd721b8252e1d36204de2cb97f8ac224b60563264567fcb7cadce19235588b982f015813534d41fe016759310d58281f6feb6dcd1cd4caac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fd08326faef028b8a56e20b13459fc4f

SHA1
e3a296867be69c35b19f0b0cfcaa47982d3e729b

SHA256
7ddb1d07b339ea173b484e601e229c1d041429800e579b6985c5dddb9dcaef90

SHA512
87655c186b8c4f2c2cd5a24f57a20e0df2df26ed34fd94833c5c6be00259422fb02f6ea065ae6dc9bcb1cd30b9415aa69107bde81b379b9ac259d7d95ce3af40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cec1969b9149d674ee8973d8bec9bb60

SHA1
ed687608875a8abb42d9c3cd4c850c8c3ff226ef

SHA256
647b3fc63524337cf95e5b4c265ee48940960328cca47a21fa01f243b15218a4

SHA512
fd5b4c185884d9d58776349f956d7ba8e9621a5489afbe1e61e74a0ac6ef5ae920aa2007044c4bd111d923fe9ea66c994e785182d1964d3bba4386d854a2889a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
35574287f59a72a1047f1d2f1849ade8

SHA1
8c82327ec81c0aefefd751bb2c795e034e0a03f1

SHA256
4b171f89c5b500bb4a06c6304a85821783de8dbae9e0c79d3bd9b4cbf44e93ba

SHA512
0f0f36ef20e9bbd75b6e9b6df29a2aa9df894e3ab04d5a05972f88e41a02be06d50758fde5c7379ecb4fd7a516fe8cbe6e7ccf452053866347339283c0d0d2cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1938e47b6fe65b60a51cf5f5fae7e0d9

SHA1
51ea8dfc384ac431bdd87af534c104cc2bcaa314

SHA256
a4081dfc77d8ff4bb2a284ba1e2bb7408660aa224da6b08e9b471008bd43f2a3

SHA512
33ddf2492bc8ed9d2f8cb039ce7242d072ea07520a84d2efbe439ba77836cee743f4007c067782b6a6c78f3d804c17d148796e02d8af3e173593f584f32a9ff4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4ab776060e9782261d155251974fd0ac

SHA1
9ef974a1ca3d754f36f3debf193b2d6e95f5efb4

SHA256
d2127118ff61a4f93406444f36b1c2ca351b5260aa13f1b249a4ca186c3d25c9

SHA512
cb1e7c152161176d1b516cf04dff5196808c34147db6da838a2e0e79798cc1d61ab3c2d2c2f14c68233036a379ac8af3028213871d388c8d824c77970c947348

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a12349421ee35e3d2f4406f0f3fde7f

SHA1
b7fffd898ba1c5bd980360a4c0d3ba55a28d0129

SHA256
713d116aeb08745c56a9972ae57de0209bed11a44a7f0bd22ea11f8f67324650

SHA512
c46c17460ad4e5a53200505f40daa1baa84804d2507c77cb3ab309cf64ecc59b33321e443752dd916c503eeabee307c0b1660ff5cc1905067041a2782f9523a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c936674affd279c66ffcd1dcc9af371a

SHA1
96e7df6e5004b69854a52192e625247f0864dba1

SHA256
60d8a96443ad7b8b9110aabfd85f1d7bf6ef24469b8d17d78cd789dd3f6882b3

SHA512
4b56ce09d6af43749345a0aec39e30a4cd4cc0afd8450a41d7dc338a10a6e1d1c6eaf48ae8487849e48b8e8472b458e0f56c7235f1a3584811bffc4ed82937a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e5058d6a57ab165910e048e7d2d7caf1

SHA1
711b4ba55f6119c3adf1242780918645340ef353

SHA256
17bd6578193d97d7bd5471ef2c2a07a02356dfe3cbbfc3481a7f4f8e205547ea

SHA512
45232a045e8d22d42df768684b7102ad6a3840384a575ded4af262f94c1fc1be64787ca1b332a8684d768929c19730f021e4a7a4f69c9323ec470f87d3308404

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab82E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar14D2.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit