fa441853c97bdb64cacc7874bb45ac80b75919bc2ba4e738ad2f8b5f0757c4c9

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29/03/2025, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_9398c198c5f0fe712d310f7d799332f5.html
Size

90KB
MD5

9398c198c5f0fe712d310f7d799332f5
SHA1

658ba511bb26ab1aec9fcc3a5b8f069692c87729
SHA256

fa441853c97bdb64cacc7874bb45ac80b75919bc2ba4e738ad2f8b5f0757c4c9
SHA512

c3aad8a3ae28d144b9692ef5d55fd5997037541c04db19f08a07cabe647bcf683d034c3d1e9f1be31be9b39d30f5f21274dc38c84816e7bd640bd3b52389ef67
SSDEEP

1536:ozwTiMRR+Z7CCCrP44Fvi4KEYcn3xFTp3eSs0R1eDe+5nr8+9Nvla/JSi3M0Bi38:o6iS8exFTVeSsUoFa/JSR4i3qrV1odkt

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "449465577"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{52DCB8B1-0D13-11F0-86F5-E699F793024F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1544	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1544	iexplore.exe
1544	iexplore.exe
1308	IEXPLORE.EXE
1308	IEXPLORE.EXE
1308	IEXPLORE.EXE
1308	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 1308	1544	iexplore.exe	29
PID 1544 wrote to memory of 1308	1544	iexplore.exe	29
PID 1544 wrote to memory of 1308	1544	iexplore.exe	29
PID 1544 wrote to memory of 1308	1544	iexplore.exe	29

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_9398c198c5f0fe712d310f7d799332f5.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1544 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
9339ca4a9e955c611f2a796c61c1180e

SHA1
ad7e9a8cb4e5273fc4291ce6320169e17693b8c7

SHA256
80a0647ce883a935b81a2d3b1916a81d68e6f19aea54a771c92941c06d9f9bbb

SHA512
b7aaca6cba96d8fd6db9c26e116b75fe792d466a5e76e99465452852040c4df65f1cf2e709e46ce3c1314464eb1a7948714b52fa179deb07802900d9227f3322

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
45b6bc76641ab418e10d3e54886793d4

SHA1
25c527b1c29c9d89e26676e6d213b3283cd91efe

SHA256
ef98f16e61a2af11d8dbb09d53275f487b830234209c5da39b0933b7de512598

SHA512
0ca0600b2adbd5fb052302a549c7da293d15355a1c4710919a961aae635b0b181273d6392da214c9839989f6fed3b08aed65277a1eb0a1ab9b9aa3379dcf309c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3468a4f7dc5f1978e3cea976aead862f

SHA1
f93c79b0e9b0ccbe80367e771fa9e62884fdddda

SHA256
13a725bd507c651406c3b4b2d67f74292095230124f9c2eafe00c2cedd7db622

SHA512
64659883e045133a522f5b1c805a13fc2fdf1a9a0a13c17dcddeeaf3a21b7a64d3fd53d09ad7ed611fda8f0a370e000e6b7c621bcbcf373ea7f44b75786ccc2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
db880428d29fcaa1f5c7f6c6186d424b

SHA1
a8e8ba5842e969ace7bed56f286c50223f0cad59

SHA256
8a48f2d518285fc3c7228653475a5727a0a1e6feaf7ba134ebce00308296571f

SHA512
83c66e805968cbe7d6be2bd3080da04dfda9640b9737d3a99dda2af448d9de38e1fc1cf96ddfe0d21ce3cdae245eabb55bfc70be12118af2994a62b239fb9dea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
472682ce519d47094e9ab9069cd584f9

SHA1
c4724ac2f3a5564e39e370c32ffbb4836827a62c

SHA256
8bc10f57e9679f3d07ed20202a65543f586c3be62e39075f0c7f0ea780a155eb

SHA512
42b3bd2b70b07e5f5993ca0f0ae5c6dc3b1101567a3de5211f8b8fbad517a29376f27962aa8c63997f216c568ababf0819e9afd5b398c027448027710043217f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ce2b715f9f33b25dc910df9de34e559

SHA1
cbed8788ab28714ff35c6fc089ca3f8524f8cc01

SHA256
726ea0edc14b096b7a74bd19b5c028784453d4e9e258d887f9ddc4697a8338b7

SHA512
620d50e34294a422fda43df52b83ab9a229263280ce856c4f505a23d4e6502c81bb12d0051aec98c261551dde7a1cfe44528b1b047be3857228cfb928f6a00ae

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7f77d83c90583546de9a7b39bc4f9959

SHA1
ec1616896654ee8dcb0caf4461bbcaf73a350460

SHA256
835c58a79ef5a285fcbb46e6b68efba3a893678fc383b55cfe6c7dc518471c15

SHA512
0077b34e54e4124a4302bb277ab9d9e414c8161efa46175173f37e55a25175dfafb7e88cda3158d0f258b401abbc6ba1d1b7c573787fa04b5c7dba89492b35ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
37d983045d8fdb8044c0f937fda6d1d8

SHA1
f48e8c62dacb6cd48cec79de8a1612eb548ca57c

SHA256
fc3661c0a212b94acf7dd47bfde3227efd071c7f1036278edc79d67383d0b670

SHA512
96cf4feb277a8af36a3b58a243336fb7fafa199ecc204e5e7830b80f8dcae4e5ca6de498e90729b310c5b2d44c0263a98e701257b6764d1796629fc56dd46792

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5575e1ee505ad0e5e65cea29fe5ae030

SHA1
7b88fa5f475137370325b9159453bb49947cefe8

SHA256
bcf729f010d1571b3ec90f45b620a712cbb61e5bf88b96f0ebab3a1c8612700a

SHA512
e8957bc9f1e879d7f2f82e727e0bc6e3b900307e1a9a4183e18d92dc499bdbe1eda96b42bac11d515219afbd51a6aabf065187cdff1f77d84512ea552ba73a56

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e2d06b8e51e2cfd46bcbf806e79ec9e0

SHA1
07f3273253f409f4ef23b3645ee387ce3cabd804

SHA256
23af020f3980f075188f773fc1f7e035bceb55a31695867b7a99b2cd6c26e574

SHA512
e2e8b2bd08bc0b31ff19148a940bd65ee07c056631c466bc7fea2b27d05ad91c868fcb7e77f5efc8b9d4dc6bbc5c0362df6fa7268b4b63fdea0750afcb7e40bc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
448f977099b2224af415117cc3f52908

SHA1
8490a4d6434c6d4b169f564090932c8849241903

SHA256
98b7ea6ac412a5134d20e1da5a712b9a73fa2180d0b1474ed43a1fbb04d2b1f1

SHA512
6eabfab086fb54afb31a5358a3c8e66e77ff89d91123f4b8a64c3cd9966cbf91dc85bfa6aeee81a1bd17631caa5fe0d00d36f4f7428b9532ed295f11128f9011

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4aa637e1d45c113adb637f023ff2da21

SHA1
fdd203f71730288ada7c6958a86cdc57ca29e160

SHA256
688cad57b3164b0aebf02065b901d635d8e4be9c36aa51c41f9f31e43ed48ac8

SHA512
58d2be9ea8f8fd9bc87872fb1787faf66928d45af9f3ecf6467c76ac6b492a6288d98deafd3741cafbfffb6107676f660bd53fe7d80b591209ed82e3bca6a3a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
ef51a9315319671e489d310d287459e3

SHA1
db99e22f53d102899ae2dd2111e315769b30349b

SHA256
347de7ab2d97dd66fe02f654effa77d0886030f27bdbb9864e96ea4bfdd706c2

SHA512
87c06057396f80f058a7cb4e12d2490d49945c9e7104c441c2cd219115f5ef0bc939d4e4da411ed9b553164d5f33317733360f0a2bcb212d6c5f384df6242437

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabFAA5.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7B9.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarFAD8.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit