50a46607e58ad3eb975ca9f767e8a889f8bb05747cf05b91104722ba8ac9840c

Analysis

max time kernel
145s
max time network
147s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/03/2025, 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_98382a0bb18eea5208c91df734b17cab.html
Size

103KB
MD5

98382a0bb18eea5208c91df734b17cab
SHA1

88eb9a9fd2e1f42c50f7028d3677a0545b24eb17
SHA256

50a46607e58ad3eb975ca9f767e8a889f8bb05747cf05b91104722ba8ac9840c
SHA512

e152a85216364b0daf816bf60d33765fc773a0d82a2bd6c4bc2e68fd30c9e1c0dc2f364d09786e8e3787a7258612a2a712f258044e13c870d8b4d11e1495a237
SSDEEP

1536:K9JfE+kpiTefHYjoJrNg8Nqu79p4QwgwGbapHm:K9nKiTewjod7Nqupp4QwgwGbom

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9AC6A591-0D3C-11F0-97FC-EA7747D117E6} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "449483307"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2692	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2692	iexplore.exe
2692	iexplore.exe
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE
3048	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 3048	2692	iexplore.exe	31
PID 2692 wrote to memory of 3048	2692	iexplore.exe	31
PID 2692 wrote to memory of 3048	2692	iexplore.exe	31
PID 2692 wrote to memory of 3048	2692	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_98382a0bb18eea5208c91df734b17cab.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2692 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
2eda41f0d49e3c23363c758baac31a20

SHA1
7d86f7a0561587529313c0ead29380addf690eb5

SHA256
6c36c4cf1d05d1a6b23fbb805de5c00889cb0a28f4e492967b3fdb70459786c2

SHA512
146300a5da64d607059402069ee5af8251b94d3bafe984a3fa0bbcf76dbe53ac0757a45e4d2a8fd87502ca270d26ec1b29781e05b56e56c518399e1626aa2331

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
59f2ebf73d93dc055cf2394ae46bcb6a

SHA1
f6d1625066262162101b573eeec6392cd2cb18a0

SHA256
74dd3ee8fac767717ae31f32c6c1c1ea1bbfebb1bb68a4a2578093819527945d

SHA512
b11f1ba3de3e5b4010a5f06e04887cf79064d1bc0ddda03290299205037ac8218801553c8a88a17da0a6c97ce7bcf6f4d8b3b4d5eac7c28e224f739005d7c836

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cfe6884a0bb267fdf123b80f2baf1630

SHA1
4e0a606d2d2a5e2b8fdada7d62f3203e59c2f19f

SHA256
6a3cd3bef1e8df007b35ef37ff10ffbe75e592154df11b8bf1102372f44bdd97

SHA512
d19c896ce29befa27c0e7eaed2b7295fb0ec97595762fd1643013a71844ab49e92ca43aa354eb25efef1b1562133c91dfce17c0a30c3ecf5cc73a226b45dd362

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8421f74147066cd08cf68188dd4f5965

SHA1
8029329d65185a232fd1d8a3cb67eaddeceb28b4

SHA256
d9e23a839a5980780a25bcd2090ab852f3c864f3f3b886c456e0b8ac8cab1ce7

SHA512
8cd5579c184a08439b362e7410533e0712071733d4533cd1a83dd7d872c89fbed8b47ea22e8c9f920b91a35dbc19fc98206b63140276667eaed9487889e3fe8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
381dce2fab7fbf017142abfa0a1e811e

SHA1
01aeb90da726f6d31c0760320f2492c046cd8377

SHA256
865171eb4b80c9ba9df960a70e8ddce9b6199dd3facad04f928575276aa00be5

SHA512
f911ff69c6055a997e2cc90385ebec2120584020f437b709cb3db0107b56c1ed787e9c37fe36651b9f5dcc12cc91fd0ec22d25f8bf9d4969ecfd8a504a37273f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ac144a9215b73115f313673a581a40c

SHA1
e82dca5c61f525e809b26344ac8ddb219d277024

SHA256
17e8f5652b53941ace75298303f7d201cc12bb693a912902aa9bbc59340c0ea0

SHA512
13a2b1ee1c3a11366b4a03de41e823b6754a83c79164a4d39b6b4677c065bf0f3a6e2b4fb24e7c04598935515f9f63bad28c5e9408d21f54f96b9d4d80b17a14

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52dc572ada858de4b9d1b80372e027e6

SHA1
16b010a16bb151f1691e396b4ed3fad29e7771eb

SHA256
7e7d3cea5756f9cd164ef248651998162dc8271f73bacd9d7f46f378aaf23054

SHA512
9eafdfa77a4e9164b502d79cb58654550bff636c12b5f2e1ec1a1c64f7a51c711d30a5351c3ab47a729f98420dd7aa6c13e2b0a585d74aee5171d6c9b078c4a9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f39aa419c10f9ebe8a868dee56714b2c

SHA1
2a624c4172f7057edb85fba6191f3368d3c6f6fc

SHA256
2ce56573fb523e1a7899e0661fa7bef5ac632e2fe223bc5143b3c50cab4993ce

SHA512
821fe15163f70f5b5d82c81e37ca9387f7e3caba132cb81e7b67957bf8232792be0935a30e9017e61c828b6a2099366bfdd1cd9fd29e396ae543094366b138a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18e788ffcd910449d8b596f89beb442b

SHA1
3373557e5e44d2a4f9819a7773a3fa252569df40

SHA256
262286f299efca95831875816f6710e5a50cdd3a8834942de1d4eaaea08ac3f8

SHA512
2e0a7585f6914b9e9752576f7818c64b6f48f8a92124b93ac85741b33b5ffe4e49c440389d028ba7dc6409326493d98848c53f44cc9dd9f32d8b209a783f7b8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6953572249bd4c9c6af9b41211022a1c

SHA1
b2806624a25e9b16f2ee3a179b5c62f358304731

SHA256
9419cff56e43de3311b9b249a13739e304defc7b1a7581c6f6c6b0b299f70749

SHA512
ad08f6ece6ef8202232d2fe24a821290bbbb326a0084e96c975de76da51110377b27fc512126c957464486861605d16434235133dbe0bdd03aaffc7c95278d4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b3680fd123a44237e4cad200ca31c2fa

SHA1
7d803ec91353c68d4cfba77678253f249e360e88

SHA256
dfacdc4625386e5ce131e9f92992eccc1b7d742979dcecfa810e135808f6c64e

SHA512
b9c56a51d088fa7054056fb45630a6243044d5760cfba2ee7377ae6cb21e1dd00a31272b2e0eba3f4a27f4f0a944522aee7507f016af6ebe89dd3fe0cd4d6261

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
acadbdb96d4303851e8d96ae1b2170f8

SHA1
a3b460f58ef15ef74e4dbf3740159c993354abec

SHA256
3ec5d1e3657d4a343cd200565a23edca442c1653d6c92fd7036d4f1c0f4de3e8

SHA512
79e6896679ec199dfc4284abc5ddf5e0ae4b7a2e4558f4b6acc6987dda9e5eb5a6a51c38fd9fe4ea15c27e151e6c5b7c2547284fb459ab6369606c11f8e7737d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5c93326d23895fe29a1c15de67b1cece

SHA1
7083230059037a33a7a483581c28c920576f7249

SHA256
ba235b3108bdcc53f4a51abb1d5915edd41d2388e7d71357465e8ade40f4fc21

SHA512
931aef04902d6a813fc643f17ad2b11b2af957960883375c7df752ee345921c92334c7a7aac61b9ef90cbb9b3fed8a332cc370fc7c53069ac7cd1fc876cc7821

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8271261b16b937fed2044dbbf6e0ae68

SHA1
46bc5d1ddb80805e9982e8099d6ea6379ee633b5

SHA256
860fb3166fc0e3975f7d36c577755bc29e2ac17a4c9eb7465c1df73b8395a12e

SHA512
ad89295b7e04479db52f87afb540d67df5d6e6456166985b65f596bebf44b704c771d7eccfce458cbe8272b5660e458269ed30d27c188788bf566b994f5eb77c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1b38862cef4a2cb4131a50c7d9dc7759

SHA1
e1f2975c2d7b3054d0fea92a0f0a235ef688cc3d

SHA256
ba3c0e34b1d685bf71af4520bf5ea4425f4a3037d215914581b83ec43e423213

SHA512
6c108a63fddbe7fc2a4345e18b82b5d45d67bf670603e06942d7b967b9ea41aa8674ce44ba7c63ffb46587a8e673dfdcf9b99988e9b80eed5f071cebe4ffe382

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9b350cd27cde1bae1b69c6ba1a69827b

SHA1
4d8ee1edf0e24648dfa5a98d9cefe9e65ed71e9f

SHA256
c786468e61a797461e0a08e66655997e8f1360ba8251789bb2212fe8626d039d

SHA512
b7dfc408d8d041177a3bc759f5b9055b0186c76ca2efc319be20a81e9f6a3be010a1b48fe819ac5456b81d4a9b052791fe3502aeaa1d284360fc1c658c4c37aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
27e73f2f3c3767f7bbc97f2820aace4f

SHA1
d4f6ba4870aefbd646c45151ed6c50e244437d57

SHA256
523c8b98dc301003c490c1c0dccd151e4235182ed2d06b08dab830ed8cac6ede

SHA512
3f8caacf9baee3dd8d690a912a7f921d7a01d67308859b8a054d2a35ff573836509c0273c0063d87d5725bd2fb96cca1ffac44d8de029336e73287655390f855

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabED4E.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF07C.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF120.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit