Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
26-07-2024 23:50
Static task
static1
Behavioral task
behavioral1
Sample
764209fd06803623a948ec991c165d74_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
764209fd06803623a948ec991c165d74_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
764209fd06803623a948ec991c165d74_JaffaCakes118.html
-
Size
2KB
-
MD5
764209fd06803623a948ec991c165d74
-
SHA1
f8ee911cc9f9bd9d3ffd4547603669db345eed1c
-
SHA256
488e84b3a85ed3d203b205a471c7b9f3b48b834ff0a6bf2f7bc3ab91e667e7fc
-
SHA512
dbf693c08e8ab43df8510c68942b2bf8e28d28d3765c838d46a6564620806922f2d5eaeff45d0a85128e9a7ff616b5ee9a85745b1e4108ec42c025992513a452
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0E5FD441-4CA9-11EF-BDB6-FE3EAF6E2A14} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000b60f175454babf2ce720a548afc9827bac9ded3bbf53652dc5595c874aaad6a6000000000e80000000020000200000004be8daa3fd3c5df71d6648ff3d57622f24ce720381705f1163a4d0f57e96f151200000000c7fa0b204b26290efb9d0105faa935cc69305bc56d7c125d5f850431618588940000000a30f8dbdbd6701ef5094bccca68d2305215799c0c10ac2ea133bda4e231a969779716830a51371f322d51e742c71bf47ca6458a8c54eb2de470a4336cac6d867 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf7100000000020000000000106600000001000020000000127813a481bfdd0d31b2ffeaabc489f8384303815089341b802273ada3827586000000000e80000000020000200000000485dc50c80f54eb27472a3eff29fea93da424bd4360c79c46e59e9779f6197e90000000f0cf8321e46e7864c29e391526d9bdb2c901728e2dbc8b95a2f68aff9f3278123e4956af7de8ad51a46f2beed9b29583a9aaa89f474a7652743d8422e2c7145f5a5266c123edd7429c742acd772ade341d5d3115cffbdd3d793a3aa257293d1bd307d2ac7415c9ac460e209a15802d3c9096a8b0e544231f15a2b44077e995db5e221347afae400502c3a21507218063400000006277a513247fd3ea54eafbe2c1fb5698be2db835706900bb43b504a44a0da70125f86c4e204e416bb2c90890f689a8d8e2f0b707ef98e8bfafb82c9a5127d84e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428309312" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 909b19fcb5e0da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3008 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3008 iexplore.exe 3008 iexplore.exe 2596 IEXPLORE.EXE 2596 IEXPLORE.EXE 2596 IEXPLORE.EXE 2596 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3008 wrote to memory of 2596 3008 iexplore.exe 30 PID 3008 wrote to memory of 2596 3008 iexplore.exe 30 PID 3008 wrote to memory of 2596 3008 iexplore.exe 30 PID 3008 wrote to memory of 2596 3008 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\764209fd06803623a948ec991c165d74_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2596
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58be398a23211813070ba09d1dd97527d
SHA1aa85e8f76d6f9041d979d1b165fd08f21d8a2804
SHA256ccbcfb067dab080d0484b03711b9ec91818f0408e8f2971abeefb8682d0e3c7b
SHA51217c472eb8d878f13bc9d23e63ae221ff61b84550d1aac4afbb28d62e846d2a5164480815b521f2c298764573daf54d4ed70124166ea1274e77c078ec61548845
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b72b64175f4f72b49b58c2ba3485f50
SHA1bcfd780b57fcb58216a0be991bdb29738aaef133
SHA256e7b8998315505e411482154c50e9e47012fb7de812905c2b7230808801927e91
SHA512b421a69606588656e29de19839c690e205459a2e1ebae05fa2c3857d2712a0d23b762748c7910507adb21befe291952b5125effa8f14afe0941f9b24c8926676
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5add5109227f2f2b918c074bbfa1b536c
SHA1e40aebe8ff57a0da8fb8e4b079b3c38b9f68b9f0
SHA25671d72b5f9362d02fa6c22501dad969f4088fe5471094caf25976b803f952d0eb
SHA512d70441a10eee86a82090161e447214c8707d0476d6971090552b9ef6a1ad8f7dc25669ef9dd4f3a8ad6472e3807f6025eaf26024be61bd4ea9e84403f1c8d779
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50169977cb00acb9c809c4c9c387e5e34
SHA15faa4fa57ac5147552d8de8c8b9a03f7a055127e
SHA25698fe214533348e65c9575e7e555565fa6ebfa1ea8c133ddc3493b42c421bfdae
SHA51239cfb3323a6d6835f4ef46d90ed57b568e7c4a659b6f8bc8340789903e613ef895020867d2d09db814b8565ab922fcddd6201371fe5770252825b8070eca2a94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5835ef849d7ef71bde45a9b1d84b58467
SHA103133332d731918712b9ca362c48a9a2858f9de1
SHA256a7881702245337d3a12842e12c4e618aa5a0f06e11da1e4817a317458cba5cd2
SHA51245c8f822b2e57aacdcb6825c9874b6eee9b39da7350eb377ad4e907be3018e214a1895369f9f237d3d025de2d6c4b6961f148ae5c005a15e84a62cfab2b7b9e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f33bbc6a3d449c185c87154021b02ff
SHA1b11165a62687747087f734a7b43ae777dc77916a
SHA25628b51fd93137d6295ac4aab0b6502d3e2d51d4a74a3084875fcd25ffbc2b6a36
SHA512de644501b2263108aedbf8a44f481d4a99f88a6541fe488ac948895c6553c04671f83f6abdad8fefb398c0dcd97fc03c7502f9c97e96cef03d35dc8614c7d7cd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5346e3423fe7f5f4fa0654c5caf3f61b7
SHA17c99ea1963865423a7e5da2074b7de6c5aa60dbc
SHA25619f557097c4944fa7646c6e26321b04685381271cb5254f63787e384c45e92e9
SHA512b381be12ae5ab68ac1613efefa0932cdb1bed20f668c1a9dec55ea2d33740b2580dd3601b6ca264cee6929b9a2e1203ccab8d578d19f17dd2aede7543af276a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d09b32a94e1bcf6ea6cfaa082d01a32a
SHA167dd0ad618aac2460458ffdbc40ea7d2a79e32e1
SHA256b097f0413682bcae4c0ab70cbcabaaea4699814c7a9088f53128eaf19a0de0ba
SHA51258323c391f0979123278f514c991940b01e1c84424f6572b7ea56ff19b7665187f74881d99ae9eae0b91076cedf5bbbfeee483f2f3078a3b5e5d57db15e25cb6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f06204795419989f64f42e40d3e8ccc
SHA1f96a88aa7778f82d4726aa77bf7739cf6a8ca9c6
SHA256096ea09b868d7d401c6547c6c8c0b1ec86f4d07d257f84c754e77c74954c50ff
SHA512a7957745d01b5ae4f666c78355659d2c71ce66bd7b5cdaf5c82905603a25078e128cb4f3846cc69dfe30ecab5753cac9a0da28326f0dd9e9c0496c2564d7b26a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD572fc79588b1b0b96d3dc42590e371d40
SHA1f689018673b8496327b33535ab2015c0ebe84d50
SHA256153fc2cbd5d094ed931bcdbd63620fb7b7b8825270dbe8463b833e0250fd388b
SHA5122657a46a6331d93b7eecfe270e24c5051cf2d50a251cb4b7e4aa4cd5c962b2381a8fa57d5e101e0063603a55856e516f4cdef11cadeb60c061a8a93c8629c605
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f16be605bcfc1d81528fab79d37cdac6
SHA1c280a149fedda137e7e237e27c860e28f113c163
SHA25646037d439bee0a3b7996c81dac57688390be75e4d902232932b34d7947813132
SHA5120dd15ddbcc7d2421e229d262d0cce0354737ee641b167e7883b090f46d1b224a0fac3520e665d9e5663e9534ef0a833f453a99d79a42a690d1da38b67a37c7ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5df6a3b595bb7b09230403e478963b389
SHA151bfc747d6e9013a73bb3977865c183c6766be83
SHA2569568853480fa791551428ef1b2675c26561480e3ee0bbe7ad3415ce036c154d0
SHA512ac17a5386294c8f31b507ee480bf77992461645fdc9dbf28444144545a008fdd6077081c3250644951d9036ad99f19cfd57845391e97feb58e87d7a4db72e428
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD502b6dcb6112edf3a63ac354598025500
SHA18e58c6291121a1089a01bd63d1cd5b78fe22715a
SHA256c06ce4a94bce330f5aeeaa3e96c08151ecb44ef40254ef3e0d3c7f6214f89372
SHA512fac873ece3fb420b02ab2ae635de391a9e6b6d92f0a0b28dd16f850c9b9308b82567dab8a9dad5991a9ac35e971e9f034f92c9a6970509abe03b994579d455c6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD577463d0f9dbc7b6af433b6f351d45074
SHA171ac89d64739c78fe65f5622b60903bf893a6692
SHA25601b15df4b0baee629c20abbf969db841f71a38a416817dd5826269bbed5e283f
SHA51299acf18d441f14131a9c8a9ccadf2616ca2fe6083572dbfae83bcb2d2ffedb6a56fb86caf4de83c15df5d9a26f072d1bfddec62e430f6eaee1e284a3f9433626
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aceff5de159c54e40bd3e7424633321a
SHA166a3a55318b33403da054a8eda0b8c149b2fc435
SHA256d5861b36978d31495ee243b5b33269871ca3711edbde1c25510a74fbd6417c6f
SHA5123cfa4590535731a8ab5422caac618463dbe21a4ebe0f7fd9c0f9457012dbc86e075634a7a3ca5f8c0fd1538b0ee9277d10219c457d4c78ebccc23e17852fec65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD527514d7b34a1d88f174b5df996d1892e
SHA138518480f5878c1ac884a0dc1373131f21663c04
SHA256becd503766c0c26d66cee1ba22b91ade5f81f33cec9ef0d40bb0482966b6cbe4
SHA512312bdb078f3af7737513231a167f82f306a057df26c71db6a23537e4038063b1beeaa8a0f34d368f412626847582c48ffd5ed46dcfdbe4a64612116e0fda854b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c29f0fa2a9afb0408a95c1ce4651ab6c
SHA191c2dae5f0b602bac341cf489ef3d76587a7a23a
SHA2566396699ab34a8655731043956bef42770e5ecb8636aeb13b13f5380dc4064fcd
SHA512a21e86373f94f014a262fd9e7a2960cc789eca37e0b10000628068fcfd87ae6a2aa0fae4b0a7da20bf725b8c824ad65696478ace28b04697560ea149c70af0b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bddfcc03f93836a08ed8a38ddde34155
SHA165792ae8cb34edcabc9f3f9cb9eac2dbc67f9ae8
SHA25659ffe916f5a40c54de26cb51d692dbe15d3a11d543b9b7322ea921b6a8bf20b9
SHA51212171124c738dc86a0465909e8c75ee298892492a78e2087a209ae5ff759332ad12961443705f3fa1aa33be90e65252fefa168793e8e0a52b675f63673b452a1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55b6cae74721585f3dd95d2f3ab7541ea
SHA1ddadb8778f2b88216741677b6e321cee2d6b2deb
SHA2565aa53b792792e97c16a8788409f974f17d917e583813c05df129563f481339b0
SHA512c77e730499bcecf5b3da31f97b928ff86ee4faa308128758c7bbfdde3c277b3d8c1822f240aa77f5cc18365ccf8fe515521dfcba3c0a4f330c597c841d9b072b
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b