Analysis
-
max time kernel
133s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
26/07/2024, 19:34
Static task
static1
Behavioral task
behavioral1
Sample
756c777fc11326e3e7102ebbefa24eec_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
756c777fc11326e3e7102ebbefa24eec_JaffaCakes118.html
Resource
win10v2004-20240709-en
General
-
Target
756c777fc11326e3e7102ebbefa24eec_JaffaCakes118.html
-
Size
4KB
-
MD5
756c777fc11326e3e7102ebbefa24eec
-
SHA1
b551b2457bece62bca39975b228ca2ae7d05e270
-
SHA256
461f6b912b84c2a90f7082023215789aa0a27e9807bc13ae14a6dd708d4923a0
-
SHA512
4909dd0744d8027c7d5af91f99481032f0c7e0078f50350d89714f4cc1c66b383c62b920609a9f078800192d7f1164a125f5e4fa6e15159f45f117b140ddeffe
-
SSDEEP
96:qXLTrZWJ7XMleZE6dK0KXOKo0so6JYregKH0sOgKlsgB2FGgKl:qXLTEyoyBUpYmM2Fu
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DAE55AF1-4BE9-11EF-ADD5-E21FB89EE600} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0bb75b2f6dfda01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000014dbeef1d8e1351b3a80ba910095c71a4912b6bcc84d61fa5ac2dc3bd44f1a8f000000000e80000000020000200000003e6563c2144e5a40f88972b669ad21aa220f0f30be07ed6e9c5638791ea3046b200000007371173e2d040e8ea4a27588dea934d57e13c202afb98dec0bef7bd4337f334f40000000eeafbd99851c85e5f6298763d645fadd89be997c381a91666d3f9760073ffc47f9005fe927b89f0669b4c04f5414ff2b20624fe208979b3a8632da44738f9b95 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "428227192" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003125cc29be9a0e41b44a3d73dc8faf710000000002000000000010660000000100002000000065629c0c4f7e07091ea7382914288d54274b79e7d2f4d9073f54076f45053fcf000000000e8000000002000020000000b7361372173c5422830349d6d71a5413cd7d40c0dc7e3ad4df7e9df8276cad9f900000006a51a706ece350e06a96e4926845da9d032dc12981bba6fd0dbd91a2303be9fae6a44cfdcd75383a558c71108d3c4af5bf057a0b05c4c1b946d372f0d0b1dc1546a4b6f01b63fc8e464cd407ac31ad034887eacff0775cb08db63a7668d81a5c1af9ca6be4b3a407caaa1334d7a76c09203aa6b8d69df3f5f85b605c3c5a6824485232b0d042c3aa0bfb0161719afa894000000074637a1d480decd9425761c5b87d52f2c4a4682214ffd356e8800b8dfb29174642cfb292d666a766c66599576e8ca5a34c32a197187486327be59ed9e93da8c4 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2852 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2852 iexplore.exe 2852 iexplore.exe 2816 IEXPLORE.EXE 2816 IEXPLORE.EXE 2816 IEXPLORE.EXE 2816 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2852 wrote to memory of 2816 2852 iexplore.exe 30 PID 2852 wrote to memory of 2816 2852 iexplore.exe 30 PID 2852 wrote to memory of 2816 2852 iexplore.exe 30 PID 2852 wrote to memory of 2816 2852 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\756c777fc11326e3e7102ebbefa24eec_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2852 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2816
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e586667eb4be1042cc5d0f0f04cf93c
SHA1a2416290992664a984ced305cc166bbfdb5fe638
SHA25629713f6520dc2d40cd69caeeae44b6711a6bb65065560b5eb1721484bba281a8
SHA512e86c74241f3957f256c23ea8ffc1cd2dc6e257a60a5b6eb0cb603b630cafeafa4fb9a2fdebac00eef612c9894b1ed467e44adb18c2f7cd5a2c0c7ce9f16261b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58280c223e0ac126747abd610a355e873
SHA19204a1bbf114c9b760182bc14d09087c41315e8c
SHA2563c6be647fb37cc74b7bc8480ead8ec38239bdb4eb5f0f243a7e1c2886142237d
SHA5122144641ac6e1e446d18cf68c2117d4acbae3d37a2f90b51a4738695c25080ab12fde438b8dce98c1a848a8ff1bd9a7b882c2288d59eb6ebc8c1498fc1940dd14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f17bc455ef23ecbe025b286c770ba459
SHA15fed495627383067ac45fd903caa3085ae7d821e
SHA256f41e6d3790a2529cf20010af6e08f078d6c0fa2df2b40e6b7f6eebccf70f4994
SHA51209b527995ceab2b2a12762bf0c71f5372edfefe043ada81a6ef355d769c483d77615d9e9a1b76d1787e5cdeb45e810bedcbda8a36c948648a5c48a455569698c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cee90fa7316a0973de9d64d74bc02ddd
SHA145bd1cbd7acd1b848818656cc2b2eb73cbbf3b0c
SHA2567c35f89e1db5616717447f9f4327f80d0000234e8a9166d7cc6252932f144d22
SHA512dd816c40692a54dd63bb5d3f162db28e2fb0ee8f619c2201a038644489e1436f4e32236ad3cad1e5da89b188fd3c7aca11f07606dbd76b2e0256fc44fdb2f597
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ca2bb4ac7993783e928dbca6b760e310
SHA12d171498ec3770d3a405a8dac722b9a783b1ce88
SHA256b229459a7de5dcb235763a1aa1d8e212119801e9ee411382f4bdf58c46b7954f
SHA512fe9d7fec45d9475af50e48c90a653a4754ac726e1046e88ab1d0d4fab09678488704d34cdc956d0db1666a01c213f19b99c21b2b6f8e9efc6087eeb40fc5e34b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5547827d1fd7921bb1dce1010b46186be
SHA132b50d8efb5241e2951279201c12d5244a7cd577
SHA2564341e0981124ed65f5774a7070a8f39a5699d310a5049297ce456994d630c5ab
SHA51218645a5909f1c42d30b5efdf2ec995c847717dae439bfcb439843fa1f60dcce29b87f482aea5c142d5ef19c9bc7021d6c051e97693660d49c59e743b5cef69e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52124271817d29e61f740295386fda958
SHA195eb97c939ab65f1f2d77bc0904efbf1472f9827
SHA2568b526208875ed9a29d2c5af2c93b4d1646ddb3d523159b65eb41027668fa670e
SHA5122ee79b9fc01eff5fbda2e4ffecb09d5acaaef4ac055025237c331e5d933ce3327ccc8ce9372137c6cad7a755175f11bc217c3f3aabd2698e60baca7fa64eaf67
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c852f6decc4300542a7c0384b6fdfbc
SHA15cc32d86bf1dbe2ca679fc3e7df7cad2c4b4e237
SHA25677e6135423644d6781d06f5155f5b9162f64648c5dafc914373fb184f563694c
SHA5122af58ca9900a93e8de2f3d38f3fa6c052a6d086b9deaf2f4f909657117428b7db4c33343c785ef36c03bee8dffd48f180c06ff059822cd08b48e6ea7d9ca6855
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f6e1c460535512bb086e00f5d2d2018b
SHA1615b4b50ffb214fc857f34f666771efdcb84edf5
SHA256d6801c24ab2301afe5a6ed21936a62121e43da9cdf8064d63bb92b8927a9b193
SHA512da8e72474c7d8d889c5ae809e71c10f70973b704ccb81ce9b33a5c6aa458c040a25f8ccf192e12d2b3a5da5e9b068e42cdac9dd9482f5501d0505c877fdca52d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55026f2e3ff8fb0d6b959429deb20542d
SHA17594e6e21741126b5bb98e55e8fbbc4b36ad5561
SHA2569685ef5b117df53b9139f8f024060cf99a6455d3c22ba6171116e6b546098be3
SHA51248e56cee33d6143e31ca961ae4e1d90e7a1857a30aae77a1ec3f84a46220327f1b79c50f8c17974495b622ea2b2e69a40b2bb2bcdbf02ff3906641a93a42533e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59adafda2865598002d8aebc22f96e540
SHA194779d6c33902bf65cd5b28037968f91765d8d9d
SHA256c4bcc5475239ec92dc394cda6ad359b3565d63abf071fd50af8ae515d758b7e9
SHA512ad19dae9969d08de920ecc61118113a4710cdaad89a9b9ea8c9cdc889d82b618caf2057b7cae03a7e1700dd78a4b9b20c1103784e21bbc95aebd3425513465fb
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b