Analysis
-
max time kernel
121s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
18-08-2024 18:26
Static task
static1
Behavioral task
behavioral1
Sample
a7bd897fe4c9eb99aa9bcd6ba2efcee3_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
a7bd897fe4c9eb99aa9bcd6ba2efcee3_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
a7bd897fe4c9eb99aa9bcd6ba2efcee3_JaffaCakes118.html
-
Size
14KB
-
MD5
a7bd897fe4c9eb99aa9bcd6ba2efcee3
-
SHA1
48352f4538f170f7522411a3bb69682315f355a5
-
SHA256
481a95631abd85626b0c4e5c17cd74b64d89892cdd27d68ef92a3f67f42dac6e
-
SHA512
3c83178f41a43490d171c99a484eec027e75442d79ce422525e528f00b008ae2ae9e9efe02b23f3164f939e9be4fa4db26d5885593593a7f4f69690ac9943c43
-
SSDEEP
192:pLKWaQwyGlB/Edq/wN1B7MKIdJNfptFWjA95JKX7e22W:pLKlJ6Ac1B7MKqJNfpt4jA95oX7e22W
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430167479" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7008D421-5D8F-11EF-A5CE-F62146527E3B} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3086f7469cf1da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000be3baf0c3ac76618c14296fef4c713a03dba0ec685143427b51d1a114a20141f000000000e8000000002000020000000dd76bb70556e8d6a02034cc25459d3a8f08601f028e0fe0ec9267f05a4ae9a9a90000000fea8ff1afa28e0a002bd941d76ddd8005cd2ba6fd68d619668bf19364aabe765991c9522aa0a03b4b0d299e208f9a91b5b115fe363e090ab8d82372c84a50a251fba5563fb8d3fe4a7b969ea7a38f650eb5b600fc5cacc03c9f6b672248c41436d2aba98c91ebac4f743ac3485914e7d337084037dfc93263cf699818c6e5e7d5505cf817c1e59f271246aa60085007d40000000b7b22e3552947c6c0b233e6fea8705ca6359f4839f950db69033f5edda718f9dc82b70bffd52ffade1bbb4431bf92de91cb90300e00e35cc76c9f37bec7f2ed1 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d990900000000020000000000106600000001000020000000e57a14a14e1f98f458785c85b430814cc672a4e95a6b5cc69a2764aff356caa9000000000e800000000200002000000063ced4494c179b05a72341518a6ae72baf9e5312600024914c396f5fa663b2f6200000006878b39781ffeec27b20a43256d3681de2aab27619c2b983e9926d9ee8e4ea1540000000b829e2234806beb973163d6a8d9216e5ad2873071b77eb03e55883b0334775e80219fef09214d2140e8c46601909fe080fecdf6bff0fde94dc54d507bad40614 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2672 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2672 iexplore.exe 2672 iexplore.exe 2864 IEXPLORE.EXE 2864 IEXPLORE.EXE 2864 IEXPLORE.EXE 2864 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2672 wrote to memory of 2864 2672 iexplore.exe 30 PID 2672 wrote to memory of 2864 2672 iexplore.exe 30 PID 2672 wrote to memory of 2864 2672 iexplore.exe 30 PID 2672 wrote to memory of 2864 2672 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a7bd897fe4c9eb99aa9bcd6ba2efcee3_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2864
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD500da21b6712fb859c2b3ebd110d16cdd
SHA1ffa35cd4b64de81a2d017e1aa835464838281484
SHA2569b57f68877b1be1c243d9fb46c19c1bc3d90b5ff85b616fbea9757c4f4a61c41
SHA5124f6920084b74bbd428c4ea98ef6a65496f465a081136bf459f8fe21031d3f24ef8ab10c890a0ac26b08167af4db730b8241ab6dc992b932f30f3ea08687cf970
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5625875e5afcdcf6d50eda391decd19b0
SHA1cb14e5b6702b7f082f69da45f2acce9b0c80b24f
SHA25637f0f58fd7c3fb730f2f9b7566e9cb517011afbbd2ac03e1e8a19e089986dac7
SHA51232d47d2c6f547bd845ac6fceeb29017dfbae566347e53508553e4d961637bbb5c6f211c9e0ec7a4e799138dec3f5a78e5e9bb41bfc27628298e127ff951f9a34
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5842707f16107f23bf8e09c7f5debb7c6
SHA1bc021a2625a01bb0dacb3de6f1b390d99a924935
SHA2563199ecdfeaef4660adec57007b0818e18aafecabba24a2357a0324fe94a5be34
SHA512d95638e1e9fac7fbe70f9a61d1250210a2e77f9783735a8e55c093bbe372d167d2bc40919dbe98cb4806447f0d4d2ce6b0d82c1662e49f3f224cc340b5748b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50e36e850c5581c56a88859c1add3525e
SHA1277c5e6dfef259218ef6ba52f4be0a6834a2a11d
SHA25660b2d4180c65ef76693ff7c4be0d19ec2855152e402dd44a3fd51cfbd282a381
SHA512514e97928613ff1f6a82a15692479881a3e5e31367bd7e65d3d8d903332a29086b85db6f5ace7fb8fbf497780a966f167d23c9569518833286509fd212acbd9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD572f329a968329edb099361cb0fdaf11b
SHA1393bbbd834e7f52804a84283dd81397878851efb
SHA256ac6c80319d15fa7009ccd2f52e55e324ef914124b629c8bf515bb4476992d155
SHA5127657f7ea990fdd7a9c8779806f6c8b13fbbd259892189f749d969c7f757273bf5003325aef1904f6e232679e56d25af5f64b833f57438e2fda93d54c35541235
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509aaeb931abd4e5002b90943d6113e7b
SHA172f5293d29b6953a543cef444e1d176820bb06ae
SHA25677405f60d400bb5ba33f7891e5a718e8ad2aed47593c5876dda8a5067faf3685
SHA51246532c840129276e114741f372e181dae2e99784638fb80691f09a06f584f28736b522b21aaf2df0bc35669d8aa5bed935259d6ede57c598863301d0e6328e0a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a6fca781a48db769f9c0e27e29c20caf
SHA1ba81472f49141ac7f5981f931f674e7b90d523ef
SHA256f3ec669cb386dccd3f7670f9b64ccde61f6b3b986bf34e610ca8923134b9df82
SHA512e903e45e778484b7a5a41de62adb10a330c98356ba8d9ff0e292b06ef44869855231f820ba8d4ec8f48000a94ce214fc60c16387483ff53979230b9925bb373a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eac0288b5dc6cc41d0b846daaab6e71b
SHA14a1e380ce088287884b78d450c0d641da47a1f0a
SHA256a99f90728a90c860a97520de99d1cc1de2fbe318cdc5a77007881df50af1f0c9
SHA5129533ecee570d05bc5cbd39ab2877ea0de452a0b88d75740c11ef9dd73e8efefd6d1da3483f8ff541ccabd19f4b4058474207938bd5f56b381686301e456a2e8c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a57a8c09e84a22017d0dc9cb187151f
SHA1a4fe4359833f5c8581fcdbdc77f77bf7f10bdd5c
SHA256db4f5b2dabea34d514c37633b1406172720d2b42f7a953ca5b82aa50ca15e49c
SHA512c18dc5c17fb49acdefc3eb396d2247df502d7db2a82026859b110c36ec4dc07be7c9987da8350811a9e95ab1a79f4635463ff18d51bc1ffc7233dbb0a8e9b21a
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b