Analysis
-
max time kernel
142s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
20-08-2024 22:55
Static task
static1
Behavioral task
behavioral1
Sample
b12e14c4a384fb1e266d08d591d176a2_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
b12e14c4a384fb1e266d08d591d176a2_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
b12e14c4a384fb1e266d08d591d176a2_JaffaCakes118.html
-
Size
98KB
-
MD5
b12e14c4a384fb1e266d08d591d176a2
-
SHA1
6c2280dcfe64712bfdc9cf95739905df779955c3
-
SHA256
9da4204eb72a65b80af857b45dc87cd75ea52ed144b5df91ab4ed6751bb94baf
-
SHA512
3e126113571e324d848db0279e22697ace0e4d14dfa32d3e2162c64f477229635fde7bca01bbe2757f1bdce073c1bda9c9025cf471ffe621e891c4e943f09161
-
SSDEEP
1536:KWvLQZqovXD/XMGA8FeYk9xbckcnn8Cx3XzkQN2mXbuj/f6h5JisF:JovXD/XMGA8FeP5cz8CNzLrXdJvF
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430356408" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000abcaa583cc305233dbea00d860d9055194d2986ff395680ef06e2804a70d5fa0000000000e800000000200002000000073d0dae244d7b75c1403e6d9906eaef8d583b97dc355a7dd304d970c10cf416d200000008cc0a4a9b612d8f36c97d2ed0507882e076aebc708d57fcd3bf737d76e804c544000000084f1bfeac7e9870a20c7a5484d7c9cc4a0b60321f2ee31dbac46900309873466a8c32ce74b440913d269e8cd1f37a9f9976dd54193c0168ac9d647cff10ac8bb iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30fa1a2854f3da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecca440099c424d92937bb9b1db2c9200000000020000000000106600000001000020000000148a36eb58bd1c6d324d6fa8069a35b8958868ff1b4b5c44e7edb0c1a1cc3628000000000e80000000020000200000001d059971877b638b6bbae314492bff8fdcbd983db00151948e840dfb8449199a90000000335f32bd585d99897179e22981e265b18238208a6314ea5c80f299a5ad9fa5c2659ad551071b7cd18379fc7e9b7f00efc9bb9cdde89bd847199bb10fc470cdac6b21f9099125ce624df659f642dd098f30b30c5ea819754cc5ee649e6e94c4d4a5ecdf4296528c593c3c6682525fe9cbee5ad26362d0c98fcf71aaa3a3fee1b7e6bc0657204147de5c7808d28b96d79440000000197ef0b7aedc6f2bd1eeac29d79550d7d4c6f76ae5e5234d90f0598f28e15b2c9faa9f841e049ea2219e8b3aa5af3c23b24b5e4fef9f5d895de10159d8037375 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{53154BA1-5F47-11EF-A1CF-525C7857EE89} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2257386474-3982792636-3902186748-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3040 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3040 iexplore.exe 3040 iexplore.exe 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE 2916 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3040 wrote to memory of 2916 3040 iexplore.exe 29 PID 3040 wrote to memory of 2916 3040 iexplore.exe 29 PID 3040 wrote to memory of 2916 3040 iexplore.exe 29 PID 3040 wrote to memory of 2916 3040 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b12e14c4a384fb1e266d08d591d176a2_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2916
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5faf804ada6d3a64ac69631dbdcfbadce
SHA13e98f1a5c0d3c62c44abc304036ef07732a743f9
SHA256dd9b90c64a5fb3153a3344f6534a28a76e4a7f4d51750a2d719e600d9f37dd05
SHA5123a7874e05e4639b70a60ed86582cf4812dfd5b45e21725d3a46fa11706e02a3925d005fe5c424b6b1485d2e7455db3a84f34c34ce4d41ded289b5c7007979a30
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d26ce4616c53d1cde4dee5dc6cc0673
SHA188f2289fbb9d4ba2a54339675e3fbc2b789dd9a1
SHA2566fb84a12fd14ed28f8ff5a0c5f887b18935cbc9f762006b044bddae3b10956f3
SHA512f6ff23baa4979b5124a7eac8d7523fb5c9b3afd79ba72291690cc7f0da35287fed125ec64d59c279603e1fc07a0f591b6b52348f399a899df15ef5e65b916141
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c7fe5b299bc40d1a359eb5f42e349fc
SHA1d9aa175111b12cb65c5b0b101f492a0c888264c1
SHA2569099e86691c3fbf9b9d870d1766fd202905d9f39ee2892afa530096fdc873447
SHA512257184d42c9f94b9d9e60d8b85ab77e2190c2eaa8a11f6096bc6bd8c631fda038e96e2db7c04effe93c6cd2de348b4cfab194ed4a2eecd3a4bfe09d6e1aab7ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e95e93f93229dae2c09c7ea476f991ce
SHA1b3814842cc273bc9992911310af173d22a9b0386
SHA2561b8553a2aee747f43fd0b972d3c55417abc2e7cb7d1a579c4c1f0416471ef6af
SHA512a3fcf2a416674391c3c34b4e246b96e33a4ac79f3aafddc8cab44c4768e7f0a335a678074b4d3032567530a2a6360a744a94418691a22ec5141e6b31cd3b6fad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f71c4b348ae171eb20c419193433ed5e
SHA13e643f5edd8dbe479c729b43abaf8a71a1abfb6e
SHA2563b8216d489beaff8ed9c7d331a775559b038df051d358a0af686c2b6e64b15d2
SHA512d155aac7052a9377122e276ee4a6e2d1f047d1fed7ec429cdb98a1f6f9e23da2ce8bcf86965061062f34b7df6cb2ba78e5c5f6f795046d7ad82f9f625694dfe6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b29310082a0fb9998d5fd890b2a1bf7d
SHA19c5ee389617e7308bdb534ba7a4857b8ecb4f39d
SHA2563b07e9aa63bc8fa79d35ca22e63c6832814cc97313662d3f9ea2d4da7706d1da
SHA512ca4da066df1877c809dd76c8226be708320ff9b49aadf78b7fa6417306b7b109f8808790935f70bd8451197cd4ff9fbe5579079aece574af1d9e45f4a2ad25e2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c8a85871d69d8f87c3a45550483fdb2
SHA12c3d7d0fefb74f0a9d0462926bf482689d2b83fd
SHA256325dbfe509be5e5c6d755e4d63107e33841608cc64ffe7605b09eb4689e071c9
SHA512f684edbf969b98ca1cdf37b12ae82f394dd3f5d5cc71190c3a65ac15cb82aab0c06f7c9335f01a2e9ec8af83737d25eea3b9d00e28e51f7e1f81ece4541b25e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eccb58d7f5660c276f50d1f6c175a966
SHA15a416bf0e04e5688ade25b573d72edd5b0b75b05
SHA2560929cca0882c0102e3b3862902bbdb0b970be2d39038fe1e0822e1c4ebef55d8
SHA512944dbcb7582899a5f2c3411ccf954badfb31933ef68cc8161a2ef129ed45d59fd2e5b75e0e6910be3ef738a10daa4308a089f6f7ab4fdb32f3b0aab92acda165
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b767861699feb4f9b99102d879a5ce4b
SHA172863de68c01ea2544bd60990cbea56cd0bee878
SHA2565ff486de8d0926b00f88eb70f6af82f34cf4efba69e274517dce486004485297
SHA512547fb724505dd17a00a01aade30d3965dd9ad2a45236ab760f6cf4ef91781aca9f9b757857c4b093d3d5f582e3ec4f9235a23a1edb242a2aaf098b8b5dd837e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD537602fa3a3984d2ae6de120602fd230a
SHA126250267c36898b9a280fb93b2ef08af65964765
SHA256fa6b5131150fad8abfe5afdeeab75247b3e9a10cd863dd9bfad935f515ab5792
SHA512e4ac66f0a7db7c9153da649615e89a13399ce24bc319e3ccb42dbc55c920cf535a66f56d531e81aa7c21c30a25af12f66388a9af6d9ba6989e8a3483d25a9a7b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD568f15346b0834417db3df27f2c8621b2
SHA10c4efe3bd981ebc8cd5fee25ecf49c51096fe988
SHA256ea4197c3080243b9ea4a761e58673727ed4714b880e4199ba734d8fb9701c62b
SHA51274b903f3598139ce75c1610dfccf94191ad7368d7895808b91217651c7c66a936891bfae498d515bc5d6d0169f03976957446f5e5c405b8d37c6abbb0590b4c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f7cddebe1b048bc0d3f4e622a349ae9
SHA1a3507197623f8a9571b8f709f3d0e01c2835adb2
SHA25695746c46a7f55d9128b3221b4617a1c72ce447b55c32e27c0682e56e26010f78
SHA5126058950844a274c701ea2aaa3e1b0061d612670aee100fb2f21bf374462e474a2c72ff3961b7baecd4cdb34121287706d93c676e31fabbb5627dca95c36b283e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f86474cc25fc3aed2fe9521cf6afc4a0
SHA181db4cbc16895661ddd5cf62deb5f02bcf104c49
SHA2567b481c99720fd8d3f68f4e30d0169614730438eeefb73ce72f2eaf58629ff214
SHA5129d057a09caf3d551dabc1bb6f64a161eb5cffdfb8e7ee54cfd112143bd6b49e21b612a6bfa9860888b56adb60dabd5dd8393b7e7ddedb08969f8c84ac5c182c1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ba7f3e781c4b0711a16867fa92b03096
SHA14612f5dbcff6752d6457dcf651197ff966321bce
SHA256c5de055c7c05aa61bbc4967d52c887a14dc8242f8f9335331ec67e1e572bb2dc
SHA512f7ae4432c97b10b58d8f63a23327729d7ef88ca4f2bbdeb2d87da1eacb55baab9b6bafd685a35f56e2f157c2f94b58b99a9f7bc21c0e1d6a33054f8b004dd83e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55fbf4b396d9751ee9a7c0a8f09d85f8c
SHA1cca87f4e728edd1f62ab7e7b46886bef3f5db0f0
SHA2562079f52d68ab21a606f56392dd60107766cd3e84a4b8bf2ea14676d0e4fa410f
SHA5122b188620757d9e4ec3ed5c16d772bf4c0cc6ec26e86c8782fb40201e37897f65a9cadb1af13986a40ab3569cbb3b5aa2abfa33663bab1f73404cfdabb9eae386
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5962420fc2851aea662a211237e82088a
SHA17af466699c269f3159546ca27172a2eb5eab8321
SHA25699c622f75e9da03cd729995567cd04bd451490355a812bc0be60b4af9fc7e2d8
SHA51227793465edba1d8019cd35d3f3a73a85110b98a6633c4e72a6e38b4a2d7e46fd59db3c9d9761c7bf682c00b030b749f8ea1e9dc91b51ef2df4d640a1e4849e26
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD554e5d1532da29183f2240fc26898127c
SHA1b00a76442cc2e7f95b09acb6acd66c29a365c86c
SHA25642075b7e525077935a363475e472a8629b92452a63de5be17a275e348444546d
SHA5126bed9920b25fb437cd438066dc0929892a59832b356750248918e27a58cc86c06291807b768ab7ecc3c0e0b8156fc1122b65d7b0c587334ac25a40d4d0d2d425
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b