Analysis
-
max time kernel
68s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
23/08/2024, 01:08
Static task
static1
Behavioral task
behavioral1
Sample
b9c4ffac8498e261c86026f5d8d5d2a8_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
b9c4ffac8498e261c86026f5d8d5d2a8_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
b9c4ffac8498e261c86026f5d8d5d2a8_JaffaCakes118.html
-
Size
35KB
-
MD5
b9c4ffac8498e261c86026f5d8d5d2a8
-
SHA1
463ec4092f4911eabc72f019f86873726b49ff96
-
SHA256
72d058cdf73f3b430f011247ab4a7688d56cdcdbcba3ab46ffa91e2d547f612f
-
SHA512
4a0797df4b48c4ca501c8e22f73a3600d96c63866961528e8cf113f17d45d122bcab82e65e8de46bb5bd60759fc659ea19bff0e77a21c07cd86e763817d676e1
-
SSDEEP
768:zwx/MDTHrj88hAREZPXfE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TMZO36DJtxo6lLZ:Q/TbJxNVnu0Se/q8AK
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430537208" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{47194711-60EC-11EF-A839-E6BAD4272658} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000097c50c9d90f4bfc230a171ae4f54686334186636a313c34f8369570721f45093000000000e800000000200002000000087b2ad957e84481d37ded4eb0b9db00f6cd1f044af14417d9afaf64940d95fba200000003e72d4dd08e64941ab1f1185d28dbd9651b399d8eb22fe7f9a35d158a9eaa0cb40000000f9d373ed43d0328986099a48fa45878a7bf06b328718123ca19e6d1c27f733e3e909c0feee6a14f841f0907d5eae05569a461a4bb04b7ae3cfd397fce6765fe3 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000086d3d5b869e35f896216bc048f16c42111654ac648b264698b5d05f863be0456000000000e80000000020000200000000343a959c6479500d4a9553c7caf3f99938173686fe89e20c4e6eb5aafbaa7c490000000fe7f08ca2fb82033e91e68fe2498e46ee24d0dd236667da0e6bef295e864d92f2468601f6e42f35df147e9ffc8ec6d5fabc5a355c961daa47909655c1b97ac7cf86ef29e53e0bf17735a0656092aaddacd2b2710b2cafd7caa15d68df5165a5d76b513ea53dfb0c22320626f00e6f28f58629273cd6ce0d633dd8268f733b8ba82c9fa267112d6e41176cf1aff7cb80540000000c731da9722993796825deed477b816810d0f06393558d5cb1d02bee2f435382b770e6ae3e16bd9582d86bc60cfc8467fa6d5939a13de30e8bbfbec5806cc2917 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0760b1ff9f4da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2380 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2380 iexplore.exe 2380 iexplore.exe 2448 IEXPLORE.EXE 2448 IEXPLORE.EXE 2448 IEXPLORE.EXE 2448 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2380 wrote to memory of 2448 2380 iexplore.exe 30 PID 2380 wrote to memory of 2448 2380 iexplore.exe 30 PID 2380 wrote to memory of 2448 2380 iexplore.exe 30 PID 2380 wrote to memory of 2448 2380 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b9c4ffac8498e261c86026f5d8d5d2a8_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2448
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD59f99954c51494d8700718b5923a1bc63
SHA1535d1ac4480400b6cc6ea064552cb70f5f247866
SHA256ef173c0ad11ae385fb77bcd3a07298f41084aadc35e59a1f934040edf9288877
SHA5128228f2c2a03971271160b5da348dd8687310049e6987ab5a13f704db671038a4fe19b93894bf64989cc89e5df32039b9c256d3901ab2fb5c4df878d47d9932af
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cfce46cfb21d44639eb98ec13d7d9023
SHA123586c498e2bdcaaac8f62c027aa11e16a10a0f4
SHA2564031641b1295c9f6b6dcd1c1ef9ddc9014250b168c85eb2e05e8c17b7ab682bc
SHA512b2d451efb809fe6a8209b26ffb298743ca7bcc7d3925147bf3e0e19192e16d6af5389a323c7e79358551d106697fd96c4ff34de744386ea0091cc3bc0f02b6fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9c89eb31dcf8fc6bff36e42c5bc448f
SHA1448b1e9b386f52dfd94152d3ae0137318050abcc
SHA2567b92b2a75d1dc80829002bb429338b34a562c692ac29628af1479a547331b05f
SHA51209ee217ed3302b39302a636c6eb2fcdd41d6cc6138932e69025008011838551183bdef76498250fb2e1db8e5735c0f9748faa3544eb6849ae5f017acc859b6bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ec05435dad224daf02e5ece590ad2ed
SHA11f621c6b57abe218d238ff0c07c12e4e4de9a8e1
SHA25684ad1a79c2b6bec23b01118c9efbaa79369ad4e90eac7680fb678975a0e9ca10
SHA5128c4b1d207c5bcad8d53237ef8857b169c3362bdfdcde20d6613e7a5354204d8a11ba523186bc90312df67aa9d865142a0645c923334c6f52848784603cf83848
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f044afaa1486412e1306ad107f78e27
SHA1a6a307d0e0a9361a21b1d6d80af2cc4783f32d3f
SHA2564e2d39548bf66d3281b5751020c50d92119cc7d3cc5b507f6a57b3bf1ba48807
SHA51287ffe3b35eb38cebf28e461840da2c688e774e3a4f6b98d80352d44e0bddb2058505fe08c49b8d297b6e273b57e9d4987cb2d33a8d1f3ef4b2aecfefcd89863c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5785ab7ba18b6a5e2483e9033217752dd
SHA1f27d39da8dac5c84bc84776c9ba633b1dec4f730
SHA256e9f19eda9f77047dd286e1aade929ca7956316cac4550c1aebf10bc0c3514a53
SHA5124c5ad980b14e435f6c60a8c40c2f9e9b6352462be00aca9b0d3f5e3abc8ea6a2c95c20be031f86ed01a18dcdfed0c5bda74b097db9a8c8554f02ef2d78ef0382
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5515eba0c8315ec7651c878874be6da77
SHA166312f798ebb28195ffa2060a18b6a02f72192d0
SHA256f6dbb3dbe40f1c6eff0a8139c888fc383348578e601dbb0acdd5de6a3ee3185d
SHA512ff837d5f0b2a9915a0a693517cfd28c454b5d640580300796234b6a7c06107b19e84beb75b5ac00a7a19f8f94783627547b215d2759c38748d055f8dd42caa84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55fe905012d30412cb1d1a961ecdb0612
SHA1085dc4379ceb045cfcb1297061ee2db0a3512238
SHA2563e937fca2db16b53870673b2e02803902346fbc22f0b11b3fe95607fada84eac
SHA51213f08581467fffd5fc8f69819dd79a6a95f977fc9947315bad9677c7ee1c3bcdaecf00046c50567acdacd27a605d1748286d542b6673e88c26bbb979355c749a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c337ed603a0049cb9781e52ebc0aa1d8
SHA18b4e9df2bf9c38b5110ff8a5cd34f97616edbd33
SHA256ce9cdae02e241e4b7fd1bf170e75370ca4bfb287c18eb17a8284e0bbf4911177
SHA51265353b35848e58cdef4d4d58f65c9ec6ca534eaf395eff6360bb7e0a2266b475302d277ccb0e60447fda696e9b7c7022fbc36401037535718319ee4ead123382
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD565a458b9d392dfbd174ad6358d10c864
SHA15c49dbe1922fead5fbc4a5138c82678884a39514
SHA25677517615b716fdd9217da24c1132bfdc501a365ec283e1893821cc7492aa8023
SHA5127810bf903c5438eaf75264492eaa7e7adec03e2240a303f24f1b01174d3008bd8e8e9796073ce9e6e436702483ef7becd57bc915da2abb5c0bd8aa7074273045
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD528c0df3488b0b68dc5f7b14673dcfa5e
SHA1767ea8b4809e8653475c7eae492a76a1f908bbe9
SHA256ea8397de8583367dd07e6e80c443e24ca325ddce30c0777c80dc7b950e15d7d5
SHA5126a4f13c59a510727efb2f2519ef350f00f5b1d648ef619dd70445c3bd8155c90a69d81e19f98281b0aa23244ba33b3a84b8edefe7db336c5bdd46160cec5c6e3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5916e724497cb2f88307dd210d0456f1b
SHA129ab264ae3dcbbb027fb692375390737cb3ece8a
SHA25685027cb56925bb589bb1f8b8d869e62d168c42f040e79c255188a24b6b9c1815
SHA512981dcbd8611f840761924eb919f1f5c803f0e3f431857d479772ccf4b097cc6db20342828ba7fceb4ad12d1c511f8834c7cd4217edf44ddc05bd2a6cfb05ce91
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD507eae1017dd837dedd3798ec4f17001c
SHA148e154f61e10853b232c5dddd8d1b64719483863
SHA256f33bf785e6f35d2fc024aa50e433024c2276aa459403fe90871dce1f6f55761a
SHA5128ff5551101b629677716a50a40def734bd22beed9e4c7553d097ce71501559908b3ccb2640c1ecf9af90c3ee9d6de0c18897597486f3916131bbc9c1d321a54a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb17657cea2cd23dc89101c61c87a558
SHA193bdd73ec4728e1e637937051e04f5377fc552cb
SHA2567e6ef7356359b8debda1096bba569378650c8dc463bb345d9dddd853542771bf
SHA51246519c7a4bcec371bd50639cd97ad80bfcc6a37da58ad58e109d36d8618108636655ddfc9cf87c47501bc0e7f70576e10c9d9c295ce565efffb2bff51ebc410d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5314b110dc835e2a7d02978cc70281625
SHA1806a1ee04059d19a8cb4f9fd1470bf8b897e06a4
SHA25663589f6eb0e1bc70b1ac5de3866368c7eee34bb24576c3212ebe74edd0d4d4a2
SHA51235a2269888d583659e110681a3249796b1767291a944fbdfa83f5f07352e11b71a9e513fa120889093b0e097db37ce0a20e48037b2e34bfffff01558de34dfd1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD5cdd07de630301688ea6f1400a10f0098
SHA16176ada715aee48e997e5361308fa03f544d44ac
SHA25643b8ad730cd0967b48b22820f4020ef353a0bf04000ceb20507083da2520f61c
SHA5126920162c65f037191e133f066eb69dad9b3684316b0d5b0f19ea28a23b8dd66c19f7f9f16be324a348adb0d69980439d80d7d68336947d104570056aa68d1df6
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b