Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
23/08/2024, 13:55
Static task
static1
Behavioral task
behavioral1
Sample
bc0192def031b3ba08b4fbecb2facba0_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
bc0192def031b3ba08b4fbecb2facba0_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
bc0192def031b3ba08b4fbecb2facba0_JaffaCakes118.html
-
Size
6KB
-
MD5
bc0192def031b3ba08b4fbecb2facba0
-
SHA1
0108658195c883988c7439bbb98d64fbba408b97
-
SHA256
582ac77fc24cf18f00bf0e3f2bc6c2935c1ebfb58df5fec84deec1a9774056d1
-
SHA512
2989119f62c402eb19f551bfe95cef4b90c2e579e09a395e4a8f82eafb6cbeec860dee8e8812094ad57729604bebbd64c50e66067a491420695e567c03304660
-
SSDEEP
96:uzVs+ux7pmLLY1k9o84d12ef7CSTU5ZcEZ7ru7f:csz7pmAYS/sb76f
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{50892161-6157-11EF-B254-46D787DB8171} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000d1c45013a94c9e88b904e11c544183abe3fd99e7b00917faa84ae1d0f3deef8f000000000e8000000002000020000000c698be7ad7b26a22bccc086028256612363170facdb924cf6aafe6e7966121d7200000007b65d6f70e1a6bb62af438037cab61330eca5c892c815d82eb44b3d7e7afa1d540000000b19d1a77497a5a457aef54df4ef04815c89f4ccb9656fe27ad3eec388211191e186df0dc9d921dcebb81140f8594008d98b7c77891e0b0d6fc098544ebc1d31e iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70b0742564f5da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430583179" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000062974e5b5f804e45b98349be16bffb7800000000020000000000106600000001000020000000998648fc0ba66431c90cc4e4772fe3af8b86baba0a1a0fabf8b95b145bea9bc9000000000e800000000200002000000094a5b62750a4697678766662d72df3be2a4a16d91cc02df12b58d3701494c2ee90000000f4256e5c296b8aa3145dd7ee35d50bfdb41ddacfc75ddbc24c3bb35fa5077f897d228abe549fdaabb8bcc9c4e69bb5aaa34f299008ecd2c0d1a10b06bde823ce502be7efb37b24ca5338579d0dfc386fd1e5ea3f0438a8bacb5d3f13cfac21a5c5ab1f30585b5a704e27cc26b275550b014addf5b1d68e7e98a849c8f0783b5f6ec3d00a8eccb0b8e8bee99e43bdfeea400000004e61908df4bf6920a9d7683f71da2d6167c6d20d0cca8417f176b1ef6f25a5062b25f8b03d5be6d30b9d7b5ac566fdd6689bddb10f21ab6d10363e14fd31ea54 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2652 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2652 iexplore.exe 2652 iexplore.exe 2784 IEXPLORE.EXE 2784 IEXPLORE.EXE 2784 IEXPLORE.EXE 2784 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2652 wrote to memory of 2784 2652 iexplore.exe 30 PID 2652 wrote to memory of 2784 2652 iexplore.exe 30 PID 2652 wrote to memory of 2784 2652 iexplore.exe 30 PID 2652 wrote to memory of 2784 2652 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bc0192def031b3ba08b4fbecb2facba0_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2652 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2784
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ab8ddefbe67de4b1b667efc173ac053
SHA17d9ef1e29e0c05ba9958a241bf4e1cb2b813f17b
SHA256761f422f36aa7e661bee1d423797867951e8fe59278b79eb6c80c6af5340de29
SHA512c843bc9e2ae0e6f2e75045265ffa40caf0c68c9134a09cef1d1bd8eaf74f71e14992c4624705383c0aa6599f95b56630ae99e51ed55117a5599e36aeb7de93b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f19907d6e164a1aca71875a81dddb9a
SHA1cfd560abf6ff3c7b84d2970124042b17c5b5da83
SHA25601e11de373325f3f10dc022c2d8699293a05f9bafa402672a6eb7e2bd8b0310f
SHA5126adacc12bdc3e20234c364a0b4dd0fee341a4cf37568b3f36feb89c47a5d122a8193de81bc13409acb8820065561dd34e1fd2eee98d878ed28d5f09ac66d4d9d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573b79873ad249b6155c21102267d5556
SHA17ed4f775762c0bc7a8ed8027b6dd483a44aa834b
SHA256777546f8342a4eef9f5d99ba1d52263377a541ef47e06268000b854ae7930bcd
SHA512705c9a95c665630d64f7a3011c331e99dd0d7132024cd938b95f0e2b5e35b5993524e1e623862d5cb2013eb8c4be9a90d7e9a21ccc6df62b99450ce905b244da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58554f53feb1f8d5cf6d9b34de2f29848
SHA13a6a0fcb7f93ad345532df9091447d51155e66d5
SHA2564f64a47032d3ec609ce626c4c9fedf6b291f7e35c542925b6a2ced095d4fbd29
SHA512c2f4a00eb9bad354494b3bae1d865f074961348a94e0c17efdbe0b82e1e3c5205242830f6198af51c086ac5fc1419bc05e968ba78faffe90a73bf3cb2a6cd80c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD575eeba2af52368071aed20eb955fcbca
SHA1de5c5023f49cc59734f9ab5ee4566c9ff8709b2e
SHA2561317d456c391bb6ba2cf5c69e9ef468854ff6775ed70f96ad8f6c30ff5b77ae9
SHA51274a2657a8d60f42ec7a7aa7ea635a5a192c64d7d8c3993063a3a14d84e00905ac3125efc3401185280672e82036b1513d178e24290c01d83882857ea0c90ec15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b403796166097e78e21e5857a7f8a7d6
SHA1c694011b272d37a48ac312aeaa47c05306bb0dbc
SHA256db17e206283636b59fdc82cc2b4d975b65befff527264fd2c1850bcbedd5c8b3
SHA512ac797bfca330f47a6e4f885b101f8f9badcf89a68a787786bd3d3d446e4b419ccdbe5e5a3c082e8812dda048fc202327243eacd68227376458cff2a0a979e510
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56191b3802eeb5f117d547aca0f89e81f
SHA12a45a50aef4315978f169690061deb5eb5de65a2
SHA256dd2264d6916f3335cfa6f0c31430b905b13c1a686d77a5cae1a290746ef2563a
SHA5126146318499ad4fa098372d3bf7c77f21b75cd3ba8454fb2f71fdb97cdf6336cc6dc459e117d3b902f9476542d2fcaf4650b089a8b16779fb461fb5280657c127
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b7dbeaa0ffc1ca588bbd237a374e084f
SHA19883210c8ee77aa7ca4bf37e9c9521c6c0269bfc
SHA25648b077d1dc8cc8d734361d3e36b617e8f25e17a03caba7c66f9bd2650be3bd86
SHA5127edff0bec1d35095e99886771b770d8ecfc205ba2782149277836f17fb04c12d902821e04540d4b183d538300b5256087a694ce6a24bb6e8a5c6c782ebbd63d5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5893aa80043bf93bc2645d059ffc0cc17
SHA144e3569a5efff2572811105051c83f04c9a07738
SHA25671f64282291ace86a7450a5b188273b93a9752cd5d5fd89527da6fd1c13c7d78
SHA512b9a40d7c557f313ea790858f9ef1a4421720a3c73ddafc86227f41f247b2e0bc6e70c6a37f329fe7a6244a76db3d05232065e84d78a571e5d2e354cfaf7f24b6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599f5b827f4519a42ff7455364d4f796a
SHA1917a3c40336ad867f5bc91e60caafce7922b323d
SHA2562040f323f6c712c8cdef59377d3c91c6f0fdb12a17b7ee4100032dae20efc8af
SHA512f11330a4497faa8e849b7ffea5385f9d0163bc2fa25df416d1fd1c7daee205577aaa472cf73292fc5321ccb1f5577e866d58669e13b73bbadef95dc2eb1951de
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b