Analysis
-
max time kernel
130s -
max time network
141s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
24-08-2024 22:21
Static task
static1
Behavioral task
behavioral1
Sample
bf880e0ef3af4e839a329fed95c79f39_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
bf880e0ef3af4e839a329fed95c79f39_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
bf880e0ef3af4e839a329fed95c79f39_JaffaCakes118.html
-
Size
214KB
-
MD5
bf880e0ef3af4e839a329fed95c79f39
-
SHA1
c7262f0eff9a9fb0d134bccf6a269d24cb69eee3
-
SHA256
b4d56ca9dd832197232b735df113bb7ead5c5e5fdc750cc8de3480ba90f479ec
-
SHA512
70ad7df0eedd780fc802b0ceb3e1558e8379b8088a152589b281966f714d4cfc26da9c181c5977912eefcd146adf6aa03ef0fb74af551018c866065976ade4b0
-
SSDEEP
3072:hrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ1:1z9VxLY7iAVLTBQJl1
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{481D5491-6267-11EF-8FDE-E2BC28E7E786} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430699988" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3036 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3036 iexplore.exe 3036 iexplore.exe 2460 IEXPLORE.EXE 2460 IEXPLORE.EXE 2460 IEXPLORE.EXE 2460 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3036 wrote to memory of 2460 3036 iexplore.exe 31 PID 3036 wrote to memory of 2460 3036 iexplore.exe 31 PID 3036 wrote to memory of 2460 3036 iexplore.exe 31 PID 3036 wrote to memory of 2460 3036 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bf880e0ef3af4e839a329fed95c79f39_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2460
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ed81b5a796e6a369ae76e3c11234e91
SHA1aa1b76ed726f65e7dc61775478dbd64577a11632
SHA256269a999d6f00b7be39790cd0498a9ead1860b5f4fc4de4c4203768b01c091cee
SHA51257fe6c46c90489ecf4333ca3f6d321391393b2796e9411b33d3a3ec7f063282937ad9a98e2a379bb7a4f2f78ba92106256797fb36cdea5901d91b98aa1d30b00
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c832b7f29c866634ec6604b1d3074e0
SHA187613c7048e9a5bec73484ddc7661970d1032811
SHA256f048c7d22d213c391fac70a0e8d888b2f42a468608763ad740f170ae543ce21b
SHA512a24e0bfe033c52ade68089da7ecb009489e9552afb73df48e4593e84f6d610ea20b869755e8443e362b727077c740f285fc3d2eba5aef3c47e1a9ffda4fdb94f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e9d97b1ac8619137277a7c26f84ad09d
SHA14193ad69ea2e9566c04c0085a6a9056062d64b4d
SHA256114b9b0b4e7ff5b07c22d743d0f23b82070f5420b42f15ca5a2e2bdc83f2383e
SHA512fc30f4da7275187ff8905a0adeac89eec2a2c23580f2aa10a3128f69f41d927eb6da29039a851814b91ab39b6ae04530cb680f40f78d0156c441062d41a9b8ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ad0722d7a00ecf33195be194475727e
SHA137b5372fc46490fd034c72d7d18d070bed0206fb
SHA256c92240c8d0667220526a8480591bdfc97d7763ee65bd039c189069a1551a8cc6
SHA5120b505ad4f9aa6a5b3d8f78f5cbc3a119565df69b1edf64717809b4632e3e26aacfaa17185ff8b2b4670f73138ad9fc349dcc713497b66b67d49c8dc9c1d26f85
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD527b28007394387dc44f59a7c81b2870d
SHA1c1dd83bd66f6f239c03f580d13daa1b76713adb9
SHA25620465a16b61b97ed39e6c09a35f8891896772573c77ff65dd449baa1ba1c67da
SHA5126e92e39e33bca7055c8e2ac252042f5ff3fecc8dc0612820ce202e5118af749bf1fe494d6b89d1068293eca0302fbf30abaff7a0cde5450ff43250fce3293bed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2339da376a359e825cadcdc69fd8b62
SHA15545b0dd10c13744141b99e5f0020430c89d020a
SHA256209e3dfe6853e65812327f1973affbb8e7d3682f06f2f7ca75c6439065a0d4c7
SHA512270fb6a4085f173bae6249847ba508656d3b16b09791a82fa5e2e818431abd1ba2a0cfb0a1e7827e812dd02d39ac3831c469e53c50d938ec5b055aee9dff9d99
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5758ea706bd3df64b321d32c5adc9184c
SHA1ae58dad6ce6c09af97a88b186be7d7af5e55dbb4
SHA2560699ba8e442fc155191524914033ec8d6b456067616ea949c8873f6dd2a2594c
SHA5126ae7cafe0e843d020e244089bcb5a22051f1f8723d92bdd0847d849535049fdcbf65742ccedf2928a416f545f838aed23feb717aeb4f4b38aa36dc9cbfe7bc84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b7b8b7f2c95ea4d8e6a1d9b80ea8f7b
SHA1dd22704585fc8685a3277427023e5f6136e523ed
SHA256161ad71bf642f2064840e3ee6a8ee4a0bffae35d3b8afb73276f3ed24f2b912d
SHA512c3f57b2614a7a612bed058a8bad4ac19e1331f213681d268b9879a197ad0929d64ee9d1c79f6eb93e4a39fb4f5bd3b18a4da3c8b2d21335d5cadfad034ec718e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aeea0d1d492f296ab33137984324874c
SHA1af956ba6b42179e2d3fcdc0605287760b39dc044
SHA25603fbe6c4111b224f205142ec028d3e5284d92e78f2fe6b9860a5e3d861ab6eeb
SHA512a5b02fe14cfc0b7fcaf0d04d46b51b7e479e0812f00439329dedfd173c9fe05a72c8311a11edbd655a474f50e16e7b2b00986d5167c3f339e3f184cc7b4caa7a
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b