Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
24-08-2024 10:02
Static task
static1
Behavioral task
behavioral1
Sample
be5c174e61f800b3909231bbe7ca223e_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
be5c174e61f800b3909231bbe7ca223e_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
be5c174e61f800b3909231bbe7ca223e_JaffaCakes118.html
-
Size
17KB
-
MD5
be5c174e61f800b3909231bbe7ca223e
-
SHA1
be7419b0bb3dfb3ab193b07cb2635664a7ef9f38
-
SHA256
7b4deeaa05b6c92faf5a0f0f699e922740d868f23ef314b5980fda67b3b79313
-
SHA512
897d57e21064282f8c84e60e3c22297c17c9f47a11c63d62d75a568967d503cda43417f625ce12a154b08ffca8fdf562be608f8fbf078803cff2034e542064c5
-
SSDEEP
384:K5RT2OT6/Lzdl+8i0/eUgU9uGvwNUC6LvUIEoq:bzhlU02e90NtLINq
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000003ee88a9e8ad05bb1f180643c9c59b6e2a839cfe089b99fd4c9e8c7c50faa1aad000000000e800000000200002000000082943013b6ee48616f68ee4b651155872748f94b7cbfd7f6371745fece2c5a6d20000000de418fd1079a6be325f9976e6f173cd136b87283f1cb73ee4b40ad346a26f96f400000009e62f3491f7b31867f96365b38ec4b61f2edec731625a083a6c85f78ea50b7a107002d9082a04ea9ac4d386fbfb56fb54234b4eeefec03ad9192c724dc6eba93 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40caebd90cf6da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01F44351-6200-11EF-86A3-DA2B18D38280} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000007b0c6504ccc7ee29287175478d2b565b466b4c6458f5a2e2a87d0466dc7349e3000000000e80000000020000200000007e7ae3dd0a4a7e3297561ec5a5f985899ebb20043a99b6a4ea8daf4c5e51f7e29000000079000104ade8310b8e81f31cc4c3969b52729e0631c5bea45614428a6bdf4e0e4b368ffa1fec25a0de1b5582a15a72cc7d36acb168ce201bfc6125f3d4178be049e59023bd061d68baec102867bed8c7c5732082cf64f9a07eecf441c8d1bae8e8efbc937c40207c1f7f60eb64a56807ee75cb17a53fe410b1fa85a6a125a533a378f10ed2ff7a9651a12568fbcdcf034000000022fb7c1e20d35c3c17140be73c189d72b591d6883b23213b51eeeb10120d6786a47c97bd1ebd6c59f09875e6199b8eff3eafafc57d3f359780312fba6bcd0b21 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430655632" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2564 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2564 iexplore.exe 2564 iexplore.exe 1940 IEXPLORE.EXE 1940 IEXPLORE.EXE 1940 IEXPLORE.EXE 1940 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2564 wrote to memory of 1940 2564 iexplore.exe 30 PID 2564 wrote to memory of 1940 2564 iexplore.exe 30 PID 2564 wrote to memory of 1940 2564 iexplore.exe 30 PID 2564 wrote to memory of 1940 2564 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\be5c174e61f800b3909231bbe7ca223e_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2564 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1940
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54c98d53ad22cb4db73aa432c9b3e237e
SHA1ed64c1049e6c204882d9fd462d9eb915826e2de0
SHA2566434b2b7a035fe2179888959356dd7248f45f065f656e26031d89750f5e45f98
SHA5126ad52d2356bd296f007c6bbb6596ec2aaaf9edcc81b9e7fd351ee0f7e3d07ffba755f0d1ecbc782ba8876c5a59f2595f72b82271b09e07226025b21a09929b6e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5879e376575f9b9b8344f6e93701ddb23
SHA13e1afa397feb872fa99937a99500b564ab226050
SHA25665aa986ba28fe8521ed196b9221bee18390566e0bc72f60ff4b4ffe5e6aeb375
SHA5121e83590b3fb056b4fd533f10e67c19d49849cf9c3d9dbf120ef0dab57dc0868e793630461ac7f4600da235f4acead6dd5fb88b0214e8b6540c8f01a1baca0712
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD53994871edb9c3bfddaec5cf0d7b92318
SHA136f2a1d8832fece6b59a56230e66f6c51011665d
SHA25656bbf4f6524cc8472fa432daeb77231cb5a239eb6ad7e7bf32aabefb61fc15ad
SHA5128d0a4a608ffeb78b13b6a43db2beebd3a70ac2c60e4632845afddb6645969f799a4e573df006af56f77ceab1dda76176c15cb510b80db45222187fcfe1392218
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD57706b6c4b038bac6407b445f2c121ac4
SHA1a20ca4ab6f46b688733b18f39e7cfb3d3956d7c7
SHA25675a20d6204fb28f8427ce433383400745b5e120e30e93c6891d241705438f910
SHA512ce7e53cda6c41748b0a3172cdb4e49c3ea0f74daf5c94e7cc41f8f47d4ca043fa56891cd4676799316576c008b286a1619a988a751a1bff5f4365dc5e674c5d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD57c1effb0967fb020a4aa335388f315d3
SHA15c0f6060600ebe9524d9e5ee861175db88a81b40
SHA256eef01f77bafd684e5171749e97962fe75aa1a397e4ce034b7e8310afa290b93e
SHA5123acc8ecc198e62480624ade8cdb7dd833b955b8ed69fe292187da1aa3fbd89ab5f1a16086498ecd2b259361eb3b25940be41d64bc43d4338b0477a6710518d38
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f12863572b72b4e9004e3720c61f3a0d
SHA1957836775d34a9fc765f5a00198d7a812471cf50
SHA256f8f3db0ea361ce658072d12e3ad4e4b49b9548f488720b67a79b0dd2e6b357ce
SHA512fa8ee73a719e48aa3bb87b42b408affdeeb07ed95654a604691553cd5379e12f7515122f8eaffc26883fe6c412d3467ec9d1ed3ec3ba5c6da5300f3a133b4dd5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD522341ef6e689258e62c619edbbe62ac8
SHA1c495d8b82c9f15a9309c5fece6d0248fd5eaa494
SHA25645b49b6df718553c259f008f607e04b8033e9a4fa0a376e8385055f70636cda4
SHA5122f81a68bec59695cfefafe05a0a35b6d1bd84970bc24daf3444055d8870a37d0c4486369cbf1b9a4e0d4c9c994a7b13e5cc7336875a001408169d75e93c9a471
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD59b61d09454844c2614099950e33ae490
SHA1563f33001a08989c6ee7c9ab94b3a7ada4ba4b47
SHA2561a67620cdd3a3ce27f8b423c1941e26405f309877bcdf41cd436d3be0de34fd5
SHA5122e22c05ff52cc7154279249d55c81e97d9358bd9a98176ec207dc841129b4b4f10cf712cd8f4df9c834a917c74a2f29b25472bac005749ad6a6a40a6971fe2d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5eb405ecdc8baa56ff50e8952f0256069
SHA1d49deaae28621427ffcef6881c8e73eb2d554f8e
SHA25659b8969b0074235090d79589f8f4c1cfa33122529d7f58d07fc642651d324d77
SHA512c4759bcd5d06b8e5da0d28b5718301be3a16f175d815b49b671dd6a0983886c665a989afbf97a23d6534bd92c61bab30fc35962284c190061d9dc6f1f254b5e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD57c6f3f6552ac1d6fe0e7a0fb820fcee2
SHA1dcf8eaa081e78262d3f38b761d4afb691b128cdb
SHA256e0ce0b2eb4524aefe102415ac30c4f90b32ee86d885435307f72b4ac0f0de52a
SHA5128075772b42a8cb8a7d20d6435e4eab6c2517a98bef697e89376d472565813a4c93651151af25aeeef8b2991643547d124a373aafc52b05a6877e6a567e38edf8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5692812f0de91438cf43d5ee40bd8eae1
SHA11487786e96bf13d5837168c11a0e0d9100f8548c
SHA25670468640c49708a3944d21d6870aead630452d9e0923526dda72d954c8a220d7
SHA512e8b009e61f7b2c91d270f8c01df48398a8378f75fee22e5d6242b1eb65cc54a982eb820a4d47181ea8cbc5ef40edb3d99fb4073028430d6a6c233d9b9ebcde6a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5c7c0931a7453e9b74ef54db89b841675
SHA1905ede3948b11bd15c8976f2a6cda86b2a66577f
SHA2565cb2e8e6da2175b9cb2376107e968fff3b8598f557c4ee38e91c52e320f6467c
SHA5129111a7fcde5fff4daf1002c83b10f0a640a1cb6abd9c74b65ae3e2db171d18f02fd0150e6bc716b3536d70c39e077130d58a06702a20e6c9316dbcec3443e6df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD508c32b20ddb3f5e9248f94e5385f7920
SHA1bb1657b696e8478e213413a7b43eb52b2c423aab
SHA256a690e75bcfb27538f3209d4bec1133592a81c8f205fbee1077d12b37da7548a7
SHA512a6d9b6f8b76c59631722499a168be80fab303160567f4bdf828c7028c7890f5df9c31df1c0da911e21d733cfb1c864f3ec30df924d7af4a166b7fa707ca83140
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5d877045e972ee35673da02b8bdf2cd65
SHA1951ed7684166be29c03cd8dcc2afcde54804808e
SHA256bd7c721b305db1d3ed31fc99f2744da38256e93c85b953994476d73619891786
SHA512815f768d3bd984dba45259baf4f2c4426d4bb1025f34deca56f51c3b8edc8b904c23261d629aab9d393f2c25e47772d7769446b5390b32b99bed7be38ef56173
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54dd3597533c14ef580814a0a7b0bbaea
SHA1e4e66f889bcd49bc3732ba5d41ec18e768541da5
SHA256b6df7de359018483d8a10a5863c221aa2d4b94fe1f29efd426d147b35f26d1cf
SHA5129ccf15d881dfed47e2a7b8aca4cec8aa76e8346973919533cc69088b6643c9af95df7294a6e26fb00492cad251c003b5cdf74dabd77c3cded9f80d62542bd3f9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5d4fff2e063b75057f2c8d00c0ba7c761
SHA1b285dabcf8f3dab2605660283a0fbb5e0180232b
SHA2562ec41c93e261f88ce98d602c057ce2797db33a281dadd2da96161745a2e8c10b
SHA512800dbeecbbbe4cd2d2d55ea5eb960dd418583f41ab6aa0f5ec8475d1d25740beb3ac8506045b334d04f7b5b2f8cca9b6e68cb5a54c49a6152ba55c8243c22dd8
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b