Analysis
-
max time kernel
141s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
24-08-2024 19:41
Static task
static1
Behavioral task
behavioral1
Sample
bf472e2b04e1b46ed2d6b83ee0ce8c3d_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
bf472e2b04e1b46ed2d6b83ee0ce8c3d_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
bf472e2b04e1b46ed2d6b83ee0ce8c3d_JaffaCakes118.html
-
Size
11KB
-
MD5
bf472e2b04e1b46ed2d6b83ee0ce8c3d
-
SHA1
614bf5b0511a3f3aaad44e6821c8b2afb78819fd
-
SHA256
252a6e3216bfd3403382c13ba472608bd771e75ac64afeb5e86932e4b2829835
-
SHA512
ce0ca016601ef11b4b45eb69c57319008db653ba1e0a106aa41fb03187bc8e27fa064401974fa5d9742baf58aef27f5f43c041f1c12fb16b8bd323fa30d9d89c
-
SSDEEP
192:FbbDoKm06D54dJnJRfLAqIzfjDPeBrZEV6QHxxRm+3x7K+JxHQWNMpHSa71OydvY:Fb/oKm06D5EnJRfLdIzffPeBlK6QRx80
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd00000000020000000000106600000001000020000000ecdf26694663f84044a1f886306174c0cecd49a8f5f7bbd36b04789a0010bea5000000000e80000000020000200000003bdda4306f4350a76287ad2b8eff4c2feacc2c0589e21832b215073038994b4720000000844b5a3fbbb094eab08f9f081e3050738e21ebfe3effe0b0b2bfd80b41fda0454000000056e7335b25c0caf998c07cc3c18327c49d711f69955ea31356b59b87fc5c87b818e284272df836c10988bf98a862dd6767aafb057e69c65c31d93dfab8bf6d97 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003e1c4d4a7885794291b78de8e6dfadfd0000000002000000000010660000000100002000000082ca7553bf59fde68fe7a50dd7f46116dbcb7f1df5b0df2f3122b05b83f80f94000000000e80000000020000200000005a34755651a7a6f49e96a616ccc88a812824d793f3a676fdaf34349f6eac9af690000000ee1ac92f919e130948cdecc5794eab318dec032ae93ea35a5649a83171bfcfdb585f99bb4124d2cceadbc115fa3dd1661518b43f47dbc1d4f73b2ffa0721ba07b473dc00cc4131510d99df68dbd4fcaae4f1071ae1688c047660d67a7d75a8e3a19311449a8d2e29dcb30f4abe22f7bc4bc80dac6980a45047225b3bc9ca2fa6c2f7f240ffbf506557ccbe63e68ebc5540000000ec4b6a45d9013371c5c285e0c65c6fd5b979bd6a4dddec51ef91597f1aab192a2f45ba9456489c3ec273e1dcc6ad7810c333e6dc1e243dbc309e6692080caeb2 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430690363" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DB030281-6250-11EF-B985-CA26F3F7E98A} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-940600906-3464502421-4240639183-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 509c5eb15df6da01 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 900 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 900 iexplore.exe 900 iexplore.exe 1520 IEXPLORE.EXE 1520 IEXPLORE.EXE 1520 IEXPLORE.EXE 1520 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 900 wrote to memory of 1520 900 iexplore.exe 30 PID 900 wrote to memory of 1520 900 iexplore.exe 30 PID 900 wrote to memory of 1520 900 iexplore.exe 30 PID 900 wrote to memory of 1520 900 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\bf472e2b04e1b46ed2d6b83ee0ce8c3d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:900 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:900 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1520
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e192abc97be9f2d59657ea0bc727dce7
SHA1fcd96ba3fc5eff5f6883d2e315d786419d9d5acd
SHA256a41ca31845da500722d3648abdec8b68ec638847e06c535bef906919dd8c1425
SHA512bce2a777476dab480951279c46ee2bf242d69bb1e23a02dcb661c1a3d9149203ae6af6b2eca77360c449891e7299e0a753346fe5b0e1b43d5b034c895ef20da2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD531712fc5959b2af05645fe451688e0bd
SHA1c745477e0ace5a45a1ba58c0d355b28fc8f55428
SHA2562123ea002d4c5fc39748c13ebdfdb812878f2940c99d35d1bc85c56aa1cd0569
SHA5127899ebb775e2f8b30eff0c702092cfdbf1c739889f6326650ee8f9015d45a7199d8199e504f422494c57cbce3f7b0723d1ad9426241d15e69c0503312b6418b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5810fd34f7bc2a1d50a47e53d44327488
SHA19927f31ff99388dacba52f1511819d60b6bb1b83
SHA256b52209d06f506c51b4c2c09135a8f02fd7fa9786d200554568405a2bd47feb79
SHA51236b25dc14d72e4cdced66d3f1b036f589bfceaa1b8588b6a1ad83556323cc672792bdfab92c4fcdb6a5fca023b8668c6d06534548ff608cafaf1900a1e606220
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f0f30b7fe447e862601f606ce365a0f4
SHA1242f60fb47221c6b77215e072e2a192957b96be8
SHA256f46ae3e8e5eae9a2dbf55dbd079c82712ee71e311d822e18b1fee29ee66132fc
SHA512cc3f14f31ddbe619daa4850a94ab971d7260f12bc0672562e1a4b301a3486eaf39412fb49a392cafece14d113e119a554a5fa4e20ebcaf869d5bfb42fad284bd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5219c11c0df31ccfd70add5a3eb4a3af1
SHA1abbc60450436c1f2152bbf134dc06be35b9238cf
SHA25621bd1adff3feb42861db2fb8325a6aeca17b8fbb33afd19669ffc414483efe86
SHA512b64946f412621f9738768f3222325db0236db2e54985e6dcbf40135c8e0a4d44be4e8206e14772a93cd2e4e932dd07011608e237017e9f6f8c8a63ccca621b5c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574daa1fa5783667df192010f0e81c25f
SHA1fbf34e6872c4f41e4419fe868660346e9fddb354
SHA256ec298db7fd37369ee0e8f51fa2d2d199c27419e79b201dcc75fda5d0b5cdcdf8
SHA5125e87f258df1b0e8317d676ae317d44ab0fbffe37d1be5d1155834566e59456331da51410dfa0ee7113b36e2050908a1ba5f1f557231e9a866f676238da0264ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5932cae3792d7ca637da43634c7941401
SHA1ceac84f4df98ed718841dacac1d8254de5b74bf5
SHA2569daa7956973478082b49d121cdf8f0a37c19665caaedf5259c9e59d7c3f64688
SHA5121ec725814ee80d83b93083927ac2640638cef2ffba33cb536961058bdce0d7318411ae09a2e65662af3bacfdd4e739c2bc7021eba9cd043a71663b33e16617e5
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b