Analysis
-
max time kernel
134s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 07:04
Static task
static1
Behavioral task
behavioral1
Sample
c033dcdbb05928ea6cb7650600480f7d_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c033dcdbb05928ea6cb7650600480f7d_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c033dcdbb05928ea6cb7650600480f7d_JaffaCakes118.html
-
Size
2KB
-
MD5
c033dcdbb05928ea6cb7650600480f7d
-
SHA1
f087d35eb479e9f645a3f162263fa5e3d7bc5bc4
-
SHA256
07cce2cece6c78a917ae7d952d3b8447f9fec85f5a88baec856cd3385dd24821
-
SHA512
d5628fe70f880673bbff627c5b91b70e60d14297ed4f42acbf8f8c46055b566c6cb4665930574cfcaef4c03b6ea7b1b68a5e431884f1fed18da883fe8e1078f1
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f03551000000000200000000001066000000010000200000006f55d3cc040f0583b941daeb6cfdb29791e5f3055c933fafee1fb9b89b3f6745000000000e8000000002000020000000c22484c96d2c29a4174d549511618586a042db46cff4f98ef4f21c82df6b297b90000000cdd964a098cd3fa843eaf9bb3098c35f2cdf57559f8e5c5783a3ccf1321a7a184e20a82e3dbc5fdc589f5e874664aaff61e1b80fa34b614b0e529ac8b4e45f86ac999d83c764f1f9b8cec91e5fb75b09938b5cc02b4eb7c6d6af4eea78fd66cb58bc553c4b78b19b34450a571cc84dab82807c724b22503706faa65bcaf41962b65ef14aba4405934131e2ad93d396984000000078681dd7afe3568efdfecc61ad8ff07ac0b0aa33f485cfc681e1951144ef50dd30cf0dcdf1fc6ab4415d40bda3e9aaf11c8afd64676cf54a1bb4c8986ba67a02 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430731334" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{43CD9781-62B0-11EF-8B76-DA2B18D38280} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 708dfd19bdf6da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000d854e951ecdca4792ad3aea80f0355100000000020000000000106600000001000020000000c4d0f29f671180447bbb7a06350ee02ced516db203df555f9c03860454c4a647000000000e8000000002000020000000afaa615753a99d1e55f4b0022218750b552458a3c4d06e2ce99efc1bd124d082200000003135d8c05ddbf7f1d375568ae76af3cb8368ea4f6a51d30f43db1f6c1f5c547e400000003135cc68043ca7d717fc43dc934b51a48a78f951fb4f67673000e44899edd30ca92008a1963194bcaaf487a57dadd448d1e89bc1396278118976b17010281363 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3434294380-2554721341-1919518612-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1232 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1232 iexplore.exe 1232 iexplore.exe 2088 IEXPLORE.EXE 2088 IEXPLORE.EXE 2088 IEXPLORE.EXE 2088 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1232 wrote to memory of 2088 1232 iexplore.exe 30 PID 1232 wrote to memory of 2088 1232 iexplore.exe 30 PID 1232 wrote to memory of 2088 1232 iexplore.exe 30 PID 1232 wrote to memory of 2088 1232 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c033dcdbb05928ea6cb7650600480f7d_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1232 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1232 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2088
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e6daf28fbbfb853301728c1d7fe1053a
SHA178f6350748aba6b7e272136220d01f4ef0165166
SHA256cdca6a32c7d6601302ac07dee1920f03f6c8d59917609de2f95b56e60dd017cb
SHA51290eadf09ba28bc647bac7d305612a943609f5fe64cb11ff65ff50a83177bc47f98d23f8f0cf7f8b5f2e5854a2b9ac4d931f0d62f459af56022de8998d4ab5b06
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f605319fb0eeb0619dca9a005aac3a66
SHA18c126910e38f72ab536d0ddaba05197a9bdfe350
SHA2561ade948a339fee883d3b7aad749807059afaebc160e321e81e74bfd74f01d554
SHA512fcfef9b432beb8772465ae176442e44844421e829ec4000dc175f2494bf638e3488d294fa689d26cd91469dc7826e98229450a0bd44bd0dbcd407ecc537b1a4c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fac379a49a4dcf8b558f258ed838721f
SHA12d9bc8b3a4d68b67616bd23e89d2f64c26bb90cb
SHA256fbb5d208bb6af149a5a13ac20f826a84637c4adfd75c61cf1c32d46423070d1d
SHA51214fa6786f908e46073ac4da7198ecef423c8a549556b2a438f329456abdce82a3d795b3112c0d8a99486287218d42351c2050d5956bf510ead2730d6acd2b087
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD540ab215b9be5017162dde1ad4896b248
SHA12793ae35658bfc01b435754dc503c52befbbc8ba
SHA256f614a8c8a1b0ac5d4d8d126da4f697422c8ee7e405c606464585dd39bb82e7e1
SHA51203a48d2a08988867f5cb4563ba2ed78c365e4cc42a4cd14a74f8b3e2b27d41b79668d14f0929c1505f71815eeef1c0e5d5cb7d98f3e308b895cbf2444ee78d01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56928da55564b650b5562f72d746f2c72
SHA1fb61d639de8b722367ad547314582d4c465aa82f
SHA2565c39bb33eb9c96bdf383837076958e3e5aa55fb5dc27eb9e7b5843fe961f35e8
SHA512df0a950f5fe1d75ef86551d59d90dc334263b4a67a6a03f055b5dc9bcc074fc20f48e4e98181c2a16a33690bdbcead57e85f9f6272c475720af27100a323dfe3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e8b9528256eba50be37193b4bf363e17
SHA1e2c005e0e497634de18a12645c860beaa18f8a58
SHA25688f2fb2bec79365cd8aa57376f42122a1ada4b5e7ebbe02976c26b9763934099
SHA51261a64bcfa6098a2e73411f6ed250de0f145b867a8de16817ee513a1e4933fcd52b6be2900f52a2b8fcec48e7e2cb79c1f8cdf4975ba8e2a371b78af383365d65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50bc8f95ca1e5880b3702dc11261a56e2
SHA1862b270f8e9903d069cfbb7db687e7c693974878
SHA256a5ffc2fa427cd6bc694e3555eaf6d376ee6e2099843e48eb644713aed0551c9a
SHA512af45c142bb77d9b67a9665d5873d219950602a49a07fd8ebf2cc060dc7e25dbc1fee7fd616344d52f73074a8522aea3382cda356c9f2f6fd414db35740ac595f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f27d2ef0faefae9560ac388d26c5f3fd
SHA1116e472536d63874f957c09676fe9dba0c3449dd
SHA2562fd4cb206cfdac1cfd672a4d4acc220013b7a47591696631554eaa46d3eaaebf
SHA512a44d38a39fe0a1fe8db0f447710e8cea99713f85598049c6b6c32e8a334eda110ab806b9a53a762e827ddc4783831eeb1a58ebc9d4835404ad094310dabff352
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5160cd3005dfcd58db9c20b5eac560952
SHA1fe150d6db7a941695f7e34fbded830edc763a4b8
SHA256cd273e7d63788cd9bb9bd631e9f0bd41cfe09cf9ac193966ba2b819ef314f3eb
SHA512858f7f1f6a7904f7f3f8ff9fef96e9f3730d1231073abc00442f7be24629945e4e7b1b08d6f97b3008540689898b9ee03e0b010e69ce4a65b158a57ca829d63c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a391d18ebf46891ebc4f2caaacaca961
SHA1708c43e34152629338cd2b5d52a1de71b76e3cfe
SHA256467dc1009e1faa6b5d2f0befbf172e30f2a09ddc558cbcb11a17ad3b06daea09
SHA5124cd3442ebd895d8e0460b7ab001f181b9d6cc0a6837359d880944ef66878b3098f9b914e1070eda2686859b7c464bc8f3ef687cd4eda8554ba2d635323f81022
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f37988cfa250aabc28c91466e8239dd8
SHA1f86092da6f76380cc9d42661644fd0cb06483b6e
SHA2569eddade3a8f8f528e7fb4d664611725de9d1e795c50877662c1d9439c7b3ceea
SHA512ff191d537adf2dd7e4efefaf1991a48509e0cfd1a752218ac95c5ab7f288be605114055c287387ad0b841eb51adf5f1196e03c721cab5a1f5ceb077ade6ad5d0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eb9134835b26895b4b3ff7f79076f55a
SHA124cb906343dcd76962ebd7b8a2aa2438a23c7a1e
SHA2560535f3ea910c00a2c004f54d404a44d667030f1427b9ceaf9a82da27bd6a2530
SHA512cc4bd15dec69829c596fe07ad2fde2bfc02396f736872dff275da8412d3051f3031748bdc9af9bef78a054f4f3fd36789cfbd2d6b3e5486cfb5a6b504c61700b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50c38dd02722280f36921d9ae19d6272f
SHA1f67609c1a4daa4b2245feaad463d97d0efc4b99a
SHA256f27bce220278967641526604b649b1176bd952cc28b55a69d1c98ca584b9ada4
SHA512c0282e44855f5b47038fa3e086bc0d4b24775607c8a633eb2125ec57716d258546b0014efd426168abdaf62653f25aec1bf3ea7667332d0def25201d79761d01
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af9b8ebb58cdb31424d79e8c4dd05ce5
SHA1b974f7fcc12f1619a2479585c5a4a52a8301ca1e
SHA25695ecde8ab99ab963b406d88051cf254767cad1aae75366142f60695acffe991b
SHA5129b73696fa471674a2264c65c4af1f0e78c232631aa75673dd666ca4e84955606c7c3b28266dc6db2226a8707514b81c0a717c5cceb5969df96fb37eb3f7f39f1
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b