Analysis
-
max time kernel
119s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 07:05
Static task
static1
Behavioral task
behavioral1
Sample
c0344c5e8664aafd0bb5830e22d7741f_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c0344c5e8664aafd0bb5830e22d7741f_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c0344c5e8664aafd0bb5830e22d7741f_JaffaCakes118.html
-
Size
6KB
-
MD5
c0344c5e8664aafd0bb5830e22d7741f
-
SHA1
e86516e2bc27bd0a465d0ee47cde697cba0ee34e
-
SHA256
92faf9ab58295adc925806834a6a1822df814e221c5e9efc3b6f8773c2c138df
-
SHA512
e34a77e443d7bd7f482173521ddc1a7eedc3908d5f872c59261c7056cbec10fb17e3b54d3ebf9a2d828b32eb75ef9bf6c9008b2c42334635ad37a78b8850133b
-
SSDEEP
96:uzVs+ux7lFLLY1k9o84d12ef7CSTU6tMoRS0ocEZ7ru7f:csz7lFAYS/9MoCb76f
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7E3D85B1-62B0-11EF-BB94-CE397B957442} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d9909000000000200000000001066000000010000200000006e9fe36592bbb7a15153a8f43654612d3921e12836156864fe220557907c54f4000000000e800000000200002000000020dbe78639e48e1bba0033aec854877b2d634f6bc1570254c1421ded54a33a3d20000000e0e447d9df49b4f367f3dd707b04ce1705e021dfd609215b9568c0e7483d1f12400000001c8bc8e9de40cad927e746726fca04879fc7156d3bf1e73138f09f8a70a612956d90eed61fea12464dfb4d4f01248cc399b618da354d165e70147a5008336f41 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430731436" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 000a3053bdf6da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000061ee32992af6683e392dc6dd2e0ba165a40de6e04a73115cd80babb51f2eafaf000000000e80000000020000200000005c83b5cc326abc6db9e5e7cdcb0a12e9d027da72f6fb4ea670aad51bfa3f031b90000000ca344973fbd4a0afd4b3044fe6b6efa0286f8aeb868ffa74e9a1d904d34053c01ab0f2170be1434fed3f81e4e6abf00cf7d47c43a13c2fc506064575171d2fd3cb478b6b6e06cae070a8fc508b44bcfc7fcd23062f462575fddc7e793917e46c933df8034e3ab35e7dbf8f699801dcbf6fe5472ca7199d99770b6d7fecf6bb7f47de7095183a71c536c0ac2cd9067d2840000000b4ed78736fd32ee1c4a61ebd095397fd0f3d943583213e153d1e2692484b3352f28e1798fd6866fee2c6853c2bcf89e886d6349129e689f6ec2002cd07554469 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2976 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2976 iexplore.exe 2976 iexplore.exe 2760 IEXPLORE.EXE 2760 IEXPLORE.EXE 2760 IEXPLORE.EXE 2760 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2976 wrote to memory of 2760 2976 iexplore.exe 30 PID 2976 wrote to memory of 2760 2976 iexplore.exe 30 PID 2976 wrote to memory of 2760 2976 iexplore.exe 30 PID 2976 wrote to memory of 2760 2976 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0344c5e8664aafd0bb5830e22d7741f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2976 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2760
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc49c3744128fc30281827a101f63386
SHA13b4c9c4614a55fd31993b1aada28c653b660600e
SHA256417583fcefaaf87622638154b7dc572a7a2c7dbfbd57ee702cfbccee4d455ca1
SHA51254e2df8ef8f10fc1162bd00ce5e1619a4652a30f120560489461072ef85e21639837d08e9a51ee10e70ffb24ea40d877d11e05c44bc4271a9b9d5189af00daa5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9c26c8d464c4ed6b149be8e3f7d5568
SHA12a60607ba970ec9939b4a0759a2663e0671ce9ff
SHA256244a782c9a419e05e31a8aced9079f4eccbbeae3ce6a1faa6e064ec3e7dbbd51
SHA512b9ed7889a297074d7f7f6828fe6b93d0b6dcf562735356d5ccf39de4d5d28daa1419a1095bbdc3140164071c03293108713a4c13e78c495bb99ec2cd5c7102bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD594dc1db143f4d68a3b8a2e1ebe4c6db0
SHA12e0d4512a1d2e8d958872c48ad8e73dc33225dcd
SHA2560d13bc12b9b22da516f9f5a4f9fd82aec0258694824970a591425682c0acf6ba
SHA512edb37afec375ee421a1767e1cbb0c0e134d42909645b390134b96afacc0b9bd68e47fa4255e3dd1e6620c2c5e3075ecae38e9dc5502d6c550621c5437f0cd29e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5568c589bad461e7615caa2c9b11ac979
SHA151195249d24ccc730e1b06e49bc3bd02cafc0838
SHA2566f0bace645b43c30dcdcb59aee4c8786d08bf07adae388fdf1bf301b542e69b0
SHA5124741ac5120fc51e8669666eed5698ae3f8345cf3d20f8c402285e63408be8819ab29765db5c88fb3759ebb879d4bafd5bb69e4ccd92388eca40e2a922479e5e8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD599a5ee5ac01bf89dfc759337910d2b06
SHA10c60231d6bfcc49b2bc118e0b066c3a0bc137042
SHA25679d92e6607c3ebaae8cc0f6a67d77a11caa9e3f6d339c83e828630a83dafe266
SHA512de324fc30075a7b8df702f4047afa2baab24f9fc760945e773c3c93672c7293c5ee928509272afc0c21ced843d612c4b7a81bf8a2c1eb8dce7e9cc7d0bb20afb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c21163223c6b2a46e2a34406b36c28e3
SHA126524cec69e97ed568110ee67f4a0139409f8122
SHA256fa7d44b0b66def68e5cdff5562ecbb57e48220d26d0493b3edf47a5f2e8dc0f3
SHA512086e420d3683851e8cdb7d9e0b698b64bc00451c612ea7a33ef88a74de03ddc2781d9b98953efd146da9bcbff8bfb7cb50d55751a31a9fbae933057a8f9fc64b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a826b467dc38c63eefc5f4117d0965e1
SHA1ae4a632f9461495844cc52c7e9bfc35f837646fa
SHA25635db209a6c6b5097d2903b92eec3ea8e33ad00782ab5ae99f573a5da7b466aac
SHA512c35ec24551a822b2e72700d3921d14428632b49adafb0cfc36883f3ed3fdbce1014e6f65bf34c16757636bbf7bc18f648cb8761844335f3551f0b565db738bad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af5372e554fbf1c9f4b832393976cde0
SHA175ca498a58b7d272bc6783c8cbcfaeade2b8ad45
SHA2569408bd1c632fada973166180c28165e5b8563a84f2c69725070b6dd0663ddb0f
SHA51298b45c1e77657a2dae05634d4065dbcc816b0465d7b26d95a27527bbc96bfca18a80f46db258b4a43597b115c92a29b343e8c5511dd983a26cfd06238e9a1a60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1ef06409a9d2ae5fc45971e3b6cb08f
SHA19300fd6486f368adfeb6b0f2da3c9f1bcab425c0
SHA25666bb411538982f8634e492dbcc1225c3b3c51edf818a1f990f11f571ed48c3cf
SHA512f54cb9bc9b988075d0f9e1b4238db538ea34705dc34bade58cb1efec6be110b76db6941d2e35f06a0934ea72da9eda7e37ebe3591fbf857e51db0e6c42183bee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57ac59eaf5685e6bb51581c89fdfdfba4
SHA1b6dd182b2d0e2630c235f8fd174d7540cd12f62c
SHA256f8bde590db080654c004bf51b816cb31c63ebb020ae7a0f88034ad6548043728
SHA51233ac328be4d4b83324e140350c45718f757dea50e74ae46b2a22729b73465804a60502326a1b2b6e09af12cadd8039c3fb82ab9c7e61b1c0c90e6649e4f66428
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50316d85eda098d3dcf672f39a034e5a3
SHA1f1e51ac704a11f202ca0661abec518bab5d4dc7c
SHA256514f317491b2a8a2f052cbe3eaef3e1e023d90477c32f6fbc6940defea9675ed
SHA512ccdf6e042428bdb2144bfb8a494c4625870ee7f8ced74590958a727c0ba393793e23c5f3cd926498d51353451b539ea3edcc0eb7541c9727e1de93c1f4593de5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573a8869c6146f04207acedb78dbf9b03
SHA103cbb3d9bfa2a50590434bd64412e5e3d555fd96
SHA25694c9b2c65ea980307097c432af2d673f8e3a6b512a3c29016ef5e40e58efa668
SHA51265b522aab60cefa19c40c70f29d0237e12db86507c1a77f221f8e7debbb40787e6d01fbb4d39a21b0b25e5f7cc149ec5a642838a1c1c78c5f2c65da954ab73aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b