Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 09:17
Static task
static1
Behavioral task
behavioral1
Sample
c06b9c56ae9df8e8c63b86766dc2902f_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c06b9c56ae9df8e8c63b86766dc2902f_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c06b9c56ae9df8e8c63b86766dc2902f_JaffaCakes118.html
-
Size
27KB
-
MD5
c06b9c56ae9df8e8c63b86766dc2902f
-
SHA1
0b27119798eeb5dfa811993cba4865b7f12b6866
-
SHA256
9a6d201802b9143b437aa9db230e1652ed7c373fe6e86ec3f9eb36bdd832ac7b
-
SHA512
7ca7779b69f677653dd5047db0581ee953d0f01e4c2d7b3b7bb099efd74fe4b470539d27fa8eb4c84e16a87497d361a4bcb71fbd12ffa83dcb003f1e1fd7e231
-
SSDEEP
192:uw3ob5nOenQjxn5Q/tUanQiegNn2oxnQOkEntnU8bnQTbnRnQ9eKwm60xoOQl7MP:XQ/2homqLo+opSatIF
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D8453B41-62C2-11EF-8EE4-CE397B957442} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430739314" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2404 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2404 iexplore.exe 2404 iexplore.exe 2396 IEXPLORE.EXE 2396 IEXPLORE.EXE 2396 IEXPLORE.EXE 2396 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2404 wrote to memory of 2396 2404 iexplore.exe 30 PID 2404 wrote to memory of 2396 2404 iexplore.exe 30 PID 2404 wrote to memory of 2396 2404 iexplore.exe 30 PID 2404 wrote to memory of 2396 2404 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c06b9c56ae9df8e8c63b86766dc2902f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2404 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2396
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55957cdb349561d4c2cba4943133b9faa
SHA136e42b5cdaa38bb840f0888d764278f701ee2066
SHA2561193c93b6cd04027f98506ea0e338140a016c3605e3cbb510359fba8b4ce6f0a
SHA512ad34aaceb111f105f954b061001369c100ccd5bf18ca224fdd165d10f1a1f8c3ca2053fc09716251b231b7a1f3da2f4624d737f6b2f8064a3d7929ab6d28d79a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53186e1716291634beae817412b65575b
SHA19d470d622795b0ecee94a89150fabbc0c5a86955
SHA25648f4c503e59deed0461ec65616caf8178ab09f22b417c56d7a1262379fefae95
SHA51221d676432c95ea827eb1fc8a10743d0b8b6a461bffbe1d2fd5f8094d8fd38f9553ce63b85a60153835349a51f45c130b6c0d8a57e83d8419274eef8232683611
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5129fa1ee931508b27a012cb3325658ab
SHA1e90615422ed3768c825d2f453c9fd61dd2780270
SHA25631c567df4c8cabc1c39fd75b064b45b29de62291c9342392cf1f7a52238630fa
SHA5125632b3ed0a11d04851c6943cc7dcd5ffae17d13e185200cf78e8a338f40d75cbf584420769691e315969b4542c33d30a8ce74f1ff67a8debe3955d15549df676
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ebd366e878619e211286d7f96cfc752
SHA12656b0457bc95dae76896d126d4c2ed1f5f5a4b7
SHA2568ddf061ea29207d2ccbc211b5f87110a98a5eefcbc90d820a3d8c2c80f813aa5
SHA5123b9fdea2fcb82a4725bea777f089ece597d00dca7d86d12e480a48f3a7ff4eb43adc5fe35443f43b2a60c2ef07b235c4390ffca2669daba5fccfe94805a0f98c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57b0db202f24b059fd90d35760edbcc78
SHA11ec56eaa7d2ac1c043cdf818f3dfd7980f3fd296
SHA25698a0181c98d54598cedbf2dbd8c5a13c5484f71107882914dfea6fe5c72bb8b4
SHA512c9a33841eb391ae07a8c01624b54983060b40d9ce92824dd6b7cbef36982baeef340022bd1b6058db9e341df8ea206c4c8469b7d692201fa01a7814d7750b8e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ae259decb8fb2cbcb02992149c18ff32
SHA10c9309a015368c3e97bc4b672e786e38250b1d4c
SHA256ee178221388231ba3ec0666888b2d3a4d13e13dc19e9ed2331787af69008c62e
SHA512f2de1df5eb6a6a410d6d97c40b025d447b8462afa1d44c2b285a3bbcfcf77f769a01375c431d81330953b209e795bad775f54229c7bebae4a536928e7171a754
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57aaea273efc2c7ccbd3901f80c33ff73
SHA11e0ca342ed3a6b022cf21de39f88bd307699c739
SHA256fd8b86f51a256cee8736192307e7cc2b7a389698fc2dd29e02760846f86cf955
SHA5126844dffde7d70cc09549b4d01842840ea87e2e8bfce74471627bbc15fef246317caa1b81ed68b89f524f8ecbb9ed4d077691eca43ce3f164ae3c01122a6468a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ab8e9d15325510eaf34951ced181e7fe
SHA1b7153d2063c99c5c89000c1994f6bd666f836b90
SHA2567db839e191a3006665f33a5dfa5ab24947f69f5e9f27978101fd2048dc2d191a
SHA512442fd4276386920b87f82799193775de851942450310331f158a7d4b3e0260c08bf22f70db304a1dacdbdad8018d5faa8c3eb69dc91fcbfbffcb8c4d2a279ee2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52db7c57294f2dee260f6596c3079254c
SHA19c501706471f9508df45109c1a4ee85077425337
SHA256a11614967510525415697eb8e5ae7f2d8d04b2dbddede93bb616d921df6e3761
SHA512fdf8740a78ae319cfa0b1d4333a2c7f0ea2d6451c86d79ad8ad6847258e24d21300998b7bce863ea1c81fe0689eb88d21149a28bb2f86ec3011d2959d478cc0f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b