Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 10:09
Static task
static1
Behavioral task
behavioral1
Sample
c081de9cb764e2a7dd7039a89d73c199_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c081de9cb764e2a7dd7039a89d73c199_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c081de9cb764e2a7dd7039a89d73c199_JaffaCakes118.html
-
Size
53KB
-
MD5
c081de9cb764e2a7dd7039a89d73c199
-
SHA1
3a51e47ac3be1b9b334f05d7389e263ad2136222
-
SHA256
9621ebe1921961fde3ad95342699ec4b8b70bef8dbd7bff5541068461edeca1f
-
SHA512
5dc312933a20feb9ca5b7cece72fb7112390be63124fb5d085bea9da34ac7529f8698e38c6b687b37c9d4fa78d39f75a150c38ed33541329e2de6b03cd81d307
-
SSDEEP
1536:CkgUiIakTqGivi+PyU2runlYy63Nj+q5VyvR0w2AzTICbbioP/t9M/dNwIUTDmDR:CkgUiIakTqGivi+PyU2runlYy63Nj+qx
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4045b7fad6f6da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c000000000200000000001066000000010000200000002929732042f6f548d7eaa5eea3c5f2332d23e58a550c11fcd74573b241c8284e000000000e8000000002000020000000be5f8cfff89f3c64a6734d733965c23bab7931526f8c10a43c351bd711a1e21d2000000030a21c1476f94c445d99cf4183a74725f0f321c3572146feb2202da31e13784840000000780af497e47126b98f30489fdd71b46e30894f41580dfeaed68c94e7ddcd688cb5179721a6d4751c294b226654691feb03a9c93340877124469da6e0475bd413 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430742437" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002aec918cb9fa9248b7812ac80df2e74c0000000002000000000010660000000100002000000089402783fdf8b5d063495c2a1b92c6d88bbab0c81973020c848c7f8060f8d053000000000e8000000002000020000000281be1d467ca246c3254355c11cbfd78227693fbc837d9bf11d4605fea3464e8900000008b298e7ee5eeb2c009933c1b6206d4ebfd4a8dcd768513bd263549aa89e952fd382b63f6a7ebf8416e4dc24a2ca9ab9b435e032eab5835cdc2f63782d9835d02aac632a3e01e32b8499251fcd984eabc3cd2c78aad8fd0c81a6917a15a226193923565ca3d98dfdc4f7cbb3432eec148e0391cc74e9dfdebbc165e3bc3fcd96003667db5f38df84d95bbf7084f72ec4f40000000e7daed2cb10da22d6097f30c9f19ba0f35a53b754302411136a8057ac07510e40500a1a07a5cbfd72c413c5854ed5b3db885065fcd66c3714ce2da5934377716 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1DAE3271-62CA-11EF-A173-7667FF076EE4} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3450744190-3404161390-554719085-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1604 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1604 iexplore.exe 1604 iexplore.exe 1824 IEXPLORE.EXE 1824 IEXPLORE.EXE 1824 IEXPLORE.EXE 1824 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1604 wrote to memory of 1824 1604 iexplore.exe 30 PID 1604 wrote to memory of 1824 1604 iexplore.exe 30 PID 1604 wrote to memory of 1824 1604 iexplore.exe 30 PID 1604 wrote to memory of 1824 1604 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c081de9cb764e2a7dd7039a89d73c199_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1604 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1604 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1824
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5b9a337af1009a383e73c083987a7401f
SHA14edecf8df9bcd2263d5a8536dd7c9bd1e246b490
SHA256b40b34d7926fd6f92b78de8c2dfcd72148fb2fa4ce71bfdd82ea67570d64d235
SHA51236b18cc65c47181ce6f41029a6d1b0e94a529e1d86c81141ea3aab6a9f3c7ac7c8b2945db3b45e4b12ca89f63fbb17f1bb9e21397744470c3d299f8efff99d65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f316c8813e54a8c7ba9f616544ea4dc3
SHA15b727782bc5dfd54d12fe6320c8079b34fa19090
SHA256a6b2e01f1eb5f8cd3adb5a90426e705e958d30052db8e87d80a23c96d233e866
SHA5124ebe1194fe03edaceada546048bcc923ee8d8e3dfd77aac9dea372b3806bb0f0e50b6664776c816660bd1654a48b47f923f72a8a89b2a3079e9080f44b805acf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD507b7cfe5fbde384093eac7dd35f74c84
SHA10927bbf05817de5cf03d0dadc68c7fa3ea8a50e1
SHA256250e50e5c92b095d750e621100a6a6e4ff791d2f36b5d79662413fa03c609f5d
SHA512115aff779beb825c3325337b02d8f5ed19d5cb4b4c2ce405c9399e314a8eaa15b7574bae204789cdf11730b13eff7636b63cc661d43ed687c0d3e40b771d6c9c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54f984aaa1243b313ba34a226a35c6c9a
SHA160af569dff43d50915c28a9d5568174fabf0b46e
SHA256bf787d2042e36f6a34441d542a641b3723e4d16f3c8491b67ce8577f70f9c32c
SHA5122bff25413d89dd00af0e572f8dff2ccf2711fd0a6547c5b7fd2f4265f7955278e909bf2ebebd4499f8dee86e331c33839d9760b465ce3123aa7a4f64d2d09b4a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5813f91b17e9045e9172a6ceabbb00c00
SHA1a6bdd906ee869fb2dfe403bc9fa511e1bb7f3786
SHA256051c6b2f30de47feb77178e1976b00ed923b454e70fbb7dd07840395ff816c94
SHA51277217eaf5fbfc5eac53ccfb72f0b9578876120ab1aa3cef6866047375c69d133352af42fcdbb6fba3b8c74cc51a51a0acd23a7c80681702abf9e1a6f57bba4df
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD576ae93a4aed1120110020db6b09a492d
SHA1cd3aaf508b0275904f6e7beca4721f3eb03a4fd8
SHA2564e8590c2fcb3555c86cb43c48c7937ac271ee13b2df7db3d16b1d23ca0242ae1
SHA51273686b5323929fe6efb2b855959a81127f3b0ab846dc6a2db1fce455b37a10e6d224516b9850e29fd6537dfdea8cc62e665bbb8d83a6a9416b2c36de09be89b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD57446986c8ebe22913ebfc673adf7fcaf
SHA1c7c784fd27b84662ec25a147551b86a3acf84239
SHA25651fdcdb95cf5efddf3a416bc6addc18d36bcdb3825a418487515fbc3245692c2
SHA51253105d4466f2bef3de8835d5a70135edd3d268d621aaf945bcbd0dd1ecc28c8ed33c376faa97c078919bd651b63b54a4b58eb09b5d0e0dda39623b3c738aba5a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5aed614c245a434fbef3f8ab05cd66522
SHA1236a4298820b37d6499df0adcc1e58c6facc8c01
SHA25646f492b2a6eb2ae3188dcd30c9174c2ee7307d44f46b5a6ca56fa618003a2d16
SHA512e90e4a996f48ea860c224cd39b3520ac581c0c447ee7c64956d8d718342c2310ea6133cdfe89f50ecfab26d85c82fc775ee9db847d668cf3a1fbf794cca11a09
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5fea1241e0fb0706d8539bccc24496b8f
SHA1b26625e1f9e6db32921d079576200bd549da1b3d
SHA256f719041ce910e4abe42bd1a3fdf678123037bcfa2a0650885e5791320311e205
SHA512fe57b0878e5bb658b1c2ef575c2cd868bcd7597eee85f396252daca63af8363fd6f48c0869bb9ca0835c884ffdcdcefbb403bd97df56f072108a43d0f0942366
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5f2435a356b11e3b73723635b126c8d28
SHA1891cbb7604d0f0d5c45950dec0db38b301a68586
SHA2564cb68fc96914e1260dbd14892deb54b1a0a598ce4a6e5256f619d9fff5273eda
SHA5122d1a5ce47c7fc14eeea578a7ecf52dbeed5629aaa189b369e6755285888869827481cf274ae4a149cd73311cdd1b9bec5137e916eb4b1bd96e1654102ac0d311
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5bb3430b7954e13839f2f4c77108a2e64
SHA17b8093e79beaf4628a6d1280559d370cf7a171af
SHA2560e3a4a4770a346ba10afcbc4e386568afb71d04a0c32800951b2fcf820cfb18d
SHA5121eab9453861179140754818d8be3c1b2759ed314220920d2a80df1c90bad3886f17a9860526501306533245f04c14765d2f885192b48a897013c3863a4185fff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD57f133b9ab994b41fc405b9822402bd3d
SHA1db65e98d2ec6bc8af72e467ae5eb618e407121b0
SHA256cca5b436e4c18bb33c16591459be7842355b5198827688cb6b7165e434e0995a
SHA5128d70fb59ec7f061cb3d88e53eac728c050046be5f06faef7bf23e81acfe1b22a1fd10323aac0c5695c1509b625ddcd8b5b11020fa3e6d8eeacc5b33f1389ce9a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5193b4219ca6c7fe8fd558506a55f2351
SHA151504cfe2549b285a554cdbee976d210d1a4bc17
SHA256a251d47491a02f7be61af3b2b31c3f656c707cf2368bca833a6eda7a2e335e97
SHA5128bfc0de3da31349105d6047dd338e29f7be57192a12b4c080fbf4fe1239f2c83082480ac4cdf776012bf4742010efc2f7b7eb15f3face9dd6fbd57e1bd48745c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD54ee278eddc18b36587c688c818be78e6
SHA1babe6f6931dd13876ef2b89bcb7f3264d57f7d16
SHA25652e3a4a069cff8e7e33190bf5fe129b8219a001a33ecb7c54a25761354ea3eeb
SHA512f90739953a2b2a02186c319c6c5418453d44ad6faf578e65d758f512b68f785348d85e3f03d4cb5d760fb0694367497affcceee79e9fa08d041358e49b767c1b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD52a07dfb7cd5e69713dd2b0c385d932ae
SHA1b93aa14a57bcaa94643afe2f5012116caccf9937
SHA2564563ae605d9cc2463731b58dc842f95ca318c88b992aa4ffd114cbdc493f3cc0
SHA51264e63db80f04e130a8298a424187a4ec683be97d2b547a6bd160b126106a7758fcf75e1c3b2fad0f65b285f98f70154a8808f50e073b551e17088bc9805bd5c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD59199ec0fd47f0d173398774185479519
SHA1105f72597a887d14056fcb2c6f668311985e67bd
SHA256dbbe88a317fcd378c9cecaa2f8b5c8c1f280741a78893caf7f92234b98b04896
SHA512d42088e6d3c8ef4a883bc67d6e57b7171cb8ebfeecca790c2b121065b9f1a7c4f2536a3d6e484fb578c4af15b133d24b1f3208ff20949cd296ccadadb94aad6c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize304B
MD5a7935c3e8d1485a8988144f366112ba0
SHA1ffda8aa13345b9adb59afb4e620be0e95dd83ea5
SHA25607f01c686f3f6c85f25c6b7befe6ffac6b47c6b33560bd8cc838b0a718be42e4
SHA512695b216e567917046528d3044bd6b6daa52990657b2c310aa0cc2eb2ca10627e212a2ac175bd6b49e8150b68f6e28f6488e450bf5217ca300a084ec5e44b3417
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LF9I1AK\upshrink[1].htm
Filesize706B
MD567f3a5933c17b3ab044826d3927d0ba9
SHA15957076d09bacaa6db8ddc832b4fd87ed8f05f8a
SHA25697e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64
SHA51203ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b