Analysis
-
max time kernel
143s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 10:09
Static task
static1
Behavioral task
behavioral1
Sample
c0820d661431eea0f4ecde5b98eac6fa_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c0820d661431eea0f4ecde5b98eac6fa_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c0820d661431eea0f4ecde5b98eac6fa_JaffaCakes118.html
-
Size
18KB
-
MD5
c0820d661431eea0f4ecde5b98eac6fa
-
SHA1
419734c08fdad5d85c209a6e714b3e7348c10629
-
SHA256
69452e0fc6d1f545193db539f6a8faeb987d0b26df4afd544c768492fbefcfda
-
SHA512
9cda164e76b5079b1b710731561603130cce2f41627900078f565b208faacc8531505b467f37f0a200ffeaa7f9f7ce4475d35b81db6a6aa072b21f9f0adf974c
-
SSDEEP
192:SIM3t0I5fo9cKivXQWxZxdkVSoAI14tzUnjBhzF82qDB8:SIMd0I5nvHBsvzexDB8
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f00000000020000000000106600000001000020000000d2442c022f2cb90c3287b45949d12c1b6295545b153e66ca18e8c9f44ecc0626000000000e8000000002000020000000b842cac02089d0ca4f1aae6e440ab607f198c9e316f601e969729989c776e1e290000000d2600ba1d6d0863363fefc78f40fcf99bbf5775153f6b98c700ccc664145be52eb60ba6586cbcd0cdb81ed46faad3aa793d5438594391f2fe38b5fe690d0734eb1385bb44967883e4224d6b93839635b44804e63428124cb7a4d5695ebcfed48f5c50b41b22a271e7a9f32e0fb0bc3af5fb6812dd6bfc9f85fa974897ace801ea6027109cab282fe8939d4275dccd44e400000005680584c4848f253ece34c2f6543f202f5e6b3805ee08ade94fc35be2df4da81ad94114c15a89fa57f427ee2571748d2da846ee31960a1504d7fb6dd9f2b5343 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2B673A61-62CA-11EF-9637-66F7CEAD1BEF} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90190506d7f6da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000082ebb0b9d6f3f0458e93e15bd38f268f000000000200000000001066000000010000200000001be049075179595c8e718dfd5240736dca8c3b185e0f541f1407657feadab76d000000000e80000000020000200000003de4b877cfaf1e06276a202dd2c0c95fb60d827a5b21802ff1a49bcf3a3706ef2000000059fa97e53ca6c0653e2dd643c9f74ab30c2dd54bb82c56c18e215866846f1662400000001213f2729b9d17f3f30be95bc46e3a46d24ac43393134760de9b13e15f8820869802a9eae3a58eab6a611828f8fae5830c37944b2142930afbcc71bbb905bb14 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430742463" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1385883288-3042840365-2734249351-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2500 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2500 iexplore.exe 2500 iexplore.exe 2072 IEXPLORE.EXE 2072 IEXPLORE.EXE 2072 IEXPLORE.EXE 2072 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2500 wrote to memory of 2072 2500 iexplore.exe 30 PID 2500 wrote to memory of 2072 2500 iexplore.exe 30 PID 2500 wrote to memory of 2072 2500 iexplore.exe 30 PID 2500 wrote to memory of 2072 2500 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0820d661431eea0f4ecde5b98eac6fa_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2500 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2072
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50cc27ac12f9b4a9d211337a2ea748ad6
SHA1c67e933a6a36aa7032739e6f83bbf441cf1749ae
SHA256f76338012d9eb4ab52f8d724c8a6f469f5b1cf01a6cfe05ae43ff6e2e2620641
SHA5122a4e79f85c759bb81a7d9a11a01ded32705d0e7e1ea8b20497d014670f190249d8f92c9977141bba02afaeded2e5b92fc11a0d78fda27ee3344088570630d08a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5219043060de26e3e92536c11b0ba01a5
SHA18bf3fda454c335eddf1f4b64ffb13e4b70027aec
SHA256c44eb55cca79a6b2878aa8c7c6218099a85a72e73049c794bf38467ef4481aa0
SHA512511097ad1317876004ed593e4cc245d8ab9d97544d5d48401fea0f691fefcd70686a24f599f74d30a003bec8680240e21d8bdc54d702a3e9038d0d4292b3ee3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aadff441a2b39c281065ea6e9401e09a
SHA1e25f173044a63d9cd458f00814a1ee86eff4036b
SHA25652d9f470b05fefd70fa1ae83141c97fe3ec834b07098f7d7bd3bc40df6661582
SHA5124f9fd11d4adfe56741b56c71a280e838d88bac47a0047127ba8590c382578af66de30def0e9cf1d48352d3e2a09627bfbcb2716d84ebfc6b112cbf9b86220471
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ba3f6c512c34fd535a63250d9d250ad
SHA163e0c1a43eb7498e2a9a5c06b6f31d015351505f
SHA25683e7090272f03c5a5b549fd075d5a4c15ac483cbd01ae5f055c2a3b80f9b1970
SHA512ed972e2dd788c656f9e32ae237332921545cd18417f53ccea702bcc33dc349138b1f3e0aadca1d8c697e59eef30c8c685c2e511bac720afe1c3e1d09089b1b6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e10dad8803f03d028a9075d37f530ae3
SHA17a357d318b3db19752f4670b3dd7483e3d21df52
SHA256becb27fd92445e5f29ec3dfe2417f735bb3564e2575bc89c911046af680d3712
SHA51211adad498c1be60a6c8f9635438c5a8bf6480df75cb1c44acc2448986a1923e1e711b14434d51c4e84fcf73d45ef77a41b20fd8ddf69754555a4826acecbfc46
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52e0db01e36451db5dd0c2b484d0ccd3a
SHA124af097e1d3afb0a7bd2ce8e66f4c32bb9669f62
SHA25666c2b8ab1b3c57fd45055999cefae9da7e3db1562e6e4bedccb7688bb0d6c284
SHA512362eb4203621ae06c74b256f165d42f104f39fab24a4153362ce261287588dafe334fb07e56857b4d5f08e76b1256e93a71cf6183d6ca7f851c8ba55a7a79287
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e83b7de5fd7d85e6e51a3d1d9d95ed62
SHA1ba9f9fddeab7aed5f86415a9d027cc974b191655
SHA256ff215e082ca403ecd2dce0285f7b0f0b2bbed7b4dfe7498ff7e2adf1aa636e3a
SHA5124871f31c714348a1f55fb7490ade11612354888aa8b8c6f0de518752c8e336da052fdde632a76d797403b6ac0a5ac0dfc6cb45345f0a98980f28514b1e71b6dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD570308f792e6ff026fc9261b476d78f98
SHA16a459b520b5d3b504bab191665e717b1bcc67f1f
SHA256d73dba2d2462eee8d463b559ec242112236a732ac7cabbf7a521fca89855c4b7
SHA512dd4a1a8ec18ccb4b3afda46cd64dd360e49cacf4ea4442c293c52cf25ce511338895d7f956353a82147eddda40d2b24076c2be4244a9ba30a7e5c8aaffbf559b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57e2a6cd2d5950b5b0ae4664081103ed2
SHA174a9c98b3dcd3f0d8dd3be2f67d011ded5619e9b
SHA2566ee4a2381ecfb0abdd2c6db6b3d461bdc98ab4712a1ee93168671aa818330aab
SHA512859a72401c98f5449ceb5e6c2e48395f5d99615d6d2984267dd6ac6f686a76521a07658ef317e8c7f6adfad4ac544425a08b3e8a30e0bc32f522062bad95163c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c752cf40b2b5b641a5fcac7d1d03400a
SHA1f4e97115f520d8f1b90e4787df80b83d5d627a03
SHA256b921cbfc7011d2f525f16de57cb1357af01d55444b29e9620adf87cedf66b6b9
SHA512508b147977eaf0b1a07caf2e127108b45cbeb9691e458f5c0b9460091abec82fdda6554a8c4a09c4a2f96bb47c45bb19dff2606ed915cc63da5c0ca57f94ebf6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4088e465e8e421ea07bb99cdb564844
SHA1a16a34af16fb9eb00d233d4f34d643b1ea3b8d3e
SHA256f5ab6177c52a41cfa7c5193584c8916772fbfead0d68df95f24f443cca74754f
SHA5122022277acd0662b71317f96c2befc54074961a010daa4c24b74315c70f5b2f086f3b240c37923cfb0dc7c8b7a1a030d2308a96119c1627a39923c124f66fbd94
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD514d0685abe3e4b0d1104f7097745f349
SHA142dc328fd46f83d2ebe7e090fd2501f9e39a4fdf
SHA2563c0aebe2da6d6eb21a667d9032dccd16f67fb35518cb78ecc15d7e985672d952
SHA51212801abe858237d3b019689cb78df9f4fe50b8175fdb5f3a9713a45d04a889c0530c84557c922b3d133b08ffb162b9c87fd7bce581d036ebb8f9ade039a1032f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54cfb6b38a4fe2e39a9fa166e3b026fa2
SHA1b2256db7d801ac86884f193a60b54e6c9ae2762c
SHA2562282b07e01a6b7b75862fd490603b7ebeb17bb19c2728886c6322912211a08a5
SHA512454d1898487b753492d998f106a6d1a30c9a117e08be29f2ae82c43a759d94a55a1680ca1b36f095de9e6d4d2252a017a03f2d5cbb6735db904feff625eefdc3
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b