Analysis
-
max time kernel
121s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 10:10
Static task
static1
Behavioral task
behavioral1
Sample
c0821f52220f91fe341e81bed3d564dd_JaffaCakes118.html
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
c0821f52220f91fe341e81bed3d564dd_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c0821f52220f91fe341e81bed3d564dd_JaffaCakes118.html
-
Size
13KB
-
MD5
c0821f52220f91fe341e81bed3d564dd
-
SHA1
0fecb5e74ad1e2ee5e9e2ed6c6801246016747ab
-
SHA256
de613b028ed6e81704281817cb486179b5fc2413ac884076c76e330199aca221
-
SHA512
5189880f3243bb001697429bb4b374e4a62ddb678ba0c2960f58bd6a0a7e693ea39297284460ae721bf86708c02480a04c6dbec3ee96067f24fed7882df55483
-
SSDEEP
384:FLR8QzBX2WPb29yY7OUen4pAVTs6RJ6CBJHq5+5JaYN459k:VtXUeJX4k
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430742478" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{33BD7991-62CA-11EF-B2F9-66F7CEAD1BEF} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000013f1eb80dab6720040e47e10d085743672c63b0ab8e4b2795568b18a80a31d63000000000e8000000002000020000000aa775994d54fe11bf3181afe0c7762ea6849ea3dc81ea99b3516a3f4e40aed2e900000002b80c98da8f328b4de93ce7385c6168afd1b7c8da5a673096aa80e00e8b5c87d32fce5d587612f6f55667b53e0fcd413685d50f698c5821ff93c3817833b7b39484576fb8ef7d2d2079b46838e75c48f833f9dca33c1e34424e6254557a94d4480368dea5105de1634433af370266248557ca2e42d2abc66c58832ae6d62d4dcda90c759e7f920d055fb8bc44fc1286340000000d27212ab19926036a383b6b255a065d0b9f19ac1220e6b7d3607298f28f7547a2f9310f3791b13f911e4e60624a882dbc9dd37e4578ab2c0a10e14214c8def70 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f8e41e3384fa749ac47329e409d99090000000002000000000010660000000100002000000091b0a22f5ba0b06f29a7b79030ac09de4983b0fef1e19674646970b81fea5902000000000e80000000020000200000003fdeb6a038361a768d37c9f74de25c47a1328cbb474e756a7f7f9089bf73bdcb20000000c0fd64618e1776683ea87b213e304f1e6fc2473f3f7658280d0fe32b3d247fb740000000efd432467b8b05f6c1a549c3f6952bc27baefa3e8e47ccf69e2ad6bea9af06eaf18fd4f3d3c37b827735dda993277db0571772c8265207b4f76b7041e91a6da5 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f02fa0f9d6f6da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2584 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2584 iexplore.exe 2584 iexplore.exe 2856 IEXPLORE.EXE 2856 IEXPLORE.EXE 2856 IEXPLORE.EXE 2856 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2584 wrote to memory of 2856 2584 iexplore.exe 30 PID 2584 wrote to memory of 2856 2584 iexplore.exe 30 PID 2584 wrote to memory of 2856 2584 iexplore.exe 30 PID 2584 wrote to memory of 2856 2584 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c0821f52220f91fe341e81bed3d564dd_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2584 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2856
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d5d44bb40a2db7fbd73ed673267661f7
SHA188e00a944de53f397d50ea14bbb34adf90a121da
SHA25657c1d75045ad9f96a65414300264eaf547d8b2ba5e83740891792ca26118f622
SHA51248913c9bc70c7e668c1234794beaaa3bd055a3d9933555002363380ed9325b6d16fba44ee3d3721de94dc2c594e2581bae60f747026e50859b45889047ad77db
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fe106d6c29bc5361a1b5ea91b2e8506a
SHA1c54ebd632e1e2643240cd635c11630020e851727
SHA256ca0161409cf4d2fc47d2d2874ccb3393448203fb931dc4e9425a6aa8ee73292c
SHA512a96bd583c6db26f07562771f0c5b17c843a35857e93772fac4c7721a1fb0db8967a19998adfc1f1e1970692e5ccf655706615a6796ccb3bd32be992d0373c523
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a3bd5d7d95b716410058d80d8b59a3f5
SHA171ddca7a098858c747c115c08c74ec1cdfc988ff
SHA256f22698fa68506ea95ef230655aa92a7aee35c9505827cc05d82c5aa38ff7e8f2
SHA512ac35d8fe2f4ad7416006aaf76f76020d0c4f6e29242a1e42e4b4af9edda35a77253a7c600d2dc61a4b1e1319284383cfec2d802df3c595592a9904be31a64e6d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b8c76ccc7e157ce09a9d701dd1a579c6
SHA17967f6e28a030e64c2893f80f9b194f746631382
SHA25696e8d26f932cf5a9de3b87aa223b7ffbc13450b8cb25a590787dfd9da8a0c2ca
SHA5122776ba31d8d3b041d04c3f30f9f125aca115c6d496297f28367b4b0ec956fd01b89c609e46cae3186f3769a3325e074e41c0a85871ed654e0e0175889fada0b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5271283f1b0400a7a04c16a61f61f97ad
SHA18fd754587ddb1880922a58f5af5b5825726136e5
SHA256f94c7e9ba2010374d809da6e9049f0c06a050886d6b74da95e06df1bdfa4b4b6
SHA51230e8721a4b5054d9813671e6401ffda199a263373fc5e72def2ca786069b6e6598db7872fb11fb6a2c815884664ab7b3a0e0a84fff9ac5049cb7ab677cd5e7b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9a23309929d954894d97bbc309ee328
SHA1651adf1333897390b93cc2ba9f3b864fbf181e8e
SHA2567f15806d8aad378778b5763a301e759e13c9b8985d979e3a6f84c24b9a473298
SHA5122029f369b7c3f1ef7cd2519ee1cac57eced91851b10e623bbd8731de7aca18757abbccc3d4dc33bdc88070057e4987e4c580125e60a83ab83c5e92ee0df231ea
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5c7c1ae92b454033d33a2330124c97b
SHA142d076295a684954a1a090ca9eae925f5a6eb1dc
SHA25648375f025c33ce040311b0154e9b5069207b138cf717adcff6ee7b627d91653e
SHA512232dec68814a5187b7f7fa6e10f974d59884547ace6b29e42a7650ce352077612687ff8e3b27fd235ddfa58b4357616e73e85afadb7298032fef1e3fc60ff468
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5104349122670e658f0332b330a9c8b24
SHA12e6ddce27b1b0ce4f296d147f5d1a0d3fa8631fb
SHA25683b1598268694c658a68243483082ff807ae3d25253d7a439dd890338fb89747
SHA512575c31d6535671b17a7294f35e85d45d0aeb8dd70ed6de7fffbc2b16d50f3a32d3ddf237c8cb0b2f1263d5e42506c101e13627916c3ad15cc7262bdbb30f14d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d5efdc50c49bf9fbd9432f17a3a9572e
SHA17bf772cfb49e0d15533f642652026c8b78e5e8c9
SHA25624ddd9ceeec2ac7cff59f745f5b17df6738180d933d88fbff1747adfb583da1e
SHA512d3399370bbf24c0fb5c85ffeb03f6d49d33f6cadb4227dc4c56738ba98f66465570f2dbdae506414e83ee9b45b117b8c47ed2f2c002417855a7bd71dbc9b2abf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b2029f82256ab1d39759ca73e3b1316
SHA19039a180af0db319de41ae5deeb7a5a407f43644
SHA2562ea88e3bd6ba09779ce8d5365f6c206b05f62e4f3e7969807faa0b8be99c3470
SHA512c7d5832c48bfe252b95148f2b9deb490d72449e3659b6d80bdef9c55fe94eeee36b66b67b3f908252afcc187a46280fefd445a22d9468c50931e2130f33a2ab0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d88012b6ed30f25363c42026daab806
SHA16b13d64302eaaa11eedc7652bc8b8b1a50d8696a
SHA256d2fb70537376f00bf152ac1ab4acc4afcbf573be6edd4f4970e47b32e43c36a6
SHA512518aa3c0fc9ea0b4fab31d2c7047293f9fb23e0623053fc587d378960ba87fef6fbaeb1f40d7762e08feadff8d948d2a04faa0df3b9e637649eb3afce30fe2a9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f59f53907f11f3296a880bc485c5f07c
SHA179a94f8c67d38e8b3bb160c107cf55e5249a76e7
SHA2565edc1ff5cf498e2ac82ff6da2f6372beec07c0e6cbe97ba8c9e9e9b535744cf9
SHA512660b8ddf77f3cd16de8e7c9965e770c8afa6fc1ff09593ba7cc635e3699f5dbfa44b75a9879b8313fdd7b343ffa976b3c66ee54739ae149879a2fb94613ed7cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a60314068f0225db1a5b24d7c304ea1f
SHA11a37defba4835e4ed641a9b4711e2de148e2a490
SHA25667f3e03cfb8511e2bbb0e77c1f2baa8cbc333d0be7369364f43739682ffd7ea0
SHA512251b1c2a3708ea59be153c7e73e06b013db60f7bb8e854b30128a15aa311a7bfff93bc80286cc48144a7f3c8ccce4c3bf5387ba7dbd3d8a1918c9427f51612ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58754f83c6ecf546d8b55cbcb763d8caa
SHA14ff259f0a23cbef3a87431016f19eb693b22a040
SHA2560a0e7001c767b9e1ffad494a4f8167fa9cc2c03248b4af768179096436d4b759
SHA5127f69080aa9431d7cf3fa192c4d8e1eb68ccb66c23829fb9698f5c31f5f0c6fdca81e8cbaeec0ceea4d600d70842a04d549027e9fafc22b61480416f409b3f55d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57733f74ba8b8fb53d217e410b0b39c76
SHA159155727c1b4413191e54c89cc2fdbc3c1a6ca90
SHA25658f77381600279b0fcde6f1a5d9c5dd612f9b30bafc1a9e04c56980e58d13589
SHA5123dc08a1fdfc49a75123b9ba1b121021270c69cfcdc6d049bacf8b01923ff76c2931e70d3a5d8c3ae52029a101966a5ca6d02f4ae793198ce9109f1d5e4c27d60
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5205f418de22cc1b5d67d8080f4cca318
SHA1b5eebe14d060bac8f15bd6a6e65938f8fd32500e
SHA256c9bec5c5835afffb4643b426c3ef559dd604a04bec4ce10a0084a6c6d3ac3ca7
SHA512d02a7dc6fd816d4838b2a9fa1d0143470d9862286065b5880ee58894f414edf5608d4f3069d50e1263f17126a8ddee6a6873d39bcb2b6fc123d959d71a4cfcde
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b