Analysis
-
max time kernel
94s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 10:10
Static task
static1
Behavioral task
behavioral1
Sample
c082217176503a0b4b86a6c9353f5139_JaffaCakes118.html
Resource
win7-20240729-en
General
-
Target
c082217176503a0b4b86a6c9353f5139_JaffaCakes118.html
-
Size
26KB
-
MD5
c082217176503a0b4b86a6c9353f5139
-
SHA1
b7804d86bf626b450542f3a281aa2d4bbaea91be
-
SHA256
f36de63629e24c37a71b3a34bcf4a62f622cbda93520d9544f8f02b296eaaf6c
-
SHA512
f3ee51c59ecb67363a25b45aa618f6aa08fe00899c20200371de29cc28b22461c4c3a1c3f8a73371f64036001d4ff5b8338f4d2d280be791aaaa28a4918b4557
-
SSDEEP
768:SDb74ex802rCvC3CCCBC+CzC2yEoaoUonoZoOOCOPOpOgOv5dDdB5RPR:Sm0o2CFUvm65Bt
Malware Config
Signatures
-
Detected phishing page
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb90000000002000000000010660000000100002000000010d021306ed45dfbd4d0fab57ddc09936c3a9ec5d5442d56da512af7c1f83fa1000000000e80000000020000200000007e1ba12497d15e2d8746f76510857fdcb3b3f749bbc39f8f7da54f4a5dd1d62b200000004a1ccfe8c33a4c51ff241109ac29f25a4c8c129ded2d88f3271de6f2e4922a1d40000000bf72732717769aa8d3d379fae0edc27440267ad3d19aab2d303a2190dd333f8ebffebaef9aaf5a19d2ea4a817039d996808751438410821257df71ca9d2758a3 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6089a00cd7f6da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{35918DB1-62CA-11EF-9DBD-525C7857EE89} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430742482" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000cddf1c7633dfa4cb61ff3091a6cf1bc5a59ac49c0fa5e8555850ea84600a2b16000000000e800000000200002000000040d4ece6dce59c0e8c6632c1fc712d5b16e77551f37af0f183bdd6c9e1e93b8490000000b3944877fa97d30466c33ff70c333d54011176d77f5da20184309ebfb091e72b23175f5af20587fa3dfb8fbdc56b971d1ca38e0c2876ea8b3696285fe5029ab2309f2b1b715daf7bc04f3a1fe51b22b7f6859e00d546f89b0c41a5b9a2cf084fd148cf0eb240b61284db09aa114fbc6d7d58d0360098d645b3deaf645ede563e154ad81fa6ce19407f9981b59113463140000000cd851d0b89451bd2357a5a233e774a3a24d3ee12043f7a714e381c7b80a222c1424c85d42b36ad3fea898e5f2bad89a660e1a0c589d48fd3d31a83668b882dcf iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 376 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 376 iexplore.exe 376 iexplore.exe 2320 IEXPLORE.EXE 2320 IEXPLORE.EXE 2320 IEXPLORE.EXE 2320 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 376 wrote to memory of 2320 376 iexplore.exe 30 PID 376 wrote to memory of 2320 376 iexplore.exe 30 PID 376 wrote to memory of 2320 376 iexplore.exe 30 PID 376 wrote to memory of 2320 376 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c082217176503a0b4b86a6c9353f5139_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:376 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:376 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2320
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59c15693795ee95c777c9da9af6d02550
SHA19d63502312fa36a744c5cb5e25ac8e5e7e36d993
SHA256ef4bfbef104c3f384ab9b73ff83bd1cb79d7b4486e6031212257355fd6989530
SHA512b76cc64479163e970cfb4d4d84bc1cc71e47e7aeb2dc43022bada0dfb0bc78bc1c02d1709b736fa37b9e3ec279a6e3f5f7fdc89ba09552045e1a96b6626168d4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD546400aea89055256ebd001e8e49775f5
SHA17efe98d287db75f3e70588ec5c53c13c3c92e8ef
SHA256cb154770ab3a38320fec33db1b5ebcb92e9ffce732591403d255c32f447fba96
SHA512376e941eb17767b1f590112555405f21b04dd56d5b9e0a8ec9a59d28b9c6d5db29dd8889f9b8c181128823d75741571919b2d588bcb865902a3114663329c3ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD553e98e7cc08f76ff801fefc7f2a8f361
SHA13d888eadb2f19470e8ae75381567bab8091514d6
SHA2568be0441180a0ede19c2fdb50c2b44d79dc90d667c091021f0fea4ce9e80199f9
SHA512e1ebadad97670028abfe945a41aade7853e3178732bfb39297c2d8444e8e0212b2221fcd572d3ec71daf60eb5f88fb32ab82d0377e433b724a4d2abe4f0869bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5684a6e2c6eda4eda88811fbfabdbcb25
SHA16710e7234cd681f237dda1bcee89c46bfdd4659f
SHA256a67468024c152e47f5d24e117addb5da575afcac2d2c54969619b59f3ea461bd
SHA51249a0e62b214d5b6273a8990b27e95e8e45dcbd6efb42abdb2de6ed44f1402316697fe57c118de9b2b55219896967f3fcd77d1d95e86853b6cecd46f8a97b4f3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a344fcc665c8aeae0398008e407368df
SHA13a856e1d93c62c8e8ac9fdd35bab92c086a2a210
SHA25655d34193e2ab162bf8e8d673368c58bb211767aa2ee01ea6529b85bcf70d18c3
SHA5125d3ff6f4d6a3075bbd3080f500e799bd308dd004bb097b42d8ba43eb95a08a8becc3322d63ae3a83ffccb70f950261b752dda3d47e670cbb5bb52c2e5d73e952
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b09e2f3425f3e054b53f9f07012a2b3f
SHA154db1ab50af218faf70401f8e68da90c5cca2f2a
SHA2567174222cddc6b94aee57338b023e727f2760930cec8ee362653ca19e0a402ee1
SHA51209c5a3ab366a1958a240baf02be884fdec078952205c4551dd2737f5aea3f69e777f0dba5a85b3413f27794eaa9e9a5207e7d34948cd5becea11103804b4b1ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD592ac426c65762e85dee61e2dcee0b4fa
SHA1b34f02004c89ebbc013e8f8ee69d33a44982b6c3
SHA256eeca950fcda90d38579b5d94327cc282791c581d15826e9f4ff23ef1955bf998
SHA512af8b85dd1b552ca1b3ed16ca31db5ca50be22e629e3764bb8e01bafd8e2adc2223ae271e4ad5364ba401cff767a5be0a4b8bc4ccc0500fb88e175ad9f314162e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d4810b5fb516701a8d7b54ca58fa743
SHA14403acb49d80bd74965b73fc0f835245e2c4f66c
SHA25632431e3bb8b794aa8c2bb680b92c87f2b2171849a8b0a4733d0000ec5db1b0e2
SHA5123367a4d757897bf0d2f25db097f97c0fdce11ffcd1f8eb767958bb7718c92774e3cb7041a2b00b9fe40e9b78855d78a3cdf0494d7ef7404baaab9d17b50b971b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55eb4cfd226b4602caaddf1f665de6727
SHA106d280483ca206b118fbe55f2d768707dab88b3d
SHA256b9daf81c7da4286fd99439043695ac046e6ce2474d67ea513393455585c3fe86
SHA512d1d9a4c85d015526ecbe1b32b812de79df8dffbd111ed4554c8e436123779709ecaaa1cf56a6d7eeebf392b7d186d8e63c6434e946370b2c1b82d30b6c234e8a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53af485b3c7b7cd5932693cb906bf6095
SHA1eedf6ccb43bbe9901dfa392e244540d4bfb682a1
SHA256a5f61bc8798d766bd3e789ce20f459f8ad62b8d32b6de17427ef28d158153fae
SHA512bb81cffba95a277a442eef7506b11a6e2fb3d6b91b441db1a4ba66674121a657c1b2277b9a65694b07f8c87ea7a620f44f0649ec59f0abad7e5059af62b20725
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8359be775ebbc91f944f3a43bfcf032
SHA10fab461d3c452e6be31c2a22f35bd3b845b71990
SHA2566d4da20df972c14a0d9b7c50b4963fdc134529a5d2b81ccc169573c71060684f
SHA51227f458053db8812f276a3df35d788e091445710569e5b91263e7c7f4737f48d07fbe5f4517ffce24144a89e643644bec59382a764c3a844d83b381e954439f84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ba76e74a1098fda87d110a068f197991
SHA100b8afd773a2071ab1c1b68726bfd023fc7afcab
SHA256af21921abe5430373f619f2e136b2947cfa2fe74ba1557d2033a8692960c9411
SHA5125428b40f2a343b14f36b734c6d67e2027df63f44c41a6bb594a440cdc735aefab37263719d219dc2af7f733d9ef87fb379cfada8b876143f6b7dee33be0dcd82
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD532783e0a0f82f94d4abd0acdda074cf4
SHA1d131613ae8aa917f39fb8efe85b2606d17d3fd22
SHA256fe9d513ccf45457c8caacbc1d1a573b183b5bba97a97328db5f5575f6be05d8d
SHA512857aab678c66cb3169c1965dc1431e6efa175e68727011b9505f50b8aa29451d700e0b91a8bf816d5e648cc9f2986bc3a1ced9a2932bb43222fccf3758039a48
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b