Analysis
-
max time kernel
117s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 09:51
Static task
static1
Behavioral task
behavioral1
Sample
c07a660cc6009d7be1bec641bc30bdc0_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c07a660cc6009d7be1bec641bc30bdc0_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c07a660cc6009d7be1bec641bc30bdc0_JaffaCakes118.html
-
Size
22KB
-
MD5
c07a660cc6009d7be1bec641bc30bdc0
-
SHA1
8589cfca1dae841abd0c07e27e3c6c405a738d41
-
SHA256
4b20b38d5889874051a8de1699be18b17c70dc15577f2051462e28a9bd9d4d13
-
SHA512
5478de291a4dd2c58d8fb2959a9c2d0d112e3bc89a96850422f4c3451b0175af9368d8a4032a067e2108817edc1edcbc3abe4ba8095faed06e63d2cceb469332
-
SSDEEP
192:g83GVwYzel5iYzel5+eWnLzyw+U6lt9Xrn4babDgdvJfHVp0Td4/zJnZOGXpsEBh:GDiN59CfDgdvJdtNZOmpTvuZYahR4/n3
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000006fa3f134182d8a04beec30e8b6b481737998db3325e477b401bfd1c670c554e7000000000e800000000200002000000026915a6712bc73e2fa006653656d487843fdbb47929358d8aff4fdd4afda4c7c900000001f644f71e1091ed5b967f909cdf25c9d035b5d5e0ee6e13918442d82cf5f62bb8d033e90a84ce7efa51c691f0f6e27a78d82c7eed69a989994cd858eec5dfb601d9490936c04794f88755bc0b0640394f6c98e870644c7375c6fd1a5c1addcba9de464664ef9a086fb05bad475f0ad84fceafc6f2a7fc2192cdf2aa15d18cc9add12c8b0842ae2a076b6a8eb041d21a940000000f4599bbefc74f6aac2522c0932d3e002b7e89b54d980388b35623bce7d55953bf3ac6ec2c4e386a290d6386de42ca5d81afed4d6fd97ad0e2c8573846b713c06 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000043174f1aa2314a47aa677ebd5ad1f6c7000000000200000000001066000000010000200000008a7c5961e136e50f5acf3e00bda2d8f725b444d337ad1418dd9ba35c021f9008000000000e8000000002000020000000b3f293ec3339fddde15106ea79dcf15745621cfdc7b593ae19c1740ed4b8a89f20000000706d88cbe4b2efe6a9e787bd7988cf48ec96b527cab20835a826eb7abb8ed52640000000280264cf4850de6e9c6b5f9089ff9e6f47ad0ad9cfb1257523965145585b0e45d73fb7338708227257fd87c0e2dcc539b43ff3fc3b3525a096661ea052718aa5 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0e72e71d4f6da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430741363" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9B267EE1-62C7-11EF-98E7-76B5B9884319} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2288 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2288 iexplore.exe 2288 iexplore.exe 852 IEXPLORE.EXE 852 IEXPLORE.EXE 852 IEXPLORE.EXE 852 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2288 wrote to memory of 852 2288 iexplore.exe 28 PID 2288 wrote to memory of 852 2288 iexplore.exe 28 PID 2288 wrote to memory of 852 2288 iexplore.exe 28 PID 2288 wrote to memory of 852 2288 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c07a660cc6009d7be1bec641bc30bdc0_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:852
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54881ddcb3749f10991f63359aa97cc11
SHA19aefd69fcfa00c21027a94ac825d248b79332d2b
SHA25696d300e0303ec3d461cd74fc6c854e8c32ae39218d2597bb1c917785bcd550a7
SHA5125caee4e75f269b5b73391085705d5e432cec09ac45505aee5a0d36eaf1815b5f49752a3e864227d0ad442250381e40243453bbc671a784b95a3671218011126f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cef96dcdde4efb134bf4ac2dfc8bfaa6
SHA1a0788efd73f4bb087c73bdeb547cbb795a49d764
SHA256d80d05e42d1ddbfce6a3dca3e998d7ad1ec6c1291b50b7a122a37f958a779cb2
SHA512fc2aa045e7bb78ee11cbf068420aa1cfaac089b51f5853966cd2196177a68fca8d86b906c2491c7c5c417b7b228eca408f43a0d2d9aa041607aeff7b13c47bc7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9d844635ca3c5b7d64727254dde4103
SHA128d4689720bcd34b5f61192af29a52d05e0e53d2
SHA256d827a576cb196e08e812ae4b404d34d6ce8f0c123d9bbd26986d71158d83c995
SHA5120eb059fce068091eabcae6fca6fa130d771138fdfe8ed27790df12dde304763c0dea71d668fa7f9dab9c602b2907be14589354faaf4a4232691b46ef912e3f3d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c75febf41d9b7a06f7b31b80798621b
SHA1accb7415e63b16bb15a2c12ffbc2edbfe628d92c
SHA256049374a301d7e2eea6ccb50d58400c7923e0d3ebe6bff711b0e1c9a596ff7d99
SHA512fa3dae043cb867b9ebcde8bb5b686740ed7b1e5a518b579445724bb611f6cb47b004b651d3da214b663fe1df16007fe04400a5591274397eb0dff60e52a68b23
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD574ae2c3becd3c14b6a74cb22b8aa1c25
SHA15c997cd9eaade9c42f8a827b25d470d175417aef
SHA2562210a52e96077f2684ae39bf38aee28ba68451b61bf6b248bb2b66ec866dc3c6
SHA512c8045fd81e3cccce921de432a954b21aaa7c043353a6241f811d3a01e1556db6e7ddd79ececda3690df1780960479900d6222be77ffbd8bfd4acd30a41a48b04
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55371936c4bf09fc1556326ba0e76e084
SHA1f8336bfcff64f707ce1087e511fe253217f9572e
SHA2569fcc6b20395d41b7ea50ddc182acf507d4899b96ea2ed3fe5089da5386841a7e
SHA512288acf9bcbae225aa9daaedab82761969ff4a584f6f848ba04562b6dc6b8780157fdc68c64e49f7e43e293997bed325245cd934bf16d34d2f46f70b46259bda2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f44065fcef14f33c555ec3f6554e49c1
SHA1682cfad5587e835d5a5aeb28ed05eee6305f44f6
SHA256085c3ff80a88f4987b763a50e084ad9c879759489e5f864d722ec7de08f431a1
SHA51290d928309fadec6fe6f8d3e47aa8a7e4de88c2ba5e6428b18d8f1451ebd92d58e544d5d846b501c068532b187cf936f5c4fa88f7796bf1ea0a68b4c53dadb100
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb48182f81e6629885eac70370dad944
SHA119ec78d1c1b3deb6ac42f8b844bce0079c21a643
SHA256cd0c97ef028bf5291f04412726a4b11d98b5d72c0317f18f16b52c66d4a235d7
SHA5128248157c5b0b2e4f44ed19a6172def207df2366caf61fa4e59b93b8c879bcf3587454cee5f6e39042cd37c7f136ef46f233c0f7a0dbf214cfccbb0d4e617e63b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e49c63343b6b0b209851f50935c162a
SHA112795ad90e43860f9b4bf08b76a72f0ae131cc0d
SHA256e7bf89ea8b67f3dc226c23eec1c4d25ba1688b5d5a4ee8be24fa6fd778751374
SHA512b5ed165757642223fba92e54008237ddf24f49be0f342c25bd638c187102ee9f61dd177c94660a8b7e3887ec2e5c1199025341f5389e904f04c3bb6e3d53be44
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ad9d4de06776169cb821be25dc3a4d82
SHA16fa6eb46f3f1a4065f8bafd576520cd9dc9e77b2
SHA2560ed2e81010e6fc6498463b58ecfb8677d6ba49c202bad04a4a2761aa8c11368b
SHA512ba31986c292eedd25fa73ac64a3429ac0a6b9e8ac686f08789a3ce448146531e93140bff1a2e05e387b2750101182d513296231bf3306ddc25f8e241b45b22fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578f1e6f5797d115d07ca9d100b1d6a55
SHA1100df7278ae36f1684d790a8da3c16e4446661d3
SHA25698a81b0bab4768cd501f3b2652f3d3bd0eb59b0afbf83fdae4cfbf55f4fa86f6
SHA5124200b9140d01355dad2cfd3e72ac76a2c8c9da8e9da4499973eeb5c8ff9258c110201df55e347d414fb7f18cad8bb57ee77b48a0800e8356f747fc1d90ad6057
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a63989cbf75bb167052d10c08963c575
SHA111f88b730b6d7de645fe5ef9ce0e2c456e27f690
SHA256072dd9e5f688490fcda8d94e9ab182127429208707a73d37f5b885f4ca957990
SHA5123185dc551481d8eeeba8155af1f87933a9041706e5d7c3856fd267faf749eee810940a2a95ecf844dcbbd020823048e8b4105727f1f2e171f6ca66c051610a91
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ed99b49e4e334dd92b7e8de55916dcc6
SHA1853e84c7025761143d4862c07b18adef081dfb40
SHA256f444fff4f7eec66261873e02d3986f8ece623165c5cec341dceefc95a559924b
SHA51242f930dfb6239168d26ee3e86d50eb7a687a0dd7d6ee1868a26f2f783a67b1e145d2befcd70f112b02ebf09ac567eeda668599dd346f81e9467c509290f77f22
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b