Analysis
-
max time kernel
117s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 09:51
Static task
static1
Behavioral task
behavioral1
Sample
c07a6860f62eef4ddd9d758864277204_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c07a6860f62eef4ddd9d758864277204_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c07a6860f62eef4ddd9d758864277204_JaffaCakes118.html
-
Size
3KB
-
MD5
c07a6860f62eef4ddd9d758864277204
-
SHA1
1ae58e36a263406a0e745e9fa105347f360935d0
-
SHA256
cbb1c738a5b72ef49dee175b8545a6a5cc49acd233dfb09828ccc20d31a38cd1
-
SHA512
a74f7faf1e3d054149b59ff36206f9867eae28d0d0d94085543c1a2c2482215efd807e1caf6564b890110a4b2bac178f45c700bcd3103b27e2bb6f886a6f3c1a
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000003ec2349da7301075dc2b16c8b8ca229bf4d730bdfac1df24bfa9419ff24b54c8000000000e8000000002000020000000f7a845dc009768d5f2b3f6d0e012970a3ca8f98c038e0b9302177338f17de4e320000000a93c5a3dfb4a086677d487db811aac99c731d3d97b53afd5ef60919f33bb06cb40000000637629bbdff34bdc498256d14b371c5b6cd0f4f5bc1f5a46dfa0e64aee3d0c14aa3f84450c4aab26f68aef9e9237df370edcccd69a340b1795d7e4c2df164a25 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430741366" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80e90a75d4f6da01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb4700000000020000000000106600000001000020000000cf4b8657e1fe17aef501e029d886a9bd707634625e6984af52b6592be582d69e000000000e8000000002000020000000c5747739b352d6baefb4a9594edca70f18fe7d6fa1999d380cf0324202b2046c90000000930329bb70c3673eb54275bd5c6a974a0438ee630bd5985c747c4ec6f03def360d5cb659208f76144c607fb300fdc92817d8ce13fc9fe846a6d44103de6301b96dd26c7de4df12e164ae9a1cfd675a63d43a53364a3739af9e4c3762d85f565ce02b11ada1eb8679d05b141f416d330efe4d4c38c6194c6e07706b5db87be1260e8170617894f24feb0968d1900d01744000000064507fb2f5e6b388b1f67d742050185e283d26ec8a40b6e3bba507a426861c0a4641e782970b06e9f837daa1d10ae4fbbfb8635f6eb224609217303a926cf2c5 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9D851FC1-62C7-11EF-B33F-CE9644F3BBBD} = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2412 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2412 iexplore.exe 2412 iexplore.exe 2300 IEXPLORE.EXE 2300 IEXPLORE.EXE 2300 IEXPLORE.EXE 2300 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2412 wrote to memory of 2300 2412 iexplore.exe 31 PID 2412 wrote to memory of 2300 2412 iexplore.exe 31 PID 2412 wrote to memory of 2300 2412 iexplore.exe 31 PID 2412 wrote to memory of 2300 2412 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c07a6860f62eef4ddd9d758864277204_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2412 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2300
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55a7499acc2e3ee58f75adbfb195fcb61
SHA11faa4c3caf71b4866d2844d19d307f15a0895e09
SHA256462a4f56b2bb2ce9a3f14989860561eec741b8693628000a885851a69b85d35c
SHA51243183b0253ae8e9f76727eaeb5c120a406ab41d1f319f277a34d5e682d5974670411ee803413e3250f1e159fc2e4e3e06c24a4604bde1aea621661158a672ed5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53da833103494a572f8c564b359f0e26e
SHA1a64ca21536120fc3ab38b7fc414a9eb733098f32
SHA256cf18e63b3c631e738b5da3b88bf241a730f7046858843da1e5451b433810ffa7
SHA51284c10c7919bd0aeb2f59f9228fd18ad2fd0061c6c1aacbeb9b2ea7f2a03109d87d869352c23adbce9314ebc2abf53c033adc96123b28dd1f38d476805c9b2355
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD533504a797e22c391bc98b00fc1310337
SHA145260ad14e2e489a228476d1ea45fd9794eb0e09
SHA256c10874869c8d129c4f596943a3f897f9732a427af7613d69657cb10f1e5caf2e
SHA5120bf623084f211f98ed8e36d518e9f7b132e4994c48f0d2ff56f14c106cffa644aea65084252df36f894dfd46c73a14ee00137e4f2129fcb24c0a3cee0e15c353
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560ce2c47f8368cadfb3f3bc20fec3694
SHA1c209fe6a36c26cb41bb35c2257150b00e06860a2
SHA256a34d2fce788219a8b98f39cc5ee8fb23476983609e7c2e8a233d35babe5b7937
SHA5129fb2959cdceb567f04260925da1e58432a8394f9b263820c1927719c1e803958fbcbe23127e074a6f1b90ae6d7a48a4d0b341ded7db7bdf2d02fe1f05f1031e0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5336136b02f69b0d850313df2f8b0d714
SHA1f3e3dcde803af7302c7b9a90ebd237a59e3afd3d
SHA2561830650aa6e6fea4d3819ebfe6d1453f5e3cbaf83197362625a521dd63442d60
SHA512ee21fdb737d83f1f385de69ac24ef16f37e698b9aa144ff112f17a2f22c260883bf1b578a1585e356d4c974be709e8feb8b49c44f507d625c8e5dcd538415619
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5519fd65b2cb9f1584a35cb7d5aa7ef16
SHA1ae240931204f8edb97c21046704deb71e442c10f
SHA2560022e6ddd1854ed1075a79ea6455f23758fa0e9506932120b481504607d9f877
SHA512c2c7b09d876b66ef3a98cb4e36c937b40902eb7126913b2415cb5eeeb9e15e82c574149d6bc66d2d72bf6900fff625e17403284ff216170a59f0f0f2c6a5d229
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b940ffc7660967f77d4c41ec69c0b8b7
SHA1ba2e8aa434d22cb894282eddacf2feddb18e32f1
SHA256ef25fce37ea51633da3607f0aea2c2fb66296c1badea8f8e3935de07aa776be1
SHA512aa2dd4b395b9b66ac68ba0cc41da5f507bd92e526af1d0f86c430259c4b58981098076c819e9a858a0cdf3c8e24ab7379c4643485db3ef4bc87428c84d70892c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54402faf4624e48fad9744f065acc693d
SHA1da6f6ade368077aac0a9ba09413cd26f9393366c
SHA256276a63c3d0913e51a039c6dcf66263e2c6276f120efe6aa1f74af71769ad36f1
SHA51235cf903bd19c4ee1216c70cf48605e66da9b491d9b728f1fc620aedb8b56ec04f4197225651b1c9a2e4ec6fb96c2e52e472ecc59e130aa049612e43332f14873
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ac745997887b13900b586a340bfca55
SHA1996514f46a0f430b5daf73c97cbe64cc0e93d345
SHA2566e5680dda9fb06354809a04808ea1548a303ec44e190b97896bbf4637a45eb13
SHA5122e145c29fdee433005f124256a1344f4bfef74f761c994b9c19ecbaddbf9e94dab9f0dea155c382fa5951e52156c92f541e61e2ba771ff416502c4795f4cb1a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD547a08663e65b23046d15ac6e7e284907
SHA1c3412f32224f8b5059f2515bd2191d7c8e21ea2d
SHA25608833527ca676982d8c2150147c9e96e706f2a403041217cc908bc5b5079b817
SHA512347226eebd0f8ee72fe60387e4d6fd0a4e5c7cb9a65ee16544da7dc667f99c9ac5c349c026f69ab9814c9304354dc2cbe75ed1d6bc200da89d145df041185b97
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566c364ca84af967d0075d7a0fb363f7a
SHA196616d9255540b843f108b3797a5739dc77d1387
SHA256b6957d5f7222484b50ac64a8126e4690d12a5ea01ea3dcb347d0767e8b475355
SHA512211965b992678bc11c8f425d9c681616a1781b78f8397152ee10494f014ccd4fb09aab01878f69d156f623091f2cceb4ef605270f4cb1a2ca22f8e2e281dbc21
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b