Analysis
-
max time kernel
134s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
25/08/2024, 09:51
Static task
static1
Behavioral task
behavioral1
Sample
c07a93716f7385f28904c3660469400f_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c07a93716f7385f28904c3660469400f_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c07a93716f7385f28904c3660469400f_JaffaCakes118.html
-
Size
143KB
-
MD5
c07a93716f7385f28904c3660469400f
-
SHA1
71e7f6f0f4d948a47c2ab730631d5ad58edb2965
-
SHA256
ea5b7471687dc575f9037f23888436f2c73103dfd72995e36c96d273ce04be73
-
SHA512
d6bbbddbfe462dd74285fa142980ef666922ad97c4b3c43c988b225de212e1d5d98c40c6f4c8065a49ae7cf7f780f75fe9d0290347afbb6f381abd843dfdcba8
-
SSDEEP
1536:SRu566yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9dK:S446yfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0db5380d4f6da01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ABD212E1-62C7-11EF-9AE5-CA26F3F7E98A} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000ae98c76060dbcecafccfcf42f0afa93d6c699ea1be295bcd112b9c97b72d6e7c000000000e8000000002000020000000e19cc64fab613c7cd3f8ee8c36ec0cc9fd184cf03091076de86a2d5d712c859790000000069bd5dd0a6e9d05278e1064149cc6e0bac1fb6c88ffc8c8bb42c3076e039a6564c17eeef00107d0aede60457112950f966306abc4feff5f6a97a1f450b9cd7beeca033474af2bda133bdec42f9e22753f135d94cdcd389b26efd0f4b38656976a13a7a5a15af60b16a7a9be4bb203223316d315155cfdc92829011243f616144bb68b3bce70adee2c45d9a0b7c2f08f4000000033f4d5825ab7804f3e11ac54d480947bcdbb61acdfd6d3c259c8d77cb69d7388c350ead194db4c18d8985ec29bd824418df363aa9115eb9840eb1cd6216d51a6 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "430741387" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000baefde3cc93eab54f1797a6df1e6271dfc963ad346606442a32863aaf800cbbc000000000e8000000002000020000000ea0986beb017ab62514d1ef4e9f35b7e3e53c953559c6987f85e37a476486b9720000000693617e359cea60963bb55c31cd0646b565838ca862e3eb550d5340d55343e27400000001d15477b693faeb109dcdba9f903728e838a3d885ce025492446efffab53745fea11e97fadef5d0a099052ff8e53fc67df46144ac17c14868f4352e5bfad23f1 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 808 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 808 iexplore.exe 808 iexplore.exe 2428 IEXPLORE.EXE 2428 IEXPLORE.EXE 2428 IEXPLORE.EXE 2428 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 808 wrote to memory of 2428 808 iexplore.exe 30 PID 808 wrote to memory of 2428 808 iexplore.exe 30 PID 808 wrote to memory of 2428 808 iexplore.exe 30 PID 808 wrote to memory of 2428 808 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c07a93716f7385f28904c3660469400f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:808 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:808 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2428
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fe339c156067ae09ac68c92cbc5e2176
SHA1ed1646aa5b0b92c4778ed4218e4f5176ae6b845a
SHA2562e9f51b9eb39f829ace9f28df045a46436d1d59388df89049b1ef09ccb3557ab
SHA5124957520a373c7ee5469306446212897f1544ff2866176767976fe28de129925a67a3f9caa1dd02983811d9cde278e8f2c2d9e9334cc288b784a04af8abf2adcc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD583dafc6d263379af0768f5dce4165789
SHA1083354b288556fb4f037fd2c555da2e213a0a7fc
SHA256b183fdc662535287a61bf476f02b2241f8faa368f5cff613052bb1af905d7924
SHA512f51dcf4bb2be458f143298635cf3362e21dcae8c53b3ed14ac254e0639fc3c42c6649efd64e88147b3a6546ce88e78da48574ac60b199f26d67c5ed1bc198f6e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb17ea20c86aa49c28c6e10932ccbed3
SHA16452f98d046971fa26eea4b87ad5bc0d943bf38a
SHA256ca0b80b83acf687797531704a0a84dabff00f4f8a98fba910907e8364f210f6e
SHA512918dcd3281813a95944bd11533be7907160cf8d2ed6796603113f8722275a9e77c8309ba9a571221bc1bff9392056df005267c92b551bda516d2c5786e615c9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c49c3308c7b4494d9363638069f7c0f
SHA161066e595e5ff6801de1f9a62868f688224846bf
SHA256752492181e2a247a251210e819a2bb4e800710662e12eff669bea22f87c2f970
SHA512c540cd4b51828f6c2480de6d5199fda7bdef8d7e0177cc93c36673b48810012731953a4b9fd8f6032d64cbb7a74618fcb1b44e771c31dc7336b72a06cdc8e7e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a301174e19958a8c023b55ea65c09d8
SHA13596d7c274fc5013ea37e6c8f27a8ea3cfce4175
SHA256d66dcd4d74e63d0a86210bf5cf4afeaa76ca9b3c4aac0e082a5e2c5b908e85cf
SHA512dadea1d8ca031aaf452f734caa07eb45292d48fa4d2920180db593033387f05df9ea8f81c9267bc6cb2cfbcb5679f2c462614e6630556ac96c5946e5fb9a0093
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53bf81ca89331e9bad89354804714ef9b
SHA1b983c4e7cc660850e2540f7a2a2b0f3fd1fc8c99
SHA256c173f6c6e4e6ef8e3412939865cff56d41aa7d46391d0d972423c24be3ee91cf
SHA512c7f9556635ad0dc1a2e54e0d3214881ea2ff0e29579078ad16790e7d06be95c6fa77f4cf0e2423208a2c9a097cce7c4f3b2d568c86c2b28d87c921d6a811e037
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55cfbef22a399d5c37e2fb1166a21dad2
SHA16ecf8b0e4d62033152fd6dc777c50a3ba734d6fa
SHA25668cdd611b8d074ea3a68eb6f6dd5bd193e547672803105b5445cc59b4f9fba4b
SHA51277f9f7f4402df9dde183a55abaf338c5c2b5b9c56c813531f16e7fde7bf766dec9b1eaef17dbc17ff9d8a1ae1dd886d7afc8f8bab056c624f3421747647e010d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a280d1ed6ef66b0d2efb4c5c89709d8
SHA1492cd33041e997708285faf42ffad57942aabc9d
SHA256f0f1ff1110801583316907bdca44a6cb0a65a28fcd6b0978c8e7dd72f2f2af8b
SHA512e97ecbb9f2d2c4a0e85648ef0858a75c18c1235d8f2271170a64134943d2e98a021ae40d7743c8f338d7de9f3c540f2d0291b608212999c9e3841e49657fc978
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d6bb9396051001b9b82c4d127b0fba25
SHA1375ca25a8cac5fe0c8785c9eda42f5cdda55500c
SHA2561ae3f7324966bb27c147ad0f990cd8da6aef73d0b6fbd3c170eb7f4c435aac54
SHA512eeb1075224ab819083ce2f32f219515d9bebf027d70dc406f3eb9ec2b62a88e25132d65105edfe3fcbcfe83456003570760e15ebaf4922fc15b8a2f1daa6677e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fb2248226e9c0edd1dffd2a5ac90f0f0
SHA1d0bc98eff27704a3f81888886cc98bf65fe8087e
SHA256f35356566c5f6a66d350ccd520a5a88dc485864f190a639be157a19695a2cba7
SHA512ddcfbf0dddd7fba9e09918108b5ff9d2ed0ff4d7d46cf978d3794ea7e327958041db3890c64811d9c8820d8e14344e634e98cf7548e59e17ed6477496218a35c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5766fa363940b4d14fdbc3f6ca94cbcf9
SHA1bc4ba2ab720e107ebdb98326dd06f85832b29164
SHA256c6d837468b3ab92f9ed5b1703da5330ca255be7be27400f4515938a01880afcf
SHA5126939a71c8d4a20a6d75382d4829a79a3d93d8066eadc4f272e87e683da6c44e9e3f4043943ce6b07dfdb9622f03cfdc20e4339978be680ed4dd0b8bc105d0e1d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b745cc1b94672ed641f34f396a643fc6
SHA12a599d41f53ca1676530ec031ac778c4d349d48c
SHA2563f55e37978a8702023de0454d089aa8d1a38281905dd5363f83d3b3c5ff6644e
SHA512713b7d2e59c26a0bce965d1861a69bc6a676771e85c89226ed602c8cd8027f12a4787a89f5fb6364feafc8ed137a6d28acfc95b1e992035939744a27b8b9fbd5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52c90e7ee5caf28ea540d45ffc40eb2a5
SHA1390ba274011b19a381eeae69138eb6682194b26f
SHA25617eff1268621ed62f43a000374a81ef35c6c79ddc8421fdfa688fea25e01f638
SHA51286cb4a4a057c3707df1c0efcf578c7aeec05af9caf3f4afe22132ecb5e736095fc921b38d645e51eefdb5949fe0bcf9634f77aa243f92335db4f7157d7be23dc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc248b618f83429f09daaa6b92f97bb2
SHA1fbb8aed4de0ba0c8690a7412e9a4c1d6d71e67bc
SHA25641c0b513145226744cd354799c2152bb792cb0f26abad06fc8bbb952407c3ebd
SHA5128d020da0cb7f8f05a34d0fa2112740dc5f10207f3da7fb9cbdf7b1ef96d7c65a09c1fa194874b0ee5253f07c48e2b7c2af364e5d757a000fd51247e86bc3bab4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1acd2af3e70d8a88a1dcfffa8736806
SHA146a80dacb390179689db8d359e9ec2fcf310d545
SHA256019eb848172aa13263808547e16332149632b446beaa89be510ddeaf4028d13a
SHA51218d98e6aa23d34194fd42639f8f54650e1adb79b6f8787ff352004e79792beaa991048f073f3384cc66d0361f9863d28be2b514a2245a75a906b77033045d24e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c68b360bd341c16831e0b1f4f308e5eb
SHA1d54083f74640ba89a47c703212de9b72dc23af0f
SHA256979dc45c38e5ce5bf68e72bb7ec785a4ad804c579e83a33721599a88258194e5
SHA5124d99776d5682e7496f8ca67df36d9527c17460719d45b1a999bcd2b1f932e5fb2a92687adae904b29ba3360fe89f920cd2dea9123215b3c74f91f234ef366572
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b