Analysis
-
max time kernel
131s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
29/08/2024, 10:32
Static task
static1
Behavioral task
behavioral1
Sample
c8a6342c4ccaedd4b55d9866381bb674_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c8a6342c4ccaedd4b55d9866381bb674_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c8a6342c4ccaedd4b55d9866381bb674_JaffaCakes118.html
-
Size
19KB
-
MD5
c8a6342c4ccaedd4b55d9866381bb674
-
SHA1
bbdda62146695c93edc80541732f8d7617fa9f52
-
SHA256
f99eeb6f2f6867858b7f5120c4ef0a673fb0feb24ae3c2358582a569e886d8d8
-
SHA512
64a07d13210544fe95e14bff2e5ffa1d629f55c16dd4c89405722451e8ac214b424c5ae10cecf0db3c8ae1ee954d0cbc9c914a69c7cfc6f5dd4f0fd7a4de7468
-
SSDEEP
192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIX4VzUnjBhXp82qDB8:SIMd0I5nO9H1svXCxDB8
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{ED2E9F11-65F1-11EF-ACC7-DA2B18D38280} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431089389" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3294248377-1418901787-4083263181-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2488 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2488 iexplore.exe 2488 iexplore.exe 2292 IEXPLORE.EXE 2292 IEXPLORE.EXE 2292 IEXPLORE.EXE 2292 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2488 wrote to memory of 2292 2488 iexplore.exe 30 PID 2488 wrote to memory of 2292 2488 iexplore.exe 30 PID 2488 wrote to memory of 2292 2488 iexplore.exe 30 PID 2488 wrote to memory of 2292 2488 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c8a6342c4ccaedd4b55d9866381bb674_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2292
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a97f0a19e961159cec08f567df775023
SHA1c9f82d64fde1af9251387cdc832943f1bf7cac54
SHA256f2e010812bc9627d3278231d387e8350414aba6e7876eef6f2e44b09326ad35f
SHA512be88150a620d882523baacfe61652c403a09d207d17ea040f9a8bdc49a98d4162cb31f3395ef43bdac5b12930ec584d49a96f02e43a84bc6a40590919b3b37ac
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD583a8750c5b3b83ead023b59cdce67678
SHA1829ba9e366267229df2ed5920ba4630c79789e8d
SHA256cf79d173c9af6196be4da2ef15c51de36e89ac14e833b278a142f28b03095454
SHA5129230ef096562240cf7fdc1bb9f83f1a7757d9c6a83939f50a49b45651826e9189a7471532a3c750560c019924cd8bf07d909a1789abc5ae3299c27173445de48
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57ff217b88a42a1adc4dc2fc538b14e8c
SHA1de74aa08f2ac35e541c3401e16df95ffb2a8b742
SHA2569229f68a18707961e2a14d6ebf3eb18b15d3fd4f2093ce066a3dba67d1672e63
SHA512dfef80eab53058dc4b0a400b9091a4afaaf914a7a8e35279b174499115fc891cbe4aa800b74bc2ab9ca1838c630c0ab7188a957a79534b757dd901bd335f5e07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52b71cc0cd20971a3ae391795f9c27dea
SHA174cd26f4ebfa98ff08025cb4033bcef49940cbc3
SHA25624c4795917696afe9682ab77adae9a2f47d9d74f83f0744f0f811eee4f0e6d0d
SHA512e91b08bfe0adf0d3ad29cc1503dec4fea17139e52662e55c412d9a211adaf83b38a0cd2b3dee8a45b9b2daee8a6b5422668442f4165c393c74f3f4af49ac02c8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57ebdebb7ade6c76fbf47482ee7a07c33
SHA1dc2209d18869c47e1f980d0ccbf6810641862e17
SHA25664237d042f724fabf59bc258f5d5244847bd71089a45b92e2bb5929da974411b
SHA51223668a29c57e1548d763aad92c5a97857b65d8b0f746c7e24b5ea8e90057275d2e53c036d248f03605bd49ac416fdeb5c0604a6f1358440e51f36fc5a3f09dd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a8cb6d86a9c3f341d4602c50eecd2155
SHA196edc05142c97b2a685a26d88031977e9c4b5f34
SHA256091146aeb97c0313cdcdd2e10a68be302c174b2458fe746dd027038dbc32a90a
SHA5129dc8532d82c3897649d07fdbfed4aebd6880b33981076f270fca837783309efd024e902aa178a88ac4fa31362311c7c729683d4e536d7fcead7037bc0b3f3490
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59605e98e3f8de54e8fe7c6c674b00cde
SHA1a4a480c9f2b65694f9bae640532ed0c798a9cc43
SHA25627bfe00e7c6ecaef9e5332e96080176885ff5a236d90ed9c72a7e0d0947a661c
SHA512dc16c414fc52b988f70346314c0c0c4176d69554634607bafd123f90ec486c88d91215a9a1d0e443d59cc7659e2f6824b86ebdf771d463975bd001b0256fe1b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5be040700c66acb90249e481ad00a930e
SHA1c47086e90d6e75d6e6e4e978ee0d329360edcd36
SHA256f26180126a9e5aa1306e72a7d237aa738999fb7f8d263faf4ebac1438eb44213
SHA512e37eb6854069323a6302a72a5d43b31cbb8fa523b3d11c63a46c184e8b5bb7b0b1d922fa8d99547d5bab3e6ac9446690b9506312ef9b4dca26e6a3817dce5ec4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fb03be3bbf9776a99b76d11405b1d8af
SHA1754df52170dcdebad8349ce0bf7ce0566b33349d
SHA256b0c6417a9d8580a63c1eeeb77f9de5c87abd0d730c32786ecffecf79aee62c66
SHA512585d6ba01cd4001d3a251d4e72ed9b743bb2797c1356a1eaa71ef7c8474f4ef95ac6616719ec3b1201d98375425d40466555a3841b0f151ae93ac523563db26f
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b