Analysis
-
max time kernel
149s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
29-08-2024 11:20
Static task
static1
Behavioral task
behavioral1
Sample
c8b84ed14bc163f395ea2e8c7b2c908f_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c8b84ed14bc163f395ea2e8c7b2c908f_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c8b84ed14bc163f395ea2e8c7b2c908f_JaffaCakes118.html
-
Size
461KB
-
MD5
c8b84ed14bc163f395ea2e8c7b2c908f
-
SHA1
35ba5c790bfa2fb16f9b916081a1601e2f04d286
-
SHA256
4a9d4580209e596b8db48d195d7f7b7d946e4906773b026fd901c6c22246ff87
-
SHA512
70a7971af5a31119a74d6850ba8babf3722d4146f81811c9565f220af887f9dc358dcf8d98cab7d687818b0c1baf224510093da586cd26b14808e16600ae5229
-
SSDEEP
6144:SAsMYod+X3oI+YscNsMYod+X3oI+YVnsMYod+X3oI+YLsMYod+X3oI+YQ:75d+X3f5d+X3D5d+X315d+X3+
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C447A091-65F8-11EF-AEC5-4605CC5911A3} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a04acc9e05fada01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b7000000000020000000000106600000001000020000000363ee0cbb48c6168d8080fd0cab2f51caec25891ce71f1b128226372771ecd32000000000e8000000002000020000000abc7321d343434fcc488f317a34424a9e21cf10647ae26e332f15fc00063fea72000000082c9667f93c765ca85a66a51cbe0a637dd785bd7013c4667e306f1d4cd45a5814000000061eb00d21709b1bc7ce4553bfc79884c3aaa5bd4fafff304a6ee6f16fd7930303798d222971cec9225e27f4464e8a9841ed37b59e0c5f2c7b470891cb60abc7d iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bb7c5835718279428690b074aa627b70000000000200000000001066000000010000200000006ffbad870b47fb8d672048e37f424c29912d338997a0de336cb11194df51366c000000000e800000000200002000000086d234be234c022830ccec2393dcdadbf6eaf71f3b7e31c04947563c20c46cfe9000000092b227a12b6b82ebd513195701014146a64aba5343fa890a552c171b09e7060927af2895a1f940f85cdafeb2c82c6bae7c4155283e88c58e6dda471dd7dec2708e49adc5947e38e78fbce22bd9391db458c0fa3dbc4fd6d2f9773a0eaccbb525f68d6cae986cc026b9f5e363b5800fd8223bea7e3a5f0e158356974a6d2044666aa8ee6641ae31fef536915cb999d872400000004977188c026dee21262bbcfb1d99b32355de0f1db906362c97c852d1b43e3aee1c24fd74eb7436608b7a4cf8c6a86733e5c68d74cc8ed6f6f265ce5cfae8e00e iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2212144002-1172735686-1556890956-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431092341" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1988 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1988 iexplore.exe 1988 iexplore.exe 3012 IEXPLORE.EXE 3012 IEXPLORE.EXE 3012 IEXPLORE.EXE 3012 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1988 wrote to memory of 3012 1988 iexplore.exe 31 PID 1988 wrote to memory of 3012 1988 iexplore.exe 31 PID 1988 wrote to memory of 3012 1988 iexplore.exe 31 PID 1988 wrote to memory of 3012 1988 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\c8b84ed14bc163f395ea2e8c7b2c908f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1988 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3012
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51015d3cb81c16b77264ad42d9a0dc46f
SHA1100f4584473946dbaeafec80771f8a2390d4b950
SHA256d48122e0ebce51e10713f42ca29d33e6d4e4fa3ffa52c0cdce4aa088abfa4256
SHA51218b1597a470bc61478c358b702b07cfb4cc6dd39535a4cad7c746c1d1975345bc036475cec97726fc2ff46d5b600b58aabde69f5279485678f673da85cdc4d1e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c7e171be8b4e6a47b0e916924688642
SHA11f521ab5f329fa5a7fa21c635691b929e8e85bc1
SHA25665e51508353e143f6d88a278744f8be4ead3be43db05f9b52a92873df6748c83
SHA5124098734e089ca3bd6fa1cef6c50c3ed44307ba2de39e33fc40944c77fcd6a65e1fd573851a755dbd87f1076cf741807e98b1b5f565d3c22b30705d3b1a0593ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ccffb5da6048797c850a12cc8710d7f5
SHA12b501195395d0e55d7c9ac958a601b775394064d
SHA2566c3df8f9086ee1e7fd761c0a7afedb5b6adea13e48011ae71a413a95f43a444e
SHA5126e6fcff980376137d31bc0cb9f2d7a41a22d8dce477e52863ea2ea068cde383cc96d75088f5e74639a38a5507696140303736e2e249f7d38fc87bdda88ae3856
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a82617f844875ae3fd633a936475ac26
SHA1ad423c4ea3badd1a84a0931d58eba5812d25624d
SHA256fffd28ffa433fb8a738851fc128797ff4a3f6da26f33a4e6fe1dd404140fec0f
SHA5127c7896e7c5d0d93526f03599de57d3b3c1ecc96f0928ab5f373364b7343c7ea930c69d9f222b9ec5d547ae4303937cf41931f15029664389db3948455690817a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD591d8c03773c79768c7a514fb86717667
SHA18aa4bc4d2efb024594e031cc80a75f1e3d92dfa3
SHA25648a3c6b01a2abee657ddb00c09315d2160201e2f992d61ff7854cdc486150a3d
SHA51207a752a36bcb472a7418ec88ad0366fdbdf3c072c265a40ece778660135720fe89956b5bca94a681e6ee2484a650af84a7452652324611e43fb49ba50b65035b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50d7bee1803e38dfcb7f307c879d8418c
SHA1d3370c888fd551c880977f6d3e1f002f88266907
SHA2569133c9fb9d996a5a143896d32f1269d9c87b2ba0fdcd831079610ebe4b84c529
SHA512efdaa0ac587fbdbc5a377dd9c0ea267d28f340407e3e799fac9b31f7b1780a40f25d65af5bd3e4f376e536df6ed1b20795aa103190d602cef87adc5d2ce92cf3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52086d50fa1391fa4bfc91ff266ae7f46
SHA1d69c4808ee10f4acbd6686e4f16c9cae14db62b3
SHA25645ecba64244c52ed8834691fb7ff5bc65e131a5e8f1d3453baa1f04951aa1ea5
SHA5120d0bab9574100a1b5c9857992bb0f99afc1436bb419c2de22f4beb9aaf8b2640fbb4f95e6364cc7f856bd53063088ad02b865721382ae8a642d4e1cebcc6fded
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5387b5b32347d3e8d81252afeccf67fd0
SHA1dacaca6a8c3a8996e8350fad6d309180ec977187
SHA2563e860bae75de56eb43e457000c30f37cac17e31defe0fefadb6012e493a0e604
SHA51274e55029d88f51a08b60601d0fe457ff70a81e1aee37bfa3e4fa01d3af89da15c0e0a27087c95397b6a3ca5356bd5910aa32994713204cac7cbf90cb7ac59734
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD540e0f6064bbf3ca65673d3bf0443bddf
SHA1b5bcd15cc376c5252a256dba0c0ee9e506ab6d00
SHA25638dbe36728b0771ca3aa0077787e1e4c68f6e5ad431f294c2079404f8d46b952
SHA51226b5b770253fb19d17159eb412985996d0d58725c8157fb3abe879d0cbbc273f10287c987d4bac26b183e2277701183bffd832383b9bb49f39f65ba5ada15c62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a874fa782d3ef2c6a7e55348857b7a99
SHA1f59ffa34cb6026c54899ec94fc4fab76c36c40c9
SHA2565d044d246a45833042e22749c23164a315e0458be5d7abb997a7b1a35e39abd9
SHA5121f6fe9b52b884baa47bc0082c1a5747bb62f2fe068f7d452032067ad450ce4066ef5cb3a7c4047609fd8e8490b728f69b5dfc47b2031ebeb37bde89d25b71603
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5892e41d5aef34d4b473b9d07dfe958bf
SHA13085212803b5686410b10f4042c53898db21ec78
SHA256185323231b33df5a48979a73e6e505a40e57f003ac5b316947fc81d154ea9d79
SHA512889f10477dcdddb94ba98d02458fcce5e13b4266bf8b09d2719df8e6a89fbe714e179661f4df63c5ca96da0097a14348d2f6c26d6845679b921ba8be5fafc7f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53dafabd8ff7e1cdb906cd0abcbf1defe
SHA1cf122fec8b2ea8966f249d45f6e424417e380b85
SHA256ed6d2418403e2c332915ccbb83e3cb6563543737d776835079e07adc6768bcc6
SHA51215bab6e234c0a222df6f995f283d43a55606e5fb1711045195234c363960402430caa431c6ed49950dff6a1c6b44e1066e56e2bc383f492f849298a0c590d02c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58517a6ee6396ae9d659604232617664a
SHA1398b9725e4e91888a57005040672fa502121df27
SHA2569120d024e276ff77f3245c3cb77e4f8a6352a17d92ff0eaed312d0a3c0a4d721
SHA512bcd1a27007ff42259cd82646f7204ed65d844c998856295180c73540bb78df3af31485bd7903039edf2ac21012b421db67e195bb9fe069a74ede02ee35234342
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc376148834a54611f291b0b5bf9ef32
SHA1eb1ac9c5c7af38fdbbf35ee655ae8d91791dfabe
SHA256ca8310d98a6233368dc72b3dceb0090728155ac237d072e94e0672013eb334fe
SHA512f88f24829108aa226f41587683814bad4a72f1b903dad2514bd6aafbc0f3e6311b6f23b6c4e671e20a1d48af658bec929657edd712d3ca4d2061bd6a216804e7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58489346d2ec22e3c9e6b89ef0a867d56
SHA193084b35c57648dd557989f648fef0470f6c0e6e
SHA256a33144dd807f48697896ffe6ff66f3de2da855149e333a369aef42916df346c8
SHA5124649f077921bbb1da5573069ee5207499bbc26f82ec9fc897de105bcfcc4985a81f9054699c225b25051a484cbfe101b7dd75da35431f6443f7d77e0de44b785
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD507311a4a29a09c3f733676eb3c45ef74
SHA1e5b84c91d4bb27aaa59c311f946f1b216d443a35
SHA256d45dd46ed1aa80ffd99d98486812de3ef1ea17d6e6dd7eab0634f6d9fbbe2285
SHA5124183d8e5a6ab6600b589764dc351db231319d466ef6b7b920c00bef96ad40fb69c72886161620f98d3ffb90c5e660d457ec324b523686596acf82d6f9f8713d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c321148796c882a7670495193867a6e9
SHA1262e97f492d54dec3300b4a3561a8af0751896ae
SHA2567db15b3ce82d76efd61bb5fb8fb96411a1af09f4f1ed19096adaa681ee0ff290
SHA51261590362fb4b2b828ceb29c9bb1b332544e5da6e5b24fefee5494bde0771c7889d44fdcff303c9e8a39de43c39131a9c04a94a7544ef7429eef2921624cdc929
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c96b4ff5d4e64a8c1301f26f44786ac2
SHA1b601c0be6f6525b3f08d21d4e6c92cb19f9cbfe6
SHA25681383f12f8c5e8332f3a9541d62f606526bbc066f2d983af823d260046fb92aa
SHA51278960edc928fc6ee91717b7b93b9edbf475572b9cf575f1310c55eb470ed029f48d1efc3bde532727e83bfe35e562e4b5b99530bd28eb1fc26e78b606fa0c2ed
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b