Analysis
-
max time kernel
122s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08-09-2024 14:40
Static task
static1
Behavioral task
behavioral1
Sample
d4969470e59caab2543756f8fe063abf_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d4969470e59caab2543756f8fe063abf_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d4969470e59caab2543756f8fe063abf_JaffaCakes118.html
-
Size
111B
-
MD5
d4969470e59caab2543756f8fe063abf
-
SHA1
9df4c3285db27e29a07769881f26689b10d1d6fb
-
SHA256
deb143d617f3ad28247e1259b6fef309817dcb7663c5384ee06188a4c7b4f58e
-
SHA512
6372709a57caacc7ca3509c9f511fe469834f08f4ecd6f03f00c6e2f6ae3b88e2ee3cafa273a1574c46761d9977f67bb058953abe65aff023f7b1ae5dfc77387
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000df7f384a4b4bae0d0edfb9b2aea56ca23c89f527565f66b38973c2732404edeb000000000e80000000020000200000001f39780a530579169f18d4dd424c4e23f3ad01bbddb2840382f7cd8f2c55624420000000c4b271348efd5b661a973f9025f77781f5c87f91ad4b06747fa75b7dc38a3ab7400000000d204196d6eb4026ba260c7d0db209a70a1f0f57f67600b1aaed6d5051e83c6ded2ef02033927d2738e61b39ea7581a53acd889f874fb36d8a0163edba19629f iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90392e22fd01db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431968306" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4D60D911-6DF0-11EF-B6DF-4A174794FC88} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000066ef652ced2611bf8725d9382896ee254678f76f4eec285bb00f80f0b4a99ea000000000e800000000200002000000097dd1ac1652a314db6e2067be75b8da31c0578496142a32f6c1cfc6bdd80769290000000888e8be48b9233754749fa8b950e888036c3157958dd27f98f83979cea602386e1a5f54e45e074b09e4f5ee8218dab994d3968d6e51b9695b569aa44b75e6d3c37f8f51a7e55f14f63fbd0b3e679864757299f0b4172d2b458c438068af6acc16c0c0ba4e3354326c642957ebb2a2cfad71be8d8a853fa9b2e2936db08078c0960732426b6c42111a16ba3a3706d4c7f40000000c7f3ccffb7aa5c26240758d303a7cbd9c2a299af3d2fcaad4448f84d19257bed8dd7b954e8d8ee7b9b27ee4ca82c5c343e03ea4365ea42ced7ca42fba80303ef iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2008 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2008 iexplore.exe 2008 iexplore.exe 2616 IEXPLORE.EXE 2616 IEXPLORE.EXE 2616 IEXPLORE.EXE 2616 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2008 wrote to memory of 2616 2008 iexplore.exe 30 PID 2008 wrote to memory of 2616 2008 iexplore.exe 30 PID 2008 wrote to memory of 2616 2008 iexplore.exe 30 PID 2008 wrote to memory of 2616 2008 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d4969470e59caab2543756f8fe063abf_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2008 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2616
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD575858ec4fdab5b7f00c5f3bb8ae9223b
SHA182c04cdd1f628fd0b886e81cec3bb9af3e0afa8b
SHA256b0a8b4c1e9385386522480512f645b515a00e65ef420714a6d863b4254bc442c
SHA51209cd3143ece9d5b65c4e1161f6394870663d0bf74718e0b582f108aecb0b17cfd0f477725008dfafd53a7543a3b2bb321ac7ecf85a60d3c77a42810f4c97600d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a0b566707355d2795017b9e83ea8e12
SHA16e3be1734472e64c609849c1d73b835a9e6fc53d
SHA256f958f298efc05365e122622aa5f9a5adedcbb4b4b46039f8c4b2c1eae875632e
SHA5125c3a58207c9ac5eacc091a7cd5769d3f269649a6d9bc3c32a9bf7f4d9355661363e3a893f76f25815711b3d79f27419e6b3a54ed5a6f3b05effa56b6f274227f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc285aef5a26fd79f999f76709f1b65e
SHA11c1a808dbfca00f1e7beafb5b48491d475960ca1
SHA25657e07841a3f261fa9d573024fa72dc1f51bbe83878373c24acce022b9e61012b
SHA512f215853c87cdb05e3bcf90630482e6dfc0faccd7ecf063aa9dd86057fce4cd445c6ed62d71a65311ce00c65e2716e211b2cd1b4e96840a1ce4827d938d473d20
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e192ab04471c328a202db223ff5b801
SHA1a445fb2329e1ee7a694f09389f806b259ebcb30c
SHA2564135bf3017d72980ecb6c67af90e617f4ccdd2ab64a3f82aed78ecad9a9c7a97
SHA512e4c38ef1788e5e90cc60f03ab5e261d05caa7057c28eab4897cde24ef7b292b4799542abe139de7b0b30478a0dec4c1d44f87984f5c56347688c1bace646c2bb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54477657a1dca24973580cb1ff0dc1974
SHA16aef8375b7d176e69087e71217b17ec730729983
SHA256031a8c09362c4797372660470d5d87180caf68de4c0342bc07c464ba362a0cfc
SHA5129987ea64b21993676dda7c3d7677141385e63f8f0f0f93a32b35b65510d30652a5b216ab5fa5ef0dd65efb5de25318db1f60e74370a04d6a0528a8b988aab491
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e132915852f166dfd4bddefcd88564db
SHA1e9b826ad8fcefcfd80fa78dbdaa9e3f6c2668f9d
SHA2562c7507d2aaaefd742dcf782282783e35f9a5a79e099f6eb21c77da4f72e6a496
SHA512a783682c2c8b15d6fc98c19e523600d99633fa2bd9b2493d29775129e958bfd815065139429dbf38964973fa133b04a0faa6b588c2348b3768ab030159319832
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52450cb7a54be8ebd55bbddbdc051df10
SHA1e2e385646c22981c2c70a6a8757b497cfcd69916
SHA2564852e5bd8cb2f58ed2ce77af884ef029e308211bafa507e37ce65dd13c688c82
SHA512825ed8b70698c42e4eba81edfc649c068c198ee4adb09806920a3d56dc485c2f2c0173c4945b5b5916f576b4cacbf924c5b62b1d26c2b45218764dd979c89052
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5742f49958cc021560c6e8f74bad38c2e
SHA17d657ff760ebe82738f26f15c688a28fc3567787
SHA25607cc5eab146a09be28acec732cc0663dba34d33ac8943c28c68bf3df2753644f
SHA5124b13486899f031d8a8d7145852ff1f4ce113485e495691f82a5c4b645bfabfb8f10a8d37aa916b7201e75f395e79c4bcbb0b4860d2d3cf4c9f01a385775dde0a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c8f2ef34ea2667d1b7c028d5942e040
SHA159c3ca5672560be1ae844f214cd6a4ba60d167b6
SHA2569e246dc7e6fec45d55bc79abb889eb9375637927eed47114ba24ea5f60b4a4f0
SHA5127a53a08ffddaf7ef2041c94f1ece9d3dcd35d0cca96498b4e291d428927e7d2e1b48612b12f1abef0db96a870e3aafd571b53cf38e403b4b045547d4586537fd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e03a0c788402895d873650d5c3512b03
SHA16a347131976595569e1e50735d953b1e9626f787
SHA256d0b37ab1600f33d74e5b4ba5865db7849dfcd09976ce9f77532fe4736b0d2cdb
SHA5127db54cdaf7759a6a5781c2ac39de9767f15af4f3e9f5bb3eb83f079a4b6c86e49ce85cc84b106d122a24ddddbf9b91e8758254a9cdf1a02e2ad4f090f1eecc40
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b7311d7d773b5fdfc878b36ebed0de8
SHA10b8dc7544130ecd2d938ff28a42ab19d77c897ac
SHA2564928216ba3b39601e8db8a2594c7d80ee74fe2c5a36632def5239a65270dd061
SHA512c0ba02ca2f082a1461e0ca1f5a85f05021033397677b75ca2fa5bb31ff068189bebb14cab92330043ba8a9527a2de631e271b7057b05e513283e3000c2499d2f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD545159dd8071c260471b0b2e4ec539b1c
SHA118517bf87004c72112c4b1d6897674e1bc6753c4
SHA256f4691bb08ed7cd13da621a7ac47df1963f1c3bc6f4bdd1c008c8a66c99c100c4
SHA512da04f013b6514f0f84c86c31610dc633eefab6f1e31a7daf40adcf71ee07f91391bea92cf1d0e5843d0e64402748abc78c8bde710a24225f55eb684037e4fdc2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5751d62b618dd890506e271057f99149a
SHA17c00d598b63360cbcbaf6316b0dbf7414778c467
SHA2566e78eab0c4182f19c61a959948a1668bbd637d13367ea090fb2a1c6d923b1655
SHA5120f9fe5a63e8bb84d756f3a847962ca3af632d5cbfa59f67941d9e190252956d318d2a4cb6fcc3c1ec8290005c41f211fb4e3d7ba06ea56e2504655a47016f914
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5306e20344ecbb32bfdd4928fe3e06b23
SHA1ed8fc3e13a0af34ec3c91c88dd45dbbd81d1431d
SHA25660b298b2b41ebe2e8bc64b15b4bc9b0bbf5c90b24f62911bbd3fbaed16b5aa4e
SHA51256beb5fc84b27682476500997f397f59d80c3777e28019c6c4e12d28c7acefe87ed7056f05468aa41866e4de416834450133ee719611d8a8275574dbabc0e374
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f0a87cae5595849560e1e72d4b9615b
SHA15d14e41b51c6eca2148ea993a502f2b348d21f4d
SHA2568529a18d96916cf383af0fe528f07d66559e20b36744703a4d8a66308be232ae
SHA51203f7cd94eeda5ad20f62cd7a1a5559c8e04641a038fd5014463487cb73e403b32a27aa574bae10df8081e1f8b781c138d2a0c1df32310fca72dbd9d5813342d3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55362b065a2c8444eb554d64794221b79
SHA16808006a76fdcce13d9ba726c0ba02e1fdc4eb3b
SHA25672ce960d321f57e87fd9f026e0743b37612d2919917f2c3bf4b46edbbc72aa9b
SHA512b7310163e83334a1808a8a79745661f07020fc993a8d7ae2baf280483e8a218f36e3affddd3930b90b64a69cdd4ee017eb2bf53e5f5bb968ed1d377a8b17365a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58c2050dcc8423ab1856447f63fc4097b
SHA1613c605c2504091f0f999ac94c6b4e4dfb14c40e
SHA25654c2f2f54aa16fe9678fed5aee8a2c1ecb2cd6326379b77f19c7bf8ffedbed39
SHA5125601afce2de53a20076c0b158aa7bf3585a6eefdb907351436b6e915fe0f5291c8d190406599123aa737b6998d53fdbad683824d282767513638d5316f45320f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f0ee27d9d26f549b8e35ac8bc276a5a0
SHA17dc4ed9efc65fb432b517523827050566559bc0c
SHA2566a9c73361eb873c5413306a3d3722c71368cf43c3fda6e79baead4ddbaa2ea26
SHA5126e4024a423749fa1271538f01492ca48fd7454986f706b43a2da6a9b1cac54f34e0b083defb1eedd1e58fc4ef57232437274a227b3f4a07c01b482370eac54b8
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b