Analysis
-
max time kernel
140s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08-09-2024 16:26
Static task
static1
Behavioral task
behavioral1
Sample
d4c79e1b77a0920eb8a6589d9f5c66ee_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d4c79e1b77a0920eb8a6589d9f5c66ee_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d4c79e1b77a0920eb8a6589d9f5c66ee_JaffaCakes118.html
-
Size
6KB
-
MD5
d4c79e1b77a0920eb8a6589d9f5c66ee
-
SHA1
d7a3bd1e4ace0952dd3ad447db131ebd8c3a2046
-
SHA256
e8263a2945617c8c5afff3c6126f8f7db037a6eb02941a6b9e8805564d65aca6
-
SHA512
3b1c6cc0d2e1f99990846e5dc55b27187a48c5d7d08dc3cda39048b530f2cc53cc4f54ac4df4f36d4369bbf151ed9beec3895561df5bd90c05e825304b97f661
-
SSDEEP
192:6TKrD89+BIvzjF4OoFUo2VXvzcl7d+s/kCCD:0c8vF4OwnKXP
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431974682" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 609214130c02db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{25636631-6DFF-11EF-8632-EAF933E40231} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000605b4e0e36620abcd9f67761ad2180b57e3739c6d9a1d7e641b675cd889d295c000000000e8000000002000020000000e3f040a537522a2b5cd94670cb0c9958b1b38d1ab1832d5b2825f86cc2d82146200000005735f54efeca247e5f8592dd5f144e1d0848bfc2acf9d34d591f479a04a55f8b4000000073d7c8833af2a47a114a53b7373c6fbcc0fe29d9c1fd51975f6cbb4035a9334aa7cae82ca86e513afe5fe4daf3e66c16e4f4ff52e11c4331f8d094505209038a iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000e1233dc91178a2b53ea35fb8b30c5f45cd213fb2a977c4bf88c96cc78f2489f2000000000e8000000002000020000000ffc6158165500e154743d1239bd4975e9c95fd765109e40f42e06b4d0662eb3a90000000f4eeb1b73a5e3e5173058a594d69729e6732db1ad0abcf5b73060e2af383d2c04a92022f332eff6cf724e951bd43e8daa47324b5c431a104a796c1e95b19d60d464a4893f8184d29273ac58d013aeec940996bd3013b30e56e74a515f31ab9291e7d14eb30b8aca8d8f719b4ca7f74635ad4b46a21ef2abe4710b3bb01cb69705f238591fb8855468ea86c1a97c449f2400000005bca2f17b71965af0b10e055cfde9c81bc93e633125bf318a3cc73987614cc897b1b821ae8dc835b87ac971eb14b2cc5383012f8dff111d4084b0fa9d474b86c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2724 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2724 iexplore.exe 2724 iexplore.exe 2792 IEXPLORE.EXE 2792 IEXPLORE.EXE 2792 IEXPLORE.EXE 2792 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2724 wrote to memory of 2792 2724 iexplore.exe 30 PID 2724 wrote to memory of 2792 2724 iexplore.exe 30 PID 2724 wrote to memory of 2792 2724 iexplore.exe 30 PID 2724 wrote to memory of 2792 2724 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d4c79e1b77a0920eb8a6589d9f5c66ee_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2724 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2792
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cacf0b4f32e763df295ea5272f265b5d
SHA11179bee788284036e8054944ecf7151c07a48ce6
SHA2560d9370a9f91867850b0747f1647fbbbcca28313ddd12eb100a563f3a829222ee
SHA512a6fbdecb7fa1af2075b7b1047da648cdb1400936d634c2bc7ac277b21e9ac6dc95db6d391e1c460751dec58dc44ad9069f85669dd9780e5d08c5412dfb4bc8c4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5047b2730ef7d0721adf9cbf0c8fce1bd
SHA1694fbd863c4e8a24dcbaa72b7e2165a5530eb246
SHA2563107f6ef7bf12e94e5248a511f05c2b138a39d8a1a683810548030898457df4d
SHA512616a455e4e3867aa61677c64bc98ab7ba5afb72607d78938c7229bc2e8f39ec270581bc2e710ab31b48d9891a8d1048ae1ddb0b3cd8448787b0c2069bb214f10
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c42fd888577c33cac9267d9ac4d8b46f
SHA12f0968272786e9e5c12a90a5b1dd5e622ba2b605
SHA256f9b45549c9d4ff15870606997367940eb0245f2f35658832a56163d1ae92e43d
SHA512f8a382d6f4301e77f85643f29337341405bdcbafe90c97b9afb4fd7f096a9465be3048df113b256ccad7a9bf10e2aa3b3e4243b21ce31f02ef11abd1946f09bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ca9555afee73f31792827d22914839a
SHA188cb8c98b20b57a5f30c9f7320f8e8e957388ee0
SHA256d2ab1e150bd06fe8af6853fcb4823fe476ca717d0da8a16377e534cd53bc3a1c
SHA512c2ad3df63769b19792c6f79f7ccf3bba3d3b8f4440d18d49cae036e3002e1e3ec4af7cc6611ab7480529d86783e3586785bc7cf3b04ed39a5545c5a96862e6dd
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b80495889d432a6c13cf0ce344834e67
SHA171c5d328fecafc84e179344b4020c1a51090ee36
SHA25675897a01b216b2efbd9f482223faf5251ea2d655ea76182fa52f389f475d3b04
SHA512280ad29aac8daaebbf13494a9d8291629b2c033d714726a0be9efc51556c09efd5a463c29f248bf0771eb300045f8f225a45763c00e4fda2ef2ea243f4bad71b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52aa69235b44c7f2945912d53d51c355b
SHA1e202f316512814ce102ef50b4a9100a5e6148ea5
SHA256e307cb15408ce4f7bd6133d8c44dc7df1b5dead54e543b265a539507dfa51280
SHA512fcbe379c3f9941bd5599e7604ef9635ea070521d89ddd6df5ec4f0908a4ef9d9fa54c520030a5dd452bcb810f32f8c821117ede1495b30f83b3dc66750a4cce9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59fb4b19b73f9bb79f690e4ad473bfc00
SHA1c3a4565604829bccd2f9e2162c5a7ad46f564147
SHA256510481bb278e73457e056c1433f45791ac046e44a3c139bdf90759cde89efe04
SHA512ec20b94b13764155f0bccb29d2e4fbcc26371201da042cb1edd8ab8321fb475dd68ca9ac1be8a2f0d754e8a88a447570512c552d5df9202134bf83ef1867c6b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c9a13180958093955b3931f582de2bda
SHA12ab117773a704efb8b543ebe62bc5d0945264952
SHA25643af75c181d046f56a2cca0e85d68aacb99913777b6832de1eb5f2408852e911
SHA512b68db3847fae2a102760e397d94d2903d339ca86a394aa7b1ca4758916a6219c812ee172fef2291e5f2f4f8e5e8ab74f1c11a3cf77c7a4d2536de9d747363ef4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521ba671ca973b3fd5ce8464b7670d331
SHA1123ec9ded6575fa7d3ba634e049534102b091aaa
SHA256368f814079e12100f3407af82d77779beab73c16506ee1b91e87f1e3f4dabc5e
SHA512bcf08a3b7c9c3673f215599a8136c61afb3e9fe0143a1b0bb446eb6dffd4a7ee06ecc1387c28643ef6ed3eba81ed176149915a15a503bff274f2c1c4c92bef3c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b4aae9e0ad1be0d30c4aa2f2a0ac63f0
SHA1363c6f15dae31841d0b2c629a9561f0eff54c0a8
SHA25671b65994e8755f0f59f706fa00d6cb30d5bcc1d1116d12534d7d3cc892579d62
SHA512c6ec0273a1c77c8d80cecd83fb3f53bf66ac68de4479f77d7df9cddf2af35a8e4483a033f17f666c89d99b3759a6f52cebd203c9a49a96fcd6a905af5487cce0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57bdb51eb05a8bf428376f187727e003a
SHA17835ce9a7b8f9e8b21b62ed224712326b11f321c
SHA256475a0a83ed61a727d27f375bbb0876a4ca10e848f64e1c41f7773eb8de583a36
SHA512bd8af9f253573779775d1f16d0b0737d5e37686c698b9d4ea3cfb46ee377503fa3a2f61cd36eafefbc8a326d0b34c873844fd2e76849813bd18960e85812e23f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5641cbab393c91fcb544fe34726caa715
SHA141ada41b844a66780ed8f345c2a563714f727c70
SHA256df8278819f28a6806372dca5ddc263ad47c76e55c667a650c50605cd6f48842d
SHA51286e1902183b30f972163e0427b014f1c60e26b18e4b027e6c40bb39224c0f6dd73530bacebde78cc126f9bf0af1969d119b74264bb892c1b4c6de53f9d5da4e5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51e1cf7277e7882319e4c24218022d5ee
SHA1ef2f29153a46828a31f0f6359a3506b9cd48844b
SHA256e1e038af0e6749e7e6bf5695d9b19b01af2d6891280c4d796f6c60537667964c
SHA512239dfca30b1e3ec11f2d25f1b8cc33b113c63ce56c088493f9579549fd6c59686caf2dcf070bb15293c3bfd8ef295180a98e092e3df90396c26699b31307a1c0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5af5f9e550c7b471d4138b5d6c1c738c7
SHA17faf5147ab613985832ca3c6f9c37a81a1e70426
SHA2565d7f5b227fedb42bfe8555b8a9a6d0dd5e3228f613048be5539756f37513ff97
SHA512489a201b68c9125429d48d283f569b48db603c5a275300c3ea791b84e7a8bdc7d2ec5416e234414cf7f2ccb3a636ca01be9ee2fbc86e61be7ff8f34ca2a9b7d7
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b