Analysis
-
max time kernel
117s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08/09/2024, 17:58
Static task
static1
Behavioral task
behavioral1
Sample
d4ecc880e7da0fb8389d85ef11aa22d4_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d4ecc880e7da0fb8389d85ef11aa22d4_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d4ecc880e7da0fb8389d85ef11aa22d4_JaffaCakes118.html
-
Size
950B
-
MD5
d4ecc880e7da0fb8389d85ef11aa22d4
-
SHA1
6d8d2525a2848a728e5dddd131f17a60616f23c5
-
SHA256
02c54f6d7ce7c4110edc53af7689dc5cbd26ef68e91d0e11718a23a3acaf2950
-
SHA512
7fc28fe9c215aa34670581e39797dade8144b6406fd9b4d9f7665b225374267a12f79bc9609b2f4961c974ff1a53962c52f454cc71dd07c8f395b867cf52b576
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000dec6dd47db18daf892a76aa1265fa1e5c146dba70ccd30945745b34974b45ec9000000000e8000000002000020000000f2dbf31a1148ac663bedafddbebcc06936a13bdeeaf4e99681e17c6cfc25be509000000062d0bfada55ada05a6568d03f2ac1e39b4ab647188b561e2b39f23953afcc6f9d4b651247ef915a2dbc6713bcf15936b86e76259a1744f01668f108ced970b98246fa5c51a1f2fa67f63b1f77a7abfef6f1d670b800297401f92e0bdad6554b0c749c392da822ddc68d5b7b8774a10c525f679cbe28aa3da5ff9891a798b6861ab99044c5da689ca7192750875d4b7474000000017aef3c827be04e879c4579a7faab62f3d6eb890e2ffcb3107c08fe17433829593dedfe25544332deca113c8023ae86611f4af7f31ba4c04fdb3a27c133730c4 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000eacd373c2632e554a1e2fbba443882f70044b4ed594694a747ed8d9e93bed250000000000e8000000002000020000000e1e0ee37bea8a59e20734e47fc50f6b022323ff670b7c18dc3ebb4f2eafb08e120000000f68d4f9240d394659b392e0047c0d742dc511ce82ccf8ef50fe8e9e72704f59140000000b6dd0fcefdacadac482305451df7a4faa7ae2929b0af5a29b3f47d2b875fd452f839daea03fe2c092a6783282bc04082d994ceab17d01f835d94104c267e7f0a iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD314171-6E0B-11EF-9DE0-EE9D5ADBD8E3} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f068c9d11802db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431980192" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3020 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3020 iexplore.exe 3020 iexplore.exe 3036 IEXPLORE.EXE 3036 IEXPLORE.EXE 3036 IEXPLORE.EXE 3036 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3020 wrote to memory of 3036 3020 iexplore.exe 30 PID 3020 wrote to memory of 3036 3020 iexplore.exe 30 PID 3020 wrote to memory of 3036 3020 iexplore.exe 30 PID 3020 wrote to memory of 3036 3020 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d4ecc880e7da0fb8389d85ef11aa22d4_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3036
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fbfbc945b2abb59c1c3e7b42a1a10a2b
SHA1d48932fa8cba4ec01c3f8339654534aa9f8637cd
SHA2560ca9cc75a55d10ff39d8a04abb53a4d4f50104c07e30027b809fb14b38e58e42
SHA5120a7496280889eea6959ec0d1fa56b2d7f3f35daeca266b110da164e3a8ea34810e7edccfdec77d6439729116498f30b00581f60da74d9b9a8e224f913e4e5fd4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD576bbb2925f748d655e3e76d0a3f21a28
SHA12e409a475d6833dc826dde29c58815d8a0d262d2
SHA256061f28053a3afc8eba56eb791c11c30f0a72c8b6ddc4ea80d8191834956d9756
SHA51256546cdd40adbd3cec32427984a0eb1b22fbc20a5485ef86bd55676c5f65bbbc9188fdc7e35109312c4ff4f2a48859e0997923e85d266063129f5b55b84dac58
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55fd0c0d29007c0387499d23256d2adde
SHA1bd8387240d924cafeb2e4437f73005d91d4fc84b
SHA2568ce9350282f3e9d58e5824d7175d7bc48d8d83c196d80def67c1263b705a0fff
SHA51262ba0d7732c98ed77e62467a2b73a06969cfbbb99234f12e6a5da729970f2ffbdb09b308ff045d64ac37715ed2a70c7d16d5266b830eb901dd2a65384aebc9c9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50012b89410e27c4878e58651249502ea
SHA1fbe331f60d1724c257891c64ce21f2ed0b35e012
SHA2567ebdeaa1125a1d8f3d71c30963f0ba39a452d43457ffd3d0470f6fc1e6ed3d87
SHA51246953ebecc154902e54fc056933aa87fc49aebcb3d3cddb70e80fce7df68e60252e3d6d4e4cddba0d0b4006a4af60b65b3f468720eb662e78c280f3f4077b887
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c9c1dcb4d95d781b90b28c89c92b086
SHA1c10c12e1d01355c437be584ab9ccf1df398ae183
SHA2562041298065f5342a0003d6bac63ac24bd96c86097ac6c99a950c71100cffe23f
SHA512b01f0e05e12e9f784e5eaf5efbb8df8957eaffa0716ac4986ea05d51c7009094c8351cd5736cf918dab5f2ecf25880148c4ae6dbaf6762e7e9bad8266c56f97a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD584a6c332527daf69fddedf156a06ae32
SHA17108ca658b246c62bb2d261707faa5114fbb903f
SHA256a438a89be313628151d088c7c645a027279543d42b7b8d48ccda03123312a2d7
SHA5129285a2968257349ec0a5ca0a55ad481fbb48d052a10570058c7a816229696bb78410dbcbe9f779427746946f2f2815ff00cb4711b91f3e655832cb7d9d1cc5d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c8e79cd7853e4b5b075bcb6592a8f3ef
SHA1203438029e8be185c3264b04c89c97633abad4e9
SHA256dfb56438b6ddc327301883af914e993d4840ae33baae7c6f59ad272241895d8e
SHA5123e4d97583f8895abb8f13a218cb498338a0de34baa6eaa44e05c24101e6dbd0af17fb208d6cd2ca82e23944a07312133a0a5172492c1c3833b926bb1874609a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f73c75f3e3418c824f3b9dfc36a89e8
SHA16347267c9c3335f616f4bcdb9ddd423eaed47fd5
SHA25602a01b964bf21bd0031bf96a4083380e18cf6b840198c225961279967e8b0e73
SHA5125e6db4edbc9443040ee217d0f25ed7c31ca6e0c5e27297aee3ba3bfa5c7f04605b1777d4fd00f8dd89f12913801fe5d359221a36e30a51a8e2fa7b0ad2ea0065
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b35f41debecbe5598f6d8c7f1e9d1545
SHA1ecb387c2dd42b190cf64caf14fa6950db6dc3912
SHA256f3cd161c164ce3a37bdf8b1626951472711fb445b681cea1fe3825bcf82a3f97
SHA512dc901b9775cff6781380720e6e480d831ea18243154cecde09805412ae8dea6a9e3f9a2b099b0596c3d3de3022ca452b45cac38fbb41c3eb9a36e91d4584af2c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54f5aa79ee0049aaed43b1c993c3628c1
SHA17973224a4f1d0d7fca8ae52d71a199e7427d53be
SHA256817d6f31f55b50c9ebd8a18e5dfdad9c8fb9bc5611261bf33b1415bc8d2bb36b
SHA51284a0c6a3a2d1f4b91cbcc2879085d15d33082218c56d291812cbc93df18c14c8367914848be16d989298f0c1a25f3cd7b22c31330b4b2582a41da1e14e2da58d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b842f96cbfd93b743e03ad5c8e59e83d
SHA135366f2ef0b5c6d8af7123f5d1bfadfe5e538ca4
SHA256c091e55abdcd893c3803ed5c7647e1b84b046757143a50b8cc42123e3dd9b80f
SHA5125810ec55c280480d45c9a8b3c962437ef9843136b56fb7546d5e61ec24791f74758cd97c88bee847c121b7ad35358bc5e5d116eb48fab25b11a9f7f95e069de4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cea488aa079f2d83be465f0d7e1319f2
SHA1d0a25eef9dfbc5eed2bf8f15504837d3f841860c
SHA25610a3add0594c814ef79cb676000befc578d9e8b07a636371bef5782e1a85a08b
SHA51271b8401dc9a154e787fa783993b86ef7b10cb11bc3c1fc0ccf7fd1d46d6eab7ada55121f1af48f138683a4bf739e8eff170c5db471893c48f043dd04109541cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a60e80ea927f27af8f4f9502331a764e
SHA1d28bd8ec677f09fee3f226cf71678135da42f889
SHA2566f851aef8f30fc7561301e15950269f975b45c61a3acdf1eb74e8d1a495b092d
SHA512ba5d6fa6d8c7b217f719f2ad1ffb14e0030bbea5cbaeb4979f6bd56e1807982d4c7d69a50ba2e67f8815c9c3f7fbdb98deae9a6d29a1e0ac74a58853a88c607d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57d63370080285f4e270d5892db06dce6
SHA18d2e6e816519ddda6cb5f5d909bfdf6514ece16a
SHA256de2b81ad9ca17b2fb0aecab4ed72065cfdd4271247cf627d2ba506a8ad647a49
SHA51239c9e04647cf562ffad5bc9162d51f174aebf2ac5c3f3516d0ceb758d9f4ee3ad8f52ba5458338964e83a850875056184dfc06717124e3e2eb8c81eb9a30cc99
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51f2bbb989b89c78dc163b4ea3bab4720
SHA1d26e4092f25fba02abe7e1f5e348008526a76754
SHA256180c49683ee25f039ba2c97c05a64f8464e203aabba9f722560e64d2757ece3b
SHA5124988a8a57a391779c4dec07867747557fe9af522133387054ae4ec0077441cc38ee213cfbb6ac2b3d6eeabf55aa7e91a8f1083d35a8315bf2a89848c095ed8b9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52ae51893479a233ba28a0272570fa5ab
SHA1089e3118861d5958076f61596927617a782846ae
SHA256c9cf0262cb4ddd789be9c048b34936407c347679fff8004cf04cade5853e7fc6
SHA512d4a4ee856750589b839d875f1da0d0b84aa3c22c3443a85516019b72e896b0794e8bcd84a122b24c1625cd01f06c09e8e20da993d2729f4c3f012a4d9a442958
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e718859f2fe6b3c8d3c2f283e397d06
SHA14c946955de0bb5dcb0c0d1d8631f7ab25badd99b
SHA25613ee4e06e0b6bd572ef78e4c3fb0df2a34b45fee775a06590b639cdfc743686f
SHA512ced70d0dfdbe8ceb349ab48da68db7fe20a8a15fd05e4c99ee40dcb730b321764c1b649926b96cf9b44401f8da1796852f831c81136dc7405450d0b8d7e62ad3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD598ba5d7af9becd5c2c57ad2a4a8be5db
SHA1da0a20268d3ee0c81e2b4687b9cf9c5ca593d55e
SHA256416082a56a77b5ab8beb4c137ba99a853e195d0d159bf235e0e0e8d82f65f5e0
SHA5127b0721391c21c6906580d9492f99b4bda04fcef94ba33bc0de922216bd6b3122fa4b05181c802d32e34bbe27510a1efdb033a1ac2328f0132a9cc4bc02e4db3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bc4a7b7f53e9dea513d879d41566bc20
SHA17e593fca47496ef7f290037a59604f4e5e0104a8
SHA256370a51d4bb2d88bd693667575f1b1bc79dae9e86116d104667e3466a203ec1ea
SHA5126eac5888cfe0adca84b2b711f9b8451e2530762e57ad47f0870ef98bbe73cde9ae6655d2e7b7db2749c0ec24d83c653a4100f0580d310d5aed927c791753a739
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b