Analysis
-
max time kernel
135s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11/09/2024, 08:02
Static task
static1
Behavioral task
behavioral1
Sample
d9ec5960110ea1a8335b9c7139bd76e6_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d9ec5960110ea1a8335b9c7139bd76e6_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
d9ec5960110ea1a8335b9c7139bd76e6_JaffaCakes118.html
-
Size
53KB
-
MD5
d9ec5960110ea1a8335b9c7139bd76e6
-
SHA1
5c9e4d68a8e39b22cd43552aa4e58d61882b750f
-
SHA256
406d867d30d8e7f9d7d0427067daa301e0c67f8dd028c2836f983a21af102d46
-
SHA512
bd513de5bd87968b2af957fd445e791dfbb38997fd522306b0f90e1a7245d80c21f2138b5f903447c1db3bb749eabd474fecc212dcd3a91ae8cb87f8aa866642
-
SSDEEP
1536:CkgUiIakTqGivi+PyUOrunlYw63Nj+q5VyvR0w2AzTICbbooN/t9M/dNwIUTDmDh:CkgUiIakTqGivi+PyUOrunlYw63Nj+ql
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{301B96D1-7014-11EF-8EF2-FE6EB537C9A6} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0a61e082104db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432203617" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b00000000020000000000106600000001000020000000aa70fcb88e4106ea9431c628a39af4e9da05e7f562ee6af08fe5ac2135353c5d000000000e800000000200002000000034931f97d79a4412f72d675af6169a1735e0d779e6956e481acf12b398866ca620000000a402bb918e7b4352c1aa0d9f00fae8223c31ee0cee6b1af976d1cdf833f7f99940000000b6b011fab322cd7b01afe0a0faebcaf6e1f6e2c22138241876bc969ef32ea90f9632eb848c298bc3cb3d104fcb5726d6d29e46086f5f4076905d41a1a3494c51 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007b88b8645d6de74ab21efaf0de98379b000000000200000000001066000000010000200000000ec5aa8be937bf6d797f75768c2017a9d4226d7d41011577636b1b7b138decac000000000e8000000002000020000000e2520d3660c07a11eb404b05ec4d565877d4b92abd35747dd4045cf19ab977cd90000000a11f540bb28020fb4e578913fb2577e6fb76f02882331c82fb108f35c00639075730fa697deeb05ea9fc763716f2d9b25a6c73442435b24ac6f467f051c625ce9efed914b619651da70cb296a32700d4dca8e2ac320fc6cbb4c72e6435e16dbc3ec7ad1b56aa8c45d20e0c8badc0f7921dabcb019dddcff0275e570733beedebc90bbecf008c089d9754c3e180ea41ff400000003377626843c16a51721b7136dbe3ef80579b3f2fb06a4db03ec2d9ab54649bbf435ea492965f2af980401699b0552e0bc4e3af0ba52af4dcc1685e1a3c691afc iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3064 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 3064 iexplore.exe 3064 iexplore.exe 2728 IEXPLORE.EXE 2728 IEXPLORE.EXE 2728 IEXPLORE.EXE 2728 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 3064 wrote to memory of 2728 3064 iexplore.exe 30 PID 3064 wrote to memory of 2728 3064 iexplore.exe 30 PID 3064 wrote to memory of 2728 3064 iexplore.exe 30 PID 3064 wrote to memory of 2728 3064 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d9ec5960110ea1a8335b9c7139bd76e6_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2728
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ee02591fea8182485e5c3e5ae64727c0
SHA1a3b6f94ce4c9c4835667eb7e4f31d90c04d50300
SHA256cf5df47865e9bf055ba79869ecbf4c6df3a6f180af8012f2af67bcf96393eeaa
SHA512f8d20138e8d6be7d23f7c6381609787b638175416b66091568c6a042cbb96f5c0d57cf18d3d3e574ae70c89be68662bc4226ac21d54d04234d6c5659785d2a7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD594016593721ca8ccc1221004788794d7
SHA1625b97e72e6ed1751b103445c1425f2a3272fb7a
SHA2561f42b844abe23764a8366ae03af772fb068e43aa1e607bd486bc8ef950c8350d
SHA51287f00e8991e837f2da6d20811445b9afbc1d561ef5e248427627cdaa69c86e9b395885ad7a4868565eafbfcdae0077e5d5bc3d6dfa77e637ac2a52aa1779141c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD513efc4d365037e3a074f2721adce4a8a
SHA1ad963be2d807a74d4d564678318ec7847b6cf365
SHA256a4affa7629449b7fd6a984dc2c3128e752745d556c872046bea3284d44daff25
SHA5124d477cd05297d3c94734cf6d48a9c918e33b022aeecc45f01923270236acb76ae5ac9eebdd4dc13586e3ece986b6964ae5a40f887e2121833fc212469eeb033f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e4089551d16f361938dddc99bbc597f9
SHA1d6409a213209b7d5e1ac01610746c78a89a801cf
SHA25662e0cd4bff78892b0a2697073833426cae720aef6a5ae4f3b47f31c3e724e3ea
SHA5125daf06b60e45bfdc6bcebf24c506e91dd78a904a6946afe4fba07ee184a46610b71bfaf37442aeb68911476e6c872d66c575958ab8657144c76155f98d8012c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54138b01ce2301fdec40ec591b3288e87
SHA17f6a15d229592cf0c5bee957a1339ab931564d8d
SHA25607c355368c02aa16676f7c74cc819394530943c3c1beddac29f8d98376bbc165
SHA51208ae08cb5f558ddc35ed17df2f731955a4290fc0228b65e2e77af7ca04738c6d6c0e85bc6a64ecb9a8c19eeba6a9c80b8050cfca7462a23d8d0196c9c76f9b2d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b3e492f389665521bdd2ee45a75a95d8
SHA14af3f9823fd68dd2b9c2e9dbafacc59c996d6824
SHA256237f70321c8ded2d112c71bbcb5f3eeb08300a0d35537bb328f0ac5046a2bf85
SHA512f988c0fd621e94a65452255d24751abe41e859773140825e8fcd8a47bca2d70191a59cd8e80220a55d77adf03a3aa75db4245c23cb5c4d76a91aac31c233aeb0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5830ddcce891d60132ce9da84d5a74b57
SHA1ea070357bc6e5ff288f3b767af6c61fd9c8348ca
SHA2562fc0d4bcfd6878af5d6934d65178dc51697ca82f0ccee8597aa34fc7083da88c
SHA5121dc95f5044dde1393dd31bd45a85d037f579c9df8098162cbc42702380634faa854188b56ac3fdf4e9eb5464e0b2eb4f7405b235ced7bdc6fce2915cccda82e9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57d12dcab1e1120892d1c957061d5df35
SHA1629b395ab06acdd38883ae7c6eb7ccf5fec7e2a6
SHA256ea304a06665cf56f77392d25729563d2c8a2d96d869217850c790f14ca2ad10b
SHA512c2c3eb86e7ccb9c0eb51ea50a9c178317bb3b07112306f564aa522cf581c6cf2b500f7eb7c0c4b1e29cd1318ec4857c413c6ae764e24961c7eaca5bf218f488e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa4f56969e445e1ba0030b891220032c
SHA15863c20a80bc3f1283b80ce0be3bd8eed283e24f
SHA2560d456aa55d1ac470d6e6e90e96ade53406cb18eb6e59c3953fb99162aa40ce25
SHA512c5af769fc7c1362a18402fe1d65c9cecb2be37686ff2c8be85b00b6900baef8bc491856d0d23394950a801c5fd329f3ac05b33a7a983562604d6b04c5a049eb4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5030cec49cdc7bce91692561baa3c847f
SHA1f8b90612e75ba880c407b0acc597d1b58663e0e2
SHA256d4e7eea36bc9f47eedebae344d74a9a6232148460a15ad2ba823dfb5f92ebc1c
SHA512cb5108456d136ad792d0588306e2dc2148c86669f1a6efbb6f00dae1d705ec22206e142e38cd6f7793f12c266e48677a91bf6df31feccf1dbf60ff4b9d69892f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50b450705de7066cbe76fa75b5e1f0cbe
SHA12f2cd20f078356cfa3f3779c4ba3504fc5d2792a
SHA256e8968abaa60c6b62eb8c182d36624581e9bdac443607f0b8c0fa04512c9459f0
SHA51261593760f00f6a5b2d659da1b4ef7963ed77fc99061629da6bae7ee63d52320364613d8d3906579de3bec634e235e2326c3e9daea2c3b9abd28097230324dc5a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55fbd52abaaa98d9ffdf52cd86d3c5cd7
SHA16f038e7b0f83d921444ce16f4313aaf34b1c9961
SHA2561c0e4add97de00bde624d22f66f9647e2c59c22bc7e7011cfd85887df43e657c
SHA512455f4bbf22d8d9e6048e821194a05524b291b5eb0e74380cff77b149cb7402554ab4566854d7e46dc2665b2140b1bf51bda0cf5eb0baa8db21e633d8d5fa5835
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a78699e13e2cf1eab6887c793a6f9724
SHA13d7c8c262b1bd5fe83abd279b07d2ce655e4650c
SHA25612472d7e3381d1eda216f66e9474ffe0f1ae312f6f0498de6ead0d611c3dd436
SHA512c1f8121e72ebd433d97c2bdba0ad4a5b3992a142585e35d71aaeb866cc58fb2df8058b70d9353c44c8d3cd3434b55c2df966e8db958928bd9d43bf00dde1467a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b092078b30bc6e83d0dd200958487cf1
SHA1cc73a30ae43728a4fbee5cff19773c531d66f700
SHA256a67aa949fe1e5f3240ee6ce00b0a28e21756c373bfbf270fdcf72b19d3f67fab
SHA51252ef3000407a5e1ca93e781dda7b61454f75d8d8a9da0963eff5b842bb816ffeb56cf35f4339158c1302d9f32ec91707884d5d40a06a2587bebab68b265953c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc43f2cacd132e08e333253b5c1866f0
SHA1f5a72efbf38862455f74565863ca06eaa549ef42
SHA2564a7017856d9d2d4e7908f8ca91ee240bab5ffb8bfb362c38d9a122aeaf1d7c53
SHA512cf8734d99c3dbf055165a574037731a97fb6e6bd8dc44e9a28821c50e44d24d9ed6522a51b2ce7f93090659d91e474d1ad52438e3e8bbb776f9e4562e6185e43
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b33083356e110d35cd33dd1303443a39
SHA1b2f0b7877844672caf415b1a9afe42dc0268b3dd
SHA256cc3a3cc6f88344495a9c27445fc45c0e0bf778ddfbe671560395daa1872de82e
SHA51242e1646e4967a480703008e038d42bae174ad420a8a51f3beb677f9297dcfed9ab744ce10bbb6421dc3a6f1c1d7ce1bc47aab795a3d7a1323af48f2ac8a496de
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56KJ964X\print[1].htm
Filesize706B
MD567f3a5933c17b3ab044826d3927d0ba9
SHA15957076d09bacaa6db8ddc832b4fd87ed8f05f8a
SHA25697e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64
SHA51203ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b