Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11-09-2024 10:15
Static task
static1
Behavioral task
behavioral1
Sample
da20488680d887ba51f3e7607868d8f7_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
da20488680d887ba51f3e7607868d8f7_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
da20488680d887ba51f3e7607868d8f7_JaffaCakes118.html
-
Size
736B
-
MD5
da20488680d887ba51f3e7607868d8f7
-
SHA1
7ac1f79133b062fff7ebec3cd00b85e82eb011b3
-
SHA256
8b7e5e7d2b81d5c69a01393f42e1a9925e6e612cdcacaf395378c6e1ff74e200
-
SHA512
2d3227580ce6ba5fc79cd22a3dda254ccff04c7f4f7681a26ce9c6044934e4ea49a99f0bb19e631484e8487e4e60ce790b3559e0730e7bdeafac7b8a173e275a
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BEBF2201-7026-11EF-AB7C-F2BBDB1F0DCB} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432211585" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 102cb8833304db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c400000000020000000000106600000001000020000000bb9291fa96d14c8b1fa58eb136ff3ad8fb645bab44381742c8774168abafdffe000000000e8000000002000020000000a8a518c581c3019305216b797bb61600cead350cb3ce3f1fdcc17f0bfe78b550200000008d7172e250db709834630d6bff9948fce771be7b948101af73d0a25507ba9445400000007eaef7e4644ea34115c3163f6d0fed68e81f5f4e13ad6efabb69751fc3e38afe80f22294b1c8eb8de282e9c7d959d61319a540bfe684944874b23cc5e3f8e581 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000007a9018c8db29bf337c62724f32d252d009f4ee3c4ecbc95cff31979ad6251ade000000000e8000000002000020000000843561cf651cff363bd1f4c0dcf14a3ab6719b3267997f6ffa9115096f22cdb79000000074de9711541698bc1cc81ab8d0230c9bec360d118b9233816b2cabd305047fdcddea6aeb77eec0206f7a58acefae5bd1c1a7ede8c1f566c943a5539eb025bdf54ae7457c02f17a6fb9380a2c633e179290ea7ac39ad359a3a5d2e1fa28ccdf7901265a2ae66369ba7ab722da5e90cd2ff106066a2d30564de209cc4924b83152c592ef0f7b6117e874316b39d00da6e94000000020c2127f44c047f03f41b2e6882e4a9376aadf1fd52d89919abdeae1907beea2e932a9fb842f00c37804cd284021f59162914e81b09815abeceac60b5ddb47fb iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2444 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2444 iexplore.exe 2444 iexplore.exe 2316 IEXPLORE.EXE 2316 IEXPLORE.EXE 2316 IEXPLORE.EXE 2316 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2444 wrote to memory of 2316 2444 iexplore.exe 30 PID 2444 wrote to memory of 2316 2444 iexplore.exe 30 PID 2444 wrote to memory of 2316 2444 iexplore.exe 30 PID 2444 wrote to memory of 2316 2444 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\da20488680d887ba51f3e7607868d8f7_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2444 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2316
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5773f5131e96fc0a6e5d052c7129af8b1
SHA1320d180aff2e47ba413e46e411a94d8ab95bdc4e
SHA2567fc9c5c9c53bafb4bd18b99579b047b71034319539866c681c9a1ca05ee21bae
SHA5123e77fa08409c7ea072f888efba8414ba6ddd3cb261e5ab8feda87a9b7c56951bdaa1519441de8e0b82fbf910a41f62f5d487943224a88bfd81d7ccb3427e921e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd56972b0e0fbe425ca0df749448e542
SHA11edc31db7d3cf47dd9da0778f2fd5957413359f5
SHA256e14c51e451c9faff31767c74c3afbca9867a2c2c9959022b4acbce2015eae3a3
SHA512c9ab3a0409cc54eb0180ce9745740d15b0b82895028c9291715c2b596d220972c5ff3f2ddedb2434234c801d47e4b1f63bec10ebd2ea1efa62c23b60bc6b1605
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a44a1dbb54dd052508f991e687e53820
SHA1fdb768d6c96d782931a36b9d2381672f470ca604
SHA2568123ddc1900fe365cc0963912980713c41c959cb20a9e11c633cf3e58023e6d8
SHA51289476686025bedbe3cd270f800bbf4c7e847f042cd600583cccba9c6655b965b7dd95a35bba51a16b10089a93ceaf05ee1eb3c9dbaf29b04d65354a9ef53daad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD583bee7ad1319c19f017208b5f4baffec
SHA16c61d68810dd39b7effdeb73df002240c418b291
SHA256f9714b8fb74beebbd8ee82725b4fbdd118f161feb9c0e8be8823b5851dd8a414
SHA5123675cf9a0f0e2f7d962b5ab0a1a9d61d9c57f965866b0640979e721bb2968e6ba92a0db62888b7fc850358e7a7c278275564a9beb3d08815d150ea7f952938c3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54cb4d8d868d5946ea40c0c6faa263b08
SHA1c73a925dee5914e2f66f2e46139772c866dc643d
SHA2562e3f6c76a8ffbe717675a18811baf6f1dcabded220bf8bd9f67861bb6526da36
SHA51234820e14da0c62252e05786fed5352742a81de5f614456d0be0075185253cb5aa0d612dd21c8654d3b6a1dfa76a8be38b4e4d1eaaf36a0a81b2820cac8f9aeb1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ac650520b427656d1dfa310090a00fba
SHA154e3a1cdc096a0c860dca7d846711dad5144384f
SHA25675ec5345c79695b6ad5a4ce96331e1aae37368e71cd067d75a27a4a1e56a1b43
SHA512aa59d7f1d9f5083604851c889b6c5b2f49b505e3818b2efdf5e432cb75db91a78e2a28e666a7aeb83973582cd2e1ac16e33f28d2e39f0843975e608fdf516e61
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56e3ad45470f275b908f62b7724a84307
SHA1264d8d2fac63cf4f211af56fba6fcccb246b356d
SHA2569dd3a9a8111e8cebeac7c750f9f9687472fac2ae4fa26b54e833698f24055a7d
SHA512ea7dabde669a612482f407fc8dd59d9e7f63e0c1a6903fd8e53a72cb798a04c38e26f8673702735554ef0f14dea14066b4d6886d6bb9ffea1e061ae7d2f606d1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53c5bb9193e5ce2e27152790f519dc604
SHA1925ace76d4136fa013cc9a18bec3fda29af40e9d
SHA25640d51ee2d725c8bf184b507e2c1f94ec419f446493f3a09d8fe03396be9e2508
SHA512158c0f8343842dcc1c0111290e177ca96e2d2b2fa7da8411caab1d0b906c065bb750b59129370184cca438501180f138bb1e3b65d26a2bdca6603fb6679107fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59259237ad73d10b0876479961fe8069e
SHA16e4dc2690a87380aead26c3244a1bdc52f652843
SHA2562374a66acdb8804c98c2b8c57cfd1ec5edc683c70a16480d0434291d33241fbb
SHA512b41da3e746c2677adab867c0c0eb56fbbbffad501eaa540a18a7d790d50897785076cdcd5aabfd88f964091ba92c3c6036d1558e86f8c6975c7882ceb2dc7440
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597dd934bc9473a5527c54f1356aec041
SHA1168b1e32aef79cd01ad13dfa3542f66fd6bd8fa9
SHA25607177d19418cd575c0e663a488c3c5d582720ba9046dc46aede2d45c367f74ca
SHA512eefbb7313638022a9e8ae64ea6b470f38c69ec2d8cfb6d00393e5ad68248719cfd27761177dc2932e7ca68d4c7df5b7fd87306a182c8f50423a570ee4ca8b57e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa4b1b615ea5ef90f8101af20103258d
SHA133410956701be90e1fa5fc1fa74526f1bf652e5b
SHA256ecca8d75671e6bb6ef8df5a550177bf480c0fd31051082520ca9fb477f37bde5
SHA5121e4f888279411bd9dd704f2cfa509bf44fa809e9a9e35d585cf8dd1f82d188452472e52a437f841e56466291d0e5a15e0f6f5c4e0bcb56e1bcc21b9603af5c61
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b