Analysis
-
max time kernel
134s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11/09/2024, 13:28
Static task
static1
Behavioral task
behavioral1
Sample
da71e40bfa5b77617ead3d7eef5d5a59_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
da71e40bfa5b77617ead3d7eef5d5a59_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
da71e40bfa5b77617ead3d7eef5d5a59_JaffaCakes118.html
-
Size
652KB
-
MD5
da71e40bfa5b77617ead3d7eef5d5a59
-
SHA1
a52b5c822934a8484e1f8bb87b870f7b8ccca50f
-
SHA256
f26b8de1e38e9c0adee77f6684915ab8f8cbe84cbd15bbe8cb08bf655b04e24a
-
SHA512
9314aa86a3fb74764944433a2d87fe3fd8fff1d1764757c27be1ae1cc195f985e8708762fba20823f7f1e62983bdc02119fd72d7fbc6f49f5cd44ed3803992c2
-
SSDEEP
6144:YsMYod+X3oI+YBsMYod+X3oI+YisMYod+X3oI+YazIqksMYod+X3oI+YasMYod+e:m5d+X3n5d+X3G5d+X3YK5d+X3W5d+X3+
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432223181" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BBB35CF1-7041-11EF-AA6F-523A95B0E536} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1960 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1960 iexplore.exe 1960 iexplore.exe 2856 IEXPLORE.EXE 2856 IEXPLORE.EXE 2856 IEXPLORE.EXE 2856 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1960 wrote to memory of 2856 1960 iexplore.exe 31 PID 1960 wrote to memory of 2856 1960 iexplore.exe 31 PID 1960 wrote to memory of 2856 1960 iexplore.exe 31 PID 1960 wrote to memory of 2856 1960 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\da71e40bfa5b77617ead3d7eef5d5a59_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1960 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2856
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f9e52a7d9740a0dc5df90b26f23d4f8
SHA116ca074c1aa7399260fe508cea291f2650f5aaf4
SHA256d811f9551d2645816cd8584a0c4d9d9f7b6d87f756344d2e50067ae5b081a367
SHA5127ce108ccb08b8efa3e833e9338e34a24d7f7f1678a11ec1b903db350fa7d7d4ff1203d0d72499126ed5d8cc1bbc9f85267739d1ce05548aa357e56ecb3b1e4ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5069f799d2187f2d3fa14fd9256387708
SHA1ab1ecc3181fe7e3902a9c57333fdbcce33192c5f
SHA256caf979ab17963a5e172ea4d4327f7aa96f1101cd113a9e9d6670e4ae920c2a11
SHA512ce2997d6baec00736a62e18b2277db65ce4c237e4eb820fe18b0e88affb66744ec7735a1f8880aff1d6b00fa5bcba1c9531b1c2da022553711227e5a62577e76
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ea839269daa9e59a6c83456e61560677
SHA12980601b50a35d9c4179ef165802e71e7aa87977
SHA2560f5bd49ed1eceb0f6279e161f524cb70a93f5657d40eb23d9049bf940fb90eb7
SHA512e6a067abcd2b9df844312297265079d699cfbe01dcd967f34f84846935a5d4f79e33c9e612acf88ee3f2f543e0acad2ffe8d3ecfb39b7f0f381d71fd08dc13de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535b26aa7a533e9aa9f12ddff225db677
SHA1a500516f0a7076ed05c720b9d3b8abd6c73b4d37
SHA256c5057010b339135245f19e3642b7df2ab6557480fc6b4f45ddc513a0bf201839
SHA512613062fabaa43c60c946594c1af9be0ced7ae7cb674a7d9cb0b595b159bd6b7f19d6748ea81fead56e0b6da45645e126a4a39804378c8a7e97b9a04b3d1c67c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57eec4afbf37d0f1035968902b2fa930c
SHA1f40cf498dcc095f4a2edec6963ca08499a8a89d5
SHA25675dbbc66a8176d2f87d9dd2f7de580f895f608e84134dcb51669f80d48be7353
SHA512b7e819682601ba7a11fcd5f369bf26c5d4191c9dd63965d6f3cb505113c9fa9ae507d26271a40ef8d9ca1520bc95c880a1d5f7c7e15a74747e7b1f7fbb01a4b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d0c4fb8def6245bb911ee5c4a19ba349
SHA1b36ff4de7f41dcf0371f09b7c4299aaacf014b88
SHA2563377f40c94f6825f243f518dac11cb0c9eb45809789dd9493340d4a40b8dc1af
SHA51259e0b43dd2aa929b07496b184afc4858aa49d93e6a5bc26b8967dba86dae12c3ebe31bfb14dd62a849edf6b232554e9eee9b1a7ddea364452fa27ba1369c4fb6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2d06107ba830a910a32a226d94c67b0
SHA10065ed435cf1fb83daef893c958324a6bcbf4f58
SHA25630f8e736bfcd924cdde9e3185d123892c22ae9ccd1828557e96fc7f58189359d
SHA512f6558650708dba1bd4aaa31fbca1855c14875c6557c38af5ef2b478f33bed77aaf02efb664bbc49592da7117394c4402db2ebc48535a80682512746cadeefed2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dbca2b91ffe09cb11bc09bd382792aac
SHA11639f0e7c41c6f77f462c908f1563ade308da411
SHA2562495e687d6fe98a03bfd6d234f7b3fb677b2ea573519d725a9106ce2b9d82c32
SHA512c991371810e6f0f7c99c53f8d403c3fc2392aefe19d16f8a010336c5570b5a921374eb7b61be542c66c9c3cb4e1089f3c201a1dae003e7f7dcc67182a83b7248
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b