Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
13/09/2024, 11:43
Static task
static1
Behavioral task
behavioral1
Sample
de437bbd1800df8ecfaae62706960441_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
de437bbd1800df8ecfaae62706960441_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
de437bbd1800df8ecfaae62706960441_JaffaCakes118.html
-
Size
2KB
-
MD5
de437bbd1800df8ecfaae62706960441
-
SHA1
2bc3366d66a88ee1d505132e94a734e1cdcb7cb1
-
SHA256
7fdc55e140ad6cef078201495647518a8bb301f6690a9ec9f2fff694250c2522
-
SHA512
c41e22c4c955c777f2425061487850ba1996974f8672af016bea913dc8104dcbffa0b1f16f14ec1cfec643d029d4e84b90cce4240117b8329056805f45edefdc
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000000be7808b881ce091513ff787e46ece0ea72f5712896c6b30fe1910f5ed2be375000000000e8000000002000020000000b69b748704b1ac9982475f3271b220cc7566d6c8bf363eb97dc975c82811910a2000000058088508155467f78ccda32f3b9b60d288e486c1ed2b03cb9892904e79388d234000000008feb1cabb03981668394238a7e4a83d43e6d924674bb78f70c2b433e0e502a159b8beadeb6e57165c129a2aa16daac402e57dde2a9cf5398a145161e94d9db7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f5420000000002000000000010660000000100002000000049959dac2b5c51abe1a1f5644dae20e2df5427e5244851075e64037960668e06000000000e8000000002000020000000ce9e8670336e64f32fc603d44abbf3d064de6204d0a3cbea997703d5e5315fea900000009ace7aace5f159f93b892dcf3e34111b41d8fdf0222932c136e5d180c512b12422ca719a81b7082afdb9f0166db51a5ed1b50ae649ad30db689af29ff59b545e96ce24023842d45a39f74191939f13a1947998a83d8fef8bc2a102d9837f9eae1c08864912ee43606168086323aeaed86f394b9c29d1d0842809c9ba82c639d4a8beac2881db961fd4665474c4964f10400000001f147d7ea70febc87c82d1d32ba5cb454d2ffd58ac5e481289b9a40977df34bed861f5b31c7d87fb101443b928fe1cb3e97902f880cf6e221615b27dc8a77819 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e019fb4bd205db01 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{755528D1-71C5-11EF-BB31-7694D31B45CA} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432389704" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2512 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2512 iexplore.exe 2512 iexplore.exe 320 IEXPLORE.EXE 320 IEXPLORE.EXE 320 IEXPLORE.EXE 320 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2512 wrote to memory of 320 2512 iexplore.exe 31 PID 2512 wrote to memory of 320 2512 iexplore.exe 31 PID 2512 wrote to memory of 320 2512 iexplore.exe 31 PID 2512 wrote to memory of 320 2512 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\de437bbd1800df8ecfaae62706960441_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2512 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:320
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f4012978b50a1bae98d793e17364f4b8
SHA1e5af6de70a6554c495cf903d10618623d64a272a
SHA256f540c78ddfa8189e48ba028b668ef06d1c6b510949805b82e4ae20575e098acb
SHA512b226c901d650ee695c828fcddea7603bc85ad83460976d47b53c3dfa641ef82159326408b66169feac614bda34709b32afdec866b6e18df4d3496114428d0a2e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd292e5a7268d3bf253eb829767a7175
SHA1c69b70353b6fdbaae0169e5a11d96d2184ee9f0d
SHA2569eeea38c51cb32eacb57fdbd26c4292dbd6a63d5898d2745b948969ba8c0ced3
SHA5124f070908c2b4730e7314b55a58b5eaf39ff791385872c4a9239f62a9bf4d889c130af9e633048ce7a220d9c49f2474104fc6432aadb3e208e26693271dceb5ee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5745aac0974444a95f389e31866d79e17
SHA1a650947848a7dd6fc148d09433d4e425349dc861
SHA256b076786942f0148c1cf7c6cc362ee4b8b63d0d2db0e807c47354bbaa6d693aa3
SHA512af74919b8828560eba6006f0d16e557a0de7d603697e731b111756acfec82a63ff3356a35607a97d4886b3253e9a035d6d0b06a47c96677ca90238ec296a63d2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD581509607cace3271bb74205d35839ca7
SHA1f589395a78e6fec1c2eea2891e2fbbc3d67d0f7c
SHA25619625c9570ebdf3b21062f8c94415c97b488ded6a3c0d74ad58dd17048f44d41
SHA5121b32f97989c33bcda0dbd186df086bc8de9ecdbe2066b2b24f496dc7ce47c2fa038f2c8259892b850b22729502989c026c76d5c611b4c5a9f01b48b9081c60ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56592f252a01fa7e1d32a5573037c01e8
SHA1901250196714a44a93ec5c24a7240047321ccb40
SHA25691939029e0d6a778c67dd7d36ebb08d138b16eb072f05dfe7c1752826c7ed30a
SHA51276e5bbcb39dae39bce4aadd1080ea2bae1d7541884392438c52d1790f94a9c8fbdc00fe4d886cbdc5aaa59eba495988319c6e47e3b29af2072fea93bac76052f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD542d2224652516f06b5af81f6e4a616f8
SHA138c8f1904b6d4216cda1951b699721834a81f4e3
SHA256704f542de8ac97e3902b6195206bb10d8e562edf5b3c0da19f55d66cf51cfec4
SHA512acdc8cee2fa72ba291fdbe36fe4f0e5dfc9c303c9f58baf4f36bfb8b1ef1c0d745155ef4a172559b70953eba58bf82600d92644f61cfbc8617bddad9dc3f95c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51a527b36c592ee45b97bb00b8fc7a64a
SHA1ad1cb2d4c56fb0aa25a32523df4c5b041db6429e
SHA2569f2b84b8decb277c932aa2dd184aa5fd77c8fd0809ac7c83ef905da3555a206f
SHA512080e5fb968f6276051aff4f8a9c8b56b315b2a437e76019553f4191ed2cc73453feef40ca8fc24203df08bfdc9d5608ea8e641c3e3ddf6dc717153bfe50ad3b2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf9ddb4d23676875a33f79df59394717
SHA1f9b35c1e68d403d4d92cbf3532dd4c32f8457d4b
SHA2567790013bb58a32933f9bf9b490fccd80c8b07e631b7eda75e23cd3bc5c3b42e3
SHA512c19d8b5ea612e13109a47da88db656d34ba6a189f54cd2c3a1f9861a5bbb93c9d7a377fbe6b531d199df786f6f6bef28a0eb7a8e785476f8cabbb51046e9af09
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD590f3b5c248563d38bec961edabcc3092
SHA15336af37148240f2d5e7191890a40f1542bd28ef
SHA25619487feedf1bfebf65452f70c4b19bb97823d5fed5259b5555ce67e8567699e8
SHA512ebc0c93966c14f71f2ae748cbb2ea30013c98be19f5da1c0e8ab7cfc3f7b72e9278327696e6b7fd46b25343e58168d3ea3e18f9adbc43a6d35437083dca7e638
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD544fd1de4cd21881896001bdd3555da2a
SHA12f1f5e5ac2fe68e95380073012e27093aa359607
SHA2566c3d1f85e037e018ead935b39e249a716fc6055503c728faf191ecf3e91423fb
SHA512e149f1d535957746d4b5c50c2766909635074a40c6d12ad2ada6fe0a4021cbc53cdc7c18f6bb1e1bb81f4d61e2593811a06660ac90e4fd7090e2e8a460eeed5c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f0b373bdde98ff5d4caba98f9b3e5e2
SHA16042f6358074e57b727c2bebecb7800d4590e158
SHA256754bab624b405c042d3b5a817b31a47bfcb010037641616de3871f058725152e
SHA512a946e8db5db0f2b5e60a6793526e49781764bb58541316110a9baa673ece7322478059734b63e93ab9b2115e0d97985b03c48b34fab1ca479bd396be7a28db50
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51080618e3a88984bdc52a1fd0371c472
SHA1c23bf61d1376490f63326b30d7afd5200a6ee4c4
SHA256a255af2583b9f233913eb8b55e120a25a5d42dbc885b0ea1189d80d53edc9b3f
SHA51267c035a56e5237571faa38bd20b1d657108279cea9ec337296317718b6cfac2d372f083f35717ca5934a2ac8286d2f51037657d602761c9aeaae8cb62ca8fab8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD512262aa72ce40d7ff8b501d181ab6303
SHA16698a933d66acb2c3a0b9e102077822d6967082e
SHA256a64e96e0b4ab6762c036d2d75f2de70564ad36d414926cefcc0df97abc764fba
SHA512a8784b0014aa476d19e661ab863816d1b4062b8fdee7a2c0a6384ebdd4bddf9fcd6fe51220d1d9aba2dbc7d59744ea52bfdaaa310a3ce0a13f4d5cfb55957e62
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD538176a125a2253572eb185e7fdb56566
SHA12c1cf6bcabd278fd89e5cb3e69dbf0fcdda9a513
SHA25661d6e4037e431884f7949848a2597db8c43e22038dfd4252b544a4b533c11a07
SHA512d7ce1d0e94d6ec58d43e2935d0156a6158f6a163fd76a87754b80c33e9c7bb5fea6c5b3c597aeaafe21395d7c37def683a72455d68e1ae283609af174fd85191
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD573434057483f02d4f290dd92a5577170
SHA1e1ed4b9e4f103e663161e9944302ec3d45a98b65
SHA256673cb6db53ab7ab60126f55fa25ee28719418146a177e4469b46d148e9ca3157
SHA51230d7970a1c115b610830d1e5070ccb9aab96f12d4e8533b49be3e6553f8ffb8e1aebd2058fb75803da636399e29f4e001a365720cac5cddbcd294d4103f0da12
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58da9b0a17e77c16457f4a4ffa424611e
SHA18157a28dc2101423050574c4557d6028b7d9fcef
SHA2564f277decd2e1d941e63fe1874bc3b42367635fe4b7452c85714a5321c01c26f4
SHA51265f79147e5da7bbff9efe0d5474e5e85efebf1b977cce1d2160e70e6f93b96fd42bf94b79bb06e092108a64f5401a9688259590ebee7b8aba56591d38f206b0f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD586e090f77005acb562c1585fbcdf67aa
SHA12217902e5451bfc286256b064a758975e7d5ee9b
SHA25633650057d01f7e890b13f1f9e755a9552d29cda5e724959bc3f210e347171245
SHA512f1fef8711d1f909ab8b9f1a95fa4035d135a08e794344fdb49b226fbc2ed0abf606a9e3da7555377ff0ac9ee43eeb21608b40fc0f44ae2a8907ef3442b58c37d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596e02897b404fc72381cb46b02d233e9
SHA10f841830c53e2efd37ac958e2bbe4ced17ee94b6
SHA25626bbd8724ea487c245646fdcfb30b781a5282115fe2b17490e99f84ba2155614
SHA512cabc520706e59dff3c7f9ccee26ab0334ce08b1a94de02c5ede87e0866030613ac5eb950cc8b06a46fbb40f97ec90347e60c1e36e878be4cb181dc1d8acb1dad
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b