Analysis
-
max time kernel
138s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
18-09-2024 21:38
Static task
static1
Behavioral task
behavioral1
Sample
ea04337601f43e5692d6fa3b27327ee7_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ea04337601f43e5692d6fa3b27327ee7_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
ea04337601f43e5692d6fa3b27327ee7_JaffaCakes118.html
-
Size
14KB
-
MD5
ea04337601f43e5692d6fa3b27327ee7
-
SHA1
45680f18ebf0dcaefd60e59e4ef1930f422eaa4e
-
SHA256
8e794d0ff7bf1ac24552bd0a1171a5e4fa7ccaddfa2e467b9d887564a122bf5f
-
SHA512
83b2045abe9a5cbffa6278fd4df0873f02ce5a49c2dfc149cf8c297461bbbdc549d78b9344a3e100d0e3d6e07f9d4702cca505bbacea35236b138363b7497e2a
-
SSDEEP
192:C9ren8VwgJMfGAHLwlLuuH8YhzVg5H49MXj9QU4pwxrDPEQd0lLXalc0DI:LfGAHguo8E5GY9MBQdWd0lDaZ0
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432857409" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10b3773e130adb01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000942df75b2e6666e7865a2f814286b5fbb6a0a684abf2c70363d4c14c257768ea000000000e800000000200002000000098008e67bb6a08d15e8372e8c496d5f377565dbd3ca86beefdc5f4aee918a90590000000391d9c27b7cbec11374d92e1836d9fdeee6d38b4e80561056ea619e4cf1d9d5dc862b982ea07602e421167da6829bf025d2616ed20cf09a96fdffb30a642a79d8cf84bb6cd39ac74c2726bb7cf1eca217d0404c3b3fdb7e34d8cc7669581d9682440e7e8db8fef85da07e4ae01b60f26a39ff9705090dcf33843fddc0d5fb3fe644d94f6ef0c652097520522d7778d1840000000eed7a1ec8940af641cb3dc064a0615796a46c028b0ce71802da16f94fb711c0dc3259a9ee38fb03e15cf286d014891df72b4e2e92b10f2b5091c58e245c19882 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b8d48fc8adfa6b4a805f1a4a681aaa6f00000000020000000000106600000001000020000000416fa160c9cf1861b15f1b4846a5808e77c6af17f9030c485ee2ad59b0661a0a000000000e800000000200002000000084b3f575cb81f53f8fa937aef2d09415f0a55bf2360a8610ffea8a937aac90d220000000976807bc4169431517ef943ca8478bfd4b8e0be41d0087b8d506f2bc6e63ef504000000003243cf254f56f0d0f7ead5551cee0cd45a7d122f545db299c390802ec960b282fe98958599c945933164bb40d4098db715142b183b829f88ad8374215d8f474 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{68DD6D71-7606-11EF-9BF0-D60C98DC526F} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-312935884-697965778-3955649944-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2604 IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1716 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1716 iexplore.exe 1716 iexplore.exe 2604 IEXPLORE.EXE 2604 IEXPLORE.EXE 2604 IEXPLORE.EXE 2604 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1716 wrote to memory of 2604 1716 iexplore.exe 28 PID 1716 wrote to memory of 2604 1716 iexplore.exe 28 PID 1716 wrote to memory of 2604 1716 iexplore.exe 28 PID 1716 wrote to memory of 2604 1716 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ea04337601f43e5692d6fa3b27327ee7_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1716 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2604
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506091bf382c4a33c61fd50cc41450a6e
SHA131445680a26623f3d0decc0a7fc3839de5ecc391
SHA2560535bd703f7944bd1be138d8ae6b86d45323c99f1040cb7bf4cf09cd747018f1
SHA5129884e7f1f81ff36518194a407912a87e89bb16ea19ddde7341f6564c6d2e7585fbd4cca546cbea01443aedbba45ee84ef8a97cb28d5c25dcd809d028c647d6cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5efcff9fbe78444147400924629a6c4f0
SHA1fcbf0cbfbb16b4eea99f62b4c2616ea2c022fdca
SHA2565541463b7321e83ce0f47f2c1b03af77c229164aa4e44205b82781230249ea6b
SHA51232ed1ef12fbb01d84d85d7b91cbdb5e102431db7e6600968e4ffa8c776acc6a8b31db75094fdfb7a9ff1c831b7077d4f3cb899b0e06c369c22626762fc6bbf46
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59fceec867c4f7319b3fab9302c9086b6
SHA10a98a675290325be7fd715c90208bc2ce00e6f64
SHA256c7e4b44b469e31c7d38bdefb888798a3bc932263b0ea7a8a396d2984a31feb3a
SHA512211337c75394a5c85329bb2307929ef979092fabfd5e9d9ec012898bedc12a01a976e0f0e84e3dcc59611cc6574c6829dfb1a8d158f3be9ba57de7cbb0857524
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5560e0e6b86ee4c4edc651adc1bb21fa0
SHA19231215b3b280c7ac16e400ce54c464a6d6a78e1
SHA256ba57744dfe5ee6544910d62d01d17602d8583d202191d83728eafd974d498c3e
SHA512f1ba1ff19a01b0897ce6ee4ba4d70cd4defa0ba28abfe2e150f8694872e8137a956f04737fd3d2e5ed37c5238789ebf9bc9312535f8038c36bd9fbf0ea30f2d8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54dc8c5c22883feb692a03b286b0f219b
SHA1af3d040978e26e3e42dde2ba051db34fa42807bc
SHA256ede7d62f9b62bce31ebf3d13abdd92f3cb8118f91a425fed0f3b12b5933f471d
SHA5126a3a1c4e9672f557daf0fd2cd3152d4633de728f2335276bf83946203d04c762eebc56883c960636d0a95a18de062bb09e539b07b827860ea86d8d01066f7b55
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57551ee1d2e681f1d756c8405afaa4f0a
SHA19cc5661ef8564a53582127e91ee085f17696c600
SHA256c29d5fbfac0d642897290a94d1c043367e12a17d37d93f6eff546d0dd6c2104a
SHA512097f10f3108c9d5daa181634b788f0b284a980bdfa85053cbfe3608d45652a1ab02adaed5d7e1bd13f76bbb268b2d4a50844d83de29ff701b10714b88e404ca9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54a4925769bac28c8dddde51c961edcff
SHA164354037b0583c244665722106a5a3ce6755691f
SHA256a91eb63047cff20ffe5e921ce043096e210d6c66b18e917f70a2f427d2019190
SHA512530cede024240d936b0ee688d4a33ef05ed9ea9824a61dcd02a0f19656634f66cef79c16e686a85eb85db0455b26cfd94d27c45ca492addb0a0bef3140b9476c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54d469077920207f33f100a8871730a0c
SHA152003a02284a3207e0806e0be7dcefd84f4f2a60
SHA25696a0ef9f0365f1b0aaf7bb7c47e1d4803ba52483478c47b4f222fee5a8663c16
SHA51290f8a173bd31fdd3dcffceb154c77bd6f5489e9b245af6b0715ea5511acae5826bdfcc55b925e456e7fad699c665fa938d424521b9f0a109eb5fc71aae8b02e6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e148f03662e61c0d0207dc488116bfc2
SHA16d5864667cff4996c127378f8e2b24faa5af809f
SHA25688872b12ad4da98b59a4f036a26ddcddeb695b205f87b3d14fc171536034dae9
SHA512b6edab16685cb692b995a8dc45c08ad079f6dc1a783dce2c50fb5ad068dc0bcf02ccd92b7cedfa385c8821ec6e112c2a379af0153e707aa8ce491ce6cefb3dcc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56a0bc272c45c1164e79dadf5acaa831b
SHA1299023243c64c867893b4fe25020234383b8e237
SHA256449a3625cfdd93d571fce6be90b11104c9bfe39ee5f4d93b073dfbea4a2d851e
SHA5122bdb32eccf7fb69f4e5b6b6f5cef724468097137e1f9146576b8742d2dc4f7e94bbbf1a62684e1fdc2e59bfe5e6de6d740573c0a09b44818f6baa81a794444d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f287e646ce384bc8a198ec3cf8c69430
SHA1f4e732b6d021b5437f58f751529ee0227894d81c
SHA256338b22294a9757ce58f2f7fa589bb0d8deda97bc78d61e59f15889eaa20983e6
SHA512ff21c28443315c7731f89bde42ce3dd41a7d3127a447bfb19260b21e0203d765451d784c83be7e1851e3bf1eafb0875afb1fcd3662c823aff08119636cae3102
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD536033851056d46fe800ef23ca51d2c4b
SHA115828fcf619fc8b65666e994d66b9ec8d72c63c6
SHA2569547eab6465d0fd984d565c3607d801e1a55318955303e97a44066389732c56b
SHA5126c381497c56475a7361d337f7ca48f5601fa2ca95739e2f758a6978a919afc7a87414b985f464a03f732219c91d4a9e3476e78de2ec7c8405d3472c34820b5d7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1b3deb9ab122584ed91036d20669872
SHA1cbe863749004c0563b682a5548081cb01758b920
SHA256d96ed8d371dab1f0561767a59e5ad3fe4b77752e10b77a555684b6dfe1200288
SHA512cdeb1048c66176bfbe311d700308a8ff8418a30ec83e05779a566f7d7dd5832b6e11bae086b6130f2570bb146e6d6e6bb66a72a1e83f1fdf66124a5bccf8dc09
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b4fe5d96c24e372efb6e654f8ef5fa1
SHA18c2a14d3a6d5035cfc4d6941e07981333238489e
SHA25649699bd3615fc682f2843be0b5689a660068234cbcc213905ce6e4ce724825eb
SHA51221a76d1fbc92b5d231b42c2563ed2d0801823dec596667da603f841ca1581b02c73ec169cd7b160a654958a73c831edefa1f620635c7cef6351e578882891627
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b