Analysis
-
max time kernel
117s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19-09-2024 06:16
Static task
static1
Behavioral task
behavioral1
Sample
eabe89885ee8cb38b7891b1b8ed18fd3_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eabe89885ee8cb38b7891b1b8ed18fd3_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
eabe89885ee8cb38b7891b1b8ed18fd3_JaffaCakes118.html
-
Size
3KB
-
MD5
eabe89885ee8cb38b7891b1b8ed18fd3
-
SHA1
64ccb114f64bfe4c545effd36b68206af2853cec
-
SHA256
944a4d417ea758b95045260671794a99394e131db0d431469264840a95028c38
-
SHA512
46e6b29d4e905024c3a0185bf64c8cbf2838c3a9270503b66d06890ce930143414ca006da2329860f60567292bb064b63af4cab60d99627e365d934e43833924
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000506e5b8742bcd135b687c3edb988030288b673a205c135422f69d0f9324049be000000000e8000000002000020000000223cd57719f3ad47cff81004e60a4a8b3b99eedf3ae2d1d4f85a08fdc1cb4238900000006cea709796bb0b92d7bd6441e77c8ac172534d33a3b1df070bde4c210998e12e2b0354fd26b22055be65be206d83c050d03b9e9c063694da22dc832b387cb376bece5986d8c5d011c31c399ec653aab61d386251c1aec74aa9ec3b703dcc4060fbd4d18017d82b1cee981711af579f64fecc97e8ea4d6360b4fbd9c746f95aac44a8c49f48da3a40e8b8c29543ae5b15400000005af171f4f3cd1c951f1fdd2beefedd9a941bae2216d8bfc687b06ad70979452279330d92f1072de82dd6700483eb9306e39076709c43f6b7448868cc6afb7478 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432888470" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20570c945b0adb01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BD0BB351-764E-11EF-81BB-F2BBDB1F0DCB} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000040c1cd0e851fc9895170c0435853e7a6382f42a7d7c1d680951967c8db91ec4000000000e800000000200002000000087f579867cf1336e5fca40d4201dd4390b27d44796ab6afd9642bdafb5faba3a20000000b53eb79fd98bc166e240a73c1a41656ba5a43b040cf01170135070c16284d2d740000000d061379b98996bc70d55a5151ed7853ebc094b89bab19de69c291bbef022a85683b580bdc11e8138b90d1795a4a17ec992b1e006f607adcca6e7a0c7984fe348 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2072 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2072 iexplore.exe 2072 iexplore.exe 2392 IEXPLORE.EXE 2392 IEXPLORE.EXE 2392 IEXPLORE.EXE 2392 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2072 wrote to memory of 2392 2072 iexplore.exe 31 PID 2072 wrote to memory of 2392 2072 iexplore.exe 31 PID 2072 wrote to memory of 2392 2072 iexplore.exe 31 PID 2072 wrote to memory of 2392 2072 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eabe89885ee8cb38b7891b1b8ed18fd3_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2072 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2392
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f802eb1ce750fa0a0f81ee4e2bb2c8c0
SHA10527e2aff213fd14e904db6168ecb9960cf777ff
SHA25641b38c36184285008597573100122e7ba86d912dc09b0b2377d9ad0febec7ac3
SHA5122df94f3a1ae8b649c918fffffd877ea0e7d562e31c68860568a9b7637ea1a11c499b5a148c1f70d51133cf293deef724ecb7c62841283ce02cb740650d57188b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55f11c4d6d1f0e3320ee9cfa545fbecb8
SHA1f80b702564fab17d8d5384110d7016a275665ae2
SHA2561abac580ac397f3fd1d8fcd8a32830ed0c9209942e6dfd61ef61b4bf277049d0
SHA512ab7775ab0edb00c2c12f605c94d264b63e52a3a140a77a2d96452a3317572addc65396d1e329593ce3daeb04c8daa9bf389a4f04fc785f186554500a45ad6833
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c80a0087e46d248899d7f70023a93f28
SHA1bffcfff2ccedd4060f055196e59ce4e81f9da839
SHA256025af95739da23f90dbba67a477153622110f690954e236a15ab0e0d83308581
SHA512e9829c140af6324129bb97ff32d1dc889bc630d71b0bd3456f3a5482ff211a511884f6f534b877894ff88ddb3581f6252e852ee20e20acdc214ed0b1703bfa3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50e1aefe3f8e52b396e46eec72b6fa51e
SHA1187c93ffe14074d50ad7ee649a385a74e93b2d6d
SHA256c6bcda11e31b4604238fce25abbcaf2541d45c8021c3b6734fe7d425e24f3c38
SHA5125afb5f26a46580d6bedbcf3c05fe1ffb0b366727b1129e84b416294d0b4d9ea47b210f2c385da88b2ec9907c5465ac00722ec57ec9de2ab42785204f83be83c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5376146549cf5564152d2789032609d14
SHA1d5352a8f725183dc5de42da875a45661aa5a8fae
SHA25616b7ca3b8ef1b578e94e86a6c13fa55941340d9c336bb71102c60d8a72de1200
SHA512819c257baddf93ccb696b322e7a817d1def2a28a6df614513c8fdcb564ae42546b227d252940fbe7ee033e784751d96d2a43baf4ebe41626a4cd9e713afcaac0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5085f60b376c5d0c9740c047035fbc0f5
SHA177a1d7eb6660086232e36fc99b64f1d85ab58434
SHA2560318f6624d8bc14e59026b72845a960b2ca5a624687ffcf9e719cf3f53fd8728
SHA51208fbadb909568056d0b7dc25e11eff548fafd672bd79be1aada98b6f0e4df5c275daa75ed263826fd3eb808d0b7a1d371e664b2590a466ae5b6ed41564c3268e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d52c3ec1457af49857601cf0996c00bf
SHA141d61fd8bfa0e8bf64ef49156fff4d5b457a8534
SHA2565615ea0339db557a19638970fe95056d6cb11493224d7adc2a929e4b1e59e9e1
SHA5121a3c2750003c12c6161540a51297bf0136ae7df499121dca27df95f131cda45e0f6b839fa2d119ed971d07636bab2e2bfecc4c7f89e8db311662e328ccb29980
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518306afed0e5e0e908e59af3ec1de679
SHA13387a0c1a93b41d57a02be867f38b2bed2df1b77
SHA2562a2454248a81eaaa51e1685ce3c83ee057e3c58126270f89e48f02d44886cb27
SHA512218f93ca02030dd1935ba1ab6f81838df3a61bcf42bbfde22871658fb4a016fd4184a7fd2f48183ce2ce621163213a28e8c75b576e8a88cc71dd6300de56c2b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57168fe7d744d21915d065352d6176bfa
SHA1f744ddddb2190b0fb23095bb406a0d8e815a6abc
SHA25634ba02f9400b56607b56d02afd5fd9eb4aa9376d8200b5aa22dee603f7df2b27
SHA512bd1aca9c951ace3146c20e08bf8c4617323b1ec509ccf1af60639e44fafbb5414e2fa1100df20c8a08a01fddd0f920e9438a0c8cab51a1a25b0cd994d51c6ce4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD589c1f3777f385f6aaed170b0d093543e
SHA1f1fc3f060917db13bb8525cbbf49c7545438f634
SHA256719edc14a94c79596649f00f999d3fd4ec78c5d7f1a4d87901e8be3a92d67bf7
SHA512ef4c6c47b09fd62d71583daf6e62d59246e97022489c4b8927d77af820e9c795d7a193010c924ba6c1d4911adedcfcb7c1abf96f4f1cf9cb9282f14000074ed2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cbbba2feb6981e059776c194002c5785
SHA117b9a30818bbe3fa7c51544508a5e5660707ca3e
SHA256428be89ac0e0e2719b9f60b4fe69e734d94a0ff74c3aee33edd4740564e10a9e
SHA512fec9e63f31e592993a11c6343ab40d4a598d99f6bd07bce513a935c921e1fa99409ccc5850c92b6ca8b6af3ba82029bd1e1f9e33f2cd7c82919a0588262cd35a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e0f4d0bc2e54d794dbc64177f103500b
SHA17bc1cf298c3d753aec484697d77a1d97dd408422
SHA2566acc7836bbd1a602453be8cd9331c78f9c871fa63a238fa96b59a02baf5c1e02
SHA51202ab18be4cd458795e03e5054c639c044a2479e2cf20374f3b42443e3a901685816ae955a8aa66d02b444cd7752c38fcc4ab3deb17140795ec040ee7ba3af342
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ff50bd6a276ce29c79d122965224281b
SHA1868ff6b0debfdb394ed5c05e8a6767920ee91f68
SHA256d54034aa120777706e979dfe90efcd030a602fb037a7ba88602cb0da23b3abc9
SHA512a98c6d7e4d009b6e49ed02f4e50980ffd22634d4ce3ceda792454711ffa6f798ed0f44496cd7d8e8245ab1777c53d0f5783cb477ea6a751190d03e9ec4a96c93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56a280b667e0f97c8dd0111034d2af81c
SHA14c15df9c5896ca41dad68345ac9de460b0d4064e
SHA256555e2266ce39cd50e46d5339d7f1644cce5149504e2d7e8ae3cdf28e40476878
SHA5128c3385d0f1808ac65403f043c79829a12d83ee673a8751ade49ca68c38a0492b172f23eacb8789b3269dd6acfecfdab95e358d1bbd3f9b96084a9462405cdb79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD515a6b1beafad17d621910937bc32f0f9
SHA188788eea91f06dd55f840edf697d232fa8d1709e
SHA256ba8b418a8602630ee7bf2a0727f567713b9914d5c50508defd8e82ce41e66f1e
SHA512d9b862f2905d36b711700d6be8e920061b3176d92f253c8de14c6be6c5a21539dac68ba92862ee1a0ed8a76ec2786f09e753d7610c2a969d17c85bb672bdefe7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d1dbc2a06776e156171643d6c0954df3
SHA1d0a372f782eb4e4842e1336299b5a7ef7c769c8c
SHA2562b68c7d71f34cc813a2b594bae21532a96b0c58cccbf5735f2b614dae67373b5
SHA51256eedad2a890138ea35f20577182416d0c43dcd9b58183a2a3bc3af9ce1af17f5b03f905ea4f81341a8c8c6d93fe1426678c012ef031e79ea48b954bbe7624a8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5562e02fd1bf704fd692f6ac982b1b593
SHA107668b0d80ac718c38b7ab8f968eb5b2714e7d0f
SHA2569457197fe0b14c95cb31c8cd439b843020fe34019dec366700bebd6a51bb84ca
SHA5126984586d4ddb511042955141764a58e897f317f6dca346f38566e630f3d0bf66dace32e58f0a85ec765f3caca475544ffbed150fdaa83616a483e1ab726f3904
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b