Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19-09-2024 06:26
Static task
static1
Behavioral task
behavioral1
Sample
eac1f63895f97836372fb361dd670cf9_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eac1f63895f97836372fb361dd670cf9_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
eac1f63895f97836372fb361dd670cf9_JaffaCakes118.html
-
Size
9KB
-
MD5
eac1f63895f97836372fb361dd670cf9
-
SHA1
9ff67194a10d08e9dd40b05ec5cec9336649082c
-
SHA256
83f10ff68b321c0e33318570a93cd9ab6862fdf921e40da4690c4e761c1ce262
-
SHA512
89ef30ed0be79f03c93227e71e387a14ed1a15c72bc1156575af4a5ec38dcdda53e8e212e2396a6f5df04ce56be6698615152a960f89b49ef08cf6527599ee7e
-
SSDEEP
96:uzVs+ux7+YLLY1k9o84d12ef7CSTUzGT/kNQpglVHcEZ7ru7f:csz7+YAYS/mkgPHb76f
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50732bf05c0adb01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000007778e260c918dbef7ce6f6ddaa3b1787c24e217c8bca30e5cf7b281bde221813000000000e8000000002000020000000a194e959e5a162106c598a33a07da70f6f9370ae24cdbe161b0c7ed68c168ef720000000e17009520ce885d357d3c229041e530a779932b1b8fb3654240fa9b9fedeb1f14000000084afe14c049119ec2f64a4faf04d7dea28913f523205f5d9b6305784b6f9e30c6def0fb8ae3eaf990b3e9a498d8921cb5ebdbf9774d28be72a54f6f9b7cc0b57 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{19BB28A1-7650-11EF-BB31-7694D31B45CA} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432889054" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f54200000000020000000000106600000001000020000000af0b09d690f3e1f84261f341779f2d45d793c14fad9f8225c1597a8241ce2446000000000e80000000020000200000007abc71a30b88757d5b991eeace9fab0bf1a80782664afa648e748c85f15b11e690000000f42a71141e94ac1c91c3db703d79c479f71a6e5800b5784573e802f6b4eb258e72cabee8d723ecf60d2a5b5f5a96db22093632d84e0ef672c411dc2b08f7630c60521e101f8d40252c3ec01cdb6368cda4e84a55744bfe84136651ecb4747d67eb0d551d5d66505e2e24ced9fd31297e8c01f62384bc8c359b8780dad0260b7e1cf1578f7992ccc32b76b698c3879a7040000000261ae82e46bb3a76a559cc600b271b6655e4cc5b3d3dc582a3a43fa8421124ec8d1b9309e680e4476026a2d533fa03d0131e92c148110bca5885a35bc87ac04c iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1800 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1800 iexplore.exe 1800 iexplore.exe 304 IEXPLORE.EXE 304 IEXPLORE.EXE 304 IEXPLORE.EXE 304 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1800 wrote to memory of 304 1800 iexplore.exe 31 PID 1800 wrote to memory of 304 1800 iexplore.exe 31 PID 1800 wrote to memory of 304 1800 iexplore.exe 31 PID 1800 wrote to memory of 304 1800 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eac1f63895f97836372fb361dd670cf9_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1800 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1800 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:304
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fc018b42bd3caae5ba17532d25add1b0
SHA1afc378413f836e057d1f6f192c259159155819ff
SHA2561d67df9c135dbb3787cb27f0f1b30afae02d248803745629702d160a5bae51ab
SHA51277c572809aa0a49783e26902e8e9d35a20ed21f9db9e06609b05fea5bb32e8d90e5cd5569597a8b1fe68fcbbcdedfb01456bbbaff1e3e1e02a58d2f6a57689da
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50043790d9ebfe855931c47868fc2ee79
SHA162fb738478adf9ba7439229251af1a7ba8c13321
SHA256a176bc5bbd38d384bf28c0fb68ba457e597b397f073e4c914f9db73d57e9f0a9
SHA512d339bc6f6d2e764758d52842b61e356cf7d58bcf376a70eef31e334cebf2e24c969d5ed5df00152949f3d0c8da03a85b5d85df7cbe1a893364ee6e1fb66925aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD539ab6c17c43a4e570d189bbe9e7e1f50
SHA17473d2759bb4b12aa3be1e134901cdf3a014e10f
SHA256f352a8db9a5cb0f720899380b65e4533a5977e0902da5fab0affd8d1e06a7a33
SHA512a580612ca35f717903a6ed9b96417f5c9373e3d25574c1b6585df761954682ff7fd985227e558b9a0998b9cd891013d768d07fd864849f30ba140aca0ea6d2f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e6310ab4097a503a827a637c1603e2c1
SHA1f16d27baa17d540057af284bde8f16a64afbe398
SHA2569e81256baaf784a035c46af74967a347f43d7916a7cbb6f03df8c17a2694fc12
SHA512b3564cefc29660465237a3482d4db8ef4064e20c89c16a8865e639ebdce46cceca1133d07bcb3ea457ed581f58260f21ff01678f36ac0b132ba2063f4d7182d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518271a23dfc02f2f202e7ea25d98ebb2
SHA156fc16c0ad7e6962ef7009d16368d5e470e329dc
SHA2560463ec0a91e76fd1931ecc5ab28cc78ea4940a9ca6f872c1d31d214d3c1acc61
SHA5121c25bdeb274b5de3eebbb835c17c4c91a5add0abf4915bfccd01ef05cc06c8e446bba5c0b21756f53aa9fdefe17ab4fbf15b4a3b850681af427713d2d26022f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD504ca6213eab229170660d048b08049a5
SHA1647256900be903b30c63bbbc3b5908e414d55738
SHA256dfdf4fe19562104fad21ca1c4351fd23c0b9a626fd4cf75386e0adb124989a28
SHA512057bd2e778e991755f35ccf4e67f9a50c3fed1fcc3402700c2ddfb78abb0037e635fe54d07a12fafa8db5c46e0891687966b6743c320090bd1bc7f7f19e0c39c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54a690822148132e3d1541210e4698ccb
SHA141d80746e92e931353fbc11f014e515b69ee53ad
SHA256eb2dc674d6d09854eb0336790d35f49c92d4f9d5746b033db33b72617791d6c3
SHA5128905bacf63dcc3a13f421ca8895bf6354223e96871f26eb8b97c1c51e3e6b77c885354ced02be89b73d90d2e62ef46f16f63aded2668e9d1ca5fb9e7cdcfe1ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58103463d0c01d462663d74a9948b4081
SHA11114707ed9fd4853df42ba34f8bb1cb4c95095ec
SHA256993c6499bee2ce6a2eb4d197523241d606222970eb9746f9d406d2a94c611859
SHA51241547d53585b6a41986941d23421f90c02661c8621832c78beaaf061270212b82c0ddd9b7aa848b7525cd6018de6341d3b9a14b264f8ace83672be9c3b176a89
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bf3e453fb6d90f17d6064c184130b99a
SHA1d5a33d235fb762dab2193d3daf454918a38b7529
SHA2568cdee3ebb3a26d8dd971e127008d3bb888f6bd3c89b8d4ef9f01d6c51e79c20e
SHA512db7334b9d1615d77dd32e89809a8069104cb8ae9bd70e0392c49b2a414821e431e9420f935bc8c63a148819203612d10e128440df3b22f052bdeccd2a8b0b4e4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD575f5e0f49d90064df73a9e11a1eec6de
SHA1d0ab5df8b8bd8c16b76fa145f84b8f89f996a91c
SHA256aeda21f0a01c109fc4e44f46e422ca7748716969e62f1e93abcab8822fafbee0
SHA5126fcac11b56524b3cca343ddfbfa425ae204784f9190265c437c6f52f3123005acd33338f38ee44558d893655ff36fe4a709310ca9adf3206ee01d6b3ab075cc6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD504ca049653071f6cde16f06e7beb972f
SHA1d0c0d53f7b7a96037c285141a027f3c29158dab4
SHA25645c6d775ce4aba4205fc40b1aaccc2934bcde93231b799852e897fe360fab449
SHA5123220ef770185ec18582c678c4fe2334ef17831e77cc8d06a04760150d687e26f57a70a789d2da095dd6da435e2f5a7084d56e49b236acb3cc7ba5016e22dc5fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c3b6a17ae43b25fa6fc46a7d785ad38a
SHA13bf9d88a029596d52946f81763a982f361251742
SHA256d8c98fe8b78b23ef4682bb82c7716c2cc5efea6eb54a9cdf950ebc818f31f340
SHA512ddfab374196a6e9468ca0a9291028262395b2d4a26254709b8d8ebd1992b408eb878dc45f9aca1098d5bc246ca42fe7274018967915bd87b4ff60172e259b4c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56b8fb6ff3bcdef62652281c5f56e86e8
SHA133446feb19e49eb176e0e2d02cb64a29e8df772d
SHA256d786718c163c90ea887c3d3b919586dbcbfc659c0b993c1943f91dedd7f9cea2
SHA512eb5ceeaf53778309e2e3960029a5abf3a1e712b6b641bd709c7f9a0000cbae6176a6a9def8427e7ed53a7015450797e68e295b3973a62ccd89c98bf5719fbf69
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc90aba7af5261231cb691d32b2bf0a2
SHA1c63b5aa072d3141fb0add8344f10819dcaf44dcf
SHA256bc20a425333455feb4e7f02a5e8ac7692720676397f97a419dc96a0e8b229090
SHA512ecd601450ead48af7ac40a739e753bbfb23ece7df14605737ddc1e952a12d691870b842ee28c1d58c70afe5e78f36fb05025b6d131a160d3470280a5f9ed7a07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5002ea6b1e81595be1108bc9ae7f7f28c
SHA15ebf2a52ce646ab51f03f4136f7bac88ca9534b2
SHA256a7160105edda3c58f9081a909bc75659762aca765f4f81f72806597ba10b603d
SHA512e9b3492c823f94259be883df9849995792356ad0f370776c6fb2462e7e3826b1f2ff0fb7408ac3681c608ba31de53b31bd8cd897a3e8170ae1e3eb4a65c9df6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cd90f683e3aa5e2c4e0c31d2a21b1243
SHA135863666461ac7fb4b6eed99d798fa4ee81a90a6
SHA2565f84b60a67219cf445dc04a257ba868982bf5611c6b2ae6b89a5d2b58f996375
SHA5121454440f67955eee40a27f2135cc730f4eba5f888d7b3c84ef4a5cb45574de2e65cf99634c626f7cb57cbf56ef6adc6516c423dc361411bfd9a0484b2b2bca46
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b