Analysis
-
max time kernel
136s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19-09-2024 06:36
Static task
static1
Behavioral task
behavioral1
Sample
eac565af424b68bbbcdb0988aef9c77f_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eac565af424b68bbbcdb0988aef9c77f_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
eac565af424b68bbbcdb0988aef9c77f_JaffaCakes118.html
-
Size
3KB
-
MD5
eac565af424b68bbbcdb0988aef9c77f
-
SHA1
5a8fd62c34a70948cbf48db91990158e31a7d26c
-
SHA256
aa931738dd36da0707d75c147eea530496a405bb92686bf4ee10e398d7fbc536
-
SHA512
45b16b6d4ea40f353f6e2c386f5da154365eae82e184cee05c259e808a98a7b6fc190842e66a6a8de130c817182b40ab394e7f4b28231693797f42017e18cf60
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c4000000000200000000001066000000010000200000002da0a29d8eb6e3589d3686a231e0754b7ef99e460abf51caaf5fde83cbaeec58000000000e8000000002000020000000fb9ae9c949a4c22db4ff48cee5c07e4800481ea88020fb22979cc32056ad59d820000000294dccd43abc85e026741a4c656a14310711b2a75d8f9635f85ef84e64703338400000002c9bac513d7c0c50b9d54df76546937e99759721c8adea5b89dfc054b660d941a87f73bb63349af1de82a8679c67cbdc4c9e223673f81bb2133bc36c60a61f0f iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b3e8f15f634dfc43bfa5c3a2648d88c40000000002000000000010660000000100002000000032954368478299c7b7cb51ab2ba351767749ab15f70f8dcac51c8a214600e0ba000000000e8000000002000020000000b585b4865785c36b8fdcf55f0d1b828d0c3a230d92493223e2fbd41cb903eea590000000bc4a82b68d6445f25445af84b313f807cfe24e466f2e20196b795acd512d5344ae18553e65398300dc1ecf6dd9c2f6ca52693d62acdebcd32ea0975d855c3c72e1495e5d62612a00540d597db94be1443cc3b755ef238093b0a95f7870a0256cc54e95d50cf586eac4befc069c2e215e47ee1d69e2af1fc7b004790499a1404359c4983bb5d607d4d93c19dc0c7af37b40000000154ab1f59f812c5b2bc27eb14f9ecd24754b2bd6cb076c2daff301f0265ce621e7fde4c14c91ed1b9a237a08b911ac76c903647a96e1a3fad665ab86b34a8862 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{779F0711-7651-11EF-9081-4A174794FC88} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f050f94d5e0adb01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432889644" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2504 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2504 iexplore.exe 2504 iexplore.exe 2396 IEXPLORE.EXE 2396 IEXPLORE.EXE 2396 IEXPLORE.EXE 2396 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2504 wrote to memory of 2396 2504 iexplore.exe 30 PID 2504 wrote to memory of 2396 2504 iexplore.exe 30 PID 2504 wrote to memory of 2396 2504 iexplore.exe 30 PID 2504 wrote to memory of 2396 2504 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eac565af424b68bbbcdb0988aef9c77f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2396
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e056f56f0b46795439bf8fca30748bf5
SHA127a948c5360517839533a81c8533bdcb72cdb5d9
SHA2564cd63cdc0659a85edd99c6d91b72800c7e272d60115b95e319a9f389bb0a01b9
SHA5129b1fe390d3aaff9fd0c19aa6cdb4f99d896256b2efa2a31a3b3de256cbfa65387baf2dcc624ca0f2b42179d89b1a2c6b19a733b80524c64b68f18fa17e9b97f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55d4aa74499f2e849706d3764b171eba8
SHA19803f1e31330c3ea5d8b583407a943d023e48e2b
SHA256701078cb4163edbac537977b28ec6f890438bd25c05891f435db4282dbceec4b
SHA5123a66b09577271a4678b6b11fe1b9696f1fa0b61461e0743c336a408f653dfbde028aae78173fbd00fb5c26b32a6c848cd32114054b289e10563719d469732623
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cdd8018cf24f75ef9e89f21c753d604e
SHA1c6bd112d381c68f2daefde6076d15f913e48a2ea
SHA2568425945d28cae129d39c7377f6c011ee2d8053d99e1875c50261205617b078b0
SHA5123848dbf38e4a10829569a8259af976595ab9c8c0e1cac23593def0b52b5734a3c8af927b65e4f7b8c15ceef2670bac2d432e526ded042960940d3a8447dde7ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b5f5f0129bb6f032d10135f074caa92c
SHA18ca95c89f3042b6cc04a041126a54aa563151e81
SHA256b14bcd9369639ad7aa5e9b7cde72edf856501df3a2ff93d6118fbdde14f97cb9
SHA5125339e9ae1ba0b280da81d1d2476cedd6d8f78a5fc332498f015113fc505dcc5432ee00e6c5ce7800803bb7bbd3afc59686fb2ca69c412367c945586f630ec1d6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53b1528ede901f96905e1212d18896eb2
SHA1c52888a7c0590798b8dbffc1e047fe7c93afda3a
SHA256010c45e0f6be704915cb4a85ea9c0f3bf7092a4a477fd3cdf8ff5e0b1b49f9b1
SHA512cc5bb0bb319342e60f9cdf12b70ca8578825f1b7bd9b087e7f2f382c5ac0bc8a405e5aab9d6d0b464b7f15db68999fa35a4e6126b2bd710d5ef8e3fefd0d7e92
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a461d4abc62350b1fcb0e39ee0d737f0
SHA16863ccb5cfe182b0d3755752375c082e08c4c252
SHA25690a170a0e3c83245d3041b16c78c72611b3dbe66221b808970e17a376af50201
SHA512a7cbe786ebe7fb73f597ce2046a17f20cc9b1bc4575e92021553c28c57a79956143ce7b9583401bec31077b74ec3ca17838e8509dc7b6eef4e49cecd3213bfee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd3ed6513218907fcfc37f7d4c40b020
SHA12bdfd6f2d0533ec10840d76e9ea29e0fca789ff6
SHA25667d566cb1bd2f046edd38dd3397e73c8ffe0a8acad22b5f5f73c946de1eeff68
SHA51239356fef5713290059bc80d701d4af1b6075f9ec702b8075d5feedaa1647dbcd2b73f8fc5a9e68c60fe1688e1fb7fb3165a9ec9f91cc2764886722290a90eb22
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51ab89ed1caefecb7898ffc2bf43c6c5b
SHA1a94f1f58eef51dd8c9f87fc388e7228d457de12a
SHA256f89f5a7265346c3650bff30bb017a538d6b8e64d6eeeb8dad01366b1298450a4
SHA5127b7f5825c9706428ef44624f03caf5f69b78b6d92fe4e71e775973ee22992c57861d5b2d238cfb237b52fb170cfa3af2405cd2ef84139c81970fa2ccefe6dfc2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fbaaf1aecdbfd88b098c265e15913fb7
SHA19cf54246de60706dd08e82581bb733c81f7adc5e
SHA256dafc160f0f0a279067dae3e8db02bef0e9576b9c5492071d488f08ccff98a0f0
SHA512f650ad45126d9d510fcf063c07af805a9263256d1f4df9446227e5c169defd7ce09dc47139b18e211bfa54a3e2351efc9648a590fe7ec751b594fa9c0f220f02
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52100b1fdf485b74358d72f2172707422
SHA15814e3373285af47807feb4caf36755c2f83f99b
SHA256651a738f4707b3c1c68e7baf6c0fba2c2017a79cc2b9004152035bd7d1bb6c28
SHA5127cd28fa70614288a027070409238f4c7fa860a673f4ec9ddb14afb9c2717b5229368383ebc1cf0e190d4221efb6dfb207fe31a9b003b9815b901ce663140e4c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5403fd28a680491e3af0626d43ec1a5c8
SHA16434f915a0ef1b1f0b26d7f46435064638c1144f
SHA256db39d602283951955bd72624dadc65ee1d8bc98918dd54472e50c93236c9182a
SHA51263517b80ff5243ebbcebb55223f36179d3c854a35d115f5e83a5d9f3304efe89d03adef18cd4f6b60ebc8302ed07a41c599f8906092c569c4f35b4e29519535e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc8516ba2453e664313e4bf1599960b9
SHA1b1d0a27040dd9433722a7a42d4a0c2f6075d7a4a
SHA256bc7d7bf4e031c3655f606c58b1512e7f9977661196c5e9b079457174fa8bfbba
SHA512e533df64b28b42622e341fe1caa1d7d67f6e0b490910e505832a63f3e08f94be33e540e2cbbc2b070d4a1175112c1ecd7e5c75157a43ad8bda4aa496259de89a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51d0a4abd986d79d70d930f612cf76d09
SHA1a051d29a2c167553f588832a88ea810fb5737d86
SHA256ca29563f1e7c7229e702d794d0609bef3303be75df9b39160fa3ab004b51a5a6
SHA512a20142d8c7805d1a2aa95fc1b881d0a98f5afec16ee205eacba42e2beedcaa41ed4219b042f6df700a2da0c2bbeab876805d9bda2863e47100e671d699ff364a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d3efb12e9c79f750182c3d80c37a9f20
SHA19464ee134804962fb439f81f50231dce8cffd5fd
SHA25676fbe8305d55a1e32201f68afea146463db93ac2594ce295a484bdfb19440990
SHA51261377a0adc7ced58ce6dfbf59012081d4097c81371e7d74dec7c9012e37434c0769221659881c8aa6c483bfc8c1d19a59af44ef901862d92b66898eb952dbca2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f133cb8039ce0dd9475e3fbe2b62a3cd
SHA1473adf66b6b50114ad24e51ad5ae0b119a8ea125
SHA2561d2d8555c5f8b7467da78329664c3eb4ebd760528040db4167dba47be37d01e2
SHA51243271b635a1d2bc890ea894b52aec6d68528bfedeb6369c8b2c612baff32f768c56b0a413214811bab47194acc7f8ea760b059dfd20868d6c687678803fcc42d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54bb4bb7254b5298c74abf869cd101bf9
SHA165ffac0b11354feee8bc7417a02fb6a27a755d8b
SHA256bc47d01dd7bb5f61da6399e93367d9428edc5389f47b56f6e63139843b65a724
SHA512a34b3597f5a04f361b45ad9a635658d181b6a7f87d84983c5e1f5a27ef8b77fd5b3082fd604f573c32aa98ff39f2d570a7ba0c86961de06a604221373e245c23
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56ad6a0160d5468059733b12e06df74c3
SHA1525c300c10e5bfb5ce2307ff40fb0649fa7b3253
SHA2561ba0338df14a649b14427dbc3d524936223034a8a392d9d99c57422ee04a715d
SHA5122d0765d9e6df92a757aef4bcc90bcd4c7b0bb5c61f19a81d37d05c98a8fc54b0ecee30753b2b7dbf3ce3e05b7a9ea3da71f34fb95036e6902b54ff553aaea954
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b