Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
19-09-2024 06:57
Static task
static1
Behavioral task
behavioral1
Sample
eacdb50d050f9a9de9b3de3047dd9b2f_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eacdb50d050f9a9de9b3de3047dd9b2f_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
eacdb50d050f9a9de9b3de3047dd9b2f_JaffaCakes118.html
-
Size
6KB
-
MD5
eacdb50d050f9a9de9b3de3047dd9b2f
-
SHA1
a2d49c4d9036c9a668df9b5c3c3cf3a2e29e9081
-
SHA256
d515903d85ac33d55df9ff83dae93374bc6d6cb70ef10954d3f24827fdab8afa
-
SHA512
bbd8c54563cd60fc91d952727dcfb366f1f525278045588fc8800fd5625e6a231b64beae9b71f4f855b93d9545cfe07e1e270ed7116b811fe3886cdd1361b7cf
-
SSDEEP
96:XhM3sHfSTFUxeqIjXL+kemfS029leSGMdWhWJIchqq:XhM32+GEb6kbYeSGMdWo5
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea2200000000020000000000106600000001000020000000c1ee50e1e9e31297cf1139c41620b248f443fb32e27260bbc7a9767b60fa67f4000000000e80000000020000200000005d7aac7fb1017d39b9846190f1e28eea9a151bc0ab1351ee5d3af9b5463df427200000008ace17ad3ecbdb1887cbb5832de0a2170082d6f132dcc9a0deac5d2a2a2d0de140000000f25cd874a04799929b3acc70b2b8437c1eaffceffcccd95bc85b173ecc52bd2bba3d320ea5dbe3210559e6d2336e3378d5f8342a14ffa4ec538265808ee93bbf iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045c0dde48c11474f81d9a2c02be4ea220000000002000000000010660000000100002000000099502a639f5ec22837b7aa4fe7a891ee4a3a46adadb34e3aa47e8e1eaeafc5f6000000000e8000000002000020000000680d59bddd95faef906a52c97ebd0e48964c5f6475ed397dc7f80532b0bf561f900000006675dfc8232da7de97c1be73d43677346d7331885dcce206e070d7538bc5073a06353d6cd62c318310dee678c98c6fd8d91726d3afa2681258e9412c0d3592f2224f869c27f4531685edfaf7564ead944d0ecf03162a3b3077f801627873ee01ec8fbaf59749089191dc9d0602150b7b4c48fc387903e25a880943fe2cf928919f11c0729753c1ec147be3c2951a12c240000000eb9d0bd53e9bd96d32db17d9c3a68d3664d6d395babd37bec836c0b7c3250d76d93ed6fb9878dfe0c2f1a815ab0f162d7b86abb7705284e5ae822f75b847ae6b iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40efea42610adb01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E6267C1-7654-11EF-BF50-D686196AC2C0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "432890915" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2212 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2212 iexplore.exe 2212 iexplore.exe 2240 IEXPLORE.EXE 2240 IEXPLORE.EXE 2240 IEXPLORE.EXE 2240 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2212 wrote to memory of 2240 2212 iexplore.exe 30 PID 2212 wrote to memory of 2240 2212 iexplore.exe 30 PID 2212 wrote to memory of 2240 2212 iexplore.exe 30 PID 2212 wrote to memory of 2240 2212 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\eacdb50d050f9a9de9b3de3047dd9b2f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2240
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD559bb4e375e72edeea101ae7d6ce20d7e
SHA11a66e4db53a88a1d852fd0b6121131d9a9a68835
SHA2561b2be93bcda39d4f20eb5f78fb837fbbee80b39df05fbce13dbd43a7375b27a4
SHA5123b88fc54311860bf3d745dc3ce96fa057aa183c65d7f8cf2ef2bf550e02cdfed09d0a462a0aa7c7107f3ffb3fa4765cf5b104d7f8e2941dce9f4cd3abebaecb0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56cf174cacf03d16e3d11e0b4098c1f5d
SHA15f34be4411c30d8e5f7230c6d69c44eb4425ee1f
SHA256a84419bea2a9cd31886e698ca05bfe2a88c60ce18b52ef10ac1cef05db017dc7
SHA512af194a0faa52de3950d850259283c8fc0b615e0d60fbeb121895747a3280e87cf8e56d6b5befef6d832f636ca3e2de52668d9a7bdb3323b5a303438050d504c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57ab582c8c045a02bf020ec22dd545ab7
SHA1b5336189795bc8a7e46ef0aa1710369ea1d04949
SHA256b5913e6b36b66c93146f61ca5e54f6825f6d131a622a3cc59f610ce7801e61ef
SHA51284b389f6197bb019bad81b16db6067c47d4decf78541a5bb309f65a5dc73d213588acb5e0e6cb5a8eb585f9b012c5c520a62f5ad69ab9a812857e2c3412a1fee
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5871a84bd3a8e80a877df630afbdf4c26
SHA132f5fc6702d9166dcb22f180b91367b36dd787d7
SHA256fa5aea5e8be073b30fdf97382706eeec92f189e2c7ef38625d4f0b54005f8db1
SHA512b2be2479108307fbef6bdce387eaaed7b49130367ebcd7ef6e76ff4620e695f76cff52b3c8126bbe5a79eaf61b3b8ebb1a3686e4e28cad4452a78b18dd05b2c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a1d50d448c170daf22814c2db6f5f45c
SHA1fc221511c41ffa14ab7d924dd938a8f9b6e48788
SHA256a23fea95e3285fc2df28aa637ec06cf17615794461e8a6fb8c79486973fb866c
SHA51297d5bac0d3ae5520b857b8639c4ec44f671bb4b2a7277d61f019b6f60c7594659142a6cac6fbdeb95e158fe744cbf63c10d4189931aa407d4de72fd9b0f53d39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50af389b8ffda4a591bd648814e472613
SHA19089cd6a9e8e622a3db898902cca62606eef053b
SHA256fd394e5d1d8686cc6037f248d44fd5f6e6f26b5b46d4a5cd3c5b622039cd1264
SHA5125fa7be5b9c63a2ce3f73e2bb0ba0e8567dddb23211d9083984072b9538883559f89ce66744546e9a9ef8692250798980a57defe0737bd4ea2691af594f076afe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc22d749b1701cb4924bde4b19174ca3
SHA165e5816b14c9252557065ce254868049d5d1447e
SHA25690b6e058997601fa4f29a5bdf0a8046efbbaf5b41846fabb5a1502596ca3cf82
SHA512e00b7baddf7a728ce9dd448d2db4e763018ac9266298d7ba1226e97be68405f61b445200d74fb9a012e3eea5d015a16d4a87911a468a774e88144fe7f3f04bcf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59fc5c98b093e1e0932819e3fd4c886a1
SHA1a7f413719cdacacb134fce89d1d3a89c6527b239
SHA2561024127d4dd328ae920f831a5b6024d2ff3131983cf5a2ff607022373409e075
SHA512daeef4968fd6f0edc1c722c9b2338c26f6da88bb5cd1c192d7b2c7119c5917f87a8d1e4cf104640db138e84075318ec1ce52e85cf4aaa8d8e0a2cdc0284c8ad3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD570c59fbaa0aa9b9f26c0de27f261ee9c
SHA1382718355c25a1cb5a211be2f66543f4d568c1f5
SHA25676ae7d64211176fc780b384f48257f467ecd6205e5b040f888f2b0d3016f6483
SHA512a3167188df629027007840070fca73b52ba355e3df15572e5f92564cb498e452ae72bb92681e2616a00c769f2f65b3fb6613fadde97b697346a8559603d8c12d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f3468c323fc293e157dc6e3810c78a14
SHA130a897c4d8a5410329e89ad04f3aca49423cd114
SHA2562a8d888fc0ebfaa85f1be50341bf6da9bef359b2b7053108e259772052af08e7
SHA51283813f4ef4dc8ee926411cfe071932e804fc1125fefa2aea3cf3542aa72fb2964f420bf5d9ec8da525fc97c57af533496e5728622c50564ba36858bcd27a6775
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f51f6bc900c2c0c5eddd34bf06eb7e7d
SHA173f61c33a2f220799f4578af514907120fde7919
SHA2568cad735e84771f2cf149097309a284ff1ac1ebe9434c9d7540ab82796019e5f2
SHA512ddc1eda472ed158cc05624f92d78d58a0917a51b2cc0bed2f06a829cfe49eb80d07554168a88be092e956fc543d46c65f0572150bdbfac3632c695944cdd0e14
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5601333d3997936e27a3a7c7b4b2ae2cd
SHA18575836217612a90cd70ada6e4560496ec763b85
SHA2569101f307b140580e082ec89822aba2e49254e2e9b8f9f37e31f3420314b22d5d
SHA512238688c76d05b2771389508b8c94ab210e22e18f243527d4e3dd6f15210b3745d36f41cd2e4aad66a7ba3b225c2bb996abf82e6436064e2b0e4cd3da9218cbcb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD593ff2ca6cff9ad01441e3200b0a88907
SHA1b8fdd13bb775da9c1088b4abcbb9a2e9e0357bb7
SHA256d2139d96dc03fbff735bc3ea1808f01e7b901b0abd5221d1914c9b901adeb376
SHA512d69cf4f1dc8c7e21bfa0af52ff4443d57ca03a088d308fab3a94df901da7f1212ad93c8e109ff7f8678fb66c07bfbb097e0efa3304b0a75cfd6806855c1e9b00
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD540d51f2f0c31bd5b48a12da74854549f
SHA1c8f57c7e066054f791f3bb535c63281f7c854c93
SHA256967ec9449277cdf50d4d1ed3ca50926252c798aa825d3db0b3a618e57ce7465b
SHA512c0ae1ce4b70cf3b4a9ace73707039370411257c31c53a6ac856ce69c1b94899adeead9ff2c5f52dc78b4ea98153cde7524ca4c3e4c0637d5f981f074fe27a833
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53e7a8133f53f5494e92b52ce7f5bc9de
SHA1b845953e48503bc335536f7ce56e47481d8231a6
SHA2566748c3ec0a966d4a33da4854352571275e448615e07f0a9edc33ab140243ddad
SHA51201a3332c512aa4ca278335f6d5ed62d51d3653ba9bae60b09921dfe99956416f08d472c6b183dad6c37633f8acdb4e36d9702e56befbefbe634d4365753779eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5db80889e9e14c8a2ea2cdbda8c56e6aa
SHA19ce7139480adb7acc302dd37aa90d08ed2502bae
SHA256af7368e3646c9f4fb5579bfb1e48062aa3766afb15fac2675d6f3b095df0b3bb
SHA512fd93d4fe72f05deab9b6bb410109097c8fcb54d015d4becf33d1d1be3bf4c148c629650c72246abc34afd53d08654693024dc9bca9dea68a69f265443a97f29d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fa8f017d8543602ae13e9c208c5203e6
SHA1553861a0de1b910b9c1209d8bda3fa5299f7a74c
SHA256ef4e9dee9ced4e9b56d2ae84a72ab5973b7e118d43c3bdf365c6fd1ebc1e3e73
SHA512eb242f806d8d697dd509acaf8f0845e711f2ea8076b2374c2a32a911ec8945ec3118d4c32f17b8bee517e7791c5fdb3be050ef17b3ccb418babf294209262f8c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b