Analysis
-
max time kernel
144s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
25-09-2024 20:20
Static task
static1
Behavioral task
behavioral1
Sample
f6ca5222619fe7e545036a6951226385_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
f6ca5222619fe7e545036a6951226385_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
f6ca5222619fe7e545036a6951226385_JaffaCakes118.html
-
Size
12KB
-
MD5
f6ca5222619fe7e545036a6951226385
-
SHA1
af3e8657ef23cbc9a71d668433622f3cc3ff4e1a
-
SHA256
02b766a6c769b591b9c73654b95bb1c902e895256cce09ea30ec61dd679a9adf
-
SHA512
9d63cee7d69eaeb7daa541ef9b3dda8c8fb5fdc3c8aec04edbc7d60cf88cf9f071a849deeefcae79b48999f9eed07fc2280ff6a3a2438a9cdd4c925461e869ce
-
SSDEEP
192:KYL2Ru4bo8pOAaDAsNPVzfeNe7KozPZ3A62hA1ga1xtxhuhvTY:ApOAYFteNUKozPZ3F51
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f542000000000200000000001066000000010000200000009224d95ec4d3b3a9355280422d94611f8947083f4fe912d9cf09c48a1e9aa94f000000000e800000000200002000000095c95829dddd0b4fd9e3ecd0e2ecc5f563d00b710d4a7caf94f2d212c229d08f20000000cd16fc8c8b8de39a7baf57b9f292030327199808f2b3f783ba7c9808111b28cb40000000cc6f2676f8081df2933e2438369ddb962073205c11b2be85e0f1d9fdb92a53036c8bb2d50b419f67dfad7afa24a29f60b9ad1a41473149a9d0b146e1395a4542 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9DF6D581-7B7B-11EF-B699-EE9D5ADBD8E3} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078a0cc6b0b830b4fbbc12dd3fac6f5420000000002000000000010660000000100002000000051250c742aeaa92bd155ec3fb915473adf75e1a4f27ea9b0d6adb0e8ba6f1d2f000000000e80000000020000200000003f1759b782b4512285d6cb5e3c39c8ef3ed19c637154da6f866e1c5d57cdeb9090000000d3ec508c6a24efb1b8227ee16a87f1b2176a951b5942a2cae358464a4974d875ec18172b79ee837349b07709cf3dc4b3480cfc49a35f629b8f165dccf5e9e0fed5fcc8262558d0777ee064b8ac227e6d19a322dac73a53a36240b7d7f5dcabc9cfd8e7ae1c860bd5f3416ed1272f1146c1a610f47d7fbbac61047e98514d88d44b36f1655e3154dd65903f53f1400c7240000000123f9f4f5492f588bfe08b073c27751100a1cf42523fc19dd9a0e914ab849e7bb97641d8dd8598517b7d4403fbfb397bf8427523b5d3fbf0b495b75e946a30fa iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433457500" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0524693880fdb01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2528 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2528 iexplore.exe 2528 iexplore.exe 2452 IEXPLORE.EXE 2452 IEXPLORE.EXE 2452 IEXPLORE.EXE 2452 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2528 wrote to memory of 2452 2528 iexplore.exe 30 PID 2528 wrote to memory of 2452 2528 iexplore.exe 30 PID 2528 wrote to memory of 2452 2528 iexplore.exe 30 PID 2528 wrote to memory of 2452 2528 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\f6ca5222619fe7e545036a6951226385_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2452
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a2fb45c6642c5e1711fa831f68a30195
SHA115ad2179615d8b1c4d17ebe5d90da364e1c6a3fd
SHA256d1470ed2f1e4ba053f0640c30ac9b148b300fbfbd2b6a2647fef342322167a11
SHA512cc56da5c546d94b0823402fb087e5ea503e3b1bb6e417c0d7c18947cfecd16180305ec7360f3983aede09ee5d29b9ba05506275be22443bcd16062955a1f64ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59f3554a75b0335d5f4d9b089c233bed8
SHA13154ce1f0dc73bb7326275e53d91b384aaf5b6bb
SHA256c562d2f0a2182f53de338089181345eec401e3fc96dc4b8fc7dcd47ce76eb588
SHA51242e6ca8a41cb7aa83ae8d9eae8c8c4a05cde44dc5cbd34eced011c02ae314a99494e322ff7782213c809ef9ada962ebc8657fdf357de199b6a5dbf8083df9cec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc0aa2c82ba2b5cfda342dae1f8c2e15
SHA15d69aa624d977cf994b161d11a9bb33030b5b9cd
SHA25687ef2b6243906346e34be6d702ebac95f56dd7986f21fc03d26a8ba3535cda1a
SHA5123ee6619f1625fce32e178e58632a58d527943a32367456d0baea9aba6565f934a0653c9323a8110c283486aebc407d8c43bd1d46726cd72e5ba3cff4d73a8007
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a5255d53f6fc6098dcd841a8ac307346
SHA110ea3eab7dedf69ae55203d258a026a0713d50aa
SHA25675e81c6fe6c47b4f4b39a72105953e16f6e39c7bc3fa154fa4173198ddc0431b
SHA5121d43eebead2d293f03c1159ac19df87e92424918f6bb918208288570c01d20a4dc30cf2622af114f9b5a1236afcc8b4e0c6f8a989f2fab7560263b04e5c34531
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cb0575873614e1b7a4cebbdc8b653bac
SHA19ddb0e83a39610bc50432c0d1143ea3f044c3737
SHA2568d87a5d12df0bd92930faddf7fd0e337f1b71e6a99db8468fb0af88fefff2d1d
SHA512b19cf36ba4ef91f51251b97d0089a12c9df43033dd4cdbdf2b0e7e33950d2ddf931bf66e4c8b5c9cf5b550ec750a4a17464249b508f0a80f70f63c354df90b9e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5242fdbc35ef273d583c99483b1a84efb
SHA14dd58be3d5cc14f0be966832c5ba4a2e35e11ccb
SHA256235561517c767cf2ecfc4c2d1fae173ceb21ddd964f5e21230f6266254ae0fad
SHA51206c34f99d83b610f723b4b44efd85423a369d77ab9a9b2277d6c2df554b5eaebb6136a15457763e3cb923c5e178bdce62ed15de71ba198c75ce88b5ccff4d3b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c872909e835bf0b68270e24f37b3dc8f
SHA1fabc268a4ab8c8b55a2f5a062c12b8b94c07ad8d
SHA256e4d4f583e5ff3353a5843436f7bce7c89201ab499d7e028dff82c503f0945eb8
SHA512882714eae0ec515fa6303a58f172d693305cb53a6303281436343ebaf196cf72ffde31bb0a4ec0d6a0f91e82d2722d67a3a93d271fe1c33be9c30d21a799bf51
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54aa7d57f9c4b65c2a945ada562982927
SHA14f95041e207d9b24e23c8e804f74680ddd1ed937
SHA2568f518483e0fb3536d625d5f27b535bc1c08087121cb5366cc5e97e4ada1eee63
SHA51299e68e1134ecfd478ce24e39c3f72ef6a04e7ac33a2b9d90e116276b8e8cde985fed228594f4cfc0bdf80f6c8364a92971f03b891aef561268271582116bcce9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e2089830f14c25c2218de2a1b6f28ab
SHA1660779ba1fa00748a97ea6b31eb238497ed885f5
SHA256fcfdb5d27e955fcd342ecb283282b3767d0021de8822d1e053e63ccccc7ea9e5
SHA5120925172c4bf2a6559ec475ee1b56b9501e9d23e60844b487206d205c8048df709aaa1ccc1399293c50ebb7564749fcf4944da2e72b1abd02a4ddf501361951cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD561375e57a4329bf5cdb1260f78492099
SHA12e5da13387bbdb45fea375ff237af203b621cc8f
SHA256bdfe1b3ad786688d8bde018507d344f5be5d977ca6cc31e07b3d52ba23446cfd
SHA51288c26841d7a29ae924184ba1b88cea8823e8cc319749e68a7f7b16a720b506d8dfa053098da708da3393bad13b9085f53312fba718f5264f139bc591c6f1b2a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c26df3deaa4061353daced96c458fd6
SHA1e71ee32dee283e54b7fa2cf48d7049d6e252edf1
SHA25673a58c863e35449b0b946e312bd31706db18c804cb459ffb501f03ea6844298f
SHA51291d833cd10480e787ae40e2e3615e6acf862568730f1862beec4ead7766bccc97f5fd82f324911f244a4b2611c826e5d5861ec5818b104a3a48041819de2d25b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54e1c827fb391a3a76eace1c5fb5f19dd
SHA17abe2d14b1ae9f3939b61b27baf66d609b6e744f
SHA256c36f249f19bd23efc257941db38a6a868d8be673de4f21fa64ea5d838df311b8
SHA512e4f74c111e8bfa125ca96bf42467c10a6ba024e0462b8e528483b55004a3d502bf343219eddbab9a2165ce6cb729ad6a5e13e72d3354dcc0f47e8a1a455d3908
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582ff97bed2baa6546b59cd84931025be
SHA1fc2d237fe78846fccf4bc46a56c32ce1cc4e555d
SHA256581afc11f484ec12e0dda4a9713b2f1df45bade5524d9896f76bc28cb0f7b316
SHA512088ffbe778d08ace1c40b6cfa721842dbaea943d890c26cd6e01a65914f3843ed824f5bbf5496ba172c58ff01061b4874e1368c3224456fc4a3fc24c5dd4d40d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50bfc02442b87919523658da0d4b9445a
SHA1b35aac824619b4e318900c89d82e42bbfe3da08d
SHA25652204522a87180baa85cac4f74bbda0efc29ff368e99252e2cbbf82013fcf412
SHA512616cf6ed36a09d2a7d868fe5ba7e22daadf191839d6f5d9f95387e42a217c623741f7e3d93672e09299bfa09daf570041b88917eede7c54342d0d9f512b7f96b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5629038987ec677b69f8b01453d943d2e
SHA103140806e1267b54f87f39c81d415ab3e168bb43
SHA25615a2165c4a752cf9ff9d010b2397bf58a51446af74999d71627431e97f0a4c22
SHA512577cd7e6eb3f952a5be0eefcad4a486dc73dd06476dcdae05bc9e83fda5af57e9602ca142d2b27de143e082856f5c63eb09024fcb8a8e9fa88d4b5f4fc0e2a17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD584f8a2b716e55919dd416a0adfbb49c2
SHA1efa99ae04a99cafed1aed8dbcd768cf88930ba4c
SHA256cf1e0c928be7b03d01ee472d26f486c6fae852c31a14193ddc63c3235473364a
SHA5125eb77160846f19c6a8679726bc336196ff1973c4a756b6133138a2a7b80c9fac4bc8b8b7d23876a69ac988ef4829306a15d1f23355d27b3f5b7d807d687da40b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5571052426d11d2f1e0b67e66f00d7abf
SHA10c9887ac8f16e9a4ff9067f8d07a97ad212c386b
SHA25627c822120c9318dc7bfb6a38aba182cc65a24bdd73f4cf10ba147faf615d32d2
SHA5122f51a365e585448632c6ccdd3b49c789e1bee7efaa5c17b3962b536868db3dd5bea7f55c0bf4efb41b45d60fbf630362925ecbd49684c2da3f3e09486d784726
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ca1d5ece960ceeeec43e34f1940743ca
SHA19043484deeb11cdb0e9c086e261d29227100db84
SHA256ce70ae53ee0dddfa409bdc5574473ea29eed13003eb9397f2548e606eeee504d
SHA512af43931f2a4038459349e03da9a273e06f31073e4a53264c7f658c76b8712495c2e9d1cabce10c99b1ad921271822b735445cf66daf15f92c60dd108f1b300ab
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b500c2d415c62b004364ad2fece25991
SHA128e08b25631166d9e58cf4da142b69be31a93267
SHA256a0148c95209e99f16f9a04b9974c25b2250c718b0b740df032085dca2e2024e7
SHA5127053afbf6c1ce64af3b6dae3df24ad899d7cab22b6783a121caf34e3b24ad5720ca7f7025a2a462f85e40f8beae35e90ea10028b544ffd8d8a83c4e8efcdf004
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b