Analysis
-
max time kernel
99s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
29-09-2024 15:35
Static task
static1
Behavioral task
behavioral1
Sample
fed3af3ed9b7cdd469e7c4d27037d4dc_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fed3af3ed9b7cdd469e7c4d27037d4dc_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
fed3af3ed9b7cdd469e7c4d27037d4dc_JaffaCakes118.html
-
Size
51KB
-
MD5
fed3af3ed9b7cdd469e7c4d27037d4dc
-
SHA1
b9e03cd9a6c99dfdfbd346eddc4388d43105db7c
-
SHA256
d565d36b51f72caa4218f20a620d666e77ef872fdb9bde52e9fc7a1f8ba6d214
-
SHA512
9065d1c8e220c53aba1c9223a68eda92ae16a60494c8c27aea3dadb5f6f37afa0a6472da0871cb1b8a6f8e40655dc771f170c8dbdb67b74b8d000b19f06be76b
-
SSDEEP
1536:Jdrrd/EgNisNhJDp7NULOOLwhLTLWE1HYQQTA7PkEUTUTe9TUEcTz/Ehe1K6EI0U:Jdrrd/EgNisNhJDp7NULOOLwhLTLWE1D
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433786023" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{839C8131-7E78-11EF-B0DA-FA59FB4FA467} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-457978338-2990298471-2379561640-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2052 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2052 iexplore.exe 2052 iexplore.exe 1432 IEXPLORE.EXE 1432 IEXPLORE.EXE 1432 IEXPLORE.EXE 1432 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2052 wrote to memory of 1432 2052 iexplore.exe 29 PID 2052 wrote to memory of 1432 2052 iexplore.exe 29 PID 2052 wrote to memory of 1432 2052 iexplore.exe 29 PID 2052 wrote to memory of 1432 2052 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fed3af3ed9b7cdd469e7c4d27037d4dc_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2052 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1432
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c8b1d7c670a1791a596acfeef4cfbe3
SHA160ed515e7e37b4c099a0a25cf2cf076b7d8b035f
SHA256e0c4dc8775bf9d0bab4ab1b8a9f96cd2919b3679d44a0809e535121ce0ed2103
SHA51214e73bc17371d26b3b3bece2b1c71f3023c9571bfd90a32f73bf3589a59dc8ab75f3101617dfe202e6d9fdcc5d6af087090e41027e788a96334efe62858e320f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56bc1a2d92482630ed3e6018dccf48a13
SHA1919c95e51842e9ba365dd9711ccd208130411809
SHA256b43d9254a08b6ccfec3f2a76071e0ad2a0a6eadb94886d4ef4ba7fd80f163e10
SHA512e128aa08f1de026ee95bf689d24afa6c8d2a11141866cf254167032cb0878069070f194266f8d7af9eb23579b9ac976796468b7712a831e50fd0d38decbc05ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5108499268318e61210f4a34c76935793
SHA1953a0293e8c03ee5262f57cff1203e6bf0d901fd
SHA2562dba7bf347756d19973a6d27514b46948bdb5db4f6fb6ceb90f2bfe0c51754de
SHA5125df7f8b248cab74e3efe59e8e0758b5cbac9a25928e1447e0d6192ca65b0aa78caaf2a8ac9156b94f41d11a525d1b8f2826427145a60b5353d11b651afbaa78b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c10b5114896cc4da07db4479d8f4ca6
SHA1ba746aea4bcbbe5e4686c2031490634706f8de2b
SHA2562d594984a09900614373e955cf7a6f43e4b4d44f1e85770532d7587f55cb3238
SHA5124d1f4f7af4a2a0df38c9b02dbb7b0c6978999b3a7e90afa5bc9b2e22a1c3837c058a6da8c56135a84eaa84912aa0a0ba413b8a1f5c991b82f4636dac138a46a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e338a1338c41f3d5b2af7e32c64f6a4d
SHA1c93064f1ea74b98b81bff5930075a219018a1155
SHA256a509a0dec3a4aaa312cfa9661abb55d9174828f74dac412ef6117592385737f6
SHA5127189bf48988ae210a374933b1c64bef5d47f2c0d29aa785186c4fceb1a77dae925c680754d6b25086609774bb80668d53ceb38d61f19c1d416c6fc85bf0f830a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56f5252074b475c2f48c82a7594060ed9
SHA1bd1658283a55fb2d2449c4aca3432c9ac50bc18b
SHA2566384e38bda8c59eb5a49a8365d70fa836566796c9e6c13a293a8221cc3b6d8af
SHA51225a5abaf2fb331e9963198dbae8c41170ae72171d5542a39e2c6b2b0ff3670f1e446c0f4fd64a3d000a3f87001a591eb1593bd2ceabda1c269e02678fd963210
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a72e37dc78bb5344729c907f8207e1e
SHA163b5cb719d3f85d5162138db143b59909bb2ba70
SHA2567d7aa2248d3a85eec9ae60e9371d6fbe931503b7aa8d8ea702599c9ce619f0fc
SHA512bb4b93b8873f8569697d2f2d9e5a582d51c5bf833d2409debdaab0c8b01f1f4a3740c5b6eb407522bc078e9f011b45bdbea7dac80d9f2c22089e2438750cbf4f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a9db0037ed72755ee6e2531fd0a9b1eb
SHA10df09451b1ff8b989404d5a04a1fb42af47e8716
SHA256bf4b01cb6d8019812ff5a0a6e3b53db84e40ea25662fc7c9a902e1db6cc6bdb8
SHA512d9595611addce32beeccdc88fa12d7194a9370a333b1cb2e785170352ea617508ac1e9fd41c090a9da9efb1de86130704e8ada4cc1cace9f1b14ab161ba79e84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58e97fe2ed15e284f70554344d76f2073
SHA160588604a8cdab11a7074415de8d9efff52050a3
SHA25699b9c428aaf8ef40174210c19cc3be7660410dd638fa499f95f784937d231c1b
SHA5128c3b4c18640180c1f5fb18d9c8dd1cb40f8c6fea9785445d5d7dbe61135e8b12c0d2dacac426b4cb6f6a1840ea7726b526c05264f8b9caf674f299c6e73f3e13
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a36b017c72731c9bf1376569459db3f7
SHA1e7b2acf63ae3798e95b39d7040f7fb10ec5081bd
SHA25655aedaa88cc2eab069398736306278a5880394ced26310393b8e423f17868ddc
SHA51236cf7075d81255da265400b6156918c3b3f0e99b20163a42db93f5384811f04b1cb60d8dc098e80fc03eb67675c33371e7538cf96139eec7f32c40680a9dfede
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c4e9ac1656ed7ae8dfa76f374292d78e
SHA146845ef9b987e759fd20de216c937d6c52856a5e
SHA25607412666308f3d3cc6ed293e6dfa8b62cf0c9fc0309935b4dd0f61d3b693c003
SHA512179a331978b54f4dbb91485932bbd4242524857808107c7690773fc4bb3efb6d85843d45a8084225344fb60e4b4fb68f550b0650828a42543e5c86fa3d7abc31
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b