Analysis
-
max time kernel
132s -
max time network
142s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
30/09/2024, 19:08
Static task
static1
Behavioral task
behavioral1
Sample
02db6041b71718d5c960f08bb5f2ca30_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
02db6041b71718d5c960f08bb5f2ca30_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
02db6041b71718d5c960f08bb5f2ca30_JaffaCakes118.html
-
Size
85KB
-
MD5
02db6041b71718d5c960f08bb5f2ca30
-
SHA1
059448f5fa3d54ecabb9809608104c5ff444b44a
-
SHA256
75359291fac0901aaa2550df2a98c6433f89c28316059400a01cbb83f0f97337
-
SHA512
0e8284b02a6dc8155e285b8159a9b1a4b0d2830cd864694be6d578d06ece76cb6cd04882190bd86a021b4f0687945672c06410655a75f81b7aa0df5fe0f65a9a
-
SSDEEP
1536:U+ipVn1BUNqvLKvr7R/bnVcWCU+So0mjiMpbqqvmznhKv++nPLB1Vi:UBvLKvr7R5GiyuznhKv++nTB1c
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433885165" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5989F9D1-7F5F-11EF-B36A-E62D5E492327} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1732 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1732 iexplore.exe 1732 iexplore.exe 2284 IEXPLORE.EXE 2284 IEXPLORE.EXE 2284 IEXPLORE.EXE 2284 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1732 wrote to memory of 2284 1732 iexplore.exe 30 PID 1732 wrote to memory of 2284 1732 iexplore.exe 30 PID 1732 wrote to memory of 2284 1732 iexplore.exe 30 PID 1732 wrote to memory of 2284 1732 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\02db6041b71718d5c960f08bb5f2ca30_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1732 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2284
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fccbf27cd03768fa97ff120fd5551c04
SHA150557d0924608b2f1ec99852253c9779ce84ecb7
SHA256a1971130f5adf9ac4f884224d3b039c1efc981f45fc8a6d217a4b2622077ac3e
SHA5125d9b6387d4faf37e2ea31cddd3fc7873a8dbcfe7c61cda58298d55232e083ed9c6cf892b6d69832c4ccc6ce12095e70b7af0a76031d8c85f5b2ca354c1fe9ea2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD583563fea30fa125c850d59173e8b504c
SHA10407aaa331ee9d2c82d5b014e033da2cd6cd292b
SHA2569cc9f39928148bc154590d86423a0aab8356573f3e0097484d981d2bd19ee780
SHA5124559e5e01a1cd0b94df940d4b940d7f2bf11a786d4e90a5f2fde945c4ec027b8c5443d23959417a3164f820286f156f8486dbd07c4c080022aeb78ff1afbe441
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5770f3f84f274fa97cc8ba08586b83448
SHA11e5adaade9eb47882a48d3a9cc15f2a0dcefb6dc
SHA256945fec9c422dec8838aac6014a9d90c9022779b46679f55935f5939a6a0b7cd9
SHA512f02565986a3eec9be28f841e7126c364ee97d8e31a55b0539979e24266048d734b2115a876fa19cf9a6e5dad25e99206e5cf966e57a9f8c15a807bd399eb014f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b706a6c6c05ebb492570eaa7612824d1
SHA102a8d7774597c2a94bc2058bee60f31ce64b60f4
SHA2566809751693fad09bdb7c3fc82dc0c0c83ce52d89455b16e35dbaf322b4b44d54
SHA512b068f0d0df0f3536936df3c5f471fd134ebcd58b8000152c830f83d8dedaadc01709f73883457cbe1dea292d5f1c7fec1cb085566b26264fda4e8ee21670a78c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d09d56c8888ffe2f9c42c973b9046e07
SHA12d79a1913786b220710c81c15569ba5be4a77381
SHA2560fe3f35b245bf60d9ce7f103f6a91ea833a72dbb7abc1240ad0bfa1a68567546
SHA51231acfeed4dbff064b58ffed45b1e7463910a3feac553ba948b83f6050125af74004e7907ee12ae608113578299fd6b8981ff2bd8d66ad0eda7c4fb861c403fe7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5569a7fbd5e5fc0b3d5dc368903ca6334
SHA18011ca2441622273e91b80e1c9e5e9f44f7b757d
SHA2569a4e744f39fc8bdf7e08e43a672b7bf4171859cfef469c07e4906eae6e60f028
SHA5122713de1c5de89c60add0f5e260fa5e0e432e11e6fb4da1bb3004c8e3bf5096205c7953e2db8ed3701d3aefe4ca4ef7b8dc86108791d750a03bbe4e3627ee2bce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597aa63572a7cdabf6d30b208b42a5c5a
SHA15972a5dec0d403b03a1a7a5c61a1f8256c964947
SHA25665c1748eb6f5f9acff4c7d211a295d0840797480554bb74f436e42ce1d1b9e8f
SHA5129ddaa8cfbe1c63b33cca8acf2a9550282a939f561136b44b248cc8010470858f6d0acaff66326ac4e3b683f6b51783ac863549e332f7c24be0ebfabbf1d3e6ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51014fba0c2b00dadac655cd8ec887824
SHA1bbfe63cef62da05baddcc0947c7766dd5949d6e1
SHA2564cdb83339cf63cf6586f6dd962c481de08e0372d33c72807b2bff9246136d6c5
SHA5121d74e94427b3cd6d71f1b90550442391f8322013298c18e413fd22d550ba25ffabbf21b634756e48706b90f38455407c4011d8b4251c4f83cf63e6e94960db17
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1bd24c33abab80b10bab1dd0a2e0674
SHA144530320870505a24b88737602d5e24b13dca603
SHA2569debf9169385eb1abde2f4504bd5bff20fa1cb4722d1b62c4814f5be5a849413
SHA51258cd174b173a3ffc61c50f82257bfb0aff3853e8e300fec98933bc638375a3041fdd1cc4a05aa60b9954363d91807f5d333be7f8bf512ade24ba34d790522161
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b