Analysis
-
max time kernel
140s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
02-10-2024 01:18
Static task
static1
Behavioral task
behavioral1
Sample
08387836548ab9162720d84d01c1b418_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
08387836548ab9162720d84d01c1b418_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
08387836548ab9162720d84d01c1b418_JaffaCakes118.html
-
Size
1KB
-
MD5
08387836548ab9162720d84d01c1b418
-
SHA1
91d657d6d2180c9d96e18f237a38578b321cf5db
-
SHA256
757a5299eacf51d3c45703639bfd6467c77549e33f79d3dcbaf7f38b46c3536a
-
SHA512
8a518730de8636cef44b342c2432db36550c24fbe345df5b164b75cc3cf6167dc99a5918bb246e0063bacb0889cc37ebe70bac87be667f75672979456f3b1fe0
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000d1c93364392218e5ae7fc4360c77b6233d9230311da121016ed1eec431b34b10000000000e8000000002000020000000c4f1ddf9b246146b1cdf17bd5f1dd29aeacd9c4e13960f7c3ef7d2c9a2cc71f2200000001e651ddceb50d8343a091c16f807fdbe4ef32951c75ec21df24870553aeb9153400000002d10699d0496ae5e45dafc4279519c421ad8db787562797fa60df7355cfcb184ad51b161065def99cffe6a6ec1380f4bfd25cc9c0c8f106cb88625536fee32b3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a042ae1e6914db01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000004d9898412a76d1503fa78bd5a616d4a4f49bbeb62da0c18a673a6827dae15970000000000e80000000020000200000003c129277f21cd23fe42a7301d757b020a59b4200900281a9dfab7bc3072a18ef90000000edc78f5e1e7e5fe39a749e1ee780648ec78e833cd1ba868285034e4af34007d9a2d68072e7512686f9e0eae2fd34294bbaf0952fe4359c2e104810bb3f4fc01c70ad531a3d25210e273d92983b6b4e59382ade2b0439bc5b21b95a39535d9a7467ce3ba71647bd89b097179156baf48a650b389097d7632c06c18b5d43fdba671c32be1ffd33ea416ac136ceaba6b85c400000007e2c08d3d10043b1228b6cb820ef46deaf6a46d70458fe74e2895a7eaeaaf4cd1e9e2d5e1e1d28a85bcc3bed845fbfc7bcac766702a7da9f283abcdf0306bb43 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{49AC9381-805C-11EF-A51B-E61828AB23DD} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433993800" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2688 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2688 iexplore.exe 2688 iexplore.exe 988 IEXPLORE.EXE 988 IEXPLORE.EXE 988 IEXPLORE.EXE 988 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2688 wrote to memory of 988 2688 iexplore.exe 31 PID 2688 wrote to memory of 988 2688 iexplore.exe 31 PID 2688 wrote to memory of 988 2688 iexplore.exe 31 PID 2688 wrote to memory of 988 2688 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\08387836548ab9162720d84d01c1b418_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:988
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c56aa34e44610f2cd5fdcddc47a89574
SHA1e97a7834d95e616e24eec73cc9d4cbb667f2790f
SHA2561a4d32041b6e9ab3fa54b30a73074204c74230f3fcc63722fad4f6b298999a02
SHA51254ff2f7639adc55e197aafd270c7bee1f9b71b110ce1be93054159a33935f4edc8ef4bea71d6551036a96c9f2b6f522b2f930d5a3073b3e29ebe0a589fb57ac1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53fdbb3ee91bef69e96cea15e6b5d8a91
SHA160e027083b129f65078f7f214de61ee09b05f130
SHA256ee505b112583d7c07987fed6c94a15e0f9bdd3e28c4b3f9c2dd818051f4b3c00
SHA512970c4c199ac11ed62821431cabc01e6d21651282218c28482cb673afdf69bfa95c77c1d30353e417022c759354c45000d678728227aa394ed921b9d5d51420cc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59bcee4ed5610787ebff89ea24325281c
SHA1d63985b1b0e0385a8dc29a2347f77c8c9c3c0394
SHA256de31be831ff90d320cbae2a2d65487e1fc52b3c00c77bc5ce66a9cfb20d9c820
SHA5127bffb554376adc8978d9362b3b850a1d99a057bbeba676023282c8aee1cad057d3a5a2f6e51a803e3c316f640693748f409f3e770554b9925089015d52e808de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57d2a6d96491f2464c0e7c5a0bb17063d
SHA1b1ea05fce459d32b00cb02cbda599a3b63342e05
SHA25656ff2d36e03a0212e44caa59a4228d257b1db65387f9b2feb763530ffbfbe88e
SHA51256f63a167573fc200b2f2cf4a6e8e8cacbd1a44684f4d2f8f46179f9dfdc6793a886a0069cf2c32f226e085936780561f2d7cb33d1c5a7a037fc522a22135af9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b7a0b1ad85743f5649e2c9495c5047e
SHA1ee3f1820719298f6efa4aac68f175be61a057a70
SHA256fedce64511b79fb2bf461b2cd373543ac978084affa46ab923ad2228bd24f804
SHA512d686e32ca1689f77da5b4d34941b0e0a448b5f4b03b417e89abba5109c30f16efbf76fd3d01e031db917797f69b11bbf3de52f004d1e8becf9ce73fbbb87fe8e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD518d9af5894027158720e03f182f7a86c
SHA16f8154972048e42662c029d8f393e2fdf1cb2f90
SHA25622f90849873b665755a51eac1600c6cc46db5602b358d7d7086f547b62d37fc0
SHA512247fb03e76a603a44fdd4ac3d85cc7d9c0612d434b30e011939a883057e5398a6195730697078f61c50623184fbd5608047e8b4744c720f18bab4c89c22f4974
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD572a14720b63aa5115bb063e91d71b291
SHA1b40dbcf72876f16220f785360a1ba242d8e26394
SHA256fa300f42714709b4af942d918587c24c33b7ddc90ac1caa6c8abe6f4761588c7
SHA512c92c2ade99555abac4306823a265c036933469633807f88871b961a24a8bd8722ead6ea5824f2b494e757d09d02eba3c72d106244c7a264ca0da29cd416025f1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD594debd09c43847589cea8773c444fbfe
SHA144f40462320015f534ccfdb816569589512ecb06
SHA2561d42f975a8d4a6ca4a335282c3423de573358336222272c2701dfb807e2505a6
SHA5126d2cbc393d82054ecf5748cfaf76fcc01290f2b16ef59817a9304cc0d073691dcbdedf1f94e2cdd6d18fefeb59fbc6bd79845d39c1a492ae939b23da48ccc98e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51011dd1449b11489c6116dd65946a48e
SHA1868c2daf53ab35e6f77756ef7bd277870570354f
SHA256350ac002f5fb08aa0582f757749c7bc734d4b1a1ea39cfdd67003e4c9a177d3e
SHA5124faa2e0744816a46959fdaf89a98559bb8c01d20c09a10fcd7d07676461c709ca71bbed56651e5099d6a285eb2b0b9737d419974a0438c202cad4d7f8a8f469a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD521ca2e67fd86e0f41b2cbe300a17a54f
SHA10ff7b4aeba10b79f29794cea476c69d555375379
SHA25681c0225421e0650d590a3f50c44c1edacaae59f65f137fadda7d0974cfb8e1bf
SHA5122cb0f527ec3857be2e464d461c3fd3abd98213f43dc58d971166b12317f9aadac2a2e321f0f1b3af424c17e0d582c2232864e038397a10f96b82999ab39b5ea5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD560b572f09a93b1bc43ad2b311f4a6071
SHA1f11f157d7c3c171d56040a7a0529f9e271d0f7f6
SHA2560edc94e8cfe33394ca02599ebf276124654507959f30068c19c44533e961189e
SHA5128b44b965a1504fcd24ba9a6d3c042ce30e929a8e6bf965753fd7ffb23a58303a9aa3e471dace1afb3915df125a0b0c5648b277abc27b700ab02df364609efd43
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b786081c73b290a776a9c1f87b4de26f
SHA145d6161ed2de34bfbeaa01576b27344002a32dce
SHA256a38aceade014794025514e3ef647a82ec82e743ab0f402e04d4b442cf89d09e0
SHA51217d9ea1931796a2fd75678da12c1a50ffb52a8f3cb705128daba8d93d8822aae2b788749a068c20c64dfdf5529ee1712bc518464fc97e33d65f083c9c8c8a549
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5edc8663bc74983276f251c994f9fac0b
SHA1b5af02c4409b7ae56faef979688a5844ed94f3df
SHA256597a95afd7729923a757a66429b0ddaea23f0ecdc13d9ac058483e342904e362
SHA51254475a197e8f4fa77abd140acbdff85fc17fc404785f7427707b95b6842b98d7f7088f0ef64fd31b3c6ef90cdde3d75074da3950ab0432c1b49d1a5dbd6b9cc6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55e4d37088d80b79095af551c07e471fa
SHA1e989aa5a10b487bbb947785136683a215cc43f55
SHA2568d11df5c7341d7f3b8fd38d350b81091956baf82e21436dca6b5445717965d7e
SHA5124ddc7c4c9da158790ca8fc60bd66abb9b6db92023287b37a525c947d247c234f48ff1630a68b52447f0e2d6d6fd3a8bcee27dc0c1adb305563d384cc33b22a3b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52fe65f41c4ec2e3a9758134c1bf298b1
SHA1deecf862855ea8bc44556f3fc646cd9eb737881b
SHA256faf81bbc0f23fbb9a3d77547499cafaa6caa5df038c4c783e6dab201bea35607
SHA51289bc70a3955d2ac2066bc9f15eb1c8e4437f6129941a744380626319bcf075c2ed8ee733de616861378078dcd902ee2bb142457e811d7a8f767f232e310b7566
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e8dfee5f4ded589d43b68075ac1f125b
SHA1bfe189ff4b5a5be8cf10ef6ec4c87041805721ff
SHA25676ee5c5737ae4562d8a65097b3e9d980a08ec2cbd40213217bf9dda5b8b41e6f
SHA51282f56691494759516f136d1bec14765c4ae7f368aee7f0a45df7f44f33251d745cb8a77d91af6969a44dc23184f0b59e67cf6a125216e25f8f58062b8890ea51
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD546d9e35837b6d8128c5766d5e5e85dc1
SHA1a9a1950dc837f9760c4e1fc3f0df9d7d7b283cd5
SHA256b91295ea960b0f4f8f501449217f16bfb535a72c22d3bafc9876fd2dbfe28d4a
SHA512d69138fc2e9f67f91ab836c977414aa2da48f5ef6798e92f244e296ea54ca8df33fa91840ca230e893dc2b4cb92f3cefa574c689cbda46c38527a579a16fdcb1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5be947201685dffeeee1fcd4c220d9dfe
SHA1aed06e190f8e5548aefb340d0eebb34ac5ad3de1
SHA25632360ec0e6c90b86fd06e4d8e2a51e37ce0d010d2bf53d697a8fa64506e59c6b
SHA5123b90eb90762141762ff0d3ad680a722c6d0bdd72f634f48b12882268b9bb5d637a20390c1e0fd05689d69d45028d43d6f10cdb8de39703a75d44f60bf52af1cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e5290045b9c9cb1bb60820d858205f45
SHA19d42cdda4f6366b33d8ac97f216829a69cb3ba56
SHA25635a2f9f9c9d17af88f44b1b2c985459470a523c0b1b8d9568984c7da90b9a52b
SHA51259aeb14c3dc591748639a290c686b65dfa5647d9e63e5ff2b90d874e8a0cbf8725bc5a2ea24c84b2c5b2da58eead050d2bdc1994dd0f1c7673861e1a0029a6aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b