Analysis
-
max time kernel
66s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
02-10-2024 01:31
Static task
static1
Behavioral task
behavioral1
Sample
08432c487c174ac2b5d385f5833c7a60_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
08432c487c174ac2b5d385f5833c7a60_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
08432c487c174ac2b5d385f5833c7a60_JaffaCakes118.html
-
Size
6KB
-
MD5
08432c487c174ac2b5d385f5833c7a60
-
SHA1
80f2a899b083c1b665b1129ed6cd927b86b34225
-
SHA256
6eeab1d60feb27f50a40be86158ba1f8db03fd1fc408aed9c700a39753f92a3c
-
SHA512
f627d7e3133f65c1c405e073d32ce0d1f818bee0026c6410b5774fd6d6ad3c6ee7617bcb642f64653dfb7c77ce2fb5d168ae273d995309bcbf33110055984f5c
-
SSDEEP
96:uzVs+ux7shLLY1k9o84d12ef7CSTUiLcEZ7ru7f:csz7shAYS/zb76f
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "433994556" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000274311c9c70996e1c73d99571bd726b13c25284a945f85ae6197e072943dd94d000000000e80000000020000200000007172d9308a385d4ab614ae25fb551bacc60fbdae86a318ab5dfc1a61e6afd082200000002dd0d858cbd0a77fb7020e8f9b6d2b67a75da54803ec091c2ec39d02a061ff8f40000000342e83cf379817744f32732121f4402e0247c0b073badd1915fb9fd27eb7cbf91dda0e122306361b8e883934f5a92dea18d735df80211ff7bc61a78a3fc879dc iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C4FCBE1-805E-11EF-A641-5E10E05FA61A} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 004c44e16a14db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000ec43cb19e7f1d76aef1a7bfde14d73e6fd084b0be3e51d63221ff6a18dbd70f4000000000e80000000020000200000008a2a3d30c988ee6d766727c404b5d03aa67a80e428e9c7f4826edbb2f90b34809000000017066d941584b53c6d6dd33e7fad70b55241ce75eab18933b327806e6dc48a2a12b496d7edb3b4f8ac05551015e9f78fbef561ad6f6872fc8ce4b87e4ba0ed5e8ff0e732ded2ff0fdd41b13f45272639e1d35c2e1857415d63c279c71ee8742a61a5de0d70349ba4b4b8c92ede4f020516bae1149143891212c8fce097b0cd382863e05bd8d3b86cba5a07ebc71d00374000000082763219980b88d6e665b76a3606651a6b01ecf9f926874ea599ff4d85407977864e224b644b612108490c3e3aff2a2955c97c5de7919daf4045af91c6ea40b7 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1464 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1464 iexplore.exe 1464 iexplore.exe 1672 IEXPLORE.EXE 1672 IEXPLORE.EXE 1672 IEXPLORE.EXE 1672 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1464 wrote to memory of 1672 1464 iexplore.exe 30 PID 1464 wrote to memory of 1672 1464 iexplore.exe 30 PID 1464 wrote to memory of 1672 1464 iexplore.exe 30 PID 1464 wrote to memory of 1672 1464 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\08432c487c174ac2b5d385f5833c7a60_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1464 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1464 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1672
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD578117cc18265b910cee5d0582e8d2339
SHA1bf73452ce857ea38e7edab6567756b90d939244c
SHA25691992a3d30a771322e6073a9532fa72d0346a52183819597e0cbb57b3274d008
SHA512dce8fbc0061166108124947ab46feccb180e392cdbe258a9340ce184afc517b980d00e4dd79c8d978b26bbe9ce193dcdc466ea985fb90f3296ce275b8c8e76aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58dd05ae4a34b88763cd1c1232907a25d
SHA17f30acb41a18a033d1bfe79fa00a497421155471
SHA25642747a54ac746083547f7a4220a8902227e42b05330a93f49c9f8bb8191eda8c
SHA512d8df873074f86375c08e94ccb6ca4331e3cf6235edf3829d8038117536126db5f57d3f0c87c41df6c5bbfff8230829b82009c783b9869c617158dc2132a92fb2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ee1397d16f1e11831ef377b75f66ba70
SHA1c36508486c96c983a672e095762621863b4a1be8
SHA256830921f48b90959fa0d54525e2195da24ff79e536d8398afad7830820d24b1db
SHA51294588de1b2f427d27c85236f3c3b9d4ef1d55d6ab1151bfcfb047e492b6a7338c72e50b9aa6a552996cec2f53488474f072beae842073b5c8bf2d7f44b07767c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fedd76cc0aaac1ecaa8befdd3212f51e
SHA15177a1d72579ab2f2c8f886981edc0014435624d
SHA25654b4e4f592b22ab7c8516ba44184fd90a5f954470dce1c090c02f05a714c7c24
SHA5126796ca0ea111b611fc02b3337084f0346076d36118c98fbbd93c9fbdf346208fa3f2c3e753aaae50d5ac5b4d8fe5878f7f3680d9b3482a2d835ced20382c9fd9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52efbe5d5e3f46595503905b9d09e1b8d
SHA1420722500a635031c812f6ff4fa374f684e73419
SHA256e7827c9ad4fc4d64de427e859eeb90d5c71dac8bd5fb20609a01f71d87ecd3dd
SHA5121841a85395795211c625fd598429d922541234cbe347a4faa6e9dc8b1f498f3ef803da3371fae1762db8d704fe692c6146d40b6f9790118afd54aef173c080f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD596585ad67f6068edac65d327c23f27d7
SHA1138f471db8ac697d80365ddfe87ec36c03f2a82f
SHA256787f5699b8d932e3c79bacacc26a5367ec5b29440d881c32a0354046a78a2df0
SHA512b9f3a44db44eaa36b2e5ea5b95319224a22374634a6fcd86806345b4f29779a62844435e8cad0af6315f1245c903db085c7958c3a44bc23de62662b7acd71b6b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dd176ffa42b07dd2c579894f63009429
SHA1070286057114c07c4403566a57e1c8423af7c5ec
SHA256e8bc1c42c62195e8e83849535952b711175a6a766117a591ae5200d14b64346e
SHA5128ffd18da0a93ff1ce9e3566026f85cabdbed90506576ff5ee5973c72ced4c647d85df2329c47265286b9b4130eb2619adbcf748659203d71086fd0cb77085135
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c021480de4e5a1741362956b27098228
SHA1dc6b7d1d190f2be32f5d36fa5ac6656400157a95
SHA256ed3b18935b1ce97631a814ae882e8c2391bf065f7b828a9112b2331bd63c5717
SHA512c38d55d3eb6e7fc2389bc6b5a5870aecd3333d1e767c25695058a702f249ed16d77f7a1a4a25ffbdd7150fe638f62ea2bff85968f194bc68300590ba06accc03
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec32714643ce980b398dc58a4d6089b0
SHA14e3bb0df8ce4f41dc7b2bc40a68b21bd19c2af6a
SHA256fb84d61e0b14c55c443b51c2d048b1ef1a8382afd804503238c142895f785114
SHA512c71ad7816146f241f35efabd9fa9e885327018ba84156e95810e8af5e62aac21350ef85dca612f46ed6e7237ccc0471201fa3fd3ea2964b2fd85b2e6e63ddb53
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a3ca8839cc8be69c5500a92fad1153e
SHA1ceeec8ac9032e01255d022cb8c6c0192f56c7bd0
SHA256566d2a616cc0f424887d57a72a81a77793ef80f66724ec12d3d08944b59a6ca5
SHA5125f7993be2cfe65cb7ac887ca521d2296fcd8ba7d2f25da18be6e901eb675e940f89cc86886d4094025cfa0468c725e15f8f39e971e1ce64caa289d4087f338b3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dc761728dbb3ce9951050e85e33fe2e6
SHA1422d5a9eaf1a47908c7dec8df76ed75c4a0f1421
SHA25648b8e262faa829bdda0b85f07a933c93c2bb39ddf78b4aa9c7916edfe83f1559
SHA5126ad3445d6cc016f2d1b99f5ee7d8b8697af859762e4a714e7b7f01229031a5151aa2205f81555c81e43a0ee7bf786f4125a4f1898f51243b08db41f73da16e63
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54211381e9ddf477b8e828fe465966ef3
SHA1e065568db3fbffd3ba64044e3a0f22091d370082
SHA2567c6306184b1fd33b9b8b6b90c9419e9be1eb9ab79fcf7d78dd336c37c02e56e3
SHA5127f60863a020d796288af37d771aaddaaf714532d9684afe19cd176822e92f8b148610d69a6d71b65be289f538b2b9bc2f6149de62049819f8112c085a910dd90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54dfb42df5be95d316785304aeaaae60c
SHA1b8057b7e3e242d8d473b52cee9b82f7b442fda78
SHA2563c91065798e376afe1cf2e908ce805d7a4f79849e568fbb1ff8105eeb025b710
SHA5129746d70ccb2a3b0622a88be092ef6c2d9bd2513af7135f4679ec4b081de20d92df262e86b20ff8f77fff4fc9b4e5beb1b00c5be273be0257510e9a3d35b43814
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59a25b940a8c871bd769b2f5ab8c13b4a
SHA1607231886b99e8bed802d12972e40059ad194e9c
SHA2563655d61c56543b1726e0eddd88797c92b48a55e5fdb331423bbf58a5511685d7
SHA5129a8a76cac26708f5828806549f9a55e3779cb70721e642ce6d029c7cf93265381808940c554a092570a14c470a0f3c487b7d31341af27e10d1ea19e00b3714de
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD565a588f18c870e2e738a904066b6a7fc
SHA1389fa9c27a676e36a4cbe6aa1b9408ff55598d24
SHA2569b58062944691559b3111caea5c8a2b5bebcad79bb5dd7a1e55c31f417a9694d
SHA5127391624fb2fd270d8829316539edc4bf6e111f01d4f7f5374f5265ec243243d13123415f82d610f397e7850d823c0de0b88b556fdf6414d811ded6fa7b8a7a0d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5dcc081e954e6fce924691f9eb220d2de
SHA1fcb15de4f211f822f7d0fca7b26bbb4ef6126452
SHA256d5614d6b61ebc48b141e49c9bc5fd1f01f514e2494eb0ede1624933f47329b37
SHA512cbfa24a9bfa108b0f6301fd801e280dfe4fcec917e06108fd0a334156df6cc66bd6e3f954965b3ac4bee93a53b70bbbabcc4eee12fc572887c5b1f54e186d9f6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bd25f98ec9caf83e01a129ad59e78d77
SHA14f2ae64fe177baf1f4a881c9fe27cd887572c836
SHA256b8c601120f7da96734eb4c6e62ce9bf440b20167a6188684c44adc8af6065342
SHA512dd640facae7ad7f28c3720697c792b10a6ef02c9a414fda241b7591cda776358bf7518c5ecb0d87f2907ed5c752a50c30e0ceea4b516e9ec8dc6f8ab0a831f6c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50afc510ad3189c913c7a76a0b5d6523a
SHA1fd225ef4364086d32653c004edb00e78dc244251
SHA256c1b45d3346f8c8f1582885076f7eabfd322ad729adf441046734c90d6e007284
SHA5123f05495b9802122c02b417cd2111674a74fe82352ed5d01eaa4157800948a3bcbbd4b546b618016c067724bda67ad5202bad8e0cdef9fee6c0f40618907bba72
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b