Analysis
-
max time kernel
133s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
02-10-2024 10:54
Static task
static1
Behavioral task
behavioral1
Sample
0a4f3f77a1100a26cc6208665dff6ef5_JaffaCakes118.html
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
0a4f3f77a1100a26cc6208665dff6ef5_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
0a4f3f77a1100a26cc6208665dff6ef5_JaffaCakes118.html
-
Size
53KB
-
MD5
0a4f3f77a1100a26cc6208665dff6ef5
-
SHA1
8fd7afb837692355e21712fcc57a30d4a5253ba7
-
SHA256
9c031719f57a9a3789411a5339963a55a5bc2ed18fca8dc48c05de3a3fa56c34
-
SHA512
4d14e6b0d937ba5d71fe9984329770cc152a06726460c448dd37e22e4926439267df75c8efd959d8837ae8ad245c4d679436da61099f9fec4e51663ef8f006f3
-
SSDEEP
1536:CkgUiIakTqGivi+PyUprunlYQ63Nj+q5VyvR0w2AzTICbbdo5/t9M/dNwIUTDmDN:CkgUiIakTqGivi+PyUprunlYQ63Nj+qW
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000218b9363d7144c26461756ebda1f7db7e550ea0a120762976b22890965927c9d000000000e8000000002000020000000e1f576fdfffcffa261fddc9bb9e9c1ae179d1064abbb0ffd5bfdee79203c358990000000f0f1f46252a97d9b67df1e2f495a6a56837b2d261cbe9ed524a48363b671236d11471f5aff364a965e85f3b1e62c8193057b8e9d45bfbac3bccfcd695db9652669288f1720eefb41878be28d01c6d064807a60e1317ee7d216c00d3dea77798d8aa4f20c5d35092469cc407b80397b2d1a63c72bd24d5d481da6e4a7a9968eff893bb55a0d2162bc2863da2d64d4b12e40000000b40b9aa9a7b3e15501be43526a0072fcd80d324df9abc7fdfa1dfadcca7f7a95155479b1b2efe9d7f412d5190d2fd83425feae796b1a09ec6130e9b132d66f04 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C1063B21-80AC-11EF-B81F-6A951C293183} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0fce797b914db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434028360" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004961a9603b5d8740891a04601e8b8fb900000000020000000000106600000001000020000000a4308f7f417edaf50039ab1250031b9a53cf580c27f89657cd2d92858ac5b017000000000e800000000200002000000050cba19105e06cf32e2cd31bd92528d87d27700d9bf7fbeb5d34abbcb8b4e0b220000000ae4bd7f0d658871ef99a7f94a882cb504a28362bd8f2a0f3059678830c30e46740000000ad617ef76acef0442cdb0d3aafe9cdb431672426f138b097028e62f04519ebff980adc47321d4964052db8d6b1a745488d42a778b257b8f9fd9dc60dc9dc4559 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2076 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2076 iexplore.exe 2076 iexplore.exe 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE 2332 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2076 wrote to memory of 2332 2076 iexplore.exe 30 PID 2076 wrote to memory of 2332 2076 iexplore.exe 30 PID 2076 wrote to memory of 2332 2076 iexplore.exe 30 PID 2076 wrote to memory of 2332 2076 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\0a4f3f77a1100a26cc6208665dff6ef5_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2332
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD511d0b602fd33441dd4a6e764a51956e1
SHA18d3545ef4af20486020d4d7df66c71be71479d06
SHA256d9408918617b5b344d9f3ffb9cece2e4f835e981c5827a86598d79e74da923a2
SHA5122473680e91ccc1b48d01ded559ba419510c4deb25342b60c02b4dd652fe4241782899dec03de009b84817db7b521c91c80c591b0a3c6854017f2de17c7e7b839
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535e89dbd5f1e1f3c1813e4e2762dec3e
SHA1476f5d39cfc792a68775a980091e9099574625cc
SHA2564537a86a09ff21c02e3df3387df773aeccb0ac74f8e41511614d370cd7cfafd6
SHA512598ed818e6c515ff1f32fe489434e345335739678df1b143af43d6ea93d992f9cb5329ca4cc64f89a1acd36dcb6e5df15145691028a17c2b9915f3a63ac76090
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c2d444f873012a1c1668ef63bcc177ca
SHA147e780c4cece7498420071a8454012c113d958ce
SHA2563ee1adba523f6b126bd7928f340dde3768a569068908f3c70b091c03080cc4a5
SHA51254b2952b6e56a4f904c33946c205a4d3d550aab1dc80aef1227616586345d4122ce8f58898bc041392ea6b627f33a40c57f073791d4bb73d9f9b224dcb41b8f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52f66e5c383f806b3be78be4b4a63bc2c
SHA1a608f91badb9b1d910e09aede86df2516351e794
SHA256ca1cd172c6d7b77017fbc988e4c6d8d7ab1572901be290594618b579d9c6f938
SHA51250cca6baa4506e34bdd89e01b49a8a4d00a86b784352de5e821bb53a5c2e53d02ad50558e1845a6fb8442db5638fb8d1ee1ce1dd68e94dd4cef994d3d02b56f3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ad21dc1e1322fe0fb01a73383cb3bf80
SHA1b8456b3143552e8e49f431b444f784d5566d2ad3
SHA25626ac4a59473a4712d2d815e336886a3326302e50339888971896a80d24b60f1f
SHA512883e8a07f40de3def6d75357f8a4e7c279aea81d3d84a98e3cbda03ab170e745e0c051b25e7ecc90262f6220ab91a5498b1517681c4a357f6df8f5cc0bb8f63a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD512f52c366ada853597cd2af2bfffd858
SHA14f0091125364d77ce6ddb4c84dc5f77240f81f7c
SHA2562b9096a2468ba854c9ad6704da580459066d544e3b5389e85b3555d9c8107586
SHA51241838f49a2e46da63a90047638d1d4baba3bab1134ed5ecf2cca7ae7104404872faaed09a411f01b3e39957817cf84b6c6f444b6eecc7de28960440971bf7027
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b73e6db1f02870f180d7178e1ac48288
SHA13c93abaa73e3eb47fb9922952342d39c44caa952
SHA256216683dfc01de98d940b8c3773eb3ce8b3312e66ff5eed58cb6e43699de4d679
SHA5129e96081aca7193aab54ead77f8c04b0b5fcb66d7ca92bed108be45f4284227d0416728ffc8453e0bf93ef76f192ea502d66ccfe1c7737e9c1e3dc5389df67f0a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5acfb463a077917adfd33186823512d77
SHA1b37beca0542c5510082a3e208e1417503aed31cd
SHA256704a520618b5ec4ff4a2c360e321339f3d1dd9452989f9541936eb6c9c6fca99
SHA5122dfa7aed86c6aa16be2018e6e99c4df209c45c1a6c6a0e7ed3f68577291dd85d44383df37cb61555a84e8887e2197180b346eeb43aa9987333eda65555cd1cf0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58278b4637873cb530334863ef7c64c12
SHA1fdc1ac7f99c298a9facb75b9c7811a03e45507d0
SHA256d06577a4bf6bada2ca73eac1d80309b904d72b991599dc26bad3efa048866caa
SHA512c4ea5457891c5bc1a8c1a378da7fd7041f84112ed8a0ef16a6d552d35345309913cb4aeb4d6ffcb872590155fd5bfdeb401dfc4a5f0fba04ee14b2034f0f6916
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54ed3ebca6f0e4d737e70da637c4f88c0
SHA1a3c23d3ec50a0eea19e8f0ab5a37fd4671b69f19
SHA256fb343dce6505fc07c060b26f6a15b0641f05d59a35aa711356901dfc6beddfe7
SHA512bce56614c7daa57903c6a450e10134c22be85b7f0ec009d145ec42c62dca8a0951cd21bf339ab06801b89bf5bc677deadcbd60eb70fd6056616b074de2426b70
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50aeefed67326ae836c3b6d1357f54dea
SHA19f565561768f2aeadf4b75abd2a918be2b911a38
SHA256774bace0d6e2e73bbfbe173d4da9fbb31db91b7396d66dba7ff102e0ff28a5eb
SHA512d7613f1bdbd6429a82fa38a570644945798276f5478050efa9b0651ce08b718937b40fc59db71f8bbde66a1c1420ee9b08d463e1cfdd792db5877e8996877c65
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b71263b19c09eb4bf9a3e552b3d0dacc
SHA1e462a191214aaaedc37b741f781656c589f29019
SHA256ad01cbdc51e58a1d6b492edfc26600328ffd9f47fea7f5c57570eb8bb0ec0897
SHA5127910d0cd35bf04ff7e90986c4c5f6c412b231e5434dae2dbeaa9547ecff893bd195d2ac25fc7ec3cac82b93184ebb90f31d5f46b447cfc5a39ad7147e56542b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD549a0c0aa738a2a30855808c4a2fc2552
SHA1e39fbaca9a77da4b9f53197af861aa5c75887139
SHA2566d17f758153c3beefd971c9c5e641591b2720a2a77ef28a80b0bb5d1277ce575
SHA512397c9780e79f4b919707d0145cf139c9ef898fb42d443c6fb2c9d4bd60bd047730ee552e615aebf44487cf772ebfc01be8ea7cb2392741b25e3f6d4e7d57e227
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52d83d1f2a6be93fae7212ad8ae4eefad
SHA142d29a14682923958d541fbf5aa94340b44aa868
SHA256f0cfc41bdc8eb554b85d2ff71792e4f98cd671748375be412d5b9bf3352d9a1f
SHA5127c7b44c476a7f4f6f9cb2533c9e83358cfcfc08b8a4b53d0fa97b22a2914f9aacd044c7281adbd440926284c91b59f4e4b9745456654531ea69dba19b62b3f1c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c61f2632fd32b7cf8b25f19ec04a4909
SHA1bdbfe08d6dcd205dad7ddaf22624a1107829aa7e
SHA25619a1a580258f671c02256c1efc83e44ade6cbec501284804b4ae9fd2eb422401
SHA51280654a4dd64e4bb5dc0ac6a5891fdc68cdc346a73341e551a349cca94d90fcb5bfb8bcee3c0bdfd2c17a712a276fb2f2dc7197ff1cb93121b9b519563b8508ca
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD568adb1788cdf069348e2dda89ead3051
SHA1e65e552a996018d45561ff1d60b2863cade33468
SHA256d385652c3c9954c502e8940d8a4813cf5b2f71d9c831c90a3d86a975c75c9646
SHA5126083e87c29757b206651f6041b93e5be5287187249f72ea87cce97ec17abf59854c47a0d96a2aaa5b46bcaeff2c33728e39ae24a97995e2eefaa611fc28c368a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50ba40735437e02ac7b3f04d3481116ef
SHA16c69c6d02640b2ec54f86934c39880528940b59a
SHA256a6951bec8ba22831165f8770e0a4274cfc408b812fe2ef988883912acd5611ef
SHA5126ee8d0d5d2e7fa5d0a1abf45d29f135aed2962be69d1735f41282ceff2c44080e8275255b195fe1f99a61b0582e35f1a550cfce0bda6cf87f7b73c851b3accb4
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\40WV1DY9\glossar-js[1].htm
Filesize706B
MD567f3a5933c17b3ab044826d3927d0ba9
SHA15957076d09bacaa6db8ddc832b4fd87ed8f05f8a
SHA25697e800f4836b7030dd58fe6296294b7ff5ef1b5eb0e88353f230ea1608d2bb64
SHA51203ba224055ffdbf32b7eea30c764dc18d66cc6d8707dc5fafab74e155b0bb3d4d691c5788b033a68f05299547297125122778fa7e3252f93e7343d918936643e
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b