Analysis
-
max time kernel
133s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
03/10/2024, 19:28
Static task
static1
Behavioral task
behavioral1
Sample
103f46158c45d69058b613d9766ab019_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
103f46158c45d69058b613d9766ab019_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
103f46158c45d69058b613d9766ab019_JaffaCakes118.html
-
Size
1KB
-
MD5
103f46158c45d69058b613d9766ab019
-
SHA1
2620682bbdb1dbeaf5e041a2f92b178fd3e0bc86
-
SHA256
dea56344d8f0890fcc102cf40d42cf3956f2cec251bf13f51639aabe8f56b70e
-
SHA512
93bc91f81c30e10d68106ad95ea664f8167c1a7ba15ad6be0c5fc49aa7d4dbb694263b53b3b724aeff90d29b2a27244f9bfb5e895e0591f7ac345d7524d7bb07
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d907000000000200000000001066000000010000200000003d9bb86e6d55a5a19354e77933a1b69284be4af10af253eebd0baf51622db596000000000e8000000002000020000000d2cea70a8eaa73050a03d7d1376dbdeb79dc68dc468d765ec6d20d01557a291a2000000008f66e48d44367365e85df214b7b3e2630b110113dc1c04483b5ec17ae6a266140000000cd8517ba8a8ed81e3b596e9fc65c8117fcd0b98729830c832f61b9d4bb7565de8c03824a82ef62adb467439b01b631cf2ff7115ed8d12418ebfce6ff361b4f48 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A8DF20E1-81BD-11EF-889C-C6DA928D33CD} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434145573" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0fdd26eca15db01 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d793ad506ece624c80bd99362738d90700000000020000000000106600000001000020000000bbab5a4ce0b3ca5c32960a49a53cf07ef9ff411a895b0100cff0461ebf38241c000000000e800000000200002000000061e6588527b413fc586670d11cbee1f8858a82664e1d1ce78d1d1490720dd935900000007ebc7ad99fa6edb5186acd5ef6137b0eca30e5bf4b7fdaa690ebfdf7b9c614777e3686ad7d72dc2d5e7a95f135c7f27ed2ec80e29e7f7d4038f55adff86756817ca2ee30ed7397476d09596111657d59e91a5f9b6b8979c4c12f377493b976ed11de20bc6bc30685cf713c3c549b2e16412f39fd25648d73bcbc3ad69c99dab7b74316f17a744497de7901c449400c46400000007b07dc2527249d13d80836c9d0f44e5fd6799618333b5c208ef1e36d6dc0e6f0b06843b40a75f49a993351a5d3a4bf142f0973a0e52e166202b981e417ab30b9 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 1716 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 1716 iexplore.exe 1716 iexplore.exe 1444 IEXPLORE.EXE 1444 IEXPLORE.EXE 1444 IEXPLORE.EXE 1444 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1716 wrote to memory of 1444 1716 iexplore.exe 31 PID 1716 wrote to memory of 1444 1716 iexplore.exe 31 PID 1716 wrote to memory of 1444 1716 iexplore.exe 31 PID 1716 wrote to memory of 1444 1716 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\103f46158c45d69058b613d9766ab019_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1716 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1716 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1444
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD527391c51cdafd81468462abf81df0311
SHA1cc06b387e1ed3efcb52f80dd5cae6f3dabf0e7ba
SHA256579dcb56bfc7c4456b9713f06589555507c81218976c7e2f2286336f882b15bd
SHA512bb314f74ef330ef2f204d4b532b94db8b24ba93eb6a629b187290eb82fb584697dd3f820c00166f23e92d99155486ed4e6c375347fba4d1d11c7c5adbcf7d364
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55604788b2a76fa70da6da2b4be5f00dd
SHA1b41aec6564a1e00e1117b1c4a28717d35338d923
SHA2563094d5d44f6a22be4115fa59b4d29edc985a5f47d22fcd812d8aa63e8782fd33
SHA512f5894747af9fd90a15e238477df2f9b57e4e1f1213f8c004a9e1a9203f5220f2bcb28855f4e11261daaa48bfe5e94650b8926ebf31dddc5d2a2b0beb57f27f55
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582d25054c4e81420def79a7839b1f981
SHA16a04b3e2b60af35eb71f7921afc0dea6df941793
SHA256dd49bc8224d72715b37487170448c8e480799d6596fdc03cd0d512127dc8cc75
SHA512615a6b420e3bea6f9af6cbeca1f47ab1464002d71e1322cce5047dbe98a893c008a8373ab58c5f3aa67076cd34442c2f1f95137ffb241fe14406aaf794c3d1a5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e21fdf8724a066d4045847b84930740a
SHA10d71d8d8d5193f999a6832ff504e86dd616d980d
SHA25627c72336f734da3894d4a7e838b546d0377e2c7548ba11656ae205b621e00ec0
SHA512f7f71592f4818c523d1f2f6c592b8838bc6a9e6c9f33db131eff1a2adc28a70c6f5e37c78bb5964eee2e749feaa23dc1e99a2f057662d3f2d65d38fd603fef7d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD597fd28d57956a99f97c2f9e726843ded
SHA13e0f32d1d41f0fabf61e10996951b8ad76703c31
SHA25626ca5e5ca7814fa9819be97c3090c62109f47d7cf892e5ccb0c6956bdf350d51
SHA51210ddd09b528d3e8aaa5dd73b230895fd525557b86ea1d8520b23ef5a003e499630b2b99069d8cf31707d60a8f116525b06e983088228585c0e32e3526c5271ef
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD582a4d08885fa3ee5f3e3cdf244adeb91
SHA1c580119c0a88e6db832087b577be74601becc533
SHA256af3e94af1d220e033e6905fbb03cc78d89c6340be3283272fffeabc1964ec27a
SHA5129955a4f9ff1286b75220c76e140f29318b529bc1d80371a2d609183748844753f8165a4e35fecb1119524f2a7450b05ab3e6ccd6814c6d21c508cd5477cbc40b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD541ef3e8f0a340ad4d5737a525c5f5f29
SHA1b28774ea0e3e76fe4ede48814896a325eabbda46
SHA256316a247df72889bb29b63c24689cb41efe6bc53687dd0078cb06e62ff3dbb2fd
SHA51278aa8a9aaeb0c972876143ef3fdec76e136058970df9c7564a394e5679532c3244a957a2da316ce6dd0c7667b3e7eaef75a48544e955447daa9c7edaeafb0eff
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b9ea3c4462e75384e090b307347c25ae
SHA1d88730dd87afc73c998cf713c685e3ee3c98bfaf
SHA2569f3012a1f28d2f68facacb46669d407a3fe6fc2de419efb68b517767baefd846
SHA512030e8f284f4008c95de60018ebabf9d20127d46be474c62a5b31a89a3ff0ac57e9e27f4afe3b6c5dd47c75f8cdeeb8a8163fb652e661b7a25d94d8def395661a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a649a85f5ea7af28cf1054b53a2a03c
SHA1440a3de54ff5c7d78284cffae88d0ae57e1d55fb
SHA2567e3f57c2b4506390f7d345b1d0fa4c4aead787de43eda24c2980d4cbb999b9f0
SHA5128fa6a57050995bd002af3feb6630546d20a9383d799e298b1a35ff1d6662c1f581d4870e5b87f2e0a2485ed0f6c96e91781ea6474679b581eac56b641de3071f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a8d02c71f804a3b00edbfffdc6435d3
SHA1daed66a63421cd95a07142519f97c223e536194c
SHA256e81fef8d3f03843001360db58a5d8bd0bc845f24ae8efdec31cf13a9271bf1ef
SHA51216507aedcda1419250ece85098114896e8d15ae6c1fc6babee49e1de7dda09ae1baaa802608be254fe0740f3b3471184515b63666fd45cf0073d4c21f09b27d9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c64a8174daf599fc26b92179e57a5e13
SHA1b14b94248c0707f1f24beeed9ecfd5ebd0735074
SHA256839cb0ba4e67a540bc4aa6f54dbc318476b564ba2b5a0780af2e2a438d1a5e55
SHA512dfc328d1e1f8a1e81e0723e094f07d02b59f7bd240b6624b8358b2abcbbcaa1bf34e3a74eabc8491f19d8b10455779bb37d2b33d3b9ff452d164a75f901c5f86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a6f4570e7b5f41f783cce69c6dfebf4e
SHA152c6863ba9e46180529104a4c074441cca94d8ba
SHA2565bbc27683fc3921d538d46d95f31a44f14d901b5f93c149d09ea234a25a7d438
SHA512e54db6a464709273dcab4cbb1ecba683aa92feef9061709ee1e37fe3a340a9c74e500636550b5aa1e5bfc7e7c4bd7e2ce56462f9f6dfebac079289e42de501c2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5412f8b69e17ae7f726d2564d4276aa21
SHA1b1cf663ed6376163861dc893aa043cce2844df10
SHA256c3365c399e4aa0b9737c4e973375b7375abb5df905600d8bfb06b3294ce95d61
SHA51257c17cb8335e8d3b669de1679624cc42ecc8dbf2e66474155da984aaa934968adcadd44ffc3286ac7316704fa6c2af4c994af93737613566cfcf2b3df1c3021d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b7cb936dcdfaebc29ac307694c39e72
SHA116533423029a2972657adc922262a43bd883b973
SHA256ba7c50edf3c8b44b4561d7cd86ac63ffaba33519a2119fc603009f3e7e7b7a77
SHA512642dc196bdf77e9d120c50f29ce195b56c44ef3280846427522062d177294c9f128368d0f99700620878c3d330f4165b71a2c782537a9c990e1c87728b3cb572
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d29bf1db00cbdba973b64fe3d9e879f9
SHA1e7da68d19a26db84ef81cd600b15af49a321c01c
SHA25680d272d3bb8f121810c47197c48e749746db3d23ce238ae98a900d21919571db
SHA512982df3f75b64dee04b5f8c34fe0e1658b0eea978edde3536a47a340b34436703c85c7c772004c985b834053a9e46f2271ddb12a5e10ddca6eb031c4827309c23
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c620b534587f3859401d1b51548aa3b
SHA19037de4c4f526aa0a7b3c8c7a84eba571cbb7ff0
SHA256bddef8579e67ca75e0561d7995644b34bf970f49edfb3198e0793cd2e4048a12
SHA512126106c2d94df59418797e60df3bd5678167c086364e98231abe0a01511b60e6ecf549f85b52719b5773bb9f6269fb523e18a058301b1f32a9554314a6dd16a6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d87112719cb5ee7c7ad602da1b2034d7
SHA1b3c379ea424323d54c51ed69d883ca2139b452f0
SHA256d53d8a9d515a32b8b45703da16f0afe01ff24bc92f697c4758d0cfcce51a57b5
SHA5128f6101bb622f01b4ee98580dc38faf34f89a68899090bda13a823cc7b6f40dae908000980653731255d57cffcfcbfeab82fbef81d8583d3e0f4817230219fac8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52cf4a1dafed731f3e9cf89c1fdeb883f
SHA10e6eca1459da194ec64f8ad12fc71f8f7dc99586
SHA256b4221d55a347591533f31aafa297a5c9585c8bf741fa8bc9e4c8af0bf67e55bf
SHA512c9fb48d5a7d5f1b486e862d2f3b8c95fc48aec72e655ae9dbdf37fb07ee0239ae9c8cb9ce85993c6636c2bdb15f742920c1ed1d989fe6f2c6ee22ce19a4f6d42
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b