Analysis
-
max time kernel
143s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09-10-2024 00:18
Static task
static1
Behavioral task
behavioral1
Sample
27989190cfa56fcf11dbba03b9e9f21c_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
27989190cfa56fcf11dbba03b9e9f21c_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
27989190cfa56fcf11dbba03b9e9f21c_JaffaCakes118.html
-
Size
139KB
-
MD5
27989190cfa56fcf11dbba03b9e9f21c
-
SHA1
81785760501ec7b5a8e5e1d184ea687ae13991df
-
SHA256
47d647db1adcf310dbad36f609ce1cb3756a064c8ec7de55ee3c1d56fea5da82
-
SHA512
2127fb3153965c17c3ab83de9b00413462ebf06420c80913855628ee61e92f7bbc400131c5f0f201b31dfbef3666cf12222a2ecfda73faac389e49d3296cd287
-
SSDEEP
1536:SFBDOs0NNn6GSUSNqE4PlUgoyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP9:SFjyfkMY+BES09JXAnyrZalI+YQ
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7B96AE31-8610-11EF-AE26-F245C6AC432F} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000002e5663c6aab7faa786a5e2b4ba5e8020b9fc8ae55d731c29f776fb468edc569c000000000e8000000002000020000000d339cb2f16dcae958ce4b9c683db59874a6525895e61d4814ed51f6fb1371d2890000000de2a430d22b41426ef34e6bc103d2e017ca95748e413d1dc2bd3cfd5ec5b6179641487f38508857ca0572d00c35e5135734844b4a20263a2849e497afc2b290cadc4b98c431d1a3c1a1a50a7fcadaea4368aa2e24f942dc953791e296b8ede3acdb6007e17d4c8c76ed45134bd9d40c141f49c14ddffb24c6721c8f3c25c8b58aa203d6e7c063518deb029a97f5462524000000071b8d58c78c436913e63b62a7584b9757a85eb8b2ad3e2551ecd45d67469edf9810466d81f30a1e7cdd637e8b288cb59713037dc412b5335ba1f177dcf1fd523 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000009c37ecb8b639f36d7e25fc9b419544999a5299d4464cd3d2c2d4e4fd0b6eaec7000000000e800000000200002000000035f0e4b651da9a83981f030ac3ec64d1b52d21c1b855dec972c9f1226d9a44612000000060f231c18136daf7754d6fb77aa36cd1f4af92f5a94b74d4dd5a4b920356013940000000c784f525d6d2a51098559e056facf7248f8aba12a34d3f4d52bc36e6504f253e98826e741a3011ea5043daebbff0021ce1d7ad7c19f77c0987f2179e36fe963c iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0491c931d1adb01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434620951" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2272 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2272 iexplore.exe 2272 iexplore.exe 2004 IEXPLORE.EXE 2004 IEXPLORE.EXE 2004 IEXPLORE.EXE 2004 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2272 wrote to memory of 2004 2272 iexplore.exe 30 PID 2272 wrote to memory of 2004 2272 iexplore.exe 30 PID 2272 wrote to memory of 2004 2272 iexplore.exe 30 PID 2272 wrote to memory of 2004 2272 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\27989190cfa56fcf11dbba03b9e9f21c_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2272 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2272 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2004
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53a4a86cb9dee5c191a29ae29c68d70d2
SHA1cd71a8a4eed882deb7bd333040e92b93194fdce7
SHA2562b2840ea91840553a2381dfefad6903f7bc76c0dd4b758918e7802679dacd46a
SHA51255181d95aa9c47765928a35d0339576bf464251fde227e596e86057d486dafec4eb25334f43e21a2237f3eba7490acc9ea2c75c806a2d2a81daad5674bd86019
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59ffb6d057003f189876b6d519a1a870d
SHA17dbb7571e3a690b530c86c88cbd58264cc21952a
SHA25674d6d06f23efa7a723ac27ce591ea63de8eb74600a93f4f9421dc3b7f97c036f
SHA512bca24d97faf00aa4802dd1ef645d0768911d3441f89c0f1c5152733340487deaaea966055addc5dde19187ea90d518d31309ff39ca7750a013ec762648c65697
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5584baabc304c00ced088574623d08510
SHA133fad2b912cc11f19de31693ce532f32854228d2
SHA2566ed0fd64d02edbf6bb24caf6cd764e976b90051298eb422762f7fa1ec79911ff
SHA512a1786c37f324ebd2870bced072e85f5133d79ceff0b7a2daa40778d6eb5e3a7d428d1692ed88881c4e990715aa9444b89575817dde716fc16695797a8ca86e4d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5aa776280dc21e1ebf0525b083a622130
SHA15625afb4dcc5061052fc5407901161158cadcdc4
SHA256286f686b2c89eee5c674a38f30183f511753d332a4746fcdca2e008a5a2e3fbd
SHA512d48a73b87d21213dcf4ecf48ebb2478c3c29a1f23fe88fe18be95cf23948a9428acb43e3e5bffebfc51f18edf2a33f15926c83b123d5fe32086863e8ef1d2bbc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cbc6c1f6eaa0841cd3c201b569cc3d61
SHA125885e2cfd5f5f2b14b8ec03b0eebc5e7289ca2e
SHA256b12e32f7a3a3b09c407c991a2f43b95a7ac6d110e1336b69e083f72b24468184
SHA512e5f341ad570573a9aa6d0099f482ec0ee2c8ad5a9682b74541d56d1356bd1bc4f2b32f7c327174ee8e26de996bf6935939d4efd591cb0c39be37bad90d0638b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD549c012d7e27ee7601bc71da62397ba80
SHA1eed9e29636cb5b850be4da193999741a03eeaa00
SHA2567cf04309bd8cac68989e3874cc8deeb7a7960c2253ab128ecb9f98473f51c69a
SHA5128796a36d9dea4c39d0aa7138a723b29f2d630454237114e629325b67a0873d76fc9e2ee60a34c564aed65ad4e295a4bcb056f46f0df2148eccfb1df7e7ea2e82
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD591d1bc154c8aed00b4c4975e65d97ef0
SHA1f24532f1d71ffebea42ead363e88c982f6f91a43
SHA2562caecaf835475f19d05931f80238841358cc927148d07f80ec46fca3157be358
SHA5128c0b82ca802b195f4b718ce5232d4e2d1ad8f1935632409e752ead654d909b8924faa0088550c075113e054b2c3e1a6e7649c348ab9404884896591c60224883
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54aecc20e0c5b9b28b8e03a46d627716e
SHA1de193fef12b0fd6be8a21ad2e3ce29fa9aa54486
SHA256538debdf8835f5e1efe00e528e0d8821f5e5e7a7b14316bffda9391c3c8ec32e
SHA51235e658aad2f699055ac562c81d457ddbae014d10ac829972745d38978f8989ae446746052045a8821987b312a4236b88eeca0a3c34f9405f7bbf00ab26f998b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5736638b047f6b8e0f2b86e4d2d03b0b2
SHA18f9cb97d94d01df81bd596aa5fb7a6291e4929b3
SHA2567fd901423a66d4d8d3780e3eeec18d72e3fe33bd144cb2aee12e4efd527c27f6
SHA5125b90b89e8ee4cdafecdba4e468e03b937867fe0344529a1756597c786797322afc8a2606cf0cdc5a5f50dd0a4ed4c177503e193424a9f852f9e497007f497317
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD549f176ef6aa62c38c8f5f6bd2bf5eb6e
SHA12b60a1aef2276d92846b895219215b46ccdc70a0
SHA2562d1ccf56ca182e4fd9e8a1a555975b9ae58a8e0455305bb9ae825b37a052a8d6
SHA5125fb763babe572aeb0b106fe1d8c282320b1a3c578568fd69b523ef3daa036be710162e9517ac1848ede43640b82edf2c75eaff747e2c745b16eb17d15e9d8ce7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a68dd11e2565455f16ae5b09641c4639
SHA1001a60819d681a7063389ed5a17aca3352bc6bc4
SHA2565bcfddaa802f4c6800e7c2b1874d3867888a2654d0da171048c09ac08f09ffcf
SHA512e500e30631ef58930d704719beff916b57c3524c8819b73aca4971532f9b332a43a1c09a924bec44b20eb758bead8d90d51eb205927f540a775d932b51270ffd
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b