Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
12-10-2024 19:41
Static task
static1
Behavioral task
behavioral1
Sample
3bbf6fc95c2a2d40b65f232a9e1beb64_JaffaCakes118.html
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
3bbf6fc95c2a2d40b65f232a9e1beb64_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
3bbf6fc95c2a2d40b65f232a9e1beb64_JaffaCakes118.html
-
Size
25KB
-
MD5
3bbf6fc95c2a2d40b65f232a9e1beb64
-
SHA1
834b7566c4c20174c2a867e3ea87820a98e3dd48
-
SHA256
eb5d68bb6fdaef182e1511aa5a3aa7a5aa336223911e380f263ae9f0dfad8578
-
SHA512
4142ae47f10f6aab3ed4d8305813145d01e30bac761984db2c9f56b42e43a812a3064d3c4c4a653952632b805a5c22c1d687453fe92d5aadd8a7d3eb024109c2
-
SSDEEP
192:NoHoRlwb5nwnQjLntQ/kBnQiemn3nQOkrntehnQTbnYnQJMCcAGpdEAwuXMOnFnC:mHo3aQ/0KWro
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FBBD91F1-88D1-11EF-AAD8-6AD5CEAA988B} = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000672b7deb5c1e99c450fb438c2aee9110c9ad22143af1d6bbf8e3e7ac18ab7717000000000e8000000002000020000000ebde0551e72853605ef30cd929a239d5f9423d12b9cbfff80fc85e423abf564c20000000351c9d3271d2f78d0dd8237f81362c611bca2eb1c35492714355c616d373b24a40000000763980c48a1d1d31679da3e26015f832769324d04edc1bac28c62f8a51bf6638150234766ecf6c58af043763620075a6e309e0448982fe4461c844799a41ceba iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f00ef5e2de1cdb01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "434923962" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000c7c5800334843f68e446b7df9459fee2a57234a3905e0a8547ce778b08ed4dc5000000000e80000000020000200000005218abb41e65c7297286253830c5a4be63a618a5a2e56e1667a6396ea5da52ef90000000c370f19b8f16ccb0749700f0e706c73075d2251b47a5d511d27a8b2ef97130a484a53d1b325bbfd3867f024a21dcec4d72a2310aa45e46441665da1804f370b0b51396ad9e0a949b6c416a5bbf4b92ccba7445dc80552354da7b4504053e08114cbbdf6c3efce394f1e3680b3ba3f6ea4a3dc0fd865903ccc779b7b7859baf4d9fa7b250c0b2450f8a994766c4075b0740000000c955388d4df19a6193f3d3dfab73bc53344b35356a8701f0c13054c07668e4a2f6182541fb90b6bd8a8bebf5c212e828d359070f64e26344f725f684517fd380 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2596 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2596 iexplore.exe 2596 iexplore.exe 2956 IEXPLORE.EXE 2956 IEXPLORE.EXE 2956 IEXPLORE.EXE 2956 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2596 wrote to memory of 2956 2596 iexplore.exe 29 PID 2596 wrote to memory of 2956 2596 iexplore.exe 29 PID 2596 wrote to memory of 2956 2596 iexplore.exe 29 PID 2596 wrote to memory of 2956 2596 iexplore.exe 29
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\3bbf6fc95c2a2d40b65f232a9e1beb64_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2596 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2956
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD577879ad4637fd5de588bd11f068f16b9
SHA1d7bcf31556423981cb34b678e4cba02b26fbb693
SHA2561f485a866e4d35b06578bf82e855e47c2188dc0c48befc452d4a768353ee5e66
SHA512189f0ded2ef6825aed0653ae8a7f5cd919cfe01da397942a00d89d69ed17bf835ec0fa5302fc4c23747cd4affe1444b4669f3f2dec33d64230ac5429ec153e39
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5283aa96adc4cca153acca38f7a8ca0c6
SHA180a0fe87015b5e8e78b40b9d58f936ca822438d9
SHA25620cd432c72108b428ded9bd2bdbfd488440c164c1f9e95df976968bf90983ed2
SHA512520d3534ccd514ea2b45e0cf2613e49cd149f25888ec67f05de0a5db9717fa20f7a090bc9997029842db9d069c266cfeb498b8d8a3826d84773a1666db5854fe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD583aa54969cbd3b8bc0a5931c2e6c5690
SHA1d4eec50fc19c246b4e1aed2117a8dd0dbef00a13
SHA256379997268464478760884973e23dd6b0a7dcd6a189010218c7ac1f5f134c7ab2
SHA512cd10a3097399222408dca5d81948b9733e7c398fdbfb10ffda44c6bcba97e3b206aa350576fa75eb0588f7a9635b72b1ba27a89ce9d8d8b1b086ce95804948b8
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59815c9af007c8eaab145ac8ab3238b21
SHA1fdcb2d495fefa4cf92bca6acf4f23e7c349a177c
SHA256c6e3c44d4ea76a995339f832b36c9105901bd4bdeb7ee098597d2637b2322fca
SHA512dfff73dc9ffa68793f1a70f570c95b145cd45b0b7b8c3fdfac36a3196e73b97cbcebac8adbe8c5589ec2a0256cb90782283e33c03b2adad1d0da7cdf7a8f84cf
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f988328ea31d87fcc7349a1238945272
SHA1c157054e8107e31bdd6069546d52107a4be0b6f7
SHA256dfa5826872ee5969745c2118e04e28a937298e8f7c5f1fe84f9f88f19c8eae05
SHA512b076f217664fe0ee526123be1af2fb8cc9831e52f5ac49786dd398dcd89f33046f253468d3775ceb26f335789ec06d980c6ebd79a45f5b26dafe0c1a2ee67489
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD522611806db49c56f95e7208a8061ef79
SHA1498b751a0dcc627f4c6e57950aa99c8c4f583626
SHA256b09a0bba10cd873f01317846d7333102a36816b2641be3f4f375ba55b75b6f28
SHA512a64366f2a5d78129e90df46bd1dde77e24a2999c1a04841a54eee28020c59a0d18c0560accfbcb064dacc56a5fc532e7945fa24f0cd0018d4864d198f96bcf79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD530894c42f1b2b0890db61c85fadc3131
SHA181dba6da2297f401a18c02cadea1213ff1c59e12
SHA256afe66d27d8f38cf423b25174bab5117b7e3d84ff12bcf6286a444b455441147e
SHA512f8e88af461fcab671118a0aee4703272394e13107c88b2dcdf98da6e8ff9f04f8b4902defda8f3a807d54e670a5c7d206688b6c587e022b5868fe6f8b3c40d07
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bb2fdb6edfe55f1443df5eb8ad6ada40
SHA11d17f7f96a378d7be753951587cca979e32ddd62
SHA256d48a4cff9f533325b07f8e875913d87f259a260ae434f9c8f1fba4caaffb05d8
SHA512b41e7e5e0a2f3da40dc49c2a10228e3a3dc27a8fb5768188274602a2a39c68a0309c27070390dc8c85e36c1cbf72a0054b07ba0e0eeeed600c784147fd547520
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50df6eb374b6f823afaa08f91194bad94
SHA17938684e0deb19fa77a88f6b962c1a5f8bbfa072
SHA25617007ddd02ca38242fcd62befc24856f531913f7935ef30acce0f5dd118dbac0
SHA5124b877746b80a28b298dbe14719f788d37970b5f9ca816fbb549ad161adeb3f13e4c2915b4309124eea8ee1dab83571f1660335da93f3c86e8f126dbecfc89590
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54dac93d2cb92d23329ec33116370bfb4
SHA16212afb57c08795ccb338d1ca33e155ce272a066
SHA256218837eb996d337a206a889376ef7daca063dd83504b25c7c441515d95b05d80
SHA512b93302f52c46a292991857721edc53fa48f4b5e260cdd4dc211a376be0124d2bacf9332084d2c87157060cab67d8f40c3fed988120a4a543f4872ad030d429ed
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58949bdf29555ddb6c6b53a14d3e298ae
SHA157db3c5a9acabe8a15625a3b0851857e5b487103
SHA25633741efb95231e9a01e535618cc5b60be3633dbe131248a8250b4097e8370127
SHA512d4af01eb4be76ce13d639e5eaf2e821f571404974d91531b44aa1b6714b005e1de1ace657cd292394a7608a3ac78f176fa5f525351cdc99ff60a0ad56b436885
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD509baa548bc1bbf71ca7544a046fdb538
SHA1f42265aa8494c5bf9f70494a550d60fc28e3ac62
SHA2566fc4ed2343b7a926ab865aae97383f837b55693c429524820a7328f780082f3c
SHA512b595d338a347e0907346c4adb6e7557275836be93d8ca0f7616613e76f0bcb79326f9c7f933d3d7bdbdf587dde62685833ba9939671d2532ebcfcbf232664911
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD541049968d0e5765c39816b6f17daec36
SHA1b0c2475913abb581428369ce5985ba05e58e3693
SHA2569d1d61ad464c5053c25b9b681c7f4c9aed7a1b5e391de31565b014d20f9edeef
SHA512929ea128c562175e664b3a7dfe925be53fb296d5fd1c853209b27561a6caede464a7dbb76aae80b6b52fdbd3176eb4c0960f75cb3ab61af8ad000d27790fe8b5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e81322a16a81efec9433a51950790a70
SHA1be40f199aa55f7d296c81b2032cb4a766bd987b7
SHA256901836985b7ee712f29ef4164b698b8d51c8c0e0108c7328e1a183ee0e8b10a6
SHA51276612473059ffda082d440e8dfeee97772bf0b094af8edafeaef7fd4de38d3d425d90deb9a921f82c3303abc99800d900c5c8049716729e8679a2eb9eaec7f28
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55d757797995034d0d3ce09ffbf14bda9
SHA16206c1c07f922420252bd607df2a02f47077658d
SHA256e638b536cb46c81a5e36eba304a49f8e494d4515ba51136d66f5409bb04d206a
SHA5123f96f77a46b0944f91e99b261976aa3e62283cc8570e7ad76aca160b0a1aed364c391d0547ae036639ad3f07f6e561e8dba35f5911851a2e6063faa7b5b9c099
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57af40535392de546cb20ba68592a3607
SHA105ac7006b8fc40ac24d10f730ad69a02f497852f
SHA256a1a26875cec1d457a864b567a6cd81f642ae3e183ded54670f55196fd21e5ff1
SHA5124ff3451e126f2310c8c4737e090ff509ef24ec79d171c47a1cc3067b6be2a5f69a2cc0aa4805e446ec0c0dcf59f3105b26b79bdf7354403717336bf98aad93f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD532502c6544caf78705dd143c5cbde972
SHA1646e13e21cae788a4a7f08bf5cc0c5296c6a3f59
SHA2561a53cef9bacdc56bb1d5da6dda7c73deea88f21c70c950b1849ff14f60be149e
SHA512ab606430102ddf572b09c70e4e266ea4d3a3b102ccd240d21f5fe01112c23643a792a8942331d6068f60007c1218c30ca24022136dd4662e23d93843d61b9ac9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD587b5331933993ee8f6df6e1563262413
SHA1af6780cad31a7ca4231902ef16e0101428142217
SHA25687662311c63a4e24e4b13504905eca8e6af70448fb5779cf1c6554306ccd0ab3
SHA5122511213225639712c14fa7206a99f39d33c00abea67321f5d6b1d5186bab28ab89939d3da538d7490a1148a8ac44b12a0f1f0abc9cf42a2445dbcf795798cdbf
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b