Analysis
-
max time kernel
141s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
14-10-2024 12:53
Static task
static1
Behavioral task
behavioral1
Sample
4270847970796f70ce628f975f8c4617_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4270847970796f70ce628f975f8c4617_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
4270847970796f70ce628f975f8c4617_JaffaCakes118.html
-
Size
6KB
-
MD5
4270847970796f70ce628f975f8c4617
-
SHA1
c5805ea51c685a169a0b9b07f30ee78d0cd40c3c
-
SHA256
7d91cb0013c59780223fba609448bb79a46898c0b5ee3ee6b3a0864e54f33a9a
-
SHA512
f65969212b3f465ef9fa46021a9125c8486e284d7a61b256957e54a94a9b7d1a53ea3969cb9b14478ed181c1750f8ffc97d81b027c326645ed5479a33f2386ca
-
SSDEEP
96:OEmqrC3QADy8+UeOQlwQ8QIQhBZAOEo7GDAq9jex7SnylnnZlC6TC:gzHyDDREo7hq9jQ7SSnDC6TC
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A1CF7F1-8A2B-11EF-A51B-E61828AB23DD} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000a65de3abe0389cb06d0b276b08342570bc8771555ba438333b53bfad16c85f67000000000e80000000020000200000006c492db31e1ea7e88683812541a6d448e5b4e3d8657d471867c80a5f338511b820000000e01366b8e8c3217ae233be0078b225d406702efb98d858446a810fa5aab687a54000000021318f58f7b91a0901fda5a4779926457c929f233dcae8eb87410c5637b704e4ac7f102dc006b0650b3a7f8ef132c5f0775dd7bcb58092ee7b39eac2a6c16e13 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50b50c1f381edb01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "435072267" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000a8c4e9465eb8f78bd55a5b08d3472f4cde235dc3ec6c2dcd836c37db0cef0669000000000e80000000020000200000006e0167bc28a80033e9fe97789ae03a35ac010a94b6e3333e5f548277de96745390000000f60fd064440baa9a8f4d6714438b4809340a6d7155d74deb4d454be9992d013e33c2277587f14013a21f3b1a6397a9e9dee27090e94bd35c02537c73f3a05b7c431d4fc5eb9fac94d6f5b725a92379c2ffb8e2f1624cb03993c7014d35ec629d21e056611944618869b384f68af5f6ea9e4a24298f7175c5d6aab9c82b6d07920e0ad8e2e7d37a80b709ae6bcec99a75400000003f102aa1eb38416a65c0594b597e929da247b618869835e0595676cede094fb85fbe7b5312c1c00ffdae0aaee34fe05c3e6e161d5705dc3db0cc2f93880130d4 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2684 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2684 iexplore.exe 2684 iexplore.exe 2700 IEXPLORE.EXE 2700 IEXPLORE.EXE 2700 IEXPLORE.EXE 2700 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2684 wrote to memory of 2700 2684 iexplore.exe 31 PID 2684 wrote to memory of 2700 2684 iexplore.exe 31 PID 2684 wrote to memory of 2700 2684 iexplore.exe 31 PID 2684 wrote to memory of 2700 2684 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4270847970796f70ce628f975f8c4617_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2700
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a740ee471baf98d513080b91c9f91494
SHA1e87e2e58ed0730db4226181820e324b002941d29
SHA256a6d7b0ddd18a6f987bc0a3a119a29859582236565f9ebc014c1412a5f66a018e
SHA5120c3e2dc4aa5436a0a0f7102b64cd87804676789ea54237dea553c52a481c140b98064e3d23ba30a9b28b6d1fbe3e5d851ade9faa316972202d74a25a73847d99
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55388b436c13a9d736ed59b0ebab7fe9f
SHA1107fef1af0c559b22c244b0b1081b14918469c04
SHA2562e8fe0fa6e2fc30f74173ef63996c1ba146aae8ac3e43d62eb874092a36dedd6
SHA51249c1b9cbfd573a7fa8db8543a64e7c2cd8f38c0ca9b43f03f69bc1e671dfa3f7f8c3ea89325c53458618130dc81fc2205de44aec0ba11fdea248a36d35099dcb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ec2e9d98f3050ee384f163100a11e129
SHA168f110e2497ca38ed8d281468e09cae5d3e945d9
SHA256ba05f558fb4cf106854981d813744b97fd48080ae313d7f0335a22b45b20e8c7
SHA51269bb57c3c769b4a718a2131dc0475679a7414e764c410bc6087a937e72fd2c62f5fcceeef7715019a8bada853dd79e0bdbd6cb54f09d6ac237650b4c07890a9f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55564392133c72ba7f351e99a833a51cf
SHA139338cf7ae4751da4f192c0f25f24cb62c66bc08
SHA256aad7ad899c55baea903772cc9e338c41d6e3b807f1c911995bf61c3323287790
SHA512698334fbd0029e65ebe09433350d5eb5eebaf95390bb3cf8c0aa10e0c88520e7bda9231fc61aa21798eea0f1675d4399f3f6d7df726f6210cb53e526970dfab7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5b0622f12a93951344bd575917d1108de
SHA13fa135622c66433479e4c4ab78c92324cb1921d6
SHA2565d92365a5d32097483953f8c07d64900a93105dc7d228df23ab466df8da09693
SHA512c201832d641d4069fe2f935d5fc580fe9dc7629cdb4e75d8ed263d18dc681958a978a0fab5d26def0bec29a0e09f69831878336d60e0d1b97ea2514b33d465bc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c5134f19b699c3836f52222c716350ca
SHA1b4ef5cb0d9b3c86ef319e00fa73360dd55dba838
SHA25653f15b68ee58fe5fc6a7cd8b984160f68d663097b4b9c02d6bc2eca3cdba41f8
SHA512413fd62d3b3164f5915db9770f60a599c3ec0f0f3d5a9aa372c1ff072c2b25db01e6de3b96a60d229a8cb704dfb1e534d33d89740e1b993a88ab07d3bb3da421
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD566e845c0d0234c5ff22427e9e2d6bae1
SHA1c0bab525e58c77f4cefd7213ee75d2537484efbb
SHA2561b9db55ce5a8c52d51bc985f89900b8afb3bb5b5f7f199c031de03c048a5b2e3
SHA51260be42ad728e6942dfc345e03537e2b1d91b4888197c5cd543f55a303a76e7799231e28454a39db97fd615d59e77e5c25ee20c4691f83fa8463838032e3f090d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD571d122e51ef71541cb2a3f3a18a5fc8a
SHA1fdad8239ece24fa78178caea99f9e6efc3713832
SHA25642cf458ca1652aa2c7880ecb34dbf367b7e7d831706b5c7c1db9cb23d12f9d36
SHA512234beb546bdf339203df972c335eed0f297b9191ec505589ed787eaa78c5d7931aa0c0dbde04316a4295f1f18471804f0ec59a05b9d7e43a03bc014751978ed6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c4bb3aadef0e879cc45aeedce438232
SHA1c599e10cfa22c33125090a7ab37e326e70ce4ace
SHA2565f78a57d0abd5f567ef30be206eb2d9ab12d94cb25bc2f2e10cbb75875033541
SHA5122d7148a91a7e2fea0d5f559d91dd25f74a80722d90eaa79c274ba6ccc6a72a71aa7f75c1431c679ea2ce7067cffeeba95fe32c1d2e6f911528e1ba6307fde3ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57bc3f51d57b15d84b568de8c96422fb7
SHA1e2f65edfe87115debdd67106b2b4324c9fc3d0a4
SHA25699b0992e17902677cc2b417256afc8a8a70b03a2f679a4c80a4599798f63c86e
SHA512741340d95c1c6c360cde4f53ffd888595dc4178eef5b3c8560ef14c1a0d4837674fb0434977410a405171d4e99c39fbab8988a58eb6df720a781af520320dba6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ef90f0e8d0ff1120a1788b6c93662b9a
SHA12e9eab08b169026161d1a3bc80458c1d2680fd0b
SHA256cf01e99357158c4590c9c594e6c4b14a8dec3d855e46e9d6439c7db7807e6d47
SHA51224acae5a9326d8abc7727af45db770de53611d9618e85441a4ebd7e454be61d475be34589fc94b225ad65d57f644c39de1a3852576b166df6a363dd833256e79
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54fbe869f8b09a5d3692d7aeb315d2559
SHA17a19681f27db8c405ef306d1f81e5e9ce68b78d1
SHA256f7a2c1d5005d941d114a8fa54d66d4265b56526840a260b9423409a31979db65
SHA512c506362011352d32895462e35edcc82bdb3d5e4c56196fa43012a272cfffd82a9e655f489b61da72cac9ade02cd855c197a2a6c85f95e08f5e8f8288aab89ece
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55c8dbe34bc1d9531b61530778d26d16f
SHA1fc73fb0f0f476818dd4a5a29e7197ed9d035c0d4
SHA2564332958cced1a8a1b751acb48bac0420be8ab0bace07fe447ac005f965bf2ba3
SHA512b7f7409e449afd89c49166679f95b0bedec83d301e250df64c4f0fc86ef7da93e172ef14431e0bb12849b5d917ed8a39b6284d1a677c44c813464d1fdaf6fcb2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5bedebc3fad4b8574e615f07adba3b536
SHA1911c01edae1a7c57fbc7a88a7202cfc3f0bc9b4d
SHA256471722d414b5e88e700a81535dd2afa8252c755f8efd3bba5a922fd9cbcd399b
SHA5127b7a37b667b0885c0a7cc48c80fd1f72557f49848705d2b87238366f22c23d86c8dd33e8d0843e0951503eb47da0662f0a53f299ecba434d85d8f212cf817847
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a610529f13e14452dab5d3ace8f57a35
SHA1754b23efc79ce4cfecc2e5aad703dd5a89f62680
SHA25651e3dff7b1caefc61cbcd183371424b0448ac7211b9cdb7fab7c018775da7bed
SHA512fbd17e7c92b3b95c929f8626c9f7e16165ae0f3c693f842e4563ce6093348ab412e63f9651f7535a4e7f937122543ee49c34accc398f634813a16d08f79f5abb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f34ece7534f4a266023765b0008a0edf
SHA1cf309ecf033bb75f18b3113dc34330ed7f509c8a
SHA2569e563f2c6d21a0baafbadab5d4df43513aecc2fcdf31f0fe7fc185b860ef66bd
SHA512a3d887b8866a7f8b800ccfdbf834ae951c523c4b14bcfe6d0e32276e26b6da5f5df94ae7d46b220c0ca5b7b98b97baa9576206263e420bc39faaf119859dc45e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5cc8b267738b850e54b7307dca8ef50a6
SHA100040ba7e5e8a95dc8d4ab0c0d57f76c2724b5a5
SHA256455ea5fed0af5751325902695db15be67f91fdb2c16faa9eeadd56240c651492
SHA512268bb83fe08ae7bc7087f79b9c2a36a608b4c92f9c4401fa3e6c1d17bf221655975e45c175a25ff188a21eeea8662959698d698bddc1c8a0d5db0d5573f4d1c7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e36bd746c58f02e9310967994e8a3503
SHA1a8da7a46831230ce981161b2d0b7ab996c292686
SHA25659b2dfa4dd595f5b4d2ffda1c5eee58c93af5b566ab728867bd97c60e424ace6
SHA512c088c685e4fc60dad81ad521c3ae5c10d90685a0525ca7a2131eb1a00c3c9c647da6f4d388524b8baa3327c5e9fe84c13213d82118e23e039ef8efd92f0f1fec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5476108a9f8082934d8f0fec0412c4540
SHA171352c521f0744fe7f89a57728a0b61a7f7d5a10
SHA2564b166bfcabfc656b9c4c7ba5fa23c8c3d5c7b54eae6d5f9ff6ded5ef4f086bd5
SHA512357574133675561baaaf3fabe47a948d5c1c8eda660bc82c2476bc341965fcaf1361d8e837c8ba2b442a7cdbc29471186cf7fbd654e29247faba99d860c1c943
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b