Analysis
-
max time kernel
135s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
26-11-2024 22:19
Static task
static1
Behavioral task
behavioral1
Sample
a4694029d2117ca5fb2cef94476a0629_JaffaCakes118.html
Resource
win7-20240903-en
General
-
Target
a4694029d2117ca5fb2cef94476a0629_JaffaCakes118.html
-
Size
4KB
-
MD5
a4694029d2117ca5fb2cef94476a0629
-
SHA1
1f4f16d42dbb840ed2ac0f9e8cc2e86e2a217858
-
SHA256
5e8c82c60d115a43a4acbce9f06c50edbe34cf5452cc439c929dd946786c8197
-
SHA512
2c44f75c424129da170f06de52a7565c403c71bf484b8c7a7282c9ba5af47aa37eb0cdd6552489375a718528b7d3ff5c2cdeeebd0241802d490dc03ec1736608
-
SSDEEP
48:t8MELTua+KyvLOJZavtqdJuZaO7D3qQk6kkmkTTi1Nakpn/bC1gZy:/EGIKLO2tqdJuZaoD3qM852T
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd3000000000200000000001066000000010000200000002c21a28724bfb91a6a2a3c80b038ea72d59a77887d04302189cf7a3eee399393000000000e8000000002000020000000c37d42d4e0e02984b927a523a8a2abbffb22b9b0a8ce97e2d0930844ab146313200000006b90d2fa91ee0eb95cb14effc05f95c4e47cca146978e91a33ffd6f0e18e3bda400000009415283bad43eeb1180af412ca3061dece88da83e6f3b288aee8bfd2df8579fa3ef8deedf544bcfd30c7714ff55874607b66ef356c4e20c80616bddacb130699 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{882403F1-AC44-11EF-94CC-EE9D5ADBD8E3} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000953bd8210872ea40aad5946cc0771cd300000000020000000000106600000001000020000000da2a783fd3c33d415ee0983b9839eb30fd5f1e4342fcfa3fdf3aa49a7b889128000000000e8000000002000020000000478b3131d8d032a21dc7405560e853b95c4e53cb4073c9fdaec6fb9091c9897e90000000bef25e2ca824ab0a5e45e9e4f000064bd117242c736cb2db47770a52ef2bea072321190c1fe7c359407fca7eeae179a2a1c9b94b1421919800ecae87e4787d0be17242ea29fd87f8976d474db666b8ae3eb1ad3712e05349eb0a3854b8be3cfc02dd6914b397fd79d868cfbaefafe4c80b002b225942b5fcb20477d1bea328361cfa6bea4735f3a4351f8a85268b0ab840000000b6a9ce0bf5fa0ea59e6600bc9d11c3b564c0756cc6e9095f80897c3f97cc38d2b6fae08d4497498d1742d407d2bec994fef522338f34795c2e17397e2b72678d iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "438821450" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 807b415e5140db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2056 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2056 iexplore.exe 2056 iexplore.exe 2404 IEXPLORE.EXE 2404 IEXPLORE.EXE 2404 IEXPLORE.EXE 2404 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2056 wrote to memory of 2404 2056 iexplore.exe 30 PID 2056 wrote to memory of 2404 2056 iexplore.exe 30 PID 2056 wrote to memory of 2404 2056 iexplore.exe 30 PID 2056 wrote to memory of 2404 2056 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4694029d2117ca5fb2cef94476a0629_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2404
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD529c872a8421b65fe4644ec75ad99b4da
SHA1371434273d1021d84864e6a2fe396b4bf26e07b3
SHA256f0c154c926c07fac8b38951302561e766542d210ab90fb2b447b491241d54ef4
SHA51270713a8a8f099ab5bd2b603255628e600ee41b49513a19e72f5adf5cb91b71ad1e83ba17d3455792d9def909724bce396f70fc45fce7b3342427e072186eb6b4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e2283a317389bab42954921de73503f9
SHA1a890b0f53e5e744ec3f4029ce4f96b120502411c
SHA2565251561e53803b3e337cf3f62699da7d53ce99d9e968e0082a9b0f62bc4ca342
SHA51274e6cd1cc41a277be0eb9ec1d3c2b654c10f0c7e25c47d2a4382c9f765df5403082211939ac81ae56007b0afa252ca1765112c70ee3f51845cbcc709eca1eaba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52a82b970865f1655470afcd7d4f49e7c
SHA1c4bdd1c2ba979650911b9dd5c79282856271819e
SHA256eb851a73d2d8679f75b528df69e1be68bc85ced63ceb06a447c8eb8cbfc0ffe0
SHA512159d89b28ab1eae48950f35e961bbd1d38587978ebe3f17cafa941232fb28a054bda0f1b749344c82c86ca8187e94a21c318c75cc19c104a2348123fc761f63c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d2be5bb011184be1e3d4bc9e0c013e91
SHA1834a13cfd3d5ebd44d20867f32f2b8887118ce55
SHA256a6b15f59d58eb8cd7b0d9b94fd5d69bba96844396f1898678eec750292420a89
SHA51210208743ab44a5a9414a2afbd134126111e1a0c75a9df651e95da3dcba563b2e240b6acd9e1ad34b20041d581f8207724d695589621cb5fb1d8cfe1efb1acbbb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5425e495c1fd26309e9e55f39440768a1
SHA1a327a63b72bde05a859153241daf0260b5fad324
SHA256fc018933201c4ab59a25aceef52cd8b1a9d516f6587eac868a8afc7e855c83a0
SHA51232e25d69f47e31c311faded2941e4a2fcdedaafedd468c76c7c55c62239ece5217ce647d0ebaf2dbaa184cf86fff5187fcd4928068d943c7f86e591042d5b3ce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53448ad44008837116302114bf72130cb
SHA18f65ea3b4f237d2c0b66e8b211d7b4ff065d366a
SHA256aac37b5fa05bc81d1df2fc627151c6856e8cba9d2eea3563fc7bdfd9373241dc
SHA51274f3f1e5a7c9cd02e88d4c78835717aeb396ede5619f806290bda363d6f834cbe0574d95274aae7838e1ac40e9ce923f2332bedf8c731f5fe27a057df76363f5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5152d962f83008aacba73658e4a0f63e3
SHA1217af1e8af585e5bf1fbe9d30a605ebe5ad63da4
SHA256599bc2760181b552b53845f7bfb171b64306d1e2a93858aec2bfd6ed273a076c
SHA512cc9c0a23fc6b3419bf053ab9a29c64af09a2c50ee8482c2069d3469869430a7b3408cbee99120b710c346b43f9a30ee9dbec778a3626e81d3d8847af68f39e77
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5be725e673b39a6844e9907f042be5c4d
SHA13c13724d656225488ecd1bcd4b137944b7bbcea1
SHA25606341099b580368e1affee71c6464bc1fa2e0e75a9adf205a9774a0cafa0a2d6
SHA5122f20dcd4eceb77072b32e96c749d4c8470ac6f4bb2003c5d92f7ecd6960ba41e101f1771d9740f5f274c05b58b8309c3b8f0e77121c0ecca64bee6ee8180d4fb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5736e6d2eadd4cc08c7480b6fd4d97d40
SHA18f4873c3c99593d8f81a60591ce0c77b060f2d04
SHA256e7b25feda248201d26af604253a19e59b3595ced94a1bff9f8324852cac13d10
SHA51213e26db00e4e77b1c18623ad5d2c6a08b338d327fe9cc40bfb2e70cef531ec7e0adaa4b48afd05b7f3d0ba656ed5d5c864d643324de24846627d00e2f65f947d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f1e816cc1b7ab2b76923e37cdf92aa84
SHA16ad479549cd767ea045df09fd02228de1fb14430
SHA2569dac8c53ea223be5b80e2b5255b945a4ac5e0c6315933ca6ebf74aca78d93b6b
SHA512dd4df5c9e6533c9dce79ff7718f9743370a9a8241df9ae4f7d2623a67dba2e8e2f72eb20792c5121a9576d58d2f961c097fc9ad83e748ba4da401c9188fa8c15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd25791b64c701b1721edaee319baf13
SHA1b29e3199369ca85b3de753d456269ae88449fa3c
SHA256c88cfe56fc76d80b44c1d573514ab0e1529e926c0102c452e3613fbf3f8230c1
SHA5128d80cfc8ed427fe722439ba06082753e8962cfbe1aaa8ec6342aa61918b2e5c39979f1c7c4f86fd8d273eb39147d83085fb51d92d392d31589bb834540bc2cce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a40fc4376be90dbb9251e136d7f6dd3e
SHA18197988cb22d224e8c06c43b8ae25016e2a8aaf9
SHA25613b900ad93fc0fec6699d6ba4ee09cd765797487ee9fbd442e86d1831c74eac4
SHA5120dd77c9da35b4f109bcedaca4df1a49f511ea0b4544e0ddb3081839e2acbdf47cd47699c842fd30cfb634be789e7b41f8e66f3680329fdae36725a97dedbe804
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD590a5f38502549024036fff2ddbd982ab
SHA1ace710a20d0975e47fa636042b598cc3fd381b54
SHA256ebbdc3bd73539eaba6d9caa9e818c9604b5d964078e99febb24c38b647980e91
SHA51281a5faee05d880a9dc4f019ec53a28d2b3c74b5cbe293ef0c3400704359353bb7034f129d4966a49ab9699ca6f0e1e24c0cda71279c4ab24cc04d71ee5b13654
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f1569e305d1e880e1ddc0f6b4a92467c
SHA12a0fca6a9a7841c9f6af5b69e1cc9b3167a888cb
SHA256b0b7ef8205942f3f03b690c0a6d45d62ee83faf6ebd17e0c465ba416f4eeb490
SHA5129af03b6a07662f70e67651f106c0519b1f43797058670e79d05c49d9f678e5287d273fca7125833bb35beefbcb13db23a5fb1ca251f476317ef634a0f473716a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d5f20b813fe34a1ffeee85e18ac5b834
SHA1b6b9069c02b392866d31fdafe4084f0d704c39c8
SHA256e5aa9197f712351831662df028eedf44f9bacc2ffb23011888f21fa001234150
SHA5120eb88fe2a5cb916b7afd65b388c70352d97914a17dc2355ffbfb78f94889f3cecd9505fab9b04ec340f2818f1381c4d3a00d0391a0592193897c2daee5ddc99c
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b