Analysis
-
max time kernel
0s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
18-12-2024 07:01
Static task
static1
Behavioral task
behavioral1
Sample
fa8e5bc4ffd88f418c2127bb17b9de46_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
fa8e5bc4ffd88f418c2127bb17b9de46_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
fa8e5bc4ffd88f418c2127bb17b9de46_JaffaCakes118.html
-
Size
156KB
-
MD5
fa8e5bc4ffd88f418c2127bb17b9de46
-
SHA1
e3ea5f1db9a120a7a8279c7e747e95b65159a354
-
SHA256
9d6e57af535e5800042701a6c539398f7a05c5c626970535ce423b81ef428c05
-
SHA512
118d9e812665aac6bc0120495fbe5061ed6c69621704b6fafe890004ff63655e9b26b416629bd58291bc8dc92156fbfce43c55f51a7031e90f6ff6555de9aa6f
-
SSDEEP
3072:iOq1BQbrkcBDgFYhx2Ww8JHtqbUOUiBUCjUO7AxmK49ZjyfkMY+BES09JXAnyrZ0:iOq1BQbAcBDgFYhx2Ww8JHtqbUOUiBUb
Malware Config
Signatures
-
Ramnit family
-
resource yara_rule behavioral1/files/0x00070000000194fc-430.dat upx behavioral1/memory/800-449-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/800-448-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2300-446-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2300-437-0x0000000000400000-0x000000000042E000-memory.dmp upx behavioral1/memory/2300-434-0x0000000000400000-0x000000000042E000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E7D88531-BD0D-11EF-B25F-FE6EB537C9A6} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2348 iexplore.exe 2348 iexplore.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2348 wrote to memory of 2288 2348 iexplore.exe 30 PID 2348 wrote to memory of 2288 2348 iexplore.exe 30 PID 2348 wrote to memory of 2288 2348 iexplore.exe 30 PID 2348 wrote to memory of 2288 2348 iexplore.exe 30
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fa8e5bc4ffd88f418c2127bb17b9de46_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
PID:2288 -
C:\Users\Admin\AppData\Local\Temp\svchost.exe"C:\Users\Admin\AppData\Local\Temp\svchost.exe"3⤵PID:2300
-
C:\Program Files (x86)\Microsoft\DesktopLayer.exe"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"4⤵PID:800
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵PID:1984
-
-
-
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2348 CREDAT:209940 /prefetch:22⤵PID:2228
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54b2c81766a821abf37ece7de1fddd438
SHA1a816dda8094e4cbb4c4cf6d856809b768cc29bf8
SHA256788abf4c8559b152ef0679caaf8f204315ff3171406224886ac7794a591a7a9f
SHA512e8209355473c4504bfb7e63912fceb490d484bdc815173fae1831e37934760b1f72d0f423ce0d41f333521e15e30f2ece00c73eed0feb00e058348e474aa98b0
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e02a32062938bf93aa5db8f22deef9a4
SHA18fe2109d37c0f68186f9ea8200f10279c3379fb6
SHA256ccbcce35d595dd3c4873fd1bb75989e41ce66b96c1d6cb14ba039c62ed432f28
SHA5122f5c90976bd7b79b3bfc6b468ca67caa51dc2280bb363a5f70ea6288de56d2fae5c249449632041538553db0d0133d1c02ec1606d3e2743b3102c74c568f7eaa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD587bdcb107a6ed074754f3c1d5479b56d
SHA1b9b230a7bba5eac38d1e98eca31282ede3da27ef
SHA256a0fa3f8d376fe102ba9e4e1fd864485c1856ae22e1122d3028c1b3efa32eeb04
SHA512261ee2847991f13add5e94bd9f6ca80b480d544e434a07d56815b57a56b6e245b60fdfb9ce88bef7e505f32694293bdbce130b8e643c10f19721de7b9cfb7203
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5846735001d2eb311f539aadc5af74196
SHA174bcf7ac3df974b9ae79066c239a39afccabf980
SHA2561517d87ee273911fd421c0e0f7f1f9264bfc6fad3deae7bce0ccb923b5ad5db4
SHA5121b8b8631535e264c0f952e85faf5b21f8f4b090b4abc837069c604fcfd63c6abb71459edb51028cdfa27bc379a583bdd5d7d07d1377325d8add2b2cd91207b15
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5a3b6a42238e5d381f314d84e69b54a3f
SHA11a27437720f384dc6009a7e0554bd03f273b0ae9
SHA256c5807e7522a0fad1984cf2b4e78f43b19aacaf8a82586e10235d6c490d87f5be
SHA512030bf0f1fe22e5583c517aba0ce6c74218bae5e80aec1e762fba82f8d36dac9d1424667eb5f898960703f69bc597002f7a461f68cb7bc61700b42799db5a0cd6
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD55841cb1bf0e918e3c141ec8534a37721
SHA198833d03d9099c1ac019c1884f6f8feeda3d2d79
SHA256555055e10873f78e3dc0eda986a3774835500fdaa8b1ab5bd6afe54630f962f3
SHA512766de2ff5e5f6604b7e209f7755decb715c288cdb83317a701acb89cf26f6539396da6415184a38fe256d5c86853dc2fa2d2ba504dfbec6b3af76b769d050a42
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD571915826d2a4a0fbab49d48bb601388d
SHA1a02d1b694b4e376fb9669578fa8f36d2b72ccd80
SHA25667915cbc1c90502bb2742aedf96b370e37845760c551e69d53b09a905b11e8c9
SHA5124b1f40d408ef3932b00814658b3f4ff1ee622cf3d3d611b7b988bda3dacb50ab8c208ab17163eefee8ccd668d40c004612068d074efd8990a6a2564cea5d5b86
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD52836636488511cbacea7cb5756769e50
SHA1af5f7bd330c3bd837fec81df00957e029d15b7f5
SHA25696ce81e814e4b39d8cae3f6a728da5e5bf2510b7cb614fddaa5c7e03699c77a8
SHA512dc7f99e613eb6119cfcc0684290af78d12b0f1e13201e5049df17bb27db2d0ec6b781b36708b9605fe5578ff6618d77466252849eb7aad1a33242481ffd62250
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD58f4732c804864f8192bf51432e08da1d
SHA1112346683b79564476049803376064c113ad8ec8
SHA2562ba4d19174c583ff3d2757c6005657d0ae150e4bc7c08a90110a09b6b652aac0
SHA512e4aee5ef529e36e22ad9e2c03768a1c201037ca433fdc65521b465cb2772c44d640a35fd6a15f32c09ca9ad204a5eac8a5d6c7ba980d4284b8f8cec9078fa562
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c99341a44b593d05ca1b5da958295e4d
SHA179603c19b998d863056b364b61ba9d17eb2b8a55
SHA2564d64ddb3282a2a7d94bf9d0501aec34b183b48a9e7beaec65f7fec2d351da2e9
SHA51289ace80d97562a2992ab07b0d901d3a63af2797f6d3e227651cdeb69a585f61398fa708d01bb46ae2f5cd8628393e9079b0b015198360dc6f2a47c8a4f98f800
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD511b6336dad427bfa6ee93781bcdf3f23
SHA1f6e99365914a61c44e3a643a5b4b13aee964932a
SHA256fcc0cd2d4ec6af94de952a7e077e16701f863bc0b5eebf7b1f1480a5dde91c15
SHA512632fed418c7228401aaa9f11db2e8c2a07a73a76555a5afe3449b165dc3518a5ab50afb064bc9b12f0a38c6948dafc24a1fef15bb5a6993a7481ee55f54d491e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c1e86f34b3e6cc3f4d8705ee89cbae87
SHA14465a6b4f3b2b54dd2988f0f233674ff3afaaafe
SHA256e68fb78c057f606be7a3fcd0e3520f6e73d8763e6c30f2c37afb22a5dc504b68
SHA51252090f065c207e1d330948302f36cfaabf3c3826bd44bcf2042587952e266fb839041cc0a40d13f34fb8aeca2d04d63a7a9d898d6e949a32c6d93cc64d0fff42
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD556e987f5fb287ea16a37da9b4da06967
SHA1229afc3d1467358d4a7e637ec150d02bd439c327
SHA256298b956a6b17455102ce0db485fbc9ce9a0f0123615d22b6882deca63eb8a9a1
SHA512b043c2d210e220cdeb7ed4c09d049185655438536c2b8d795e39896233f205d31c3d71c656245def7e5c27cffd74cafdb83412fe7d1c6ac5d17c0d3e007313cb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50abf98695f901379883925cbd811ae88
SHA144892e14b6240688bad74e9fd4ebd2657fcb1bb2
SHA256ce624f13a1782cb9b748f00f827611fa843467be4330a9e798582b36d498f2e1
SHA5129949e69b4c3be71a35d68aba461e0c68f83ec5dcbcd3e0f0ac091b3cb60d57ec19915fa06bbea47a4a145486199598d365ce157dc41eef8ba3bd64e2dc2e3d7f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e1ef2bc78134f20d6b880c7222c1ed72
SHA1e54f03f2b6f55a3ac1aa5e370a38a3e84ba40498
SHA256c14c5e5cc10643eea8f2dd3eaad76d46d9b49c44c3f825b9011bf485bb82fdf0
SHA512f53bc05b8a5137fde7f6172b9db29caba502d7b09e969f13a2b312eae4e1962910706a563a5f5eb869b452c8bb65f83d633ab4823c219732e15f6d3bb211adaa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD506105cd5e054a92bb861bc851d4e1d2a
SHA140954641536be4445607d31fbda3fbe8b10b97cc
SHA2565535aa4cc3d719f478213277cb71f53185031eb6bcb8c72da9911d7e2bfbc80f
SHA512712e9ad79079477f4a92919333bb1e1f5b23ac94025994172c362880ca037f15fbbb7c35f74796cf794cf78e49355e1304ef0310eb1a821c4a8c6aaf6255e466
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51fb9274d1f53453236e6febf79470531
SHA143442cacd3a9d63dc1443421cc721af5de35117c
SHA256276beeb88dafd04890033ef3ad63474261cff745c5b4f6ac1d47a3eb451b61c3
SHA512ada40ec16d1f81bd769f871d63564c9e1a7e2fd2aa97d04e4060b3dfdc66825bb1165854c3f62a9e0124e1b5bda75ab7fcda70e6974dffca38899249216b5ae3
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59083fdb702d06a2832bed4d4b3b87e31
SHA113d4979e997afcd105d90d0cc077fed5cf0c342f
SHA256b13788482720a13065d204a00fbb240708a6ef26ab0779bbd09b783399cfa535
SHA5121478b29edeba15c00a1c540adc77c6a5d6d265a1a01d04f3f4c59dc4dd28fbc026e43ea9766b9f52815ad50a5b986b6a573ac6f4f18413276543c7c670f56334
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5e76b841675a945ccf291b6acf5fd6943
SHA1acbe7ce7fba274707a7d90d4a5e66e4d7706150a
SHA25621fa78dfbea40ed8728fe9a14a9ee54ee03fc969bc5a9bca4dc292ee0b968bed
SHA512de0ac6779bbf46754715aae2108420b81611c847bbad8ec4318e600a7cc42401eb5b925dff2e645951f00c679407fdca7745f74eb7c0bf05c775ab2db1bbf288
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
55KB
MD5ff5e1f27193ce51eec318714ef038bef
SHA1b4fa74a6f4dab3a7ba702b6c8c129f889db32ca6
SHA256fd6c69c345f1e32924f0a5bb7393e191b393a78d58e2c6413b03ced7482f2320
SHA512c9d654ead35f40eea484a3dc5b5d0a44294b9e7b41a9bacdafdd463d3de9daa2a43237a5f113f6a9c8ea5e1366823fd3d83da18cd8197aa69a55e9f345512a7a