Overview
overview
10Static
static
10JaffaCakes...6d.zip
windows7-x64
1JaffaCakes...6d.zip
windows10-2004-x64
108751be484...2d.dll
windows7-x64
1008751be484...2d.dll
windows10-2004-x64
100a9f79abd4...51.exe
windows7-x64
30a9f79abd4...51.exe
windows10-2004-x64
30di3x.exe
windows7-x64
100di3x.exe
windows10-2004-x64
10104.248.22...A.html
windows7-x64
3104.248.22...A.html
windows10-2004-x64
3104.248.22...d.html
windows7-x64
3104.248.22...d.html
windows10-2004-x64
3104.248.22...r.html
windows7-x64
3104.248.22...r.html
windows10-2004-x64
3104.248.22...g.html
windows7-x64
3104.248.22...g.html
windows10-2004-x64
3104.248.22...9.html
windows7-x64
3104.248.22...9.html
windows10-2004-x64
3104.248.22...ain.js
windows7-x64
3104.248.22...ain.js
windows10-2004-x64
311.html
windows7-x64
311.html
windows10-2004-x64
312.html
windows7-x64
912.html
windows10-2004-x64
34a30275f14...ab.dll
windows7-x64
104a30275f14...ab.dll
windows10-2004-x64
102019-09-02...10.exe
windows7-x64
102019-09-02...10.exe
windows10-2004-x64
102c01b00772...eb.exe
windows7-x64
102c01b00772...eb.exe
windows10-2004-x64
731.exe
windows7-x64
1031.exe
windows10-2004-x64
10Analysis
-
max time kernel
118s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24-12-2024 16:52
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_4abc4e174beea2d801bab1f52a202a1adcdc372443e25a2f1875b90f112ff56d.zip
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
JaffaCakes118_4abc4e174beea2d801bab1f52a202a1adcdc372443e25a2f1875b90f112ff56d.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
0a9f79abd48b95544d7e2b6658637d1eb23067a94e10bf06d05c9ecc73cf4b51.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
0di3x.exe
Resource
win7-20241023-en
Behavioral task
behavioral8
Sample
0di3x.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
104.248.221.3/systemerror-ie-edge/_data_image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAMA/xhBQAA.html
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
104.248.221.3/systemerror-ie-edge/_data_image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIAAAACACAMA/xhBQAA.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
104.248.221.3/systemerror-ie-edge/dsffddfdfdsawqwq22121sdsd.html
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
104.248.221.3/systemerror-ie-edge/dsffddfdfdsawqwq22121sdsd.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
104.248.221.3/systemerror-ie-edge/img/blur.html
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
104.248.221.3/systemerror-ie-edge/img/blur.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
104.248.221.3/systemerror-ie-edge/img/headshot-bg.html
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
104.248.221.3/systemerror-ie-edge/img/headshot-bg.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
104.248.221.3/systemerror-ie-edge/indexe2c9.html
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
104.248.221.3/systemerror-ie-edge/indexe2c9.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
104.248.221.3/systemerror-ie-edge/js/main.js
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
104.248.221.3/systemerror-ie-edge/js/main.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
11.html
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
11.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
12.html
Resource
win7-20241023-en
Behavioral task
behavioral24
Sample
12.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
4a30275f14f80c6e11d5a253d7d004eda98651010e0aa47f744cf4105d1676ab.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
4a30275f14f80c6e11d5a253d7d004eda98651010e0aa47f744cf4105d1676ab.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
2019-09-02_22-41-10.exe
Resource
win7-20241010-en
Behavioral task
behavioral28
Sample
2019-09-02_22-41-10.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
2c01b007729230c415420ad641ad92eb.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
2c01b007729230c415420ad641ad92eb.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
31.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
31.exe
Resource
win10v2004-20241007-en
General
-
Target
11.html
-
Size
7KB
-
MD5
ad4a9397a513760d6b7b7c95949a0421
-
SHA1
d6284164627c386d2a2a2577c4e94cd22ba9fcf7
-
SHA256
31ee9a4d7bedce33c62b7bb5cca7551813ff7fd9c486293f749a58f4486f0300
-
SHA512
d49b4ee6eee88e2d0f81ca03871cd38e482aa26dec4016359237b0a71b297721e068047abefe09f714ddb77f4b63fcca88de80cfc4f27c0d94faf26158bc2cb0
-
SSDEEP
192:zzbRccMfnoFoj6FQjHRiO7hp/iL7z6/Jz0fuz55555555555555555555555555b:DRcNfZ/na7z6hz0fuz5555555555555V
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441221237" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F7D8CE41-C217-11EF-8587-EAF82BEC9AF0} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2504 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2504 iexplore.exe 2504 iexplore.exe 1704 IEXPLORE.EXE 1704 IEXPLORE.EXE 1704 IEXPLORE.EXE 1704 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2504 wrote to memory of 1704 2504 iexplore.exe 31 PID 2504 wrote to memory of 1704 2504 iexplore.exe 31 PID 2504 wrote to memory of 1704 2504 iexplore.exe 31 PID 2504 wrote to memory of 1704 2504 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\11.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1704
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d2155932f00ee615dbe5fa98e30f4fb4
SHA1f9a8cb3d1d43c070a3e574463388037a102fbb13
SHA256fd34473019e2823574e392f1e8b1c103583d9dfbe0f6ef2f51f752003d68c79d
SHA51283e0428c5ea512af40c1d45489cd792fbf967c01326f8d019ac7d0dbf93354bc7996658e33ef1999d8cf32010a19e29ca65f3eb2cd0ceb21215331d49feecce9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD53ad9227758e92119aab9584323828cfe
SHA1d0b231f3ca328fcbe9cdb86c346d64684a1ce2cc
SHA256a6665b6f0ab9a2be2ddc89b81cc2cfe6c0be5678e25d8cf511310d1ebbaf4080
SHA512642a7c26ce1e50aab3717187f7c67ffbe46742ba33527ee53eddac8906c40f2bbe0eda2678d787652e268f147e8ba9e747925d0393d59fa1fac5eb1d70e82379
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5175207bc1ae239e0ba12ccf6ad87ad64
SHA1448ba52ebd0919948b629d05ed05ed986a97458e
SHA25648a3ee4710fe7f8d7c1514b6c7eef8920a1d08cde0daf847b200d2c5bf7cfac6
SHA5123ebdc11cae1bfd3fc7d1f2582707cb052949e29f049974348db9b22ec64c87637c1b1e2edf9636e16a08cc6ae76a8661e9112eb70c1d6ea53407a6a12e74689d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5009d87778abeb07115aa82c99ad112b2
SHA1fde1342a057c3b79c9301be491a765fc97414392
SHA256381208d063b300a3e5cdf48b5c1dac9aabd14b0e0b4c5bfa79f7f01295b66209
SHA512d85bfec9cd22d1ae121d305d0d144c0105026703168a38940841802b2b3bd57c10a70c6ca2a668b459bcfb730928aa0f62e47333872ca63828483805ff11ec49
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD59b75e178bf93e0881a6ccd5916756f52
SHA1fe50cb64fbc073b950fe6cf85be01be487a784cc
SHA256710c004de069e22cab1f44b81cb1aa16ccf9d4899d10ebc9f4e2b4e473054d84
SHA51267855debf8da8de78b2d8ab78e478cf73961683209aa5ac78810e10a01a6b0bc08c386db713fdcf02749d916979b5f8ad08d3bbb80dd14b1db27391cdd3e45ae
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f205b9a66452709241e19746ba1b0d3
SHA14bdd1391478357b4dfcb7bab9f25cbeee2677106
SHA256065d99225e1340d9e21d89511bcd1064b2277f9fa51a8f9fe759d9f01cb1d2f2
SHA51283cefeeb58ae02aa17a932366f211b05ea912441e668ce570413ef49e55afed7231e1a2e81f40f763089ec1595324d99551960f34e5e2744818be1eb682eb62c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57c9a3da60ea388978f7da728d5004ffa
SHA1dcbca29d742545ec9287520b6466af7a9ecee742
SHA256090bf2ecc12e4c278e7f554525d70c69b5be539b227be179ebf2f24bc70f9ce6
SHA5128af27ed5a9832544cb1fdac17a837d1a1bf4c28d664efeb04974de78a2420a151250a412ec4aefac8fcb90fa0472b015c08f390c98919263625321afc8a96056
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54e3af5cf3ffc0f23684df076e6bf9e13
SHA16945128199f0dc916b06f3f3db88148bd7469a05
SHA256bcda70c32d09ed50a621ba8434ca2a74f9b877f978bb50f7b70ffbe792e85974
SHA5127974d59dad36de7c49e76a0b9b99ad734e27a6d776a9b474d485883b751c448e9c7d17e92d5e071d01339cf7b52ab7b8cb0688dd17c186d1f474cbedd6f75130
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5efc73172ad5d0dd52137f9a49d45fc36
SHA1f5efa27d047e069b6dae7d673d52eee3af97e25b
SHA25688deae053fd05c3cf8e4e91a89a19f67bd1b88ac295e98f12311b330fc340588
SHA5127d338e16a86c4a695524ccf1c3e6eb090ea0a3affc9d9c8828663854ef92d7ac9bfe1a7659ed4ebcb7da329360b5c0b23a76054574bb19ec55cacc479664ebb4
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b