Overview
overview
10Static
static
10JaffaCakes...6d.zip
windows7-x64
1JaffaCakes...6d.zip
windows10-2004-x64
1104.248.22...9.html
windows7-x64
3104.248.22...9.html
windows10-2004-x64
3104.248.22...ain.js
windows7-x64
3104.248.22...ain.js
windows10-2004-x64
311.html
windows7-x64
311.html
windows10-2004-x64
312.html
windows7-x64
912.html
windows10-2004-x64
32019-09-02...10.exe
windows7-x64
102019-09-02...10.exe
windows10-2004-x64
102c01b00772...eb.exe
windows7-x64
72c01b00772...eb.exe
windows10-2004-x64
731.exe
windows7-x64
1031.exe
windows10-2004-x64
103DMark 11 ...on.exe
windows7-x64
33DMark 11 ...on.exe
windows10-2004-x64
342f9729255...61.exe
windows7-x64
1042f9729255...61.exe
windows10-2004-x64
105da0116af4...18.exe
windows7-x64
75da0116af4...18.exe
windows10-2004-x64
106306868794.bin.zip
windows7-x64
16306868794.bin.zip
windows10-2004-x64
1CVE-2018-1...oC.swf
windows7-x64
3CVE-2018-1...oC.swf
windows10-2004-x64
3DoppelPaym...OM.zip
windows7-x64
1DoppelPaym...OM.zip
windows10-2004-x64
1E2-2020111...59.zip
windows7-x64
1E2-2020111...59.zip
windows10-2004-x64
1E42A.zip
windows7-x64
1E42A.zip
windows10-2004-x64
1Analysis
-
max time kernel
117s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
01-01-2025 19:48
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_4abc4e174beea2d801bab1f52a202a1adcdc372443e25a2f1875b90f112ff56d.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_4abc4e174beea2d801bab1f52a202a1adcdc372443e25a2f1875b90f112ff56d.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
104.248.221.3/systemerror-ie-edge/indexe2c9.html
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
104.248.221.3/systemerror-ie-edge/indexe2c9.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
104.248.221.3/systemerror-ie-edge/js/main.js
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
104.248.221.3/systemerror-ie-edge/js/main.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
11.html
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
11.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
12.html
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
12.html
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
2019-09-02_22-41-10.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
2019-09-02_22-41-10.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
2c01b007729230c415420ad641ad92eb.exe
Resource
win7-20241023-en
Behavioral task
behavioral14
Sample
2c01b007729230c415420ad641ad92eb.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
31.exe
Resource
win7-20241010-en
Behavioral task
behavioral16
Sample
31.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
3DMark 11 Advanced Edition.exe
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
3DMark 11 Advanced Edition.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
42f972925508a82236e8533567487761.exe
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
42f972925508a82236e8533567487761.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
5da0116af495e6d8af7241da9b8281d918b9ff9a98a3deab4cca1aec1e456c18.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
6306868794.bin.zip
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
6306868794.bin.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
CVE-2018-15982_PoC.swf
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
CVE-2018-15982_PoC.swf
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
DoppelPaymer.RANSOM.zip
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
DoppelPaymer.RANSOM.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
E2-20201118_141759.zip
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
E2-20201118_141759.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
E42A.zip
Resource
win7-20241010-en
Behavioral task
behavioral32
Sample
E42A.zip
Resource
win10v2004-20241007-en
General
-
Target
11.html
-
Size
7KB
-
MD5
ad4a9397a513760d6b7b7c95949a0421
-
SHA1
d6284164627c386d2a2a2577c4e94cd22ba9fcf7
-
SHA256
31ee9a4d7bedce33c62b7bb5cca7551813ff7fd9c486293f749a58f4486f0300
-
SHA512
d49b4ee6eee88e2d0f81ca03871cd38e482aa26dec4016359237b0a71b297721e068047abefe09f714ddb77f4b63fcca88de80cfc4f27c0d94faf26158bc2cb0
-
SSDEEP
192:zzbRccMfnoFoj6FQjHRiO7hp/iL7z6/Jz0fuz55555555555555555555555555b:DRcNfZ/na7z6hz0fuz5555555555555V
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "441923052" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01ADA811-C87A-11EF-9452-E2BC28E7E786} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2316 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2316 iexplore.exe 2316 iexplore.exe 2196 IEXPLORE.EXE 2196 IEXPLORE.EXE 2196 IEXPLORE.EXE 2196 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2316 wrote to memory of 2196 2316 iexplore.exe 31 PID 2316 wrote to memory of 2196 2316 iexplore.exe 31 PID 2316 wrote to memory of 2196 2316 iexplore.exe 31 PID 2316 wrote to memory of 2196 2316 iexplore.exe 31
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\11.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2316 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2316 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2196
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5724cc2d76aa3639ee954a5a0a6d5f7ad
SHA1d58b1dbed716886b86074a58e4cfaa21b76036d9
SHA256883b17b799648eb6d34a13f1f1f4ff9aa85f577e931538efb80704b2d5d39b45
SHA51218457da77b2ad066391e160aa52c18773d1698dcee6bc7739068e626462ea4fe81a3526e79dc7c073827e4a20907920c9e84df694d5db145623c5b2056c800ad
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51602d33d0371b8384dbab33d7a9a6b0b
SHA1a26c3b7723e657c78671efd4ecda7602d293e6c0
SHA256deda0cd31af8d75a15aaff2fbf75cc5643cf1c95a508ea228046c4d141216313
SHA5127d5a91303b49631fed67cfc2bb048356e4e72e6db6dfb7203186fba4bb8225e7527a33fe4330df6537b3a5e3d117673664105a25ee507b5cee8954f986181fbc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51c3fb5a3bbde5b6bbf123b6ed67a30d5
SHA1be6a4131f67a6e1d5452838eb90757adb921b0c7
SHA25614a6f536c203708aae1ee6aa5b3292c062d9835c15c90e9678c6cb45ea5b36a1
SHA51265f0e99bede83d12d9b4a4f93476a262382a77a79a176a58748367493cd78baf46f2aa54e192f5a20f24d0dfc72034e887f3ebbccb8801753537c1cf000e07fc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD534121cbf7243691300aa4de9894ede20
SHA13ce126db9808b25be4d94f43dbbfcfacc6af4c71
SHA256605e5d34d5138403d7323f36d0b51423cd1709c0ba753d210b106ca0a937220c
SHA512be82b6da61c13e4b472120db4a82f7079995e7df3d1e93894b97fbea03a8db64a8c44b1e7300009fb79679f5c66c8cd81ec0ff6946ab175c9456703bca2d98c5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5398eea654440a82c77e0a4627d0b015a
SHA17f180f32122616e26afff6c220cedd1fa20ce596
SHA2564c4fb33d8faaf11fe5071937416f351d6bdfbe44bc9801bd842cf5580b2bb9ae
SHA5124ec87f599661a1cd9b6e5c10c870782f17c8e599618f695fc8759f80816e787e7cbe5fd74297b032e0eaa9aa674cb16abf7bf9515a62acba28179a9a36fb7abe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51b56755ab3cc3587cff74e74554c5ebe
SHA141deb54644df1f0920b03e00053c11882825e362
SHA256da9b4a9280ff405c4f0493bdfe3ba99c1edee2688f16d83d4783aec792f7706a
SHA5120a8e987c3d35b06b6e42fb7a6a9003268e46e4a5135c182889b060c23efe39afadc7746b318c5831e5b8843ec4ab7dfd64e9a6e3b626df5813a40fb117db68eb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD51359ddb0d4e5d0076a3db70125189b1c
SHA1aea703430ee5682d102e3c40f79a7731213e726f
SHA25628a77e8b5a9524828aa609d9bd2cee42e390a9358815a880c66f917e781c45b5
SHA512e552b8c41065fcf6959e6bcf5970ebe95cceb59d072f4509f9c4fab97d9c96d140dbfcf98168ca028ad4231d6658df8c503b5098b141d9a6a2ad3b7d616afa90
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD529221d39700b2778c672b2d16be34da1
SHA1a869e2df26dee0cc8f4dc53f740a62e4edb76e80
SHA2560233c6782043c19740b8c0bcea53229ffb759216b84afac72f7014fd752dc354
SHA5121bc22e9983621938e1a92cd82345f45ca26f85e6e3f743e90f5c5735d63815a19efbf17c4f41cfe081994b55eeb02f6cb2b90d36d5378a59fc18996d8826b74c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5c14fae51d2f17c4a606710cd6cb01c45
SHA14a6745e4e340163f0f6bd375cb40e8cda7771726
SHA2561d1967ef5844cd736da9054e5891e44e2bf41b98f67cc57974c1bd004630a53e
SHA512a0d147dc2504a2d9a5715b907f80d4383aa47eaaf0799146a9e39ee722d825af8f1e6015454b2082d80c7e021fc91c30d005b909da0386277fd856533d4e0651
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b