Overview

overview

6

Static

static

1

ebbddf1432...8.html

windows7-x64

6

ebbddf1432...8.html

windows10-2004-x64

6

Analysis

  • max time kernel
    139s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 16:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ebbddf14328aaec9b6029efe120698b2_JaffaCakes118.html

  • Size

    17KB

  • MD5

    ebbddf14328aaec9b6029efe120698b2

  • SHA1

    f5dc0311eefe21f17a43100d82db2cbc0511f5bd

  • SHA256

    41b496c2f258e96ed500b14bc668bcd03f2fa38b3ab372d306a2b969dd259ffe

  • SHA512

    f7bce1b8dc168071398281585488cc5d9d928b17121cb53f67639460cc1b9ddb4a728706065deb910ac038f4cc20a19844a5d7f38a0132362190f07bdf25a5e6

  • SSDEEP

    384:ZHXjjcxWVVolTrA97Dw9WKUv/vP2aOHZWMQAIc+aq43:ZHXjjJVoZrA9wWt0Q4+aq43

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\ebbddf14328aaec9b6029efe120698b2_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1520 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b6537a1a70a2c9f26bf5ae572a0d2ad1

    SHA1

    3214f8ea3ed6d1e89f83c276bf90ae48b2ac56cf

    SHA256

    bca483d8c9b5ffa4bf36af2917b0aa3fc3ed74241eacdc833c3347dae2340ad7

    SHA512

    a0f20747a2555eb13ee73f615296bd5b1a34704566d9eec0d5005e67f2a0ba5213536e4a2dc8708a3174cc8d1c8bff944dc3aee56a46c83a889d78507c6bcb39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f438c23533c79d7b4284513a0c9095c4

    SHA1

    5b5c9745d204ba44254c5ccf834e89163154038e

    SHA256

    abd6255ecdaeac6e476beacbc14b9068dc91b08e3eff7d3a1c6b627b815ba777

    SHA512

    ebad244153f520c4689943c99e6ef3f788212917af8e13afb05ab82ab6ead2bbb0fd570be4244005277a4fd54e667a8ce80ea12f763d6aa34231040ee3748b18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bfc16fc2165f6790e9ba1bea7c897402

    SHA1

    e1f7cc3b477c4e1478b8a5bf469e3251dc13fbee

    SHA256

    d37da0679cb60f64e066e69086ffedf3f3e6c35e4ab31b1a59367edb70e2ba82

    SHA512

    54a1c97ee0f4dc672b290511cfb3212a109e293a1e193ad54af19fcd7655747962045aeff3bf280f49f136a7b6c34b5698c485912017a37067008967b8bdc06b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3be811af04547b53c6d50d89162ea385

    SHA1

    0df5865e3be63285bb83d534a5473e6d6646c641

    SHA256

    13a3fdef4f787ad958acbc5df3f5ced2a6edb56b50a4f5d8add455e8d7a6edc9

    SHA512

    2ed644930ec7fbfe85d3d594d1655f1b61c0e4c86e918f9c284d927997c3b92c41ee05b5ad8b3064358416a5748c3670ca6c33cccabdba5e76671711d9426174

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    96723c77509fd8d8ef98718267c2433c

    SHA1

    53574718db898627098ec781e36e2b827eb9ec48

    SHA256

    9d4f8e53715590a0a8052dd54125bb19ad6f5f305bc7d86c41c01d324942f9c3

    SHA512

    8aba6845abcf8bf5c3e25debf804e7afc9003f4c8c3f750468e0b67f3766692fa1a2b05bf945b41a32a8dd02053500654a5e99c4d1b1208d5577fd00ee8329bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1c21739f5ad3d7a25a0ef4423c45d59

    SHA1

    153e9fb37c22eff2850963a7ce483a38ef93199b

    SHA256

    8c9734cfd1d2dab7868a6bbc5dca0b27b4bb4ddad262ebd6a40ea33ee43846b1

    SHA512

    c5de12a819e12309dbd9fcf0290c79b866c56db003f5c0a8ee1d1f6149594439948fd103c5733f4674577bfc1e239ad55466c1cc5cd6f968c1010b394ca54d68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8e16d49f34b6e277ce35d2dd8dea38b

    SHA1

    1160d6d8c453b784a721b923f2ac91058da52b12

    SHA256

    2a09f151aee8861490daaefae6fa52d47b62b678688b14cc6ef266fa70fe3f39

    SHA512

    cd30cf32fa14d30de2da02724398923ebe198bf5531c3f227bfcc28bf0472897d570ff2c34b83d4dc068ed821531cbb1c3344b4726e0e996153960a6a683583e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCD6F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD204.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit