Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29-09-2024 15:10

General

  • Target

    fec91177ef607af37115096ed38789b8_JaffaCakes118.html

  • Size

    142KB

  • MD5

    fec91177ef607af37115096ed38789b8

  • SHA1

    a2b012eae74c87b9d28ea5c4eb1557ea07535b00

  • SHA256

    5d0054838667c6baa26baf1be2ddb8c0519c6c813d638634525662994a916bfc

  • SHA512

    dbfb97f6029c7ad0319a53b4fcb9e55a2f9e6dc1717494ded9c8223d3ae9773ad54c0085f722869adbbd0104b5880c0ca34c87412f2311522894df10df49311e

  • SSDEEP

    3072:Sjr2FGx7dyfkMY+BES09JXAnyrZalI+YQ:SjSFGx7osMYod+X3oI+YQ

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\fec91177ef607af37115096ed38789b8_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8f14e2d0834d744b65c4cdace9bcd1fa

    SHA1

    0df0728edc5cdc17a341dc7b2918131b38e590dc

    SHA256

    de20bac369085bfd0e098c1cc7287bb112098308b5fbfd1c0775e6fd1e65116c

    SHA512

    9607b98c3d18ac63489a310e004e03d87694b53b6e28c9560718f68eeb1d51cac0b4971695e3ea18281a656a07885c3412461c0f66dec2e133e6313d2ef44d42

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    cdc965e2429c6ba05780ea43c1923a33

    SHA1

    e2aa939ecd83b2d2ef4770080de5cd0bfd421433

    SHA256

    a3279dd6e62aa8665ae3565c66368d8c337dadd8491fdb61d1f2dc8087252f22

    SHA512

    657ee2ccac397909aa287db1b295f280f2a87e6e33ee72cbb7e51c75dc60ad671569117b492824e31538a083f586b288a43a2d045803ba15b996439566c71e92

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b058b0279a481b26cd125ad0aed5497c

    SHA1

    187453ccddf9caf8ee7d967f1be561d47d90f70b

    SHA256

    3bcf64ab6a445d9d441a7b6d82ae9f08ee814891967a208d4d43d60af108f04d

    SHA512

    abfcfe05258c0c7c4cdee89d85eee8f7c3af1c9351c988fc1e8ee5e0771c734504d9fd13d1b9e0ac34155fd83d3e26ac90fe4578d30c11acd2bafd79907e8761

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fe43128b48560f7308f59df9f3e3f0c0

    SHA1

    1dd18660f2c17bd2de3d82238077fb1450be0db9

    SHA256

    f7d774855a277d35cf39f151335a19de205ac4a5b86fc408204a153f1835b756

    SHA512

    9818ca443c3cbf1c81ae842f16eaf367893c94b208519704de9e2a846200141e5e329773151066005d0f994c05141557ed411bba26478cfd3ae7fa5fc9298067

  • C:\Users\Admin\AppData\Local\Temp\CabF2CA.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarF33A.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b