Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2024 05:14

General

  • Target

    b4f0e1866614a4105742f81b4a27a345_JaffaCakes118.html

  • Size

    39KB

  • MD5

    b4f0e1866614a4105742f81b4a27a345

  • SHA1

    373a25b9be80e27f033eb448934d1c45a9aac7c4

  • SHA256

    ba1e6c5304412672eb2d565cf290e922ebe1d16a33685f8ea26690e97cc2070f

  • SHA512

    9537f4607554114806cda248e0f10f15710787d285e4eb53145dd1145463e59f05688b4a8fcb2424a0118b96f19f0693b04c68786014e5ebc6c91a04d0530afc

  • SSDEEP

    768:T+pC5I9nC4OJ3emIdCRD/J3B77qH9nBLvzIqzIqzC/C/zIqzIqzCICqzIqzLzzLT:M0IxCTJ3XZRD/BB77qH9nBLvtt+a/ttR

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b4f0e1866614a4105742f81b4a27a345_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    950e1fa67c073975b66347993990f448

    SHA1

    e148a41f797d8992978bf15c23523f5220525ba7

    SHA256

    65bb8598ba3912d3e2dfc64d840ba0b6fd656ef1e2d6f1558f075675657b70f6

    SHA512

    4bb1c522b3affe74499a4d29f2c5af8dd8c08d07c16ad2c2fc171b24e605f8d91302ed7cfb5bfb709355a452c7f7e5c7ff82b3fcec0cca2c142d79d88edfcbc2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e8da938ca6e8fc961c0b0f45e8018171

    SHA1

    614ccfb5628e531802b93ed3f535f77f36a3efd4

    SHA256

    6b270acec0ad399306f27c8919852370b51a4db9010c6b0667951a99b96e242a

    SHA512

    a007b8be0a92785520c03b8b76326578a2c1ce1a7dcf141a97dd8cefe3a1507d10c3b50f93bcb9c4a92b6220ed45395888709b7c9bfba5f3a7db12b731c6f24a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    68e27a9a393ba53e29de8be96d2f4f3b

    SHA1

    8c2bf2411263257be07ab12c212ccfdc59d81ea8

    SHA256

    9feda598fc90595c0f4000b72a7817535d74c65986f9a4fc36150604342aa4e1

    SHA512

    b0e1c9e59f90e70b4c8896ed471d1f35fcd1deaf9b4d3d3583fe0bb4683c72a6bba69b374dfd8d2662a73491736a9e68a7abb6568bad1bd83eb53cba924c343b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    36b5a8f7ad2686f12a37f1c809403808

    SHA1

    11cbc5bb43234ec6f1e3e34748532e6eb1c50feb

    SHA256

    d82519f6f679e9336593fc7c24954156ca28da7310f6d5fde9764149603099f6

    SHA512

    3c0eb2ed985f85dd410514197c0b83a771419f99a4489f5301009df1c63249f1bcc6c5277be297e080e0ef7bed46ed4e88376e23d2b80681a6abe9556cd61a33

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b207d0c76ea8418a7c41388937d8bc32

    SHA1

    c4e4ecda64c4180b954d6b9ef8e830d12c1b0932

    SHA256

    844b0523499b53d810135e5146fcb59edf822d8a5298b02a14933d9411dad191

    SHA512

    cb87c7db98acdf3b4557b04b3ed38d823298f75937a59ed568011a2e8fe84c3b7db9a2840ce35a786508b7f2faf287223d0d942628f233c914e5238e72953bb3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f2a00c23bf67532f5ce4f4fb10e51969

    SHA1

    8a5a5807de708c2166a235a2d2ea915d61566156

    SHA256

    2f001673c6dfc615323e56c9585bef23a5d41fce29d30c541669159aa7d90f9e

    SHA512

    e5f37a85fdde0c327b7d1d40969e863d932170b96cf5c077c921fd57e827c6c9c41bc89780b42675eaf839db268e66f000fc9bcf078f2afd7ce5facf38e9165c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0c3b7f8d8ef67c182ab72219984953e8

    SHA1

    915d41c8867743176ca54c9c8f51791494adc763

    SHA256

    65b05d9ce491bf2be67057755e5c880f1c1f9260e6eb4f435aecb31abf03f08b

    SHA512

    2b4f0f34ae3f396e1c7b5bf1926f602ec936492ab5e6f33bd88419e73a22d4e5da70ca7031229bc139d097db69eff3516c697d6aa9390fb45367140c9fd882ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0e445f865e62cd4f92463527ee8bd07d

    SHA1

    169130f60364edeb3579ef3445391f482374560f

    SHA256

    d511e4103ef8fb828dc521a099c439c7b0051b357a6a737bf6909ba2dafe6d1d

    SHA512

    fcae1ebf955d786af18406ce759d7c64755543e4f47f19721057d08ddb9446bcf6ed464c7e0d107ffbfe74e53d82339e28014b9b3d2bc96d60724d8b8da6628a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b590dc7717dedb946e95566b557edbcf

    SHA1

    f31fb24997763ce97d26b499dc0ac81401c9fa39

    SHA256

    3f46a12e0f5c8891cde59553a0f0a6b4fb31b60c7d7e7313ef74a65ddb2de7c0

    SHA512

    fdd7c7171773a0373da972b6e767ff556707004ffbb4fdd3f3afd7b7500042ade65d5c843aa36d1465f511f7efadb5e0e0a387340e2ce933b839b4ec3c59352b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1665eae1686bd5e6b36ce7bf2c0b3505

    SHA1

    40f148b2acf842c4df325052642e1d1dc6040c42

    SHA256

    8b70e73a46e81d49c71d59e150b4290280d3ec5d9c27b8de83d3ba9a761cb92e

    SHA512

    934fe82e36a6905a54287c00e72c0215641d6eb8d583d4e137f86330871598fc6b5e4a76ed5d4aa4f0559ab2e4ab7ad860644f10856c145ba4ced463a91498af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    61f43cdd862152103cf1b8cf39ab043e

    SHA1

    40ff17ec803e3761ab577236a0ea9e1c9f211188

    SHA256

    377029c550f033ca1123a54383c39940e6f809b52ca6d51cbcc428179cbfec02

    SHA512

    6decc7e152ee71e7fa03b9a13af7eff5c6bd30fb9a18892e7a119ba12ad8884792f4bef3f6bfc6f4cb6bafd048fcd6ee9ab47d53e6677c978e36d42218be8c2b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    76045c327f0bd6ed5bef1f91d54e504f

    SHA1

    5fedd961a5e9a8d0ed2a69ddef87475509211421

    SHA256

    8aa7e682ed9471476653ea43a3cb295535f9f9e8c528dcc47b51b8cc981d674a

    SHA512

    1ff08ce918d01c469e017795a1ecba52efa810e0c42c0616784d723cb8070065c523ea1676a1679a81b514f333246ae71d3affe1b0ae39f787fcc8a6acbfc254

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e7f481509099c2b7a72d59c91760ac50

    SHA1

    5951bbbfd113fbb548f9534c1a2a5e01270e24cd

    SHA256

    e455e7f1de64e0803faf680f686beb8671d69707842d4016d8c65ba5d88a5c33

    SHA512

    fb0a2f5d3b5bdad7cee614a7c44faa898abbcf2b20b22d5603d8aee1890db555c97ef35d57815a7113633f804672e6515dcd7d6909f01f7d26147042e6bf69bf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    86863a2be81b497f089b59ffcaaf389c

    SHA1

    925345cde381e1789e33a48b8b69b12b9c84c5cd

    SHA256

    cb71d1854066dd80ec4c827f5fd2385d45436701f027a82e6d3c7594e2d11ec2

    SHA512

    706f11544be958b4c51202789109ac2d82a86381558bd46ae5050bffa8a50612ecb081a0a34a8e2f07eeb18aaccfb9a32125c089bffee0d7d9953bb132554f3d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e9ee28484a03640c281244eb058a745c

    SHA1

    10f3ae0be97eae5e46eafdb785e4fa097c00731e

    SHA256

    dede405e58f702ad6026fec2e1b8f3b677c8e2b973efacacbb01e624a5fd0995

    SHA512

    42835606894c78dae3d4af4197cf95b6107e7fde3fab1376970deae6a53ff7b3f2de5048ed4a1b3e8b9ce0ab53dbb9b80ac499520dd02aecb14797fc4924961f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    367e4685ec8b609a64cfbe3836df4c0a

    SHA1

    e102c2149a902d70961d69ffce08ab272432b0bf

    SHA256

    2255577d8ff848974a0995eb3e09e13faf60d9cae60f778eddf970a6d5e8a480

    SHA512

    487a8821e00ad7c2c2b06d809884a15b506f13639cd6ca13a78bef15fc207ee827cf56c2ead1fc160d34555171030f95698737fbd24d472fe42ae73d74cd25a7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2fc31a871ca4d2ca66d69e9fff8b573a

    SHA1

    9368b909fdc1750a6afdbc8acdf64ec5fe904360

    SHA256

    11009ac0cbf60f9b407955dd7b346aa18ff893f76b975540dc7b37bc4405c749

    SHA512

    5a68ae04b1d784f85bc378acb62a0d2aa84b9c907fa0d5d60daae2ba4d81555cfd57edc4167d4db84431cc6f7a0d2dde86f529a79619899f2a6e46c80666383d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    8305d49fa27cdf258b4b9a8e754b2e90

    SHA1

    1064e4235943f73a94e7506519424bb4106849d8

    SHA256

    66b077b166c5f3408268d7d593880714e11198cf9b4b59382b7ac64a7ac2e2fd

    SHA512

    be187c6a217321570edc84238f9cb104547b00cfe8eda62a9c6b1a0a05408c1371a473c06d83f4a10b5a8be8ccc530edf765dae513087efc6b0eb49aaaa9a0cc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9e7c59328815c61ec02ebd15a600a976

    SHA1

    eb48fed8341877d47f55b3e2f2d2aa1d4a7f66b9

    SHA256

    d3fd0de51e688193187ea106f7c7ab8ead3be5504b1bcc8b0685b39fc4b4227d

    SHA512

    80dbee3692271918152e005fa8de3e2333cb5c67760bd34d0044edb3fce5364a4218b45fae77870cebb12ac2fe4f724fa66cfbbb2222c97a2ee2e0f1ab724383

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    257949274c3c9e83f05d5fca449256a3

    SHA1

    714a5137b668ae9f721c574d8eaf7c4096dd760e

    SHA256

    53d80db59e274c43dcc0379c4ec37bd49b36811cf8c7715c887eecd3c39a99c6

    SHA512

    6d5262ef92eb9374db4eba060c874a360db2559e52c053a007f628e7226be38266e808fa6e0ac8a9661103037fb2cf1bc0b0c5e806f8b9964c1dab04f1038965

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    c891cd0737da020431bf7632eb25d1f1

    SHA1

    c9084f17621e111234c31d5882d097774609bec6

    SHA256

    e1491bc2031259a94aa3e7b457204235c07fc971e19faa628b17a4286c335f7d

    SHA512

    7b9bcda16fcb2630df16e4873643575ed08d0963e3e72832d201edc618772bd5066076798138c011d9729d8813fecf6e5b7e5c731e6fdf8e9b7073603474a3d5

  • C:\Users\Admin\AppData\Local\Temp\Cab4867.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar4869.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b