Overview

overview

10

Static

static

10

JaffaCakes...cc.exe

windows7-x64

7

JaffaCakes...cc.exe

windows10-2004-x64

10

setup_akl.exe

windows7-x64

10

setup_akl.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

8

AKV.exe

windows7-x64

3

AKV.exe

windows10-2004-x64

8

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

3

HTV.exe

windows7-x64

6

HTV.exe

windows10-2004-x64

6

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

8

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

8

HTV.chm

windows7-x64

1

HTV.chm

windows10-2004-x64

8

HTV.exe

windows7-x64

6

HTV.exe

windows10-2004-x64

6

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

8

qs.html

windows7-x64

3

qs.html

windows10-2004-x64

8

update.exe

windows7-x64

3

update.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    10-02-2025 10:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    qs.html

  • Size

    1KB

  • MD5

    40d00fa24b9cc44fbf2d724842808473

  • SHA1

    c0852aa2fb916c051652a8b2142ffb9d8c7ac87a

  • SHA256

    35b0f1bb808e1623ad534fbc1e72cea25ac28f71340e9c543f01d1bfdd094035

  • SHA512

    9eb750e08ca9750988290626ae8ed32a2ecfa7c8ca021b3e26b3da0a94de952b991a9a6a0ad5729d7d5ccf7b3b36fb36fd24047f705d0468ad04908ba8a7154c

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\qs.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:432
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:432 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2440

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    269ce267586335ad6c4d20d06da42a84

    SHA1

    7c9ceaa2251cfbc11b562552e56487a4bbb836ed

    SHA256

    94f3b690de77848c9a7c94a01e6246e578ad8f9a7080de1bd7f3f5a9801772b3

    SHA512

    cf4cd0519b865ada00e3d78b3dd6f994435cfefe5b2871fafece0867e8d362516c6aabe224a3cb284c42cc1f49b7c03ae0e41607b39fa377b4dc60419cfec275

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a6395907f791d5b9925a8be7cf6749cb

    SHA1

    f71ec7a6167eb5706eabf6f1f18177cc4644537d

    SHA256

    1ed8a3b984a28dbfb216d35e1481bb7db9bf5ebdab40d9e2690b8aeaebf0ece9

    SHA512

    6e1217068cd06490a561721122a556afeb8df8b7a0b6daf1ddff20122d6b363055d187c9ab01839158b1243f1dd2be277603ffa223434299fd56d86bf49b3b8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    325ecddbc26afed1eec221ef2318e0b7

    SHA1

    14db9ef0b14555f8b9eb04789b0dab1b54751899

    SHA256

    aba123268dfcbf27c12759423a671462fbea364d184fd818de11870eb8027fc3

    SHA512

    134e08a452ef29ee914af124c0ce3e690145a34aff5fd6eaab289c734c7e5a140acf01fd7998eb252c14c79861302d370c767154559e714ef7e5eb8ac049f594

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bca4864d7c63e2c2df268942d821d177

    SHA1

    5cf5a77dfd681b193808ef68a24783738f4ee24f

    SHA256

    2096fb451774b8f5cf7950c34c8f072033b9c3ae9379a516d8c9ec3fafc5fe6a

    SHA512

    56268753b48aba943e9223ac738f5cb938253cc5d80f70b51f3c65ac72d0d22bfc5ec43ea7e6d7a2a612236ec46b91881dfd29c64b683b928778e6f1810df6ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c302a79e032f6f1b8ee56f0a556e9712

    SHA1

    788869e5b8cb7118798b1276ee8c32f31de97fcd

    SHA256

    da58208642e140e117e53dc6e301b39541373443224ac8b15f30e30e44f77b0c

    SHA512

    5cbd1427edd8083656b432f4d471d34fd7094470cf9c131dd4c7d32a725ae2a0eef66e46544ddc1618acf1da4e8fa0846b0588a89a02ab2a310c0f6acc170206

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3836d1fef69a006e77539b671d97854

    SHA1

    510314f92238025c9dd1bf1b6905da0557cb99ba

    SHA256

    572a6b68a61cbc7822e58b99ef44933774c7defcd1931627043b6fc0c5867700

    SHA512

    2726709768e3f75305d2711bfafc9612bc1784a2e5f50ed584da60815f70872ffcd9312909319b3aeea130ea5219eb6fda74ff075189ead76e9e4eda11d5c7e2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4FE8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar527A.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit