Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 15:56

General

  • Target

    79a7d00d8777dfb936a663281a2bf176_JaffaCakes118.html

  • Size

    27KB

  • MD5

    79a7d00d8777dfb936a663281a2bf176

  • SHA1

    c604c267223ab0131fe76fee1278739d5b9d14c5

  • SHA256

    d8a3ec606ebb801ec0590b2cb92270d479fa45166ee0d887bb2fbb2eded041ef

  • SHA512

    778979be378455c3577e75bba4788deb12237fc2502f5f0f520d3bca1741dc730ac963ba03eb5627e36348da07900b35dd03262afd6a036e95c141dfc9901f90

  • SSDEEP

    192:uwnwb5ngWnQjxn5Q/PnQieGNnsnQOkEntVVnQTbnZnQ9eIym6ude0Ql7MBmqnYn9:hQ/gVacefSQLp9

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\79a7d00d8777dfb936a663281a2bf176_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2964
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2964 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7d568d73eb480974d3c0b82b3b0cde3d

    SHA1

    0f408fe308c2f7caa85b65438772d85279dc21cc

    SHA256

    bde02f0925671327a09a6d114c0cef7524a99250f292e0a6969ff52b5978aa78

    SHA512

    97434692b2eaa015c2b842c01554cd79f6e8ccbcd95ab2baaa7b1eb986cb8ae60c5be9f4d5453a0c6616b4951458edb23dc3ac82ff8363698f54c7d66232055e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f4793e42472303309e9c0486b0b65bbf

    SHA1

    9d69bd24a727b849512f4a07352d65d7dfc7839f

    SHA256

    f6d23733add74fc5d78f8b729842f97bd4ae2239bfd070c4738f6a6153f9ac5c

    SHA512

    6b8d96288f68f529483d4266fa60e0eb1d6af22ae326d979eba95ff52d0faffe4746460df74eb4ca7cb959be8ffee49afcca5bf425306b690cdb1b1468de68a9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4cf536e5f5aee8818aee8eb20b9862df

    SHA1

    d1aa6130a4fdaf5388989ce13d7ebdb6b9ba36b5

    SHA256

    5264aaa398b9d016f4d36956cc014a4c4d39b2a9cf62744915798919ce215442

    SHA512

    f4a70b542b484751c719c401f6b2f91b1174f201f3a41e4d26b67f1ad9eade9c522c7d00c848aa8b273755377f52ac64c25b3c0c0dbefca5158e82c3856c54b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e2608068a0cccdb77ad8124df5d5d94c

    SHA1

    bcfe4ea90764aca2da6d60ce2e8d20e1ae0ad5bd

    SHA256

    b456775d7d3fc2bb90c159ff113c1cd5bc4b0a3df2f6d038414fa5b71022fb48

    SHA512

    aeb30c561ab5f8d8c7e8bede2d6c96e2be0ee6bf427a616843a7fcb045849114d687c8f0f8bba8a0180f931c75e65d8b082a3d9c71284432df859b65efee0993

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    efea5208d0f4e1dacefb8962bb15ba96

    SHA1

    29246642c23bdbbecc34dae6a01ec9da7668d791

    SHA256

    5d80bc0c8960ad02d20d56582b13350ddd1c31264cf8407b6d9c5ee8e6d55de9

    SHA512

    4ca5f0c97910330b30158c46b57999dfe32ca71455564d4a67bb801334e0d952a97ea39780129afdcdff0616b3ec87250ff873cc0aba1ba4e437a17b61ac7ba2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    220870a9adde0fbdcf75f89a3285ad7e

    SHA1

    b650e95f75d36a82251e4de025477255b64d6798

    SHA256

    407862f8c9d8e5e8110b4391ce73a4ad5bd37f694f6868bef9f868fb2a90631d

    SHA512

    9b5d8067e3093f3f6152bb544fcbb04100b5416bb03476803be37e3c333df9a1aac4b8e44f5d4c45b26f14d246ecd979aa2b2e92a04f9a03c916eb4e8eb288fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8d85fc0a53b88177dc1236138630b57c

    SHA1

    3ac8b6ec117585fd0a14d27013b80b69aca39524

    SHA256

    fe8b6810db9d7f2cf6a9b288f03b56e72dac72794df00c3881f4b8e3b3db6e81

    SHA512

    46c1723f1ea5fa34f0c2fa8ba6177ee8a7226d295ce249b85996dbb1a6435ad8b045dc172f9e3983adc721f45abac3e7a860f62ead1b1339a727c5e23a30f39d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7007188785c1d4fbc693aa2e6b013901

    SHA1

    b4d8f8798da89483e67385e006308df3eee250d6

    SHA256

    b707dbe781c25b3106a208a02769eafd4564beac206ecfef319ef1f957150760

    SHA512

    c844cbbff67ca6cd71a2f12a89e6fc29936f77612889847eb2ce5cc92ded76153569811808ea395325870f49a89018ee850effea796e81987a5f128f3f28bb40

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    481da9f0fa42750597aa3e2448755495

    SHA1

    4068d634ff1a8764a277c1ff0eb30947664399fa

    SHA256

    a71452583761781ee13e7870baf2a9bbeab07d6cd2de06aea0620934a14cf736

    SHA512

    87ed34abc9c7ed9751ef4589cf8ca06d90164cb4fd3dfeac6aeb487e9e192e2166a7256990e7ed79d0cc1d872dc4daeb53e746ced932b86ee37602bec5313487

  • C:\Users\Admin\AppData\Local\Temp\CabE73.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\CabF43.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\TarF55.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a