Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    01/06/2024, 18:27

General

  • Target

    8b5c23a7d8fb3968c9d33f79fd205e4a_JaffaCakes118.html

  • Size

    39KB

  • MD5

    8b5c23a7d8fb3968c9d33f79fd205e4a

  • SHA1

    91a30df3d80eba89dc47546380427c40e29471ed

  • SHA256

    48a795a1af3e8d3a61a4edb90e88da0bf2dcfcca927ca370106f1523754d5030

  • SHA512

    c407fd765de90b0a6600c514e87ea19fc7a4ae9bdba4ecda04524272adaae50adccadb6a34c8527b7ecf51257172396517acfb3643a11a0ae69246977d80d755

  • SSDEEP

    192:RiookPhb5nfnQjLntQ/xnQieBn2APnQOkrnt/cnQTbnWnQ2YIPmg220HMrnFnQ7V:koo40Q/zAofg2zey

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5c23a7d8fb3968c9d33f79fd205e4a_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1084
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7da257a89ba79cb6f7d0bc6343ae6dd3

    SHA1

    9ffbf3117751a64c42a1b3eb5b9c92debbc00bdb

    SHA256

    3de0e1d883354024401c617fc5e0e464be594b5f389df4b89291ccc7ffb674ea

    SHA512

    82b83ab4c88f8bd35ff14edf80da21e59073353d358294a4af270308adfcf86a3e0e37e6b08ba6e1c5e2b87898766a70b232a6e1f8071ed7385749e6c17eb2e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e1ed89dfc0728a5e16d981091c77713c

    SHA1

    423f50c86ab65554166f1a6a121c7b98a6e2f36f

    SHA256

    e171dcc9e7f2af349f2086f67f26128915f2b34902a49fe2df84c6f5cd003fb7

    SHA512

    9edd2e8f2059ab33cb9a6a5850e85d98ab2b89698b8fa78e891fc89993dbb4c1e471b2cbbb9c241039adac2d1685e49e1a59c00b65f6790a195f95f29b13ac78

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    105aa12d55433efe4c73d03d48d315c5

    SHA1

    ed188def0ed2caace6308bedcdb441ccdc638ed7

    SHA256

    58b2ba89a9ac425a06b03901761dda1fb7982cfdd0726b91b858aff512da4748

    SHA512

    ce03ee25717bc32371d598ce9ac9d645e55e3d61160c484f98b1a16075b24fc6ece6f20a490b54fbc100fe2d2dc7492f19d18e9aed63a92d7d3e753347e71cc3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d1adf979c4c143a3bc8520746c447e6d

    SHA1

    05bb064bf2c1e0c5d88747bcc3acce1201c02c1b

    SHA256

    34ef810a4e68cfbc3f00cd070b980b0f83cd7b8144d781bf698cb37c22da00ec

    SHA512

    d483209053c66e1d4ff124c80b6c15830913fd4c10d9cdb30763ae9f08c64f7424861591de3bc9af5d314aa6d49b808777c3bf0b984a34d473721f3e1673ef4b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5353d1cebd2716558eb3f222884da7da

    SHA1

    5806abf50918e084a17c545e50f08a433122455a

    SHA256

    488b2038bdbcde5479c7f166f4d0d9ca27ec0840956c0551a1284b437c466161

    SHA512

    8362de6a77abb4d6678e3eeb1f26f33f7c9e5a62f0659b65503b80a8a5fd19dbece2c2f749a7a17c17b3f9ea0fe422a42daf8a08d72f9e8e6f5008e9df02cfbd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    86be33a289a6183f7e429f7e1700b556

    SHA1

    fc88839280b07196047023ded9e19294bb934d20

    SHA256

    49c001064d75ee3d96b4cd776b5cdd9d1ab05d985d79c7a292e7108543081de5

    SHA512

    b8ac54521067315e0f24aaaf4c52696d3f4e2ca511ca22ecaad48e0b34047fc993e7fb5d31541abe06cb4278f74c7ba9aaaa826fc5ef203d712da9d3140969bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    152d6805056561b75e475d38e8fd0455

    SHA1

    560f0cdaa43862f4d9e77d42f2e09c2ea1474a33

    SHA256

    b87145855d5c19de9a5304e358204c94716e3b699927e7b6accc37278d3273d4

    SHA512

    8c6bfd52ee46f3fe1c5bfe67b87694976fc25fbf7ae4fcf78af176162bb494bcdcaf12f51d3fbcc85214f67e04e45d76c744016c047717fb1a36bf584387d652

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    83fa3ae3d070d92a2f9147ed5e4e105c

    SHA1

    ba3e11d12cc4c586c904f2535a24afe7fa41b830

    SHA256

    7d5d2ebae205e77ed1c65e8c1e627d129c2ce55f9d0df858970f3bdad54bc08f

    SHA512

    1eb9e1ab5624682b2d8598b43fbc1c1ce069d9a8b4721a38bf2634a64cad30623a22bb14e05ef5aff8a0562927f6d647a6131ac6ca59e064d594292ece97d3f1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    eb6b78e4fe17ba68603e31bcc29b7017

    SHA1

    14020de5b88e89a44cb3dd593d60e4f9922e0f75

    SHA256

    9cd673e009d6053e0feafcde45235f569a83b0815adb280c8cd7d6aa84b4627e

    SHA512

    e45655be1ecb736d2cc9114e2c450bb6edb2145c73047f8e371afc65b95de7acd4263ad84d993b11c73cf610abfc6505ed5c6569887ef09b30f0855337f7c763

  • C:\Users\Admin\AppData\Local\Temp\CabF2F.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\TarFB3.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b