Analysis

  • max time kernel
    144s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 12:52

General

  • Target

    91da85a7a63a431d0ef01e4570d9c874_JaffaCakes118.html

  • Size

    23KB

  • MD5

    91da85a7a63a431d0ef01e4570d9c874

  • SHA1

    c22a82d4cbfce33701c7d8e62c87bb06d5d6a1dc

  • SHA256

    15deef91308e3e1ab125a0e83260abb5330b0922316b32b89380064f928e7307

  • SHA512

    88329f691e957376c3d20ed8c65f47888bc45ad96974e4ffda507c3d44187e72d3de2296fa0b29d1c2587b8617b97eafd24bcefbe3e9894ca7ea6a70d23096a3

  • SSDEEP

    384:BwvHOrliVN80cyVCyIOxoS9INnBb4efD76zr:BwPO50cy46xWZ3fG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91da85a7a63a431d0ef01e4570d9c874_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2812
      • C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
        C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2300
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex
          4⤵
            PID:1748
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:275464 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1608

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

      Filesize

      252B

      MD5

      4279f3a7a66ddbe1388d7b355157aac1

      SHA1

      619823e5d85355a3e39e91cc144a4c4d9b928656

      SHA256

      120c860d97b114380ad368925815cb177a7cea6899df529411d8d6749818f07d

      SHA512

      3b5553279c481e2a3d7802c3a155e5aadf3a9ed343b699ab6e4b405d1eca3843e2b4499a61c1a6f869594121a117074e1c6fcdf623c8b6e4ba670f7cee624238

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      cd21dc30ab114b48ae12e34a97c1805a

      SHA1

      239b447c8c3b10c00d574beaaf62c7ca5978dd1c

      SHA256

      3d8ddb78aa08b9d65cffd3df46f66928695edad6291c42cce8525d57d413a9c1

      SHA512

      6fc707264afcc015253b4618741a4318fe86e510e9a63f07f72fb1392dd267de6120e7fa3bf438a5099eedd4657c1c405220f1dd8af84665a3300892b42a1ac5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      711115b9b443696201fe72fe7733abf7

      SHA1

      fca59de45fda83f9f07880d30c946a02e6d11fe2

      SHA256

      42067da015595b559dded826adc02a69846f5c6b61bcdd99fe41e9e224fa9262

      SHA512

      027bc32977a86b46e81289a099714ce854524a096dfc9860b33474dd774616d527577747a7d7e4d23a4d0ec32d6695f0f52ca8cbdb44fc1cdbf1d0f292b25077

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      60d967eea39a9010f8d1a499260cd29a

      SHA1

      65089a9372f3c817e3550b1b71c39517adcaf0a2

      SHA256

      5243c9a7033bb8bca7eeee7aecedf1f689a04eb6621bc45443826efe31ac92f0

      SHA512

      31b91f4321c5daaacd5969c980447fa0b3a29a5a83bdf6d5f78edef08d40ec2f66ae899f91ece262c8abb6093b3236f9d0e8d9fc3358b9d55525df38d310ba17

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      750a5863729eea408424721117c41212

      SHA1

      cfac366c91a7ab4d5c770826f782e998207dac2c

      SHA256

      db0aec2313ed6c2f9614cbc54e035e35439ea01a0b2d1a5829786171483c67a3

      SHA512

      2d21a34423b1168b1116e2f5e6168fc1490ae73746349d65f99fa8aa2ae34afcc1f5f5b1b6591ad8a4359d250ed39d67c665aa798db040a20a002a38cdaad573

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      e7c16fdb27d42d5970a267260a0ecd43

      SHA1

      f557e6e3b276553406017d3817528ad6f94ba2d6

      SHA256

      86500d8b7bcd0dd65804939b547aecb853ce750c0e92f41b86adb0758e140c66

      SHA512

      ec68868c7ff52c47261b7c5065d0e25bdfacaa3f44b22f11fc6856b5913d3c17534c9b1eacd11500067bb84481be6784ef521084e730c5835bdc531a4476c3a1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4ac8a87c63690562aaf9d9dca4bffb30

      SHA1

      3022d6e635c9546040736cbc6e142b8eebee13d3

      SHA256

      b719e04964a1c7519cc938cea6bf80da0cdbbefd761a16c1be804be628753dfd

      SHA512

      5d04657678987a93a81af0c805984e13a48dbd6f269a1995d571537f9d93b5e81a8e673d5fc38a6a023be6d240e564a111058a51a28cd08f55a224c59e875ead

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      54dcb893c49c6d96545acf6aec19b74b

      SHA1

      ccc589377aa5e6e5093a114610f923256374f36f

      SHA256

      41529c8a17c096dde4ea0b50d60fb04869e3c8f4c5c9619f1e02ac37725e9c8f

      SHA512

      b099ecd47da90bd23aec38f0f0fd1d62c3241c090dcb16e2548cec01704182ff35c28b8fc789eaa870c5a48e7b8e43d19db78c7ee5be76fa884e7d21b4a39fd1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      bdb4c2cdd926d098a77737bc8fcc4bfe

      SHA1

      8b046501955bc059ea1b8ab2dff5d853886841e8

      SHA256

      e785528065d6d718d5a83f3c1b40c7462cda7f7a9a8bbeb11954bd1fb613d2a8

      SHA512

      faa1dc72a0bdb6398ce443c6430627efc3e87c679eaf7d12d088cd966dcfe2945b95d6df4ff8395a85684ac391ad206b925f18766aa8626f74b2ea8731552653

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      8180d57d508ef8c40dc6c942aa4bfcac

      SHA1

      7a665660a0f3652e472290e7f7dd856d786dae93

      SHA256

      1a6c6f7b5ebf6f28c7dd3d95311dc94b86927febe6068aaba177e792033ea897

      SHA512

      0da0b1921b4328729cf5d67cabcc2c95033dc1734b0eb26f18e2fd6efdbfaf0f73ade942928050a18e052e7a7f5abfbc3082c935aa8cb93365f3bb871b3bdd89

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9a24e9527249cfb0ce5ecf3d8767a705

      SHA1

      d25c6c2a97a903dbe49abf15556abbbb59500fbd

      SHA256

      8559b53ef83fb1e9915a8ff7bf28200dd674a29c37ddd4cb4e4c80c94454b680

      SHA512

      c2acc6673f874ea35a7b868fed4ff4bc1eb402569daeeea3182e57170a45c5f59af1035b17ff1109a06e04daece22499917df39fd245890e992e801a00b3cdd1

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2152e44932d5403805594203b7030769

      SHA1

      024ef15fd75ed6ace49682cfcbc51cbe86f13bfd

      SHA256

      beaa55bc054937ae5439a745d14656fb0a3976df21298bc33d5030cbe1c0750f

      SHA512

      3bcf1a58ba2ecf00c0465c96e078efc74a8959afc2d1546c30fb47f25b485da5bd31fda5c0b878bf57cdcec3dad3a82988b116ac639e1cad9c0cabd1761fdbd6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      78d9375e2d75fed5e9d4a07b13d70bde

      SHA1

      cc9803a02dfb35f131eee76251c37d91688247a5

      SHA256

      24f5b74879461ced71b2590d3e806c7c70acc9114056b6fcd7bcafe39821aee7

      SHA512

      0153cf1ab00928cb3836496e4b9d7a35c527f826b5567765c9ee7e51edef28f610886ea805e7db2d21b305b4fedf6907626458deebacf6d7847984a53841c937

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      efa6d956881a8c2127d88b930823e3c0

      SHA1

      81f0180bad31e36fbfd371edebd8c13a4ea17c57

      SHA256

      88a667786b3c7908aebbb55f39609150318b8bcca1b3c0505785632a549952b7

      SHA512

      bf1f45f63a575f1a9109799ede8b3e94915fd5506eef604072041e0badcd5a08e081ef8f88528a9c25d1daf4991cf58767c11f8d98aa66c2300620468db14be4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      be9a220197cedc56858d74a0fa081b44

      SHA1

      bdb462a519df08e96d77104d9e5ef4023263cba6

      SHA256

      0328231f3bf8d1d331a961824d80481cfef671c890b7354e31bf636a3a6683ff

      SHA512

      313efd389232d2bc76422c7a967a5059bf6c45a7068a7507b1aa9b78130cb3176da62952e085a391b10a2caec23ef857660ba0812373c482172c7f19719a31a7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5a9b24cb065d146655bb1f7752731bc0

      SHA1

      8b661bb2f701fe6517c97615ba4f7053271c4c24

      SHA256

      a467052050483dfe702711f8be5a0012c2eca7a9ac6d6ccd9d32342ffdf6e9ea

      SHA512

      9c7c42249336f2e76ab30c235c3f69b26a582b33dadb49aebb88a974fe998ddabf6b662987649f5397f037348281c44705bac465bff9c5d4b763fbfa4ef3eeba

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      043af37da4d083ac431c34b211756cc2

      SHA1

      b1a45c5fae587d0f2292e3c06081f3d009deb575

      SHA256

      c15a7d1d09e567e667a541401fb01b6bc33a9862f7159a2508c5e134b9f8dd1b

      SHA512

      47dcff76ae6f202ea2681c55938d178e5cd4fefb5012739f92a5520eb0242d3528573084b69e6bc7a918fbfe2d96dfe35e1f9cb7c4acc8e4e6a79a40606551a7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      33380890d0593c7241143ecd5ffcbd55

      SHA1

      48abb60d5c24027b2280d19114f72fcb22ba035f

      SHA256

      abb10cd82941102c457cb1d69a487c546c5682976e7b16394feaa1a4f03f6b65

      SHA512

      fb217120aa412ae309c0cf3ab3bf776b6eb1e63bdb65c44f8d06517ddadb44a46a7b932ab2f331a799e05011c99664da7fa16445d3f318a47d01468bdeafd207

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2f0d7e1f8000a1ad4d9c4a9e1ffd0e86

      SHA1

      4b4e59f23301219d304a503790f899e46073b7fd

      SHA256

      11ee1952ffc78e6baa351476230bfaefe69d7ce297f7e7a52083162affec17ed

      SHA512

      512b82c57719faeeaeeb315e8838590e5213be01979deea21a9a9882b6adc646546fd33d3c584bc0ce48036649bfc395c2779a59023a051f999a079d25814fc0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0416252148497c5323f5d39a3e24fce2

      SHA1

      7a39daca96f2fb3111054ebe47dfd059728157a5

      SHA256

      68b419a85ecc8731acb2eaa02bf1dd38aec0719809ecaf6769fdec71c101d8c4

      SHA512

      d11f50437fd1ff87b15b3f4fe7a65f5b326a8b98f609b37bc437c64237f5d78c6e424c196ddb59bc7bdc1ddfbe11c1cd60b5c65ee1e7218accdd50d1f8960a48

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

      Filesize

      242B

      MD5

      7fb6415428fcf8eefc4ab9aad8b64702

      SHA1

      e2dc35327648b5278347de38afd5c64f465b44b3

      SHA256

      c3834c331c5738c10dfaa6311431c0d9099dc19a0066a970291139f440a90e52

      SHA512

      6284cd28039d5514cc117893048273da8ee732bbb628057bf9c822e1237c89a0e4ddf355e42717420858f9924540ce6c394ac3f30f7b860deffa869016e82409

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\swflash[1].cab

      Filesize

      225KB

      MD5

      b3e138191eeca0adcc05cb90bb4c76ff

      SHA1

      2d83b50b5992540e2150dfcaddd10f7c67633d2c

      SHA256

      eea074db3f86fed73a36d9e6c734af8080a4d2364e817eecd5cb37cb9ec9dc0b

      SHA512

      82b4c76201697d7d25f2e4f454aa0dd8d548cdfd3ebfa0dd91845536f74f470e57d66a73750c56409510d787ee2483839f799fef5d5a77972cd4435a157a21a4

    • C:\Users\Admin\AppData\Local\Temp\Cab9742.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\swflash64.inf

      Filesize

      218B

      MD5

      60c0b6143a14467a24e31e887954763f

      SHA1

      77644b4640740ac85fbb201dbc14e5dccdad33ed

      SHA256

      97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58

      SHA512

      7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f

    • C:\Users\Admin\AppData\Local\Temp\Tar982F.tmp

      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    • C:\Users\Admin\AppData\Local\Temp\TarA258.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

      Filesize

      757KB

      MD5

      47f240e7f969bc507334f79b42b3b718

      SHA1

      8ec5c3294b3854a32636529d73a5f070d5bcf627

      SHA256

      c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11

      SHA512

      10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161