Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 13:22

General

  • Target

    91efaabf5647bb4778d79a899a925548_JaffaCakes118.html

  • Size

    36KB

  • MD5

    91efaabf5647bb4778d79a899a925548

  • SHA1

    1566ebeb4d76572bd12644a5df2ad6f6e129165c

  • SHA256

    0f8b3d3a8185d85e66b79b3a0e5aa427e238c0aafe2cfd85acf3760afb44224c

  • SHA512

    be24b3660ac7821d1876f6664342a8360992a4e665aa65a3f68c1341302d3d37c232ba34158bcb8606a62770c3e3d21b04e31708b2aa0c4ed0774e8661a7099e

  • SSDEEP

    768:6VfewxgUyCCB5Axfm12uI09zl2PJNXYmLJfyi:6VfewxgUyxBOxO12uI09zl2PJNXYmLJp

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91efaabf5647bb4778d79a899a925548_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:640 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f2bad80699458545bb6bec961cc3d33d

    SHA1

    407bd0b3bf2e6bb032e6f3a90686df55d6d522cd

    SHA256

    886b17d4b77dba598685c7749fff9e4529eccd7e5870774f62dfcc098daecaf7

    SHA512

    1097540ff39f5a2e50a66a425aeba323ffa02e4dde213f5b5811b3a9c8a3cef913daa59c96328a56885579477a5feadc7389580fa0b995b23f5c8c1eb0a39ebc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    69a6380b4a59a6158a6f9f252e6a3613

    SHA1

    55da03a8f36f42f560200ca81d0ff58c5dc1dad2

    SHA256

    869fd893969beaaa2b5bb471ba8fe05c637c2e682a39b4b209f1842c31ca02fa

    SHA512

    bcee5c2de7b301eb77b821e23afc44cf5a622e289875b80b6ecbed545730860699dd0b77cf97f982b33d509d22fcf09c2b29b6a5d4d51d7771e479ae04348f1a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    540e6e837c6bea659dbad6e2f04fae86

    SHA1

    8e6cc6ee8b85b09743778f78e1d351e3633591ad

    SHA256

    513a6a4b1c298bc7c2dab97d408ca6035473744760d4b0a57efab66024ebe794

    SHA512

    af1e4b3e0c5808205704a878b252657a098edf0bbd73c0532dc2c938794ae61fdcb8d966e88041496e04205f9f1eda7fb6fa3468a28c8138e58886b793fadabe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5e8713c0f48425521f2b83b2c3492411

    SHA1

    f947d159837390c2abbec1d3719ce9d44956f5b8

    SHA256

    1f9b63d8f6f1bb4fc83b86df57dc06f0f5b1484d372aa871807820fffec89bc2

    SHA512

    1b6076fc24099c2df629ebfd7b94b2ad8871680434022806c3f3c500d75da0397c36d136a210441e19309897b84627db220ddcf8d9bfed19447aa1462332ef18

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d2aa73e433abe35a2721fc7a4af5a341

    SHA1

    a9af8c49248727a261f1966bb62e9eed547143aa

    SHA256

    156ad730199f0867a934b32a5bedcf500acc9a005ddcd050d248b706d1a1f879

    SHA512

    e5a69cf4f5ac618397830065f2f113fbdfce501430baba8e9e967219973ee86e25b10c57c01f7bc8a6ba6a4e94e31a3bbf26f4d45a048fd82631db9f91c77d8e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    63cadab9e18f8c76efadcdb035d4611c

    SHA1

    b92e30829c52f467768907da50dd1dc74b32db50

    SHA256

    36c894daa3460f8810d2eec2c72a4ee781f6e4489ff61c7b81a2f92e083d6e1e

    SHA512

    a1fd959a70210c9ee3bd8a8de7de79dc5db5e197be4426e735d64aac8c88ee62287ba48a6df37b075c80bd686d01b74f000c0916fcf0217ad6c1c961e8009b31

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    25b5ec48f0b568f4fd9e40ada3a64eaa

    SHA1

    537945ebaf7636daa5d66b15486f952dd1db767e

    SHA256

    1814fe019a234498d253b8c4a1d24fb8f7831cf293a3d8c23e6040e226a389d6

    SHA512

    540de7603a2f46ff8d5e0c017da277df7f0f5fadfbde42ee414a3e73e22941e9b42d8b4954d7cf77e876cd0dabbcc0c76d31ed238868d4917305e43651feb449

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f1a17a57f05f22e11f4efd45a84a58bd

    SHA1

    def4e427e37c24849655e4761a1a327669f8742e

    SHA256

    66ce978a655eae368d56f40a22b846ba3b20cb4dd676ae27fc2ba6e5828d73d5

    SHA512

    da394c2a863729d1d51185cdd442d8a593186a1a47bec97f6e01895e0ecc7448832eab3650d75de9c4e9581e99c8c890a46ff6fb756a26a6dcc41a4e3a268a10

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    60bb9175ebae57ba6f54129fd88ebb35

    SHA1

    926fe88b611624e420ad30a72d4424242ad88037

    SHA256

    bb6e967071e76612b09f0a73eb58bb71e0d8029c9d8492f08d80cc80454862e4

    SHA512

    7c0463d94260988179b840c0899785743a903901d6c87dd0e80dd162607fd6381558af678d1bd622c44c1a300548445e6985d2fb9c7f5a376564d22099161c17

  • C:\Users\Admin\AppData\Local\Temp\Cab9138.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar924A.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b