Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 14:15

General

  • Target

    95242f73b953e7905e9e2639c0f3f2e9_JaffaCakes118.html

  • Size

    301KB

  • MD5

    95242f73b953e7905e9e2639c0f3f2e9

  • SHA1

    14cc09fa4825df15f0839e2df89a9137da81f296

  • SHA256

    a63941e62904dec078048a51e0bd1fae24168cd1d8f9095d8775ff9c68eb676e

  • SHA512

    448224d100d386036bb9ebe38a3523068c496450dc18fd84f37dd628b36e4b9d3c0214500c8e4da4f61d4cd87e6acfab506d571e57875edb26530717a8445973

  • SSDEEP

    1536:ED+SbTTF1SjTmKNkltM/jVII3IbIre0U9Qmg6o6ZJLnvuYgYxc43o9dE68FmgjkV:y+SbTTFJKItCVI2lEVcPiTCH

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\95242f73b953e7905e9e2639c0f3f2e9_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2268
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    dab3fb21b97151d412df0c39b2bbfa33

    SHA1

    b6f8e1f80a761f862b78f2ef634f70856a84c426

    SHA256

    263f9ac791991e6df587d7cf2a224841137e77fd3f76027662dd0545e2d63f63

    SHA512

    e1af4f9a0b2bb5b3d93f3e01fdec36cf661979a34b27091fb7f544b3785bb393d2adc9594290ea9ded1211d8318522ca848b7ce005faae4da683c9b3f8292e75

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    949c7c87779111df1cb1c3c871508aa4

    SHA1

    69e558c052a0d46c89090c28f01e5f5912c081f2

    SHA256

    d8476cb1669fb4c0820f5293222e87868c4b60b2f9090cdd5fab197a9564eb98

    SHA512

    d9d474e92a4efbf4a66b28faf827c494f6a4bc8ff335c1ecaf25bf9e59c10e771377d783cf8cb8b49b3af9f08107d0f036854041d50eb7371754466ed3f02603

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1628a4ab705eba1502637b41101d5b18

    SHA1

    e3167fe590aadab82a5eab2e0b5738931a5ac028

    SHA256

    899e70e0af7911dfc80bfdc4385f5ab2c0cfea97209a06e9be634080459e7167

    SHA512

    078f4ce9d07b38b17c92bfbfe798b9d41a0bef6925597f537194004bf90c6efb248f29d78cb87fbb982666c5d0c90b090d44d69c50137818b4d7dc3e9b262fd2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    aa9eabf60d7c14328a96bc5ddb1b35fe

    SHA1

    0d933b0dac0e383094d5d7dc53a0cf127dd51ebe

    SHA256

    b9266680c8fa8a980c32ae8a92a8c2e0fdf58e4f128f12e6045410d2acc94b0e

    SHA512

    5a0d30cb46518ee4ed0f0623bd91c9ceb6e3c061b602c94aef7ee4d6e511e681b2d36ad1b86d640ca3c0e3f0a1de9371f4c35c7eff9315aa2ee5c7cec29141e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    017437a6f3c8a9d7d6c0d736e80f9609

    SHA1

    905ffa27e499150263fdde1ce407d01960d36b97

    SHA256

    d0b06abc133f46b9109d5e3cbf2c7dabe886c60910013aa078ef4150ceec6297

    SHA512

    4aa5e6a85f7089fe7fafc17e733dad0a5a183500912fb0c85647cdaba69644a2726b8da100f18634c9c3e4893c752d61737208b4064f7a0aa5f444c4a4c132a8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d886256c1e6d1912785c30c34de05488

    SHA1

    d746e50e821a3f57335db44c80b82be272fd2757

    SHA256

    011296531006e5bd4625ab27decda5b262bd00c5bc7edcd80932b11a0df5a878

    SHA512

    7f64cd14ada96f331e274b4afff145cdebc7eda8e5f46da6107cb54105faa879471bf2bfac770b65b01555fafc576e4097104f3393852e5616d6cf824dc2fcec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d4ee0e95153ccea83350123483120978

    SHA1

    8a074e46409970fc405aae5fc1928a6b95607c46

    SHA256

    18cbafc4eaf5b48fa0d07aa58667d4d5da6683958a0b123ebf320c449d9f2fbd

    SHA512

    490110264d56f32c27785628aa0901e9298482be198223908d51a3a224e2f8d4cc7460ff05366934e487ea7b914d6f6d1c93ced9166e3c009e49594a608a4835

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5a70e770dd2548d6d89dfe28a1d565ae

    SHA1

    f7c987056ba501d390ed9a3751c8df49facc4d32

    SHA256

    b85738c062b104c5aad3593f0efa0ee520c51b4e9995c50ba80e43185f418a57

    SHA512

    bc80627b1ea8352f8427c52156562a126950640876d00c2d56a1a31e48c7c754165f8c6a1192f3cbbaf3346ec59687612cbd44133799a5b1cb14102d7e3be055

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3ef6ea0bf1e44a0a3f8b6bb076d89219

    SHA1

    0ab2850322e927292d39e7e56e10bc5a10bd804d

    SHA256

    c2a8e1aa33b1070f9b8a39efb42e83e199d1ca10923d4596ff9b23c9828c617b

    SHA512

    12ac3d32c400ea2d4a9db68d12ae99a0cf6373195733a7133ef494a15d1741ca02dffc4dcf1059c53087c005dc42900fe02f973e4c13a8a1b8536cabd38e6dfc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7e4ddf34576cdcca1f52128cf32a9ed2

    SHA1

    1e7feffe5e1b087f9a22a7c9f6fcc2f160e84480

    SHA256

    493a3bcd1623e4d445ebc7a1fd99010a86044735d5a41cee03129283e5e88487

    SHA512

    1b32be44aa96b2b7bf12a9406f4829a68104cc31eaca34fe113d4bc3c7cf2fbfe770a2254b246a35827eff40bf3a7bafc6a5fac00990766a0b84395b4de7cf0c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b4040224504bd28c90968ab9eec8098f

    SHA1

    ad14ece7fb6a58a07b1fb92d039cde564ebdeb6b

    SHA256

    adf04c41a7f6c2bd21593b6427b71ba6da28d70c6908255d6b54380e7c0eab5d

    SHA512

    a988d401898c85a3446a59d4659dd92cf1369e16f737f76257af7616f33077aa12961e2e2bf493efe0823d7d0caa6d891cd70f5ecc157273fab88411c76f24fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d198880d5d6f4211eb77ca0067a350d0

    SHA1

    458a3b82bfeff42abe6762884f73815338efeac2

    SHA256

    5f0f271f6d1450cd75af79c2c0390667c78831372dd8a0a61054e5ad5ca87a22

    SHA512

    b92dbb3323e4d773faa71b0faed53016c0cb6da69bf8eb4d6c274c0789c6b3ff60e436b63112e5588dec98315878e5e000371349ec4349ecbc3aef5cff9351bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    62b51604211865fda0b833390787a4f3

    SHA1

    2bb909d5b5fae266d228ec99bacb1227ae840f50

    SHA256

    02e290e9ab87a8fb958048ceb79ef2e0ea24d9655d0fa9b45abd902eadc8877f

    SHA512

    94b4c79cdd363b0aff5bf936a1cc781b70f39c70b9ea70315cc90c387894344d4eb4683d51d3332936f989b60d63ca3bf0d1b72c37f5db659f1fc2923e08547c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    cb3a7a38e048ee60af73ef020d6f4c2b

    SHA1

    1bc4a5de2bfa4b2627ce2f95ab21303407079f8d

    SHA256

    39b5acdaa9c04a75aff1b9192bea433a15c65db16cd5a22664a1dbecc0d2c8bd

    SHA512

    4e8c93a6470a7f312be87c1e62a119cfdf77d71a5c99af26b4b870fefb114f626ac3b2a354be6521d2904672b140d029dc5a5d9113c2bb7ef5118b3766ff08bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    e98995772663b76bd65be20e2e943126

    SHA1

    c712d2ad88045a426fb2e42dd0dd2d25524cef00

    SHA256

    25283ba21e6acca8170b4ac4462c451a0b478fb4b6c23fbfc475100f4c3dd4cc

    SHA512

    914598a305aaaa8a17aeb8947b860c90ade00cdf6a7e33441769043fd0863ea002269c42c026b352e7b0e23cd738bbce0319948be8485a1128b37382d3ecd03c

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\rpc_shindig_random[1].js

    Filesize

    14KB

    MD5

    6a90a8e611705b6e5953757cc549ce8c

    SHA1

    3e7416db7afe4cfdf3980daba308df560b4bede6

    SHA256

    51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679

    SHA512

    583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\3604799710-postmessagerelay[1].js

    Filesize

    11KB

    MD5

    40aaadf2a7451d276b940cddefb2d0ed

    SHA1

    b2fc8129a4f5e5a0c8cb631218f40a4230444d9e

    SHA256

    4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2

    SHA512

    6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\cb=gapi[2].js

    Filesize

    66KB

    MD5

    0fe383a7ddb9bbaefc3105b3297f5583

    SHA1

    f80c9d789f251909c7560bd91a9e1b9a10c26362

    SHA256

    d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683

    SHA512

    31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

  • C:\Users\Admin\AppData\Local\Temp\Cab198B.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar199E.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • C:\Users\Admin\AppData\Local\Temp\Tar1A8E.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b