Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 05:02

General

  • Target

    a3e7426e33eec5574bc29823769cd6e5_JaffaCakes118.html

  • Size

    16KB

  • MD5

    a3e7426e33eec5574bc29823769cd6e5

  • SHA1

    676105ba2dc4641b0deb83f5884a077732ae5fab

  • SHA256

    df523a306c62918713fb815f130b315d2de1139b90ce0caa461cb6957a7b38c7

  • SHA512

    45ec0f0f493b29711805816e1a3f577293c943301118041de7e4d29bc5eda0bcfb5a2cac34c12954e4c0e8482994ad034bb889444054f920c9e747dbf544a912

  • SSDEEP

    384:j8GMFLiCoqqf6jIB5KnDkRgP/uGb6CatG:j8Gse9q9jIr2DcgP/uGb6CaQ

Score
6/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3e7426e33eec5574bc29823769cd6e5_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3024
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 2584
        3⤵
        • Program crash
        PID:1144

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f7a73a1c65960e1078d395e3ec448e06

    SHA1

    0cb9506c7786880a0c0facdd2de1a6538a1dcc22

    SHA256

    b0043ac719b665edde17b3e0545b1dbdbcc7ddb81c0dcf275d8b8ba6a4eb9fb1

    SHA512

    8457077e224d15cc786303438cc015842d728c8ba216abbdc314132cc19ce7321d463bdee9679fb68ba91426f05b6747ec1dfce92278b2300843eeb7ae78fdc6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b7e139868b3ff9368c40e9e7228b1f3f

    SHA1

    3f80beb2d535d8c2ae149109958fd11ed5ea03bd

    SHA256

    58c2c6e61dd3b58108ee9569d4a833ee364a6cdd7df2ad4a0e344ecb9b78661b

    SHA512

    eaad8ce52db54e8758fa8b7b04b9d86ba7314047a68cf9a68ed13c26e23b2fb84a7cd7ed71c6b3661b6353f2431569882692bf798ed79d3651bbf2c315e3276a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    19a53d65ccd250d1494be5f77750a5eb

    SHA1

    8f5a33e00ec0534b6c608ac8a275611c113bed63

    SHA256

    abce119b84aaeab010defda233c6b652121749fbdc5533f8828c819cc8cff2cf

    SHA512

    ae2b996469a95d7e470640a5b6665721c50554041dab4b6696a0e397910059ab965584234b9edda876e4456c2d5afac7c86b904ca827f4754c29b6167cbaaf94

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ccd9796ad92a5062b3212577e8cd86d2

    SHA1

    093943214943c2ecabae9f7a0fa0bc1deb377746

    SHA256

    e8463ffe8ac4be10e00463cdae03685740275b6d28fb0eb7bbe4202214c56a2e

    SHA512

    118ce80245dc2df23ec198299433c9cf94fba215c12dc3c9b6f2219e232cc53a8e3484482b1b4e986f0e9fc20a0381e82d6ed4680c5be8126b8991a959f9a643

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c43ec7d6e28a84a9275eacfe634ed712

    SHA1

    b35d510b6178fab9173d66c704e8d376aa925ec6

    SHA256

    d09e42a8e892b54cdff1ae0f21c867ecd6ff380be3fc4b32af6db1bca146b63c

    SHA512

    c596b91c8774d691f7fedb461046e323c7c37081a93b29c1216a4f67afd2b9c5ab95ae384e6147a30c68cdbdec1b47ebcacc0a6ca5ffd2844c55f66ba4bfb60a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6d5ef962a8934e816b9f380d58888b6c

    SHA1

    351bef0cc7b705e5aab3765704db4a8628ce8aa2

    SHA256

    4422045d27189de3c8e2131522c71634757f43c6c88f5df7c2c6acede1ffa4be

    SHA512

    133060e446b5f72627c331c041a08eba6e566ce473ddab77c0669ad76d31821d93997463e16b54b58c7979f5cc4ddfee734a6d5899abd7da9b0a9f5eb3951990

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9ecbdfbcdc1717af6707c7d24f9f32b6

    SHA1

    61f140927fd0579c2a4a2d7ff16c2b537271fe85

    SHA256

    5218682cb22c40fac46d98a189f63ea3cf7d14ca1ceb071a39f8a975d0e66772

    SHA512

    4f1d6c15012b90c001b74195f71cf68cd7310bbc0327f6f2a333cd32920d6b22c2b976d8bd771843ee0d8a151eb8df5849bc0cc615cd8972de3ae890a9d160d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    201facd7fc2d116e48edbb4cc2ac1c80

    SHA1

    2fd8a09ea47d51ca3d6517b68aca5a25a8097bbd

    SHA256

    bcbdd448aefc6e4ebf9b45c544fd71becf555927108ad9beac9c147a4b00f7b3

    SHA512

    395bf69a6e224b02f2cda6ee26287f00f3b5226d2d0e56f819119f8519d1efb340b36c410509f5d4cf9409e18ae24ad45cbbaad1de5127289dab968ded22c2db

  • C:\Users\Admin\AppData\Local\Temp\Cab619.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar71B.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b