Analysis

  • max time kernel
    140s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 10:15

General

  • Target

    a507bed2a63a2e1326bb7d31f9d6c5a7_JaffaCakes118.html

  • Size

    24KB

  • MD5

    a507bed2a63a2e1326bb7d31f9d6c5a7

  • SHA1

    232b60a24d07046ba8fda229f0aee7b0a2e3cbdb

  • SHA256

    c1287c08c50190ad075d0b4b86cea57524bedbb087f70331c2a53b9fe3d7af0c

  • SHA512

    a430619e1ee31fe11524e660bac5a1987368fd1a811a2f827661c4c32027fe4393a17f25e9abea6dfc030674346aaabec808100525549452c3f7f9c183807c83

  • SSDEEP

    384:Bf/kv8V0vZ0T1uIQ3tjYntrsuzth6hYs1i7zf74mh5sLMSv:Bf/kkV0vZ7R2rVs1i7z16v

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a507bed2a63a2e1326bb7d31f9d6c5a7_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275457 /prefetch:2
      2⤵
      • Loads dropped DLL
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
        C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2372
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" https://get3.adobe.com/flashplayer/update/activex
          4⤵
            PID:884
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2236 CREDAT:275469 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1632

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      56f2eac86cb1e45dbba6fc6acf0e050c

      SHA1

      f48eb0f5c889615eb8e465869096e9d49461c670

      SHA256

      cffd6c9c53cc918671a9d496b6d953f415316233410e265011100f5d2e6bda0d

      SHA512

      aeb7b86d20eb05efef0d16ae62d775713990cbfdd66c6cc859a9d934411570b8f5f21f843d013df33d1c5d5b599b8a7c18cf334e38fb6e9d0e61ffa42299d34d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4b0d3faf2d529099c99bbeba7c76dc1e

      SHA1

      4631cfd486d025e4adbfc6539562b4ab42c72fd8

      SHA256

      22dae5938c0e1a3d242a2e2d0ee434df322807bb53a2f8caacf90fce21370cfb

      SHA512

      e27851a2a41192725f554eff7f4fbf31cf64ce0136bb3b53fb47771a95df56b955cb7f57d6cd9442aeab931d928c69bfe0c8478dab3b013dd4d74bd2bda728a4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f3e4ef3678d193455563f14ed64547d2

      SHA1

      079489fb2ae2f3638b9f0dbd37d9683dc79ed19a

      SHA256

      d2c25066a1756efc0e000b5fadfe6f817612a9d18b1c08cd68023c9c7921f102

      SHA512

      3935f860f4217edbef24d75ace790bb72100507bd80ddb8a643553b9eaf63850a422c3ac8ad23d863cbb95a5af42542338656694ba12b90146f1971a0567efbd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      ace265579cd42f086da3e35d0de67687

      SHA1

      a3dc7b47c2f7330023e504580aafc4e67e38697f

      SHA256

      770fc6a1d7182862c2b3b77c3c6b3b239e306f8dabbda9950c122616dd4e8b18

      SHA512

      89eea257391844a70770127c00ffa45635719f87ebb7297c06f67fefd0a02e591429b998a666a5f17b0e26443d9c024300a9ce6687de97b7fdb11d433ee8232a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      0d9c3f40b1dcedd27889e4a94a608adb

      SHA1

      1ad03551bb2b3db260267f2185144369d0df700f

      SHA256

      4074889ac2216972d3d6cdb80febdd23b5d8e507f7218d441f462d62104efde0

      SHA512

      9bd412f16ee236078b9d1fab9d5e9076571a3ddec69e9e12d36b827df34a9131d748f11b9c9b0c3373fca2d91f4d485fa68bafd80b63a4fc01aec57efb7adb83

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      609730210c378edfb8a725f79166234b

      SHA1

      6224d00aeefd5023fa8248707adcc5048bed128f

      SHA256

      55a825d3473f49406d127147c66feabfd34fed62384251f766418669793d7d0e

      SHA512

      aa728ab1302ecce64f1042d5ad699cf8892f5e7a45a9ef40bb5b0af90fdd0f3bae5d327f1ff81e16df876e3033dc15be2368941a2abb95747f50b7405bba4fac

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      fb1e03c4fcb7c35da4d1384369df6c97

      SHA1

      3498391ad6e547ec53a606d252a553d3efabe538

      SHA256

      cdb66304631691a6456f355511c0d0f80f1f1079ea7e859beb1b21c3d4455a0f

      SHA512

      6abe333081f3be681a41cf578be502d309d47990608d6d008ff0ebcfdbbab174b1680f3e3a127b7f4e821e694e97054acdae2e3d3fe35ccb370f687788f2196e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      34bf3001fa7cf8bcf4d151be7b6e3581

      SHA1

      c7773251e3e2d532332eab588682ce2cfe5a7d0c

      SHA256

      8bd822d0564f37f06b15eaf8fe4bab157d66f289c66eeccdca1b5339cf70ee79

      SHA512

      ce0b45cec6b4648ad962f1c20efad63970b05ceef0c8474c3b5638df042f937220400fbe94df50d6bbe11d39c1f224f4c7049ebb3508c9b15a0b778b0da72e00

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      f1d7fdee27f0fb83870fffea39e6d7c5

      SHA1

      255c4fa71ab78341fdc9b7bae09dfaf32430d040

      SHA256

      1ed0f23854f9d1e6e5e43575a8b8ebdcd6ccfba3317afce191feb989f6ee656e

      SHA512

      a97155e957d414efaa7f75bd5d62f710c52af51b863e908e1dc11129a4971ac156bda539bf5aec2a93184efe4645adc57ee2b4c34caa113791e32e49f8488162

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      1b320a4ff8bf46a28dad1da877a893cf

      SHA1

      b0c65522579791912ee5def508a314c48b00d569

      SHA256

      6ef2f408ba71d7f8bdf32f6a1b386017beacff83211285d8cb76c31b251f7bbf

      SHA512

      c733eb39e6b4abe85b5a6944e790f5b8e1263d587c9134b39f91fb0a720d255f16b25dc412afa01fa1e443ee4560b4141f818d8a09bd8ad44b0c723ca11ab5db

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      369466448fe1fa275ea388a6c918d661

      SHA1

      c47aef3bb8482cbbf6101a49be4ec110511b27d3

      SHA256

      4ed2571b27d79a038aacbc30df8478a6784cb7cce0e28402bb091f0e8d9b70d4

      SHA512

      e21a4a90ee8380192cd099b8e1bdcc93258e180a856093938c1dbec738c18cb4b9df4807c5637fbdee8caff06e554b79eb3d144ca44bfdeb7acc06952ae22d50

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      b7beb9ef10e75a990fb64aced2ac206a

      SHA1

      f94457b6485346e412f178deb2dd709232807586

      SHA256

      8621f965c2be4b99ba5f767772f35db4407a7de19a19583890e0c0797475015f

      SHA512

      1ed24094ef0fbbe5a513446cd2e307481679072066a479ad724534fcde41e6ab006c596813125d21d0686dfee6a202214fcbb29c512067fd0997ab7aa82f3ad7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      352e1e1a9ee179386f8c23371a6797fa

      SHA1

      a6f2076349aefcda48b08becd667815994f541ee

      SHA256

      e17cb7c9e4527b95cdba06934ab07894182311d4c958a3752724b92387d2ac9d

      SHA512

      4dde738ad6337520e681126680b6902a53f18e762b45f65cfec94fc2d3d671136b8906508312fc0474601a91cbb88cc11f055512cf19e2b16b56c5a73743bea5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3d03b0a618f4a074edab197189bc76ec

      SHA1

      3f6b37bd0530ea5181f7f981da70c7971198f51e

      SHA256

      4da6ad7b1c83dc74ce386d40ca11e327e3814c0b21be7d944f7ad6f2a9f26873

      SHA512

      996bc2be5bca737e4cd0803b0b1623b041d96edcd815005b7c5a97acd2bed42267beae294285c8b42c0a06087db4931286009f948640234ec494a34f34f954de

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      3f0b9e1c8e3700f1b7b96b52540b491f

      SHA1

      3f62bbd7989352bd60c85a59d7a3df2c8e27a4a8

      SHA256

      13e533c5313afbf05de2b2117ac1b87c9ce344e2473f40dabc17f7aa7f6f8f55

      SHA512

      941388a1b1d4832c7f7cff45842b2e821130bc9fce670b7709b952cb0eac1365252e4c59393472133167d76d4f1ac42b11ac08f0f407708a96a8a08f1d57a5f7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      2bbb7044dd358f2fa6df7bf11c5312eb

      SHA1

      4333f7e9c4739e2dc3d85127336b9543aa67f041

      SHA256

      2f68f0c9157bb81d86632c51c002cc50791791ee9783f32b2ccc1ae883b70bfb

      SHA512

      0eabc95c11b793b7617993d9b8ebce61316aa97da76d253ae8793f497edb349a318093e95f77ef689a0899c07111275e9c63e692f6d8be490b3412fe682b60bd

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      5781dc2f12b3fd96150d88e63f208173

      SHA1

      f1451dc9fd8f55366c996adebf3f2bac1f42a298

      SHA256

      b267d84e64706dc8c60b7295e9d48a766ffbef8a616f21f48f978058dd7ebaad

      SHA512

      702fcc642aec4217f24f78cf896cd9883894e0bcd1c213e9f346dfa856e42364385a80f24d30b4e95802a421b23bf9e0fe1d4ff5e773b2afb5ded3b48b648cd5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      9f04acf2a95eb2b7425d0805b757657a

      SHA1

      054888739c44ca8a0e1129603fd07d65c14b404a

      SHA256

      1509aeb50795e2c3b2136b9420f915cf528d17f03317e63292b77d53eedbef08

      SHA512

      80ae3fcca76f1ff5324779b6014cefba7b9c72ca9dd2cc0489166d18b1c176f131b75fe6ba2b442ed31af18f246af4379359a94c4aa128e000a192ffe122982b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      68b2d4abca542fdbb1e3750555975c57

      SHA1

      857feb93601f5ac99623942de56d92ec148e1ee9

      SHA256

      424d4d320faeb930055a531fd3fe19aa99d4738ab7336a8c86bd7a6f523aa890

      SHA512

      64b8703a188270e802b4151560d90e1ea63a5344de9695caa86ebb182ee6f059fa527e1aff250150c489239f54d9ac82534a80cf58c333f06b975ad4ed6dd8d3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6b08ad9d8cfe40b3d08c0bab4c284122

      SHA1

      17ec2d5bfc0b207f3619f5896359bac2f5e107fa

      SHA256

      0238c669cc8d890d6b59aafbbe15176aa580c0eccbfadf50053a9ba97b55b106

      SHA512

      82ead0d5085d698f6b0cbef40fc03b67c99644b71f7a1e88c5c6c0638becc44cfa5c7f9f2a5eafd15cc09ca33b511390c8ed8b8a102aea77d90160ff212ec658

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\swflash[1].cab

      Filesize

      225KB

      MD5

      b3e138191eeca0adcc05cb90bb4c76ff

      SHA1

      2d83b50b5992540e2150dfcaddd10f7c67633d2c

      SHA256

      eea074db3f86fed73a36d9e6c734af8080a4d2364e817eecd5cb37cb9ec9dc0b

      SHA512

      82b4c76201697d7d25f2e4f454aa0dd8d548cdfd3ebfa0dd91845536f74f470e57d66a73750c56409510d787ee2483839f799fef5d5a77972cd4435a157a21a4

    • C:\Users\Admin\AppData\Local\Temp\Cab2000.tmp

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\Local\Temp\ICD1.tmp\swflash64.inf

      Filesize

      218B

      MD5

      60c0b6143a14467a24e31e887954763f

      SHA1

      77644b4640740ac85fbb201dbc14e5dccdad33ed

      SHA256

      97ac49c33b06efc45061441a392a55f04548ee47dc48aa8a916de8d13dabec58

      SHA512

      7032669715c068de67d85d5d00f201ee84bb6edac895559b2a248509024d6ce07c0494835c8ee802dbdbe1bc0b1fb7f4a07417ef864c04ebfaa556663dfd7c7f

    • C:\Users\Admin\AppData\Local\Temp\Tar20BF.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    • \Users\Admin\AppData\Local\Temp\ICD1.tmp\FP_AX_CAB_INSTALLER64.exe

      Filesize

      757KB

      MD5

      47f240e7f969bc507334f79b42b3b718

      SHA1

      8ec5c3294b3854a32636529d73a5f070d5bcf627

      SHA256

      c8c8cff5dc0a3f205e59f0bbfe30b6ade490c10b9ecc7043f264ec67ef9b6a11

      SHA512

      10999161970b874db326becd51d5917f17fece7021e27b2c2dfbee42cb4e992c4d5dbeac41093a345ad098c884f6937aa941ec76fb0c9587e9470405ecb67161