Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    25-05-2024 07:30

General

  • Target

    7142ef4b94e9749ab1240dc3df3cbcc7_JaffaCakes118.html

  • Size

    162KB

  • MD5

    7142ef4b94e9749ab1240dc3df3cbcc7

  • SHA1

    b837d1fa92d870abd8e3cecd63a3ea9ab180a66a

  • SHA256

    b4619131b42e992087cce341c38882aa886fd0dd0fe9da39d849a7e2b84540d5

  • SHA512

    0e929af2fd6db699b6014d8dc0d7d692cae2d97e45bc3aebb4ebc43d5d1a6e5dc35cf22278f2b2b22ab4c698d6ccfd38305ae0e40b50d3f902b5acff9ccea1f1

  • SSDEEP

    3072:SZsFKCu+dm2x6+XLcRr3z5aXDwBDYpQ3NxEanRo4yJ9G57yfkMY+BES09JXAnyry:SZtCu+dm2x6+XLcRr3z5aXDwBDYpQ3Ny

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7142ef4b94e9749ab1240dc3df3cbcc7_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3012

Network

  • flag-us
    DNS
    passport.ixpub.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    passport.ixpub.net
    IN A
    Response
    passport.ixpub.net
    IN CNAME
    passport.ixpub.net.trpcdn.net
    passport.ixpub.net.trpcdn.net
    IN CNAME
    u887.v.trpcdn.net
    u887.v.trpcdn.net
    IN A
    156.251.70.35
    u887.v.trpcdn.net
    IN A
    4.34.134.107
    u887.v.trpcdn.net
    IN A
    4.34.134.101
    u887.v.trpcdn.net
    IN A
    4.34.134.102
    u887.v.trpcdn.net
    IN A
    156.251.70.36
    u887.v.trpcdn.net
    IN A
    156.251.65.6
    u887.v.trpcdn.net
    IN A
    4.34.134.105
    u887.v.trpcdn.net
    IN A
    4.34.134.108
    u887.v.trpcdn.net
    IN A
    4.34.134.106
    u887.v.trpcdn.net
    IN A
    156.251.70.37
    u887.v.trpcdn.net
    IN A
    4.34.134.103
    u887.v.trpcdn.net
    IN A
    156.251.65.8
    u887.v.trpcdn.net
    IN A
    4.34.134.109
    u887.v.trpcdn.net
    IN A
    4.34.134.104
  • flag-us
    GET
    http://passport.ixpub.net/images/noavatar_small.gif
    IEXPLORE.EXE
    Remote address:
    156.251.70.35:80
    Request
    GET /images/noavatar_small.gif HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: passport.ixpub.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 503 Service Unavailable
    Date: Sat, 25 May 2024 07:30:35 GMT
    Content-Type: text/html
    Content-Length: 237
    Connection: keep-alive
    Server: web cache
    Expires: Sat, 25 May 2024 07:30:35 GMT
    X-Ser: BC35_US-Michigan-chieago-1-cache-2
    X-Cache: MISS from BC35_US-Michigan-chieago-1-cache-2(baishan)
  • 156.251.70.35:80
    http://passport.ixpub.net/images/noavatar_small.gif
    http
    IEXPLORE.EXE
    567 B
    758 B
    6
    5

    HTTP Request

    GET http://passport.ixpub.net/images/noavatar_small.gif

    HTTP Response

    503
  • 156.251.70.35:80
    passport.ixpub.net
    IEXPLORE.EXE
    190 B
    132 B
    4
    3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
    7.6kB
    9
    11
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
    7.6kB
    9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
    7.6kB
    9
    12
  • 8.8.8.8:53
    passport.ixpub.net
    dns
    IEXPLORE.EXE
    64 B
    349 B
    1
    1

    DNS Request

    passport.ixpub.net

    DNS Response

    156.251.70.35
    4.34.134.107
    4.34.134.101
    4.34.134.102
    156.251.70.36
    156.251.65.6
    4.34.134.105
    4.34.134.108
    4.34.134.106
    156.251.70.37
    4.34.134.103
    156.251.65.8
    4.34.134.109
    4.34.134.104

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ecde566cb1757872be696845ecb682b5

    SHA1

    4a85d5c659b73484059ac8b0ab62881f8242fc02

    SHA256

    eab5bb17549c3b10a2400a1883fe469144642c83dc62c1e84c583ad3a363fb62

    SHA512

    41c3c20195c0663df4345932af847bd773e20ff5b4f9d6f3890bf7704a130476f934bf17201f8a7ff972f0daa84e55b41de87c1765498d7194dd8ccaa2717f0f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    67f25b58e93fa0d88c87c9bb7bae5e86

    SHA1

    e3f3a2327db2405512f306fda8d136d5ad68d9fd

    SHA256

    3f64b04663c9c15ef28ebe570213c404ab06d713561692c25192d953b05fed89

    SHA512

    93f750ef84701def0fafdfaed1093f6632771caff5f959f066a4b6bf45d4c5412fa35c1f08905b110f9328e118b9a132f60c88f65e7b573fc5630cd3fbb02489

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ac7fc778e7b0cf2f64dd5c6e88e61ffe

    SHA1

    008db2a1021ef9fa1bd5beaa5e487c83c38676e2

    SHA256

    ca0afaa1cacd24ee3295a4ad1c396b95efe2a500604ed60a5a6fc6700b5201e6

    SHA512

    eb79e91537626c2169c38960bac48de56fb2292e57e13ee57931d6bbaf5602910cb57b908a1722086e382b1512fae0d9fa59dff649ef9896b6d500bcef7c4885

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ba417eaa59adcd4478fea4f6667d1178

    SHA1

    289e78815817e252cf7ee36efc149631cafac28b

    SHA256

    68aafbdde3dbfcbfa33963afcf472f33b326c2e80df5c5f6c13f461980a4cf80

    SHA512

    9631f4a23af450f23e7d2534d49292baa41d1dc7dbf1b424d5773257ec8f6ee3a7b90d4e5bac810cd23d448286d89525fd874fac30a770d61ac39c98950e689a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6e1cf102190540719c37e29741065ae4

    SHA1

    ede147d2a424b434b8fc9e1f2722a5777c84a676

    SHA256

    c4ad12abb468b36b8df96b4e37cfa5cc397ba9de9c265060039e053e07037421

    SHA512

    a8c508dfe66ce26d137c6632146d36581ccd2e10b9b9e8d5d46ea031db9ab4c3b23b72457357f5d945f9670f3f5913e2ee718fe873988b62d35d0eea2c2f318a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1dbd54bb94908f88d01f04cad8d9d031

    SHA1

    3aa95398bba3b1067d02944ae40debc6cb2677ca

    SHA256

    9e1a461371a16f4f11bfbbe13804982ac8625a0380786f63c65f44bbe8ba62d4

    SHA512

    536671b1270847d954b5647ad2332cbd619957108faf72968a6f08c5a3b12a5bb28559ccdc7cec901509a1ef9d2af1796a3d33fe43c8191ae740a0744f5a6fe2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0a346cf2c56d8408293748e9083c4f16

    SHA1

    29bf788cc254a285f2ae99ea050d6ea253b9e8c7

    SHA256

    ff39e77664b8f9034da07d2a13439b10d26fa601d1e1dcfa64e09a8453f795e6

    SHA512

    ebf3e14f7570536018204ee123c91462bbf2bc5342c898fec29b642abbc2cbd476fd8a8e26de792b2179fadcaa033bcc9e118ce8375ee8ceb95d3f504d665852

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5aee381bb8c2c0e2aecd5852dfc35117

    SHA1

    58a48f65bdf9487e9781e616aa8ffcfb5f9a896a

    SHA256

    f2da65706645233cd482040d434138621e00e8878b8cc6fba4f2a0144f3f4b10

    SHA512

    ec7a1a806cdf21f1f21a47bff17ff826f10a0ad1bc81a837d6be24a85aae92563d45bc9fab6fb8ab3904594fc2fe199b1299352f8cb25bad03d51ae80b0d74c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    97652acfccf4e14468a79c39aaf6abe6

    SHA1

    f81901e74904fa930189105b52d785dd1cc70277

    SHA256

    812a0964482369a6c7630d5e0ba2a37423feb3f492977e4a28836dd4a9032e9a

    SHA512

    05df45bfb527b09be70445646b57b0712b6647cb9f5140952b88880bd587e5bbea013181b20bcd6a1c83e5ec3dbf0f424d959818fe31fa37e4cb41e24df56aec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    eb1f0c2a3b5db05484097f282e6b72a4

    SHA1

    da392fd94cb200b27a1eda8c44754aea39d298c4

    SHA256

    1ee04eb47666781a8dc5b090326b9edce768b3f188fcd54f6f4e1cca7bd22f2c

    SHA512

    0d9f02a233aa9f46ef0a824109a5b65c23077f5eaeefe3b9e24d1679dcefb837c4907f8bc91e83e2c85d7694f832bcf1dea0818529c75dcb11267a10a4829184

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    75c2b0a0a0d9310f69ff2c8f80186539

    SHA1

    a7854f5c4874395ec7c5ac76a9e0f7c8e16a4a95

    SHA256

    2f7fb123823bf5ef7970fbf652ec1ac4019f8e0d28c383d0cd5fe8ac35641eba

    SHA512

    a69722c7e099d1c12bcab0d975b0a4115eb3beba0cb197e5e5f71c9abe303e01603a10df9b3c642fceb8dcf2e210ae6e8d4fa8660a7eabf438363a8143e9e9a3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    91f1ef0619b3dbd174a6609e4e539b83

    SHA1

    320fb455c7c288834aa48c2af427f381da13a42f

    SHA256

    31d1007a91bd6b3866035dc0ab82dbb30cf9f231cd610fb83a7fda266ce567cf

    SHA512

    c116027142cf206512183a63a7378d1b66ef86fce487b99a6b29047c4e7230902a21e0bb87e074aaa870ed2fd26bd7634d82b61a75f26dba611ef50fd0aebab3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d9a4e5db72de471aedd3dc1230bb3184

    SHA1

    cd97bdeef78d911dd2ae35a91a33609d09358faa

    SHA256

    15152d027335a455ab877ca0e3e617e51e391e498ba83ce4d469b977d759d054

    SHA512

    9339e645390c872626c484e3a1f2bbfc29f65e8bf45899f5239a98429744cdf91996d666c91f2578774f8a1d44c894abd2819774e3cc27f561fbd57e824b12d1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d51e8815fb3b7cf91bb0c61d82b601f7

    SHA1

    fb1c595f4463466666559391514c385c815e41de

    SHA256

    86ce94ec0b26eb110981be8bc3ead602bcc0f55f35059de8df4cc8bb39e7edc8

    SHA512

    2a5b099d121333ad94ca4f8ecaea104853612023253350b1a787cceb40c5123fb8e8163095abf992c414748a57641d0496c2e29d52ac7cc0a83ba684649c390b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5a91f5f10787885edc49beb0ce0271b5

    SHA1

    855591b5d324317908d8a15338eaea31da40d6d8

    SHA256

    dbe2a48cb95b7faef4a2944632a16168398f8e8b0a15b3d7b38fcc1a297f6f11

    SHA512

    b08dbb3a46f6b0f4d4923de04447e604795849fb7ac516e03914953bbd7fd76758c13da74ed79ff85b4b0042fbd1b2f4f411f70fec38ac9c439dfad2b8274c81

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    61d263f578599451644786ebce59c5e6

    SHA1

    e47373699ad4d6625dad44656a4d92e42abebb92

    SHA256

    865bc7ae2fd10cfc0abef9f676bcb2c77dc25be4eab5577cecf10ce096999963

    SHA512

    584a4f2a5fe1da48a5f3c3ebbe4487640afbafd82a1d87c94be38ff1e56beb6e28f2c15739194396e07999d661baed58718b3ff1b61a313cec74af2ee061f124

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8f327a9d9fec461bf25a0b912b8f975b

    SHA1

    51ce4b92fa67e1f21ad2ab64a110cecd76366b1e

    SHA256

    6b386216e7850e3e041e1e20dd403ce8cd3602c3ac6b3ec8881fdc0109071da9

    SHA512

    c14e52d22e5b72642ae5fb4ee2763eb0a7ee7b0ed62bbc887c65f5616aba8d9a0be3569ea0a5a18089592ad15a9160c69ab3c73473bb339601a47c6086b414d2

  • C:\Users\Admin\AppData\Local\Temp\Cab408B.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar416E.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.