7c7ef60f0e8fef533edb5c1f2f0a0e6308a5ab87dc4746fca7c35756b3259535

Analysis

max time kernel
148s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
03/06/2024, 12:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91d7a74fb8937b86818c869277667652_JaffaCakes118.html
Size

19KB
MD5

91d7a74fb8937b86818c869277667652
SHA1

9fe0fe551080b2dfc4e2cbff8edee7c187a22224
SHA256

7c7ef60f0e8fef533edb5c1f2f0a0e6308a5ab87dc4746fca7c35756b3259535
SHA512

98f3c45d59dd211996d59be9c5671b2abc410ff8c2c28cbf060bafba2f5cd30bfdfd74e7782ae70d9d06355a22be7ce8557606dbad89bad5289839a9cd3f9e15
SSDEEP

192:SIM3tHBABQBSBZBWrI5fo9cOQivXQWxZxdkVSoAIl4pzUnjBh7t82qDB8:SIMdNI5nO9Hlsv7WxDB8

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C19B5BB1-21A7-11EF-831B-46E11F8BECEB} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423580854"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3032	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3032	iexplore.exe
3032	iexplore.exe
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE
2884	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2884	3032	iexplore.exe	28
PID 3032 wrote to memory of 2884	3032	iexplore.exe	28
PID 3032 wrote to memory of 2884	3032	iexplore.exe	28
PID 3032 wrote to memory of 2884	3032	iexplore.exe	28

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91d7a74fb8937b86818c869277667652_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2884

Network

DNS

img1.jiehun.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img1.jiehun.cn

IN A

Response

img1.jiehun.cn

IN CNAME

img1.jiehun.cn.a.bdydns.com

img1.jiehun.cn.a.bdydns.com

IN CNAME

opencdnspy.jomodns.com

opencdnspy.jomodns.com

IN A

61.170.99.35

opencdnspy.jomodns.com

IN A

61.170.103.35

opencdnspy.jomodns.com

IN A

106.225.194.35

opencdnspy.jomodns.com

IN A

113.142.207.35

opencdnspy.jomodns.com

IN A

121.14.135.35

opencdnspy.jomodns.com

IN A

125.74.42.35

opencdnspy.jomodns.com

IN A

110.185.108.35

opencdnspy.jomodns.com

IN A

111.170.25.35

opencdnspy.jomodns.com

IN A

111.174.9.35

opencdnspy.jomodns.com

IN A

111.225.213.35
DNS

t.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

t.cn

IN A

Response

t.cn

IN A

39.105.18.168
DNS

www.googleadsl.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.googleadsl.com

IN A

Response

www.googleadsl.com

IN A

170.178.222.41
DNS

hm.baidu.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

hm.baidu.com

IN A

Response

hm.baidu.com

IN CNAME

hm.e.shifen.com

hm.e.shifen.com

IN A

14.215.183.79

hm.e.shifen.com

IN A

111.45.3.198

hm.e.shifen.com

IN A

111.45.11.83

hm.e.shifen.com

IN A

183.240.98.228

hm.e.shifen.com

IN A

14.215.182.140
DNS

www.jiehun.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.jiehun.cn

IN A

Response

www.jiehun.cn

IN A

61.160.251.208

61.170.99.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
61.170.99.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
61.170.99.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
39.105.18.168:80

t.cn

IEXPLORE.EXE

152 B
3
39.105.18.168:80

t.cn

IEXPLORE.EXE

152 B
3
170.178.222.41:80

www.googleadsl.com

IEXPLORE.EXE

152 B
3
170.178.222.41:80

www.googleadsl.com

IEXPLORE.EXE

152 B
3
39.105.18.168:80

t.cn

IEXPLORE.EXE

152 B
3
61.170.103.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
61.170.103.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
61.170.103.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
170.178.222.41:80

www.googleadsl.com

IEXPLORE.EXE

152 B
3
106.225.194.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
170.178.222.41:80

www.googleadsl.com

IEXPLORE.EXE

152 B
3
170.178.222.41:80

www.googleadsl.com

IEXPLORE.EXE

152 B
3
106.225.194.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
106.225.194.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
14.215.183.79:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
14.215.183.79:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
113.142.207.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
170.178.222.41:80

www.googleadsl.com

IEXPLORE.EXE

152 B
3
113.142.207.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
113.142.207.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
111.45.3.198:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
111.45.3.198:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

799 B
7.7kB
10
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

785 B
7.7kB
9
13
121.14.135.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
121.14.135.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
121.14.135.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
121.14.135.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
121.14.135.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
61.160.251.208:80

www.jiehun.cn

IEXPLORE.EXE

152 B
3
61.160.251.208:80

www.jiehun.cn

IEXPLORE.EXE

152 B
3
111.45.11.83:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
111.45.11.83:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
125.74.42.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
125.74.42.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
61.160.251.208:80

www.jiehun.cn

IEXPLORE.EXE

152 B
3
61.160.251.208:80

www.jiehun.cn

IEXPLORE.EXE

152 B
3
183.240.98.228:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
183.240.98.228:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
110.185.108.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
110.185.108.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
14.215.182.140:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
14.215.182.140:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
111.170.25.35:80

img1.jiehun.cn

IEXPLORE.EXE

52 B
1
111.170.25.35:80

img1.jiehun.cn

IEXPLORE.EXE

52 B
1

8.8.8.8:53

img1.jiehun.cn

dns

IEXPLORE.EXE

60 B
294 B
1
1

DNS Request

img1.jiehun.cn

DNS Response

61.170.99.35

61.170.103.35

106.225.194.35

113.142.207.35

121.14.135.35

125.74.42.35

110.185.108.35

111.170.25.35

111.174.9.35

111.225.213.35
8.8.8.8:53

t.cn

dns

IEXPLORE.EXE

50 B
66 B
1
1

DNS Request

t.cn

DNS Response

39.105.18.168
8.8.8.8:53

www.googleadsl.com

dns

IEXPLORE.EXE

64 B
80 B
1
1

DNS Request

www.googleadsl.com

DNS Response

170.178.222.41
8.8.8.8:53

hm.baidu.com

dns

IEXPLORE.EXE

58 B
164 B
1
1

DNS Request

hm.baidu.com

DNS Response

14.215.183.79

111.45.3.198

111.45.11.83

183.240.98.228

14.215.182.140
8.8.8.8:53

www.jiehun.cn

dns

IEXPLORE.EXE

59 B
75 B
1
1

DNS Request

www.jiehun.cn

DNS Response

61.160.251.208

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
24b0c7b1ce4017863efe81fd6bab44f0

SHA1
8bd9977a856c9328efc4e1e951834ebff9a1f9c9

SHA256
1b4fffc55620879ffa06d663b9dde428dcb460c3c1d55e218ae7b582cf140f50

SHA512
bb59cfee3b95fa901d4445b24d7c9bdf147f327303d6cafe2b3696553bd5e272e9757b6cef8ca4efb9806f73c8e68825c833ce953b84848389142edf66e7384b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b10f8b75e044c35eafb4b28f98c0789b

SHA1
de559ca6eee6dfb58bd9a65f0a43729c2a512d6f

SHA256
69e90c6980c29e2afd7644738b9fa3f4b2e2eef2122e89b151d5af6c820dc3b6

SHA512
cb07312daecdf8202b62218b6e4e73939f7385906f1cb4d6fe17fad49b385b8c685addbd63ec118ebd539a6902875d474e1e0d6da138abad87fc2e341af23ceb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7c1cd45dc0012bf152ae90fc4e4233c

SHA1
4b7e3cf133dd00b3468c1a7e57c77a4c5db59d40

SHA256
ede74d363d1b1b027648e3d5c322ee7a23986e1f6ac8a94407f8c3c281e92d34

SHA512
1822e673361b9ba47c93bdce2f8d53a2b4195c152e85421a46284814067203fb1007f6b833ecd8f67b96f3dc83826e8a4e590520f755523c4381a1fb865980a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91e9260dd53fa8f6b47c965302d8bfa3

SHA1
07ca308fbabccc93013c758521d170237faabe98

SHA256
9eebad5bbbab0ef9229865893b77b4c2a25155550289396d6fe52ed8603260fc

SHA512
a88e5c76743c2864f022833ab035354278f4bea7a2065c66b36cdb55bce8358f735f437d3f25b53ff134ce17f8d749b658b8bd8e99e9b49ea2e630102c6db643

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9d36d4a6abd5ecda92afa1e9603afb16

SHA1
c26c4fda3cfbab7359944a976dbb30406c77eed9

SHA256
e00df7d8d61cfc722d73ff99eb2a697cdcba4e220fa5d4b741be4d7598e006b0

SHA512
00b79e404f8d2e4b619d0f405c70d51540bc6c58ce634029744caca5bc397e25c23779ea702b5a31a1e32e9283d9b8d8dc760acfde546362a7cd077c29e847b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6311c24cbd8131d61d9e91522b1b3413

SHA1
3eb56044255fff8cf5e4e8fddb146865884fbfdc

SHA256
aa08c2608bda86864ce115cffb798ca04138d4bee28842e0a86fe124880438fd

SHA512
d1b06094fc40ad4b46aa5414f59d0c13c6f1d6f2c512b394f1f11d6ad4e4a4a5094a6e95bacedd2935d3309c817e75fd0f166f09fb61b81973a2e20e04e3fc54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b8a824c3b9b93e67d32cee6eb2a94ac

SHA1
d61cfb2f7a35009bcfd82e8dba4c2799816f1c70

SHA256
d08281f8d6826e6c802398efd42f8e8a24e55ad42acaaaecb82eb03291a85958

SHA512
58e5804c238546baaf4dee966dc641da69681ffa3fb24f957567f5508d63c7685ce32abc7f0198889254f37d1a8029499449d132c5eb816929fda2a2769d6544

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c534d041c18ed3ee1cee62a7f98fbdb4

SHA1
a0be5817513118d258c92dbd852e8b6fb489588c

SHA256
b463a7e1c8f4972d5d817dea33586ca4e388b2c5b76bd0bd897466f5d1b69abd

SHA512
467f63c5450b0251d221239dc7465f211529e87ac001ce7bdc636a50542b67d93949f33d7fba20a717284c0cb2d2b4ab9c98b8ce40082880d9a9e0a64a9ff073

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac6080d721adc6e482b301ce93070074

SHA1
25f587a7be32a4269c8bec2fe03145f94b9afa24

SHA256
79e3163a6b08194ba90c068fe1d2d14bb7d06964845c472d09c26a17690e7062

SHA512
d3f783706fe93310c5bd59460af87db33dfeb210857c9ab1c8114c42c984c88342318bcdfde7ab1e30628db443dc0abcc5788a1a8026406764e2a32b9b2b56be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1F44.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar2027.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.