Overview

overview

1

Static

static

1

a093663fe3...8.html

windows7-x64

1

a093663fe3...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 11:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a093663fe3af52ef3b6a9193de116677_JaffaCakes118.html

  • Size

    22KB

  • MD5

    a093663fe3af52ef3b6a9193de116677

  • SHA1

    d8566779bb1962e337437ae4aaf113471509c099

  • SHA256

    715527b298f4e7c4bb7744c323b6696d498ad239046613ffbd5d02a9a25135d1

  • SHA512

    2db9becf777898f3a37e46a7379203996636f7a5e008e8cc7631cd9a12dd4ae6c44c5c16fab502f9e30d14cc9062cb6f68cb4f2009c8d70869ff0504e265f0fa

  • SSDEEP

    192:SIM3t0I5fo9cKivXQWxZxdkVSoAIW4MzUnjBhoy82qDB8:SIMd0I5nvHrsvoBxDB8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a093663fe3af52ef3b6a9193de116677_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1688
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2100

Network

  • flag-us
    DNS
    t.cn
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    t.cn
    IN A
    Response
    t.cn
    IN A
    39.105.18.168
  • flag-us
    DNS
    img1.jiehun.cn
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    img1.jiehun.cn
    IN A
    Response
    img1.jiehun.cn
    IN CNAME
    img1.jiehun.cn.a.bdydns.com
    img1.jiehun.cn.a.bdydns.com
    IN CNAME
    opencdnspy.jomodns.com
    opencdnspy.jomodns.com
    IN A
    123.235.31.35
    opencdnspy.jomodns.com
    IN A
    121.14.156.35
    opencdnspy.jomodns.com
    IN A
    124.239.243.35
    opencdnspy.jomodns.com
    IN A
    125.74.1.35
    opencdnspy.jomodns.com
    IN A
    125.74.110.35
    opencdnspy.jomodns.com
    IN A
    150.138.188.35
    opencdnspy.jomodns.com
    IN A
    171.214.23.35
    opencdnspy.jomodns.com
    IN A
    171.214.24.35
    opencdnspy.jomodns.com
    IN A
    175.4.51.35
    opencdnspy.jomodns.com
    IN A
    182.84.110.35
  • flag-us
    DNS
    www.googleadsl.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.googleadsl.com
    IN A
    Response
    www.googleadsl.com
    IN A
    170.178.222.41
  • flag-us
    DNS
    hm.baidu.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    hm.baidu.com
    IN A
    Response
    hm.baidu.com
    IN CNAME
    hm.e.shifen.com
    hm.e.shifen.com
    IN A
    111.45.3.198
    hm.e.shifen.com
    IN A
    111.45.11.83
    hm.e.shifen.com
    IN A
    183.240.98.228
    hm.e.shifen.com
    IN A
    14.215.182.140
    hm.e.shifen.com
    IN A
    14.215.183.79
  • flag-us
    DNS
    www.jiehun.cn
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.jiehun.cn
    IN A
    Response
    www.jiehun.cn
    IN A
    61.160.251.208
  • 170.178.222.41:80
    www.googleadsl.com
    IEXPLORE.EXE
    152 B
     3
  • 39.105.18.168:80
    t.cn
    IEXPLORE.EXE
    152 B
     3
  • 170.178.222.41:80
    www.googleadsl.com
    IEXPLORE.EXE
    152 B
     3
  • 39.105.18.168:80
    t.cn
    IEXPLORE.EXE
    152 B
     3
  • 123.235.31.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 123.235.31.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 123.235.31.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 39.105.18.168:80
    t.cn
    IEXPLORE.EXE
    152 B
     3
  • 39.105.18.168:80
    t.cn
    IEXPLORE.EXE
    152 B
     3
  • 170.178.222.41:80
    www.googleadsl.com
    IEXPLORE.EXE
    152 B
     3
  • 121.14.156.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 121.14.156.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 121.14.156.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 124.239.243.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 124.239.243.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 124.239.243.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 124.239.243.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 61.160.251.208:80
    www.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 61.160.251.208:80
    www.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 124.239.243.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 111.45.3.198:80
    hm.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 111.45.3.198:80
    hm.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 125.74.1.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 125.74.1.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 125.74.1.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 125.74.1.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 111.45.11.83:80
    hm.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 111.45.11.83:80
    hm.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 125.74.1.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.6kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.6kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.6kB
     9
    12
  • 125.74.110.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 125.74.110.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 125.74.110.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 125.74.110.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 183.240.98.228:80
    hm.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 183.240.98.228:80
    hm.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 125.74.110.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 150.138.188.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 150.138.188.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 14.215.182.140:80
    hm.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 14.215.182.140:80
    hm.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 171.214.23.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 171.214.23.35:80
    img1.jiehun.cn
    IEXPLORE.EXE
    152 B
     3
  • 14.215.183.79:80
    hm.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 14.215.183.79:80
    hm.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 8.8.8.8:53
    t.cn
    dns
    IEXPLORE.EXE
    50 B
     66 B
     1
    1

    DNS Request

    t.cn

    DNS Response

    39.105.18.168

  • 8.8.8.8:53
    img1.jiehun.cn
    dns
    IEXPLORE.EXE
    60 B
     294 B
     1
    1

    DNS Request

    img1.jiehun.cn

    DNS Response

    123.235.31.35
    121.14.156.35
    124.239.243.35
    125.74.1.35
    125.74.110.35
    150.138.188.35
    171.214.23.35
    171.214.24.35
    175.4.51.35
    182.84.110.35

  • 8.8.8.8:53
    www.googleadsl.com
    dns
    IEXPLORE.EXE
    64 B
     80 B
     1
    1

    DNS Request

    www.googleadsl.com

    DNS Response

    170.178.222.41

  • 8.8.8.8:53
    hm.baidu.com
    dns
    IEXPLORE.EXE
    58 B
     164 B
     1
    1

    DNS Request

    hm.baidu.com

    DNS Response

    111.45.3.198
    111.45.11.83
    183.240.98.228
    14.215.182.140
    14.215.183.79

  • 8.8.8.8:53
    www.jiehun.cn
    dns
    IEXPLORE.EXE
    59 B
     75 B
     1
    1

    DNS Request

    www.jiehun.cn

    DNS Response

    61.160.251.208

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a00c52b96bf085147be2dbf0c18abca

    SHA1

    02c73b7d43ae901684ecd6b4bc2f5172334bfd8c

    SHA256

    90a5bab4369cf0daf5f266b2a40dd6255cae4810ae6018e9d7ddba63bd1d84bf

    SHA512

    bd470f55b01ba35a4ce4b90480a9fa5a20e6216e20c68b0dc96e9043d88ba854a37fab693cda33772c2c5bb8403a4f2e0123081ff78fff83dc71d33beeb706ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b580093d19aec87541664d208b4e7f1

    SHA1

    85bfd31467935e0f3e8ebcf73410357f86b1412e

    SHA256

    5294b96970480305633fa10056d960976ee587c3da8eab5e3245976430f9fde8

    SHA512

    10a3d8d7cbf802aad15b3a8f7d4199c1431bdf425b8f4c67c2c8d6a0a5c463dbec023b1c16fecec5fb423eed4e78d208421a86cb88fb70d6c72d4662344af54a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d00bfafa80e3885671e6e8c756bafd0d

    SHA1

    fde3a13788d5838006baafc4ab863f8c5d49eef2

    SHA256

    0f6f212b3bb45b4e7b8b53eaa370af3a275e27e5d3798558cc85e230695da13b

    SHA512

    8dfba825f3f4d0447af56e2e4bfa33fa79690289b30047a7a16a0603734ffe3bfa307e8864ac91b2ff4e7bc37ba3a003707f25619e1e7380273ab46c4f29a515

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    526ba40f84f4e90e7055eda0b796a53e

    SHA1

    f99f868b96cea5c7e1589947e2fe1f08cdff0e8c

    SHA256

    0e0b48b45bee3ee705d3aa6aad220ef3ae111f7bbf80d3c492ca0ea58c909c93

    SHA512

    59e5673d9d5d12db5906fcc0e95159d51d9dc5291fda4df5e1f366152e9e69bc562933ffd0fe3773eaf6e08bbbb25eefdee0dd0afd379ee75cb68c892f9fca60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31a5217dc186df230e33f04b7c596376

    SHA1

    e772a5b692e4ec505933b0c4e70ad6e03ef51d19

    SHA256

    f3b738494c4a1782a8406308c7acb3e0297fe32f0bc8dd0f09c572f7e6014912

    SHA512

    740e892fc2d4f35fd0797783a79ef9891ef6db41ca4e2fb654b89666ba271c8b2be6185c2148a9b6c5916c23d7bd8f41a67020c1262cd08cbecc38f0b555d243

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce244adfec6cf723fee89a591cfc2965

    SHA1

    fb1a929d0ece52d4bbbcf3c27fefeb83d8cd81da

    SHA256

    d3772307195686f713004283496dec99670c14eb417a984cb86eec885b741c1f

    SHA512

    c9b8f7c271aa58a80da17b10e171abb39b3d9b6e397c6f15e35c73f943086d9df0fb0b51261081d7effc858df93d471621cfbc74bf58a73c95cd64640ceb121c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad4b5157679ae7a20e28aea9b0cbd746

    SHA1

    00f88ff5054d16930021e74f32c2d973e2cc8c77

    SHA256

    91d10ff073b64a0609eb4ee85e04a910cd8de4cd26e334084c4c1a3a8204b77b

    SHA512

    76e51171ea9a3b3ec28a8dd5ecc73fd351e7ceaa1b3e32a5dee1b2e951d639c7d2e43e27b1c5841aeca643daaba7db3e609ec1731c45079b8c4e56ad085cd60b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8434d4e9808227616d953a2592e28440

    SHA1

    5ae952f1d34cba2190d2a3a949e163a1010772aa

    SHA256

    e188514bcff438a7980430ed244f7efae0d4b8294a642035b761e7857dcfd0f7

    SHA512

    8285a088f85a231ff654124e9f6d524463cd66bcd5c4c3823d6b0a5d724ec56435276485984abbe419f7120297b4a44327328f5a83839d875c4b111996a38a1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e075e4cd98b49f228e9a3fa1f7f4e125

    SHA1

    cf29fe556a003258893f41dcdca436823b2186b8

    SHA256

    20c7584ac060d788c12ab2f95dfc8a373873c96833d34b6ada4c4f8c71d937e6

    SHA512

    d45b7fab236df3ea779bc129b487c634248f864bcb3ebfbc98ebd3bc730016707411214ea3272cf4702af030c947047f0f9215d8fdd514ef4932f303183dfa4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1790516c23d52b632b2e192db17aebf0

    SHA1

    bec55d9a2015f64605f3116a67bae0bdd9b6e022

    SHA256

    0b14f64273a83af15c0081d3877af567ca6b44494cadc9b9d171d17ec5a1f5f3

    SHA512

    c5c49d517bddcbc89287aab15008ff0d73dc1ed524ca858492b0b1d025f234ef4049df7bdf2fb5f58229bd1569a97604e9b27eb700630c64d5b24fde70a15f20

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5561.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5601.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.