Overview

overview

1

Static

static

1

b75068404f...8.html

windows7-x64

1

b75068404f...8.html

windows10-2004-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17/06/2024, 07:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b75068404f8ec6e6f7007c90d900bb94_JaffaCakes118.html

  • Size

    132KB

  • MD5

    b75068404f8ec6e6f7007c90d900bb94

  • SHA1

    6e4ad1b24e85bf7d3f3e11ca27165bf51dd0960b

  • SHA256

    a536272f7f1de02550945db92e86c9a0dd83eb37afa2273b547f528c7e4c2837

  • SHA512

    12ec51c3a2d4cb1307ee9c2116657ee3a2a1aa3aa74cfe9e7a87fe271f8291acdce14d5fec239b8d1d1f8eaa4bbb594f4dfc81f6d230897799afc73a0dcfa2e2

  • SSDEEP

    1536:B9yTPaPj40ZFyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:BFPHnyfkMY+BES09JXAnyrZalI+YQ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\b75068404f8ec6e6f7007c90d900bb94_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1288
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1288 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2716

Network

  • flag-us
    DNS
    down.admin5.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    down.admin5.com
    IN A
    Response
  • flag-us
    DNS
    bdimg.share.baidu.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    bdimg.share.baidu.com
    IN A
    Response
    bdimg.share.baidu.com
    IN CNAME
    share.jomodns.com
    share.jomodns.com
    IN CNAME
    share.n.shifen.com
    share.n.shifen.com
    IN A
    39.156.68.163
    share.n.shifen.com
    IN A
    182.61.201.93
    share.n.shifen.com
    IN A
    163.177.17.97
    share.n.shifen.com
    IN A
    180.101.212.103
    share.n.shifen.com
    IN A
    182.61.201.94
    share.n.shifen.com
    IN A
    112.34.113.148
    share.n.shifen.com
    IN A
    14.215.182.161
    share.n.shifen.com
    IN A
    182.61.244.229
  • flag-us
    DNS
    static.duoshuo.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    static.duoshuo.com
    IN A
    Response
  • flag-us
    DNS
    s2.cnzz.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    s2.cnzz.com
    IN A
    Response
    s2.cnzz.com
    IN CNAME
    c.cnzz.com
    c.cnzz.com
    IN CNAME
    all.cnzz.com.danuoyi.tbcache.com
    all.cnzz.com.danuoyi.tbcache.com
    IN A
    117.45.3.100
    all.cnzz.com.danuoyi.tbcache.com
    IN A
    106.225.241.86
  • 39.156.68.163:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 39.156.68.163:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 182.61.201.93:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 182.61.201.93:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 163.177.17.97:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 163.177.17.97:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.6kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
     7.6kB
     9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.6kB
     9
    12
  • 180.101.212.103:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 180.101.212.103:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 182.61.201.94:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 182.61.201.94:80
    bdimg.share.baidu.com
    IEXPLORE.EXE
    152 B
     3
  • 117.45.3.100:80
    s2.cnzz.com
    IEXPLORE.EXE
    152 B
     3
  • 117.45.3.100:80
    s2.cnzz.com
    IEXPLORE.EXE
    152 B
     3
  • 106.225.241.86:80
    s2.cnzz.com
    IEXPLORE.EXE
    152 B
     3
  • 106.225.241.86:80
    s2.cnzz.com
    IEXPLORE.EXE
    152 B
     3
  • 8.8.8.8:53
    down.admin5.com
    dns
    IEXPLORE.EXE
    61 B
     128 B
     1
    1

    DNS Request

    down.admin5.com

  • 8.8.8.8:53
    bdimg.share.baidu.com
    dns
    IEXPLORE.EXE
    67 B
     252 B
     1
    1

    DNS Request

    bdimg.share.baidu.com

    DNS Response

    39.156.68.163
    182.61.201.93
    163.177.17.97
    180.101.212.103
    182.61.201.94
    112.34.113.148
    14.215.182.161
    182.61.244.229

  • 8.8.8.8:53
    static.duoshuo.com
    dns
    IEXPLORE.EXE
    64 B
     139 B
     1
    1

    DNS Request

    static.duoshuo.com

  • 8.8.8.8:53
    s2.cnzz.com
    dns
    IEXPLORE.EXE
    57 B
     148 B
     1
    1

    DNS Request

    s2.cnzz.com

    DNS Response

    117.45.3.100
    106.225.241.86

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    646990006b1b466916743664dff9e860

    SHA1

    81d434edd0148663782d3c2db0498fbe3ff149b2

    SHA256

    2eabb4bec624174b3c7fe061f07dd4dcfd14cbcda4b7e0077974e550fa150c76

    SHA512

    77e8ed9c8017235e28c493a340bcc2d1eae7a2d0ec420a87e264e113c87bed8288049b2fb2578a17c74be9e66b072c55c0a18308bfc87a00d7b6f02c4392153e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e6ef81455f607b1c9310a66bc0b4e0ab

    SHA1

    f1635aa62bdda2d5819b6168709aa45e24f9fabe

    SHA256

    097ed7994d7ba6fc492d08147cdb1637a37f2cbbefca26b131a671e99cf3b8d7

    SHA512

    0e726eca1567b9d5e0226beef7a4a86a53643021abeef9ee48896384eed5f22730e5d22217e331ec1e4d7791d3929521b87444f3197a3d114aed94a396e45e9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f8a70738c7ff5254143a16000b07a47c

    SHA1

    541738375931529319257eed797135633030ae08

    SHA256

    2dfcf669fdc26aebdad040b394e332b0c2b65bf2922fa806b2f48b70895fc40e

    SHA512

    4b6b5ef63877825bdfdb11c3134a68607526cc9ffaf74090d0f56461311eecc7fe21dff1fcf91ec5476dcb2078a5a4a5c44b23620f101d1d952a32485d743b59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6faa9972ab695f67d876afacb868e9db

    SHA1

    ca4ce74faf0715c6135e7a66e67381ed0a89e32a

    SHA256

    e76f37e699fff9cb5a5f6d804a5d056c0bc1f394f873a1e7add48a564b5cec72

    SHA512

    a706985495f83be3aa538de4005a20428912bb93a51fc7c62156211323d1c79f10182e7a00229c10ecfe5d3935ae68673bcfa1fe417cfef67cd01a754cca26a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f49ce28e350decf861795f0109031f1

    SHA1

    0a03430a9aaa5e9bb86e53c87d07ec6fd19dcc07

    SHA256

    586ecadd0a2acb85640452e7cde82bdd669cc054b464ff5b18e9218c62defb15

    SHA512

    c3535c8ca40db3421d640bacbf70d48a6c99d7d32061615942e9d634cff199cf09152ba7a66d89c765ba6fa9629edd4a41c89c1c2db5114de38caa9b3abf7edb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46e3cda7fb765a17625bdd9e53ba4932

    SHA1

    0c12965f48aeb97673af05d1e351c803d75c6d17

    SHA256

    1af6d8ab507bca09f2ed194ecfae5b4b3888157e771f4a4577f3a0d3c1445931

    SHA512

    3b0a6d6c80ac78083ca3f3c3d29e3bf5b478f5e3c9497868bd064fe83861892ae319dee897b70dec97671c0325fb2569d5655005662acebc268d0dc9b429df52

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bffeb0eb823573287bc7bfe11b696e18

    SHA1

    fa76daeff3ca3a34a08996e74c9f3be0482fbe7c

    SHA256

    ca9db2b84c539db8f5d7378c135cc2b7afb523eeb379af6214b94474ad8e0c4a

    SHA512

    cf8e6c18daf8e2524306e19e3c22e9930e95e982ccbb65adb3f3f2c53bd74e8da73311a3a29e7d64109b5a85417801e53d8394733866d42e372669b6e0186539

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbb28e1f70e105972c028ba7e937ab48

    SHA1

    439426482a17ed76fe3c5452563895974fe7756b

    SHA256

    decc301289f2438752db2027cc5af390c0bb47918bc0d806b97960ebfb4e0743

    SHA512

    1ac2706963f5ad0cfbd820c8d8712437e410df9b674f43f6ba0112ce54da617049f30ac71fff0ffa6da5ba8fda5f713231ab0503bf803703b2ac5dc16d9166df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    facf6c3b0874e3832c11aad2e5777d0c

    SHA1

    847adeca39f41af99c6d99d92a5179a41bee0ae6

    SHA256

    7a56243dda283ed2fc3e5259acbc124d30eb20ed5545ed4c196309a0b0d006b7

    SHA512

    71c171e76136b171dc89c6970a3cf2d7d4307b46e5f8db19ecd007ac66a07e6c516a68510e1d7aa3ae8ee5f9d8fae916888b0f5500340e013c836133020fa170

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB37.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC0C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.