Analysis

  • max time kernel
    118s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11-08-2024 00:18

General

  • Target

    88419d159c382951954a2ad67c69cc92_JaffaCakes118.html

  • Size

    10KB

  • MD5

    88419d159c382951954a2ad67c69cc92

  • SHA1

    a7d3c7c831f901a7b02983b619898cd7b680cc7b

  • SHA256

    582e4edd8425539b3d3ecaea0b0e0f12280f9cfa6892c5796ac19575571fc0ce

  • SHA512

    d6a838fbe484875aa73da43165cbe5a2a4eab8ad7b60167e100cfb800b56eb89539ff40b5ab8ceeea978512dcd9872381fd2ddffc78fec5ffc4ea85e9b8ae18d

  • SSDEEP

    192:csz7BzAYS/WSx8m888T8888P888c8ZPHb76f:cGzAY8WqFHS

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\88419d159c382951954a2ad67c69cc92_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:468
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:468 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2952

Network

  • flag-us
    DNS
    analytics.hosting24.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    analytics.hosting24.com
    IN A
    Response
  • flag-us
    DNS
    counters.gigya.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    counters.gigya.com
    IN A
    Response
  • flag-us
    DNS
    fc01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    fc01.deviantart.net
    IN A
    Response
    fc01.deviantart.net
    IN A
    44.240.114.121
    fc01.deviantart.net
    IN A
    52.41.230.189
    fc01.deviantart.net
    IN A
    52.26.33.90
  • flag-us
    GET
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    IEXPLORE.EXE
    Remote address:
    44.240.114.121:80
    Request
    GET /fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: fc01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Date: Sun, 11 Aug 2024 00:18:22 GMT
    Content-Type: text/html
    Content-Length: 162
    Connection: keep-alive
    Server: nginx
    Location: http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
  • flag-us
    DNS
    orig01.deviantart.net
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    orig01.deviantart.net
    IN A
    Response
    orig01.deviantart.net
    IN A
    44.234.207.58
    orig01.deviantart.net
    IN A
    54.201.142.24
    orig01.deviantart.net
    IN A
    52.42.95.22
  • flag-us
    GET
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    IEXPLORE.EXE
    Remote address:
    44.234.207.58:80
    Request
    GET /2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg HTTP/1.1
    Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
    Accept-Language: en-US
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
    Accept-Encoding: gzip, deflate
    Host: orig01.deviantart.net
    Connection: Keep-Alive
    Response
    HTTP/1.1 404 Not Found
    Date: Sun, 11 Aug 2024 00:18:22 GMT
    Content-Type: text/html; charset=UTF-8
    Content-Length: 0
    Connection: keep-alive
    Server: da-redirector/0.5.2
  • 44.240.114.121:80
    fc01.deviantart.net
    IEXPLORE.EXE
    190 B
    132 B
    4
    3
  • 44.240.114.121:80
    http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg
    http
    IEXPLORE.EXE
    606 B
    634 B
    6
    5

    HTTP Request

    GET http://fc01.deviantart.net/fs47/f/2009/249/a/c/Red_and_Black_Vista_Wallpaper_by_Treber.jpg

    HTTP Response

    301
  • 44.234.207.58:80
    http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg
    http
    IEXPLORE.EXE
    608 B
    387 B
    6
    5

    HTTP Request

    GET http://orig01.deviantart.net/2350/f/2009/249/a/c/red_and_black_vista_wallpaper_by_treber.jpg

    HTTP Response

    404
  • 44.234.207.58:80
    orig01.deviantart.net
    IEXPLORE.EXE
    190 B
    132 B
    4
    3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
    7.7kB
    9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    747 B
    7.7kB
    9
    12
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
    7.7kB
    9
    12
  • 8.8.8.8:53
    analytics.hosting24.com
    dns
    IEXPLORE.EXE
    69 B
    124 B
    1
    1

    DNS Request

    analytics.hosting24.com

  • 8.8.8.8:53
    counters.gigya.com
    dns
    IEXPLORE.EXE
    64 B
    148 B
    1
    1

    DNS Request

    counters.gigya.com

  • 8.8.8.8:53
    fc01.deviantart.net
    dns
    IEXPLORE.EXE
    65 B
    113 B
    1
    1

    DNS Request

    fc01.deviantart.net

    DNS Response

    44.240.114.121
    52.41.230.189
    52.26.33.90

  • 8.8.8.8:53
    orig01.deviantart.net
    dns
    IEXPLORE.EXE
    67 B
    115 B
    1
    1

    DNS Request

    orig01.deviantart.net

    DNS Response

    44.234.207.58
    54.201.142.24
    52.42.95.22

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    2e689d0d49e9625f1b0d113964abfb8e

    SHA1

    96ce9fa33c8b78dcf5ccc1110a777ced1fa0c9d0

    SHA256

    4219e556679eef3776cedae8dadad7e132182d3dc721d0f7c26c8cee7de5c7b9

    SHA512

    7477aa5b34ed8ca90eac8f66f9caa357881e42897bfbd6840a40533ee4758b3df9cf5fc1ae44f07d1f86a4fa91747f15978755f7171eb6302b22e98a61704dce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    468040fea69ba63f71ffafb0d0c0b03b

    SHA1

    d1de3a20d92245d40de0e2fb7439366c24dc398a

    SHA256

    11c1f2db5b2d07ec3f692fdb88bbe7f6221e710d2836f20127f1d3e3ff289fea

    SHA512

    c3b2fbd947aa91c1d067cc0e1ca311b67ba5c898ae78e2c8fa7eb372ac853ee1aa27ae86e6b52d03f5e98418c023151875c2faeacf605c5d9cf9dd50b64b3041

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    8dbaca6274deb93de23faa2b36616c5a

    SHA1

    ae4ce0c39fc9241b380559cb61504dc6b902db3f

    SHA256

    f9b1ccd6537912473e2969eaf67c44be62da666c287678cf53e26ce4e7719271

    SHA512

    263177b604a499871cdc91ec345b3c46245e13d229798cb47d6f4b810983f96507223b3bd19a077aea1a46b3b08b05d16102f8ca29f0f77b30093b919c36b85b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    cfca55e256dbe8923e8d76ea5d11253a

    SHA1

    478214383ee5c83a20f3284e5988f75ccdc24fa3

    SHA256

    04b7fccfa61eff0b893f27ec640eb2fa40e7a6999d2c537c30ab9c9ef72b6707

    SHA512

    73a6ce76a42b2300bf29939dc4a8a905f930fdcc26258182106f9b50ced0c61943522affede7f1a853352aea13de14aef3d525c7b893e749805b8bd831f552b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    f4efe629c1d4dc1b6e82ddf01001f5bc

    SHA1

    e749e3ed4f7fcc9e72f7857fc9e78dbe53213247

    SHA256

    ba1ed366f5db0a5dbd045fddff93461cbebe9312bfa094763b6b1c821620dffd

    SHA512

    67609a4880bed5dc41817702b64ae7cb74242d6c7be7d72847fe6dacae14beb49aac2c2362f18c0b696ad92e86749f3cfb2e0d94428f149824cac073e144b819

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    319c36b2c2028f01aab1be727fe5fc76

    SHA1

    4417368e19393adc9f4944d9fa9d06e1085902ee

    SHA256

    e04675f1415c6b53b68f32409bd365f080192200e9e4df9ab27d1d2b499a6d72

    SHA512

    4f4084b5586f42277048c93cca794609bf2dd038fb4c41e4f7df3e04b3bae56005ed9ffcd649fb2306f01460175e2cc9b7323d6d74a98f9e2ae3cc0dc4d8b7fa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    401726b234ef1807231d1b2c99c4b71a

    SHA1

    78b11ca15ef92b678e1c8e4edfa829ce6396fc4d

    SHA256

    3cc855708c9f9a7f5013b9cb607af258a9938430ff5e4c75ed7c90fb312c561b

    SHA512

    ec7767537348772939ee68d0c4d8a8f099e9bc0c4f3a7e8d79b8c1a1606f49ea5eb50297df3e78940647153993692411e3c586d6e01227561c3297dbd5cd8d12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    5fc7ef91d22c62dd694dae96d1ca5f1f

    SHA1

    1ce4e0525a542200b01fa4a92e8444b9005cd1b6

    SHA256

    d9aa9c426821b4865812ea4430bd98cfc86c77d7f113d07d24a4c54480c6fb63

    SHA512

    95a7bbcf32616894bc94d35d715950f0a7fcee57e8ec0c277b3892d97437f2bb36737db23dbab0c5454765a8386b3da3092f64cf231afcf51925d03a0ef4dfdd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    ba010384cefc617ffeb28d83c45fb732

    SHA1

    db1c867e29bbd90bbd590afd832f6aa9475f8743

    SHA256

    3c43924dc3d7b0a57de27fea2ddfc39e777ae501baff227ac24bc7204ff21e6b

    SHA512

    2de78f4610ea7645a3914be2b81c095a850996e87b5b5967b4d05018b82007e689e79662c80ccb67faebf3faedb53d021c1dea91e2a2611a79baeba9ec57d617

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    96dceafeb55977b92e1229d79f843183

    SHA1

    6583c6dc4809a2703adb3dfa4764138421e3b767

    SHA256

    384bd42e6169d85e949d4c556f6e1da3d15d106552fa90723e08ca517fa82db8

    SHA512

    9f9161ca7ff90baee82fcc37270147488e11adc965a33811aa738d07115b90c0b139a2098ca78e42e185592164d9ccb76950575b75ff8153cf590edc4622554d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    4dbc4ecc065eb3791766d0f0a21ad7ff

    SHA1

    2023ba78656cc182383a687d86c35fe8f6b3f3b1

    SHA256

    99f8e273865e9274b43a3f34b37347f9a68969360f67ff6199ad92e7072029af

    SHA512

    58da9e9e9198c5b900649eb7fd896e52394c1b792b0a4deb809c74080ab47f9fd40af57fd57a21ea6016d7a6eaef380e06ad3f166dfab5fce091160fe63d3448

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    8fb886d7b982b865effa8947cbfd2f88

    SHA1

    3660915ec1cc71fbdafa0ce0141c23305d31b55e

    SHA256

    089a7d22a33d8e72f7549aa6c35478605217a1bcf8eed9bd6ccc8b4ae75edbaa

    SHA512

    751d26bb60b015524823416991eafda5297b066ab19f7403cc29d91c35da1580828224138ad7561db8e927e6a9e779a486a9fd19d452202d72eb83f4a7c0c422

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    d27a89c67e9e04ff082e3f7924de6dcc

    SHA1

    8fa989c794565b36fe197c6fba96f997a55c2b1e

    SHA256

    9e380d626e108391cbecce5012cd32a43461f4928cf5b6fe349828cfe53e6d2c

    SHA512

    306bede276b8a5b7aca372fc7f51fb963a71cd41a86c5a2b0d23e94a207a17a8f335f0840a6db33fd2796d1162aa267cc4d8bc6efcc36f33b8252d302309769b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    1a5021b97623cbc9360ddd9cfdcd59ef

    SHA1

    4b534c1778a2c914fc049901efbd46e275bdd6b8

    SHA256

    69f89794f267c81f8c1fe480f1b43370bf6e4054c2ad08b2913fc42150994658

    SHA512

    87053787ef6ba5b232bfe2bffa19de60f5d4d61918b39210729a89deb875766202a37fa39ee6470edb42a506a0dd5ffd8c2e46977d4f2a1d121aec8c0a8edc36

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    9b7370dec3abcf92887c8a4775766911

    SHA1

    54487df159dd47edcc24385dab3d802d8e4db109

    SHA256

    a07555c33c9f250f7d947ea89772de3e1d20c943fc8e45b51d01f077e2591673

    SHA512

    936dba67f76399ec18aced97754aadc4a537feb12b352a3932474dc57a3ccae313f902b1947688152fca39db4c54c800e3b6be3d49a9b0b7ba012e099a4713d0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    0f834424af1dae9ea331b04c1e00ec9b

    SHA1

    992e90b752e81c1252f9d2d964b5dcb983140630

    SHA256

    c7b3304fd3ba08cee1c24a3babfc17d6d0a70cdd39acab1fe9ac9afafef613c9

    SHA512

    dfe564f0ad9394c8090e4a81a91ee87fade2d9b40666a64d57dfb711284ae80e62398e9568e01cb7c9c672c58ded2d3987a19a105ee30f7178de07fac2084f77

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    ddf81c0bf088193b3807739c279e5aca

    SHA1

    7f5a33c0516b2e0a2d1ec70f0ea9258ec247686a

    SHA256

    9e4be383a076bbd8f6c04851d797389b40b2361f0175f1a6be7575ee5283aa84

    SHA512

    218f4da2c9778fb2b998490accc1955b3569619125545e0584a0d6f88825cf0bc39272eb83175795f03a627b28cf90c2312ff6034d99010f9d7f036185f8a918

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    a67fc19e14b42c3e1626714c5a31e8ac

    SHA1

    58dd29b41ea3653d12ce24ed61fc31779817b7c6

    SHA256

    32a00f1ee0d34bf8642f93ce574c84e8864c45e76abf4b9f97ae849a42d501ee

    SHA512

    060da6c598c2252ac19adb21b2c1b9d921a628c577912bd196c1bacab17a5ea72cf4c59e786be68bf8837654e34ea12ec0a44d78031a7166e5e0c64ca92b3014

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    304B

    MD5

    8e8e0f880e63498a1a874560619ad092

    SHA1

    61851a32bc280279ee73e9dafff47085e39dfbe7

    SHA256

    a628f6adf16822ddd0810e35702156af8773026d03d23296e0bb501c109af433

    SHA512

    841fede5dc1b80191c3854cd00a1f03cced69f2f3b66871b7a2adf659ca945e462c198ab6287f93a1fd978c5a0a5b8c4565071a339525b9c83bf6c61fad4356b

  • C:\Users\Admin\AppData\Local\Temp\CabFFF4.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\TarB2.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.