28e611f637ba72f25270bf9a40f43d39d821b41915b08b548038bdf291766f30

Analysis

max time kernel
148s
max time network
137s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 09:50 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d41464acb094997cbf74763dbf8dc107_JaffaCakes118.html
Size

19KB
MD5

d41464acb094997cbf74763dbf8dc107
SHA1

e98579a42d44b5a213ddba0ed7d9aca176de208e
SHA256

28e611f637ba72f25270bf9a40f43d39d821b41915b08b548038bdf291766f30
SHA512

3f6d909ccdfa9e7c4395eba30bf00d9c09299fef2946dbd1af63bae6b2a879356448789787b388ecae5907cef3a0b10e7bb7517ccb83eaabac35d3951f1fc272
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIr4lzUnjBhXJ82qDB8:SIMd0I5nO9HtsvXixDB8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BB7D5781-6DC7-11EF-A641-5E10E05FA61A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431950875"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
528	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
528	iexplore.exe
528	iexplore.exe
1672	IEXPLORE.EXE
1672	IEXPLORE.EXE
1672	IEXPLORE.EXE
1672	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 528 wrote to memory of 1672	528	iexplore.exe	31
PID 528 wrote to memory of 1672	528	iexplore.exe	31
PID 528 wrote to memory of 1672	528	iexplore.exe	31
PID 528 wrote to memory of 1672	528	iexplore.exe	31

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\d41464acb094997cbf74763dbf8dc107_JaffaCakes118.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:528
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:528 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1672

Network

DNS

img1.jiehun.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

img1.jiehun.cn

IN A

Response

img1.jiehun.cn

IN CNAME

img1.jiehun.cn.a.bdydns.com

img1.jiehun.cn.a.bdydns.com

IN CNAME

opencdnspy.jomodns.com

opencdnspy.jomodns.com

IN A

220.169.152.35

opencdnspy.jomodns.com

IN A

182.106.158.35

opencdnspy.jomodns.com

IN A

60.188.66.35

opencdnspy.jomodns.com

IN A

218.94.232.35

opencdnspy.jomodns.com

IN A

180.97.198.35

opencdnspy.jomodns.com

IN A

58.57.102.35

opencdnspy.jomodns.com

IN A

183.131.185.35

opencdnspy.jomodns.com

IN A

219.151.25.35

opencdnspy.jomodns.com

IN A

110.185.108.35

opencdnspy.jomodns.com

IN A

218.94.231.35
DNS

t.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

t.cn

IN A

Response

t.cn

IN A

39.105.18.168
DNS

www.googleadsl.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.googleadsl.com

IN A

Response
DNS

hm.baidu.com

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

hm.baidu.com

IN A

Response

hm.baidu.com

IN CNAME

hm.e.shifen.com

hm.e.shifen.com

IN A

14.215.182.140

hm.e.shifen.com

IN A

14.215.183.79

hm.e.shifen.com

IN A

111.45.11.83

hm.e.shifen.com

IN A

111.45.3.198

hm.e.shifen.com

IN A

183.240.98.228
DNS

www.jiehun.cn

IEXPLORE.EXE

Remote address:

8.8.8.8:53

Request

www.jiehun.cn

IN A

Response

www.jiehun.cn

IN A

61.160.251.208

39.105.18.168:80

t.cn

IEXPLORE.EXE

152 B
3
39.105.18.168:80

t.cn

IEXPLORE.EXE

152 B
3
220.169.152.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
220.169.152.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
220.169.152.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
39.105.18.168:80

t.cn

IEXPLORE.EXE

152 B
3
182.106.158.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
182.106.158.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
182.106.158.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
182.106.158.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
61.160.251.208:80

www.jiehun.cn

IEXPLORE.EXE

152 B
3
61.160.251.208:80

www.jiehun.cn

IEXPLORE.EXE

152 B
3
182.106.158.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
14.215.182.140:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
14.215.182.140:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
60.188.66.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
60.188.66.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
60.188.66.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
61.160.251.208:80

www.jiehun.cn

IEXPLORE.EXE

152 B
3
60.188.66.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
60.188.66.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
14.215.183.79:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
218.94.232.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
14.215.183.79:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
218.94.232.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
218.94.232.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.9kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

753 B
7.9kB
9
13
204.79.197.200:443

ieonline.microsoft.com

tls

iexplore.exe

779 B
7.8kB
9
12
218.94.232.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
218.94.232.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
111.45.11.83:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
180.97.198.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
180.97.198.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
111.45.11.83:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
180.97.198.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
180.97.198.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
180.97.198.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
111.45.3.198:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
111.45.3.198:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
58.57.102.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
58.57.102.35:80

img1.jiehun.cn

IEXPLORE.EXE

152 B
3
183.240.98.228:80

hm.baidu.com

IEXPLORE.EXE

152 B
3
183.240.98.228:80

hm.baidu.com

IEXPLORE.EXE

152 B
3

8.8.8.8:53

img1.jiehun.cn

dns

IEXPLORE.EXE

60 B
294 B
1
1

DNS Request

img1.jiehun.cn

DNS Response

220.169.152.35

182.106.158.35

60.188.66.35

218.94.232.35

180.97.198.35

58.57.102.35

183.131.185.35

219.151.25.35

110.185.108.35

218.94.231.35
8.8.8.8:53

t.cn

dns

IEXPLORE.EXE

50 B
66 B
1
1

DNS Request

t.cn

DNS Response

39.105.18.168
8.8.8.8:53

www.googleadsl.com

dns

IEXPLORE.EXE

64 B
137 B
1
1

DNS Request

www.googleadsl.com
8.8.8.8:53

hm.baidu.com

dns

IEXPLORE.EXE

58 B
164 B
1
1

DNS Request

hm.baidu.com

DNS Response

14.215.182.140

14.215.183.79

111.45.11.83

111.45.3.198

183.240.98.228
8.8.8.8:53

www.jiehun.cn

dns

IEXPLORE.EXE

59 B
75 B
1
1

DNS Request

www.jiehun.cn

DNS Response

61.160.251.208

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fe1ee90fce672535a1f910120d3bc80f

SHA1
12dcbd010f03b99fa14306ca4412a7ba3eff1db3

SHA256
f02f3d984ab090f07d869963923d13cc678a364df150bd9620297e36a4b4531f

SHA512
1a57512016fd92663c1e009a401d0f6780d292d361629c816c7d800fa149145d0eea52ae9213c9a0d60b2279a608955e8c2808e83325f47c5ef4e2ebf6b2274e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06bb680042490621a607bb72f2aa873a

SHA1
289d0ca6ebd2236ea0b92bd8e1460e64c40c11fd

SHA256
365ea8aec1c4c4a4d66bf2701eb5b3a3310c56d1a638e28211d3bb853750de0a

SHA512
95318aa00741997773bb1844826b292873486cb2ba2edde2e163b8021a7f5164ad7702f3fb13e25e7ec1856898ce1222e95ee257c0ebfcc69fd9eac3f1dd8462

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c2ab65c5421c1e93e7e667ea933fc392

SHA1
191bd44f896fd595d381bd4f5db415a5e35fdff0

SHA256
dad7d7742e38bb5f8afe20b58b497d6d33043d718455dac28e506e8e24e2d5f5

SHA512
c66a934157a0467a32a309d3da422ee4b5ec8ba7eddf0bd1e0ea1ed492c830508e7f1c0f828e1d4d372ede754513a9071fbd8f441c7ec350f39f422691354733

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f225b159fb598187d9ae08119c7a9b5b

SHA1
a5baa868b6220b89a40c851465f2f4784c8ec416

SHA256
a663e827dbc9108a79b2529469ed7543f3ec406cd6ee816a656ac97380729905

SHA512
19e5fc03eb3b62d38542af6eabb9430010c645033392ce9af11af8f01ee39e44a20ed051152eb20655e8cc5237f764f7c4438461eab31ae9ff6ff83944ac4934

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed35ff3ca8aab11f2455edef5b3347f8

SHA1
3484eec70137cab14472ba4ee768a8a7c7e9c501

SHA256
80354ec3d87d32624709a0a95088064340c41e1bbd4fb868e086cea0d384ffc8

SHA512
7c895d662c1d16b70ed8027c03b7a07b3017c34d739303a443d44bafe5706e852cafc07024be84c521ded8a2bdebb0f2996e2eff9a9d322e6ebebf932e2a2d81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b8bfa43c4f2d8ea42d6363aaa6e08b0

SHA1
bfd205c276a05d4590d5d0f152919c7c449e8450

SHA256
59a83c97fd8400269dc502f980483318050ab8077ce089d2be6c1a9e5beb4ac2

SHA512
21598094d5f4422b88f5c3e872c46fb9722dde151d256117f55b83a3e89d3c8c442834afe024d3b530d67494e7f27bb2d402efe20f1038dfcb0aab33c1f4d394

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bed67f58968ce195fe86329bdc615781

SHA1
90a41e2a4805539851c536e3dc0fefa6c2a51ed7

SHA256
4fcba99391474bd946eedef1d1da7e6ace721267143c54df6b7bd61c8f7d70f2

SHA512
ddb0beaac485ad85d212347704b4c0fc5ed79f23f775dc12de0769796bed5fb3b2513c705850385843f815ad47d6d49074e8b460d4133d2b6c725ac1a69bd854

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
299cce527e76521115983b3b4487fc2b

SHA1
24f7ba63b41b1efa30ad7c334c5e5968bd7cbd34

SHA256
e79d1541fbfc23e0885a6f822359392de98e3a10bde5992a848eef0474b8be15

SHA512
fdd401cce39e4d8a4bf29085cd1ef284776d3aee09f397a6e1b3c9af35f66610a4f00738d285e7b883cc7f035aed959b17917feec5307baba0c5d520efa53e4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c907fb04fae6f49b169b57539741719d

SHA1
7491e26b9461b9d9c2665555c62e09c280b212a6

SHA256
b60f2fb23a77653276e5b4fdfe76ad1338fbaeef07986b43f5d3d4e81b0aed6e

SHA512
61ae199d9d8f93af074d7c6a2efcbc6e977439288afdcc9266d1fe355bcd49b9a7cfc542e6cd76585a351d32c523f51290bff3baedc1af60d4a8c62c25ac0e84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab7D9B.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7E0B.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.