Malware Analysis Report

2025-08-10 21:27

Sample ID 240525-ay1gdagg42
Target 704ecb8638f1b257c4d4d71a9eb90c3d_JaffaCakes118
SHA256 d27c7b830bfacbb26cff7620e549aafe999ebfd4c68a40daa206115bfc4ee0f1
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

d27c7b830bfacbb26cff7620e549aafe999ebfd4c68a40daa206115bfc4ee0f1

Threat Level: No (potentially) malicious behavior was detected

The file 704ecb8638f1b257c4d4d71a9eb90c3d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-25 00:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-25 00:37

Reported

2024-05-25 00:40

Platform

win7-20231129-en

Max time kernel

119s

Max time network

130s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704ecb8638f1b257c4d4d71a9eb90c3d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd8394cff025df40b43ff0314732ee44000000000200000000001066000000010000200000001dfe98c56d9b511032b539e90a4ef2736cd2337ab76a528d976a419f5ca7ff85000000000e8000000002000020000000079e7a5d05bbb80765e0189b0c25a4e726d264f4ba0806f8daad345ccaf50c27900000009a5b9394db11ec98b54c0fae3cbebbdad67a78911f250508d94b6f39d5146ed1d88ec551d1e5e48c66920ded9e0635ddfb4258604c084c1072ad893a0390f35359462ebb31005e5d5fa58e3cb15e01ba41a9a6a4df89c31798fc758c99cfd160741037aeb9066e58aa2da212b8bbdc4880e1c17ce6363815ff0a4c374e904e40d8e320322d7d6ce372961badc697a583400000004b3a637ff669dcea8fa488f50db081a5b76670fd2c89a02aa06e453953e9b2adde47ffc07ab1cc57f463f87b3ced97c1bd143a597ae467f61afe8ab77197962d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd8394cff025df40b43ff0314732ee4400000000020000000000106600000001000020000000e8ef5e5ee8f2bfae5c8a34773b27312190b3bb92ab903f7031ce9f21aa070991000000000e8000000002000020000000bfab83a4dab92e7815c2ab9fc94075a26d59d66f2b1a0f90cfbc1cbd37171d9b200000000cac8705aa08aaa55c9912412db5a7e8ca49949d033e5e843921b3f20b81664d400000003784b3ce0ed4e3b103011c6d4bc74f78a3ffefbb7e5baddf0df150e1ce805484fff621fc311f03db22eaa6c46aefab2c8b6b9ce06979a028be7e89cdc36ab135 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422759350" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B108D91-1A2F-11EF-B69B-6AA5205CD920} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0a9c0df3baeda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\704ecb8638f1b257c4d4d71a9eb90c3d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.194:80 www.bing.com tcp
NL 23.62.61.194:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar28DB.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6eb3d9ad6d6f5e13a8f2fa765f1fc5fb
SHA1 6d63cb52969bc42a66845daa1b1a642d9ec9e45d
SHA256 5e07aff896f7e3086a1381d8ee9d45d87ad172d9a294f2f467df08945f9bac94
SHA512 cf9aaa41e0c5fdb2e0c140be32daf46a5ffdd5a61d48704845e6ccc8542a21c0709d916703a9b9cbedc44d966f5898eacf9248e85a1af2aa0b4d5cdf37bb0c93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 683876828017da8985e9dab915bd772b
SHA1 ab1086ee85430945972f3fcc999d32a39f0bb791
SHA256 c860ff06a4410f8320305c55a3c462fb264627ad66b00198da592b664b754e53
SHA512 93c8546291497dd1a08ab3ddc3bf07ab9e186c91366d8bba38e23da2473bced7d08ee41dd0aa8d4306bce1a0d2184d2b642411eab26076797ebac4062f94cd91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2abb1bf4ccbf99f9c90ba1d88d478f87
SHA1 45587025b3d89df33c15e69d9a378f40508c7179
SHA256 22c9d43a9f224e2e8e1c628d5f1815963dd13e1c45d5c3b878ccf2367ea847b3
SHA512 108b56633af3ce6543bbf90842733fab907af09eabb8ba51892ccde3d6831d50d362da3fbb76a0559511401fae6be1a92d973a0eb7054774382504c88f322e74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed5bc46e327a64d1e9012f9855ee7e6c
SHA1 b142f6eb2cf50e85cfd0de3b2084c684ae863bc7
SHA256 46fabf08939f7d5497bac9c52331ebe01bb410e2bf0270d97b5d6738ee36d7d2
SHA512 8c22e68a121d1000e08ee0645798ef672d8489a30cf7a692978cd799e632b3f765b8c1f1e415a70156d0e1710e750497ed33e0cab004b257d3bc806753d50706

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25b771982f80e70d3cbbb81830bd1156
SHA1 c046950014c1a958b0837809b052bab9a7d698ef
SHA256 6fa7fc47c64158192c26534fb0bfc418feeda34b766c08b0454b41c918359fb3
SHA512 b19ba21fffdad1354e13700b045e1fcf05995885dd00d4338ed916a661bc0a4a212c2bbff8fc131e9f17e8eb81f2699e3d1ced199ded53c49929cbe8fd0babad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91af9e6a91ca2d79bd38a8af4c229c02
SHA1 3038b7ee1288b477962c536948d40661c3e16203
SHA256 fc0f99f4caf12bb3ee668067433b2426e8e4845cdda628951726f6a41bcc2193
SHA512 9271764ca970f1ed2545de931dc837875594f6abb35e5afb239062f5ad8fcc4976f6180d803a91a2447ac140d004a3b59d1a20d1ea794f883b7a9a3d7f41fea4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ebcbd02cccb19932c50ce19027022f1
SHA1 d92477c52987e0f4a528870cc35fb28f85575332
SHA256 a7f5e424b129feecae5a85db35d00c91f78513e2dfc396cc6a3c6c3e8d10200e
SHA512 a6bcdd474926b10000e33e08dda9f3b97984beffcdeebd03fd3d3e74fa0a8fb312d6aa6ea7244cf327ccfdc33b1144ed2db9ab3349b9268c2688a61dfdf6c08b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 0c30f14fe6d1d3e2b37c112a96f11ecd
SHA1 6686880ccb50b65e6cdb06b143181fd07f63bce6
SHA256 25283dcdf741d6dd75ac870c49da8136572c18cc7506d50120aa1e6bc4833daf
SHA512 9412f82f7f6ba72f99eccd22e7da0dbbca026b95fcce252ab0a70f4b3f13f08dd89efddfb9bdf4f0ca731b80b352812bfc71d619b85705391db6c53131e63e00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c063e2939d36240615a32ffd6333eba9
SHA1 a5992cf937d51ba8b640f95b5b45efa01a032058
SHA256 793dbc7e234a37d870f22ea088b7dc0f1a8dbd42dbb4bf039bcd7c2569e1db61
SHA512 8beb8d01a22493f44a9ada1ebf154107068ea92a4dc046ea9cfa59c7ae2e48b0336eb568d2fa315f099961111e37caf7793b094b7d0833d4154b892d1299a224

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8f870d61047d736b13f3568a84e5928
SHA1 59b355c0fe997a8f002222efc1c329463cef7ce0
SHA256 051ec37df6a9f60b631ea13e2b01b24a1703b805f3011bb58624c4df8932b2ca
SHA512 48d084941b73009372871d072260cfec4eeeccf29fcab0b7342e6ca4a8d8564253778d528d020704192f583d66820768f896af32e4ebbc325e49abd2595901d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9580f6d4ae614008ff37d69b5e98fbc3
SHA1 5919fad76c5726658c83f89e950104bd96d9a49f
SHA256 fc9c8643322e6d04d22c5c0f1a6128823ab8dcb4cd677cfc145beb97cf8df8c2
SHA512 12abfc33c868544931b80d64ec7c23422f9fd310a54d34a26386e6cae190d8f1ebf1ad43738accf514e1c04424c43826fc9298fc8ed21f670930c61a4b5a4c3b

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10f180ca05329e38f6422ef70bfe35a7
SHA1 24de149f512ab8f64dc1ececc2d82e78d8d6a70b
SHA256 8482aa213e94b7f1e81132613bb989ad0c90601e0e71a2ca19e88cd42c3b5025
SHA512 3cbd3f4afbb37543984547bce76d2588938440b362627d05f52eedaa38ba30cc95a80b0b6df268598a1d2fabda22ccdf2607614f52cfccc02c6b18c2365abfb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43c0bcb7393dad99d30fb5a77c5026f7
SHA1 e13bfa0dda6ef3f3602d5369aed5e95962981e4a
SHA256 e783d5c94876708e4001f8664dae7bec8318d49b83d1a863cf84f818e4543142
SHA512 ec895839238a4ac20e08adf849102478068f7fdffc3f3786dec9f4e97e68a1e3d43cea9693b08edf210b65794da076f3769257d132c937e2a3582e2aa15630cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a8da2836457718671f9a92e327aebd9
SHA1 6fc817c4a28ea19f3799e8273a9d812847603d47
SHA256 7146d4d2590ff7ea6bd1d9621aafc2c633293889bf8b8ece40b02b45c65666b5
SHA512 9333bc3d38539d1969749a244030e3591b0f15df2febe58c080b6ef18dae53e190a180b71933a56f5b0f3fbeca9405df9cb499287aebdce2dd01b587f3de34d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c7bc2fa2e96f2021e767d43d96bc7ed
SHA1 5d9153b741cf3f0863a4b0534c663f3caa20f49d
SHA256 3870d7b3a0c3612180cfe5b0f01c8b0d8f920fd390b00909fa2948e11eb2411e
SHA512 bc6234f200729f72553c49571fcf95bcb278d4df0c39a6a30044bec2452b35ae1d9b635e13d69073a1eeea88fef800d64d03a49f583fee861627d43601be24cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 961297af39670e6b0118fec460951e9f
SHA1 18b886538d5e67ad4899c8414b26b0d6707060ef
SHA256 1c6a0a11557042194dd77329b878e264fcd77a5808d2b661d59e952e3d95ef63
SHA512 d385a512d9f03c7b41b5ef22d5c0335ff68af6a4c7e8ff3bca49dc62d5f21c8b471450855bee4f00f94b81356e2f1a970c615b5cce765d99c227dcf49f90d184

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17bdc92b45168cb14276b390cf731e0d
SHA1 beec1d03ad9fa1dbc5826ca046055507115a211f
SHA256 d1270068b8f64a40f207cb9a731f103a0ae7a95fb602e1d26f7995fb0a40d05b
SHA512 e45256ee775db34c3724955e16e4fceea39560e63aa0f0b790455f648d487d1ad185daae1bf082f9a8737c78534905ca5ebe98e648a3acd75686fc5a1fae469e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5813d21cac98ef0fc09b121a561d6790
SHA1 fdccc381ba5574d410d92ec127d88a25eeff56b1
SHA256 d9c14c0278e7f21fba8eb04c6f16af8ce90a315ed4eea4bc4ad69b24d2f38d9e
SHA512 08abc582f5b813b048ab73551256ed6418c5588b69bf72e697abbcbcabb428725bc9bb6935baf52d49469ae85f5f0f570d9002ce436b095ade807244cdd051e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0e351bd977052e91bd7219b03c555e6
SHA1 bfc274088481f2d65a1b91d3d0863071fe70e800
SHA256 233d69b7687264344231ae67b26ed23efd477349109988be290a8ec3750fbf0f
SHA512 b7d8457ac492f6e664705a23c4ade753dcfd2ca1219c3f6d3e118dbe7f7aa68760ada9342444219b79cf8d01d6992b569a3dc96218411b7d50a6440f8770462f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a8387e59e6c0e09885400d17497f1ca
SHA1 85b37b77d8c36059ffcf92500e37c349c61c07c3
SHA256 eecf50d816551b3796341a82697eb66c7a514240af5977e9d8d45ba204b442bd
SHA512 754615a185ac997f250125420ddca7db2d74318bc6afa088fef6a377cbd13c752cf65ccf045204bac70b858cd59cc84edc331c46e1bd8aeece1d860ba64777ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e0e72da1f91d56de103399dd3dfd840
SHA1 d261ff95a96eb07a359839dcd1aa34d115b4e69d
SHA256 488ca23214901ab12fd43d6f6f80a27ceca69a65f243f61518266209adbc1230
SHA512 1c3ec7ca953b8427ff57490e8543deb0f7832713d959edd787080c2612e876abed3710b0c216233e882e64aec4d433a9f68ed5d2ec31773d01a4d677fa29a6ee

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-25 00:37

Reported

2024-05-25 00:40

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\704ecb8638f1b257c4d4d71a9eb90c3d_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\704ecb8638f1b257c4d4d71a9eb90c3d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4008 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4936 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4292 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5560 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5980 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.198:445 counter.yadro.ru tcp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
RU 88.212.202.52:445 counter.yadro.ru tcp
RU 88.212.201.204:445 counter.yadro.ru tcp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 13.107.253.64:443 tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp

Files

N/A