Malware Analysis Report

2025-08-10 21:52

Sample ID 240526-dsdl7sch6w
Target 742aed91c06d0cee9ff191b1dd4be5bf_JaffaCakes118
SHA256 f57535e3419cf45bd3aa8642d23b2524bca2936839388f71e52290635116d007
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

f57535e3419cf45bd3aa8642d23b2524bca2936839388f71e52290635116d007

Threat Level: No (potentially) malicious behavior was detected

The file 742aed91c06d0cee9ff191b1dd4be5bf_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-26 03:15

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 03:15

Reported

2024-05-26 03:18

Platform

win7-20240221-en

Max time kernel

117s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\742aed91c06d0cee9ff191b1dd4be5bf_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b7ec6518aed3b84a9c29e5ceff03c954000000000200000000001066000000010000200000008b96b7a0cec15d88ba24f788489d7641518f1d046acb80a7887b4e9671362a38000000000e8000000002000020000000c765a85f3e08018cfbd542ccc8be363dddb534a78862b7939dd07a7ab991917220000000ebad0cd7630775bc3cf4c60725735e763fffe64cf51114f51bb4b2b3d3c1457040000000150406e50f496a756331cd99fced5059abedbf3dd07593b8a50f51265a4f4ffa9ab325f081bd33ff590fd2156d623cf16dc728e89ae5825ea30a2abbb628f10c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b7ec6518aed3b84a9c29e5ceff03c9540000000002000000000010660000000100002000000051d59084ada45e4bf936f11f109ee7959d1cb5d30ccc3d9bd8028c845aa4609e000000000e80000000020000200000006c3e108b0de05ff9fa47ab56178437c8fcf54e7aaa64f31e554ca550bec1cbfd900000009ab891860b2ed03e22c0437a2f388987424f98b180dbcf37235bf2cd8cb58fcb5b614c029c4a946413629c3eba89a67ce19c13c6180c58e50ac21b23e282d355ff148bd68a17ef39192927885128ee520af816c3d69c451d21d4865f8c52495d5176d318e2f90e2676ca2443a476cbfe939478c0c64febfc56243458acc7c4ee7d37f1c2268a4bc78fa0426aff135fe240000000f665f57d4e3a0f7ac19fce7b5b102d2208505d3780cf3cb4dcabf1ed63ee62cb714678212d6783ba0390c1f0430eedc48e187137e66e933e81a5b4cab14cfafe C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 606eeb1c1bafda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{473D0C51-1B0E-11EF-9F3E-D2EFD46A7D0E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422855230" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\742aed91c06d0cee9ff191b1dd4be5bf_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 herriakmargozten.com udp
US 8.8.8.8:53 www.herriakmargozten.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 163.70.151.21:443 connect.facebook.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab911B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Cab91F7.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04027e734194bf3cb1542a607e1f2888
SHA1 ca77bc97e5412045ddaaf3ea8907822980ac2afa
SHA256 60ef0cc1aab68ffd68902e20d45833d0e58ea674386bc619913ad9007f124dd5
SHA512 da58792b4f506cdafeb72891cdcd75a5120997becc6678e8196c5bfae64d1bbefce2c63754ae75688ffedf1a35aa2fe291135d5f8f21e0e27537bfa51ffed264

C:\Users\Admin\AppData\Local\Temp\Tar923C.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\analytics[1].js

MD5 575b5480531da4d14e7453e2016fe0bc
SHA1 e5c5f3134fe29e60b591c87ea85951f0aea36ee1
SHA256 de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
SHA512 174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c811b05d0eb8945d4a42dd6c806cefe6
SHA1 f9d27ff0b6f11e033e8c87958938a1a84c73db2a
SHA256 c29c159ee2a280c2af1ad7659bdde6da8678068b9d6e4bdb6626b07fefde4a42
SHA512 0ef9f9848f5a437df9b5cc2995d33960ee6931d09c3e83846bbb04f3b3fa63e8df7c2bc335fc16510eed4d00258e175fb9db10c6f001ca1708c097d82d88c15c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 454e425900c0a89e58a88d74668d6e64
SHA1 321dea365f78540a4a8712af7e46bd3630b67fe8
SHA256 632842cbce3b7e58b28ad6ecc76914f67d487e931daad33f07a1e797354b13ce
SHA512 f0424107b43230ab9546eb3fa5300e396b358a7d542b10ccc10ea3509f8b9e69b5ed49b8ba82e55a109eff45c46b30a25f5513584fffbec233322ac454a7f3ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4fc25b1d8439dede6053f1a69e02ba77
SHA1 ce192d547014245471dfd8a341b63613239693b0
SHA256 7ee5b28e6883f502213be0fbd13c363cc78edf159a9718191969d273535203a4
SHA512 90c2adf5dc79d60c4d1a5858c5c950290b817915110a9058ba058bc5a6e4778f9a03d531f1d3b66257e4c73f3c55c03708073f1c1d6db389b70531843b7ad765

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5b594812773f79cd47138d98f84fa99
SHA1 115e188cf0225e415b8bc39e835cf627a1dbcd57
SHA256 db53e789621c6e38caf0170c62ca1615c324ea42fdd9235f00ae602285ed7a6a
SHA512 02826b91d87560e0f07e7dc6655b3d90be204e0f420a37e254f5dc71bf6e88fe9c8bf27f46f045f1ff0dcf72cf60ce6a56f7079339e7944ef8a7e9bb0d37c073

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7572390ed7520d5a7ca848d9ecd36d9
SHA1 0b160f8402c876a7481bca840208fe4a801b716d
SHA256 fc25bef6362c86362a1062d5fec9ec8411212bba5a6e988cc57c0a7e8a61342d
SHA512 860f61f3817e743bab018bacd8412c19b977ff617242465d414a3ce55803ca884957337229b2ec9a102f9582f5e88fb6eae3c5d5bf58f9061d24df939c458b9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ae03cfe27f8d966e3bf2fd33e0f111b
SHA1 705eada4ba1a47ccb0ef004ee3c386727cd9d02b
SHA256 979b1f48df07ac53cf6666ffcdc4bd86246caabb2939ca9a176b1dfee73d830c
SHA512 508e1e76a21494a3e91211b0f27a20e1e096590fab454234a5d7de7347883518b38f45b1eb5456232e3b558e492f3c664d82cc71b0efb2bafa1840f2d3fa1e2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7a598fe16f14dde306a1044b0d0b1cd
SHA1 4be5e4956434c8ce66646bac0a0a135fdb708507
SHA256 70fe77093e98225f366b574f0af0039a8ccb5824faa496a0e27c04d197d26db6
SHA512 04106e94dc929432bb0503542d3df1d6c8cb25e62e96e67aa9f4af172e70ccec97f9c72305d0ddb39f4f71592bd9ca36b550093a124ddf0743d3747d53e12f24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07158d49bc8decf35ed9187150264e41
SHA1 6c90d4092032105b55579a247eca3e5d688c19ad
SHA256 b2f7299afaabb8eddeece8829868eaddbb92c26b74d364a4c023c24d950959b7
SHA512 fb7965cc94bc55926e1ec38b1d76ad0043861b704554111f03b63c04add65e16024c04d314fe54d35fec523fb801ea49b833f11569e944a0dbadf1cafbc655f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b0dbb7424c9e69a8595fb839327ace1
SHA1 a73e60071128041699e4fd667a20e848a8da98f0
SHA256 dea587e59a170de5866295de0297984322005d50b76846b2486fa8641b3eff85
SHA512 d9415dc4de409e59ff56b20be87d8b41c3f7ffb717c6556e20ad616e31bc6c9106a5a6eeb273f6d2df6a898fe2135801884643e9769b0dc11638138f4b7d329e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e384279b83b9d4209fa28585fb4f44c
SHA1 8ee9e618bcd722abc9409942b86122bea1cc078a
SHA256 de78a35590927c582eba3c7a05f5fb23a3a12480eea535111ac9d0984dbe718c
SHA512 7490c2c019d5cd7ad5e7c57d93eea2d8155b751d76fc0b6c2a1dea1723987b2f72c078feb70027de2750321a947f234c56e15e987c7751d2fec566075136adcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc1d3ad2a140935594f2fb015ebd52fc
SHA1 8a907a7ba8ec97ba78f1e027916beec4d29fcbb8
SHA256 c734fd4529ddc344e225fcccd88d0b87ab4744a77dd0017f31177112545206ee
SHA512 1d4189e27e830b34343bde0d54039f63247a8d92d2b6cc3789d2abffdd3ab592d30d50f0be5f4aa6f602cd79560ece44041b015af37f9ffaa44d4c3f94cf3e0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74868b50d65036d35b843b2dbec89ad7
SHA1 4abc5838b7192ed7a18aab4b99c4ce42d01d2cad
SHA256 9452500e7fafd9b965f423760abb27afd1e416cdf85974326ae605b54cab5cc6
SHA512 25a877670d224ab67ad2feb8f29c27f2ac4e9331b53b9a1ffa1a868aa367dd6bb16e7386559bb69b76f0458e5a0728db52c6d7913778b277048c0384ed4b8791

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b537add4f4bc5457d0b65370b9231e66
SHA1 510d07449c8a5071b3f484a1b3dc7db6372a8276
SHA256 7dcd58adf669f9c137357b7c991b9189091364bf992beb6978854e4760cf7f1a
SHA512 3fecc1c116e44eabd8007bbaf55e31884686752127f1fb0230678f98e630423ae168ac5c55901e79c1bdd46cd2f020ba3ed17158b68e8623fc9f58839d5818ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 79d3d3ef13549d40e7982d6fdf7352d2
SHA1 90bc1edbc4ab4135ad6377fbeb11cd2331eed5ea
SHA256 4e53d610b213576e61bfbe795214c83fabf8611f63bb5a97a6bdc705d61e735b
SHA512 2d6fb87e7102f2b4dffee96a4a0302c0a6ed4b9f52fcfeb1a97c9e36a274a8ef6ce21a0ff5d1dedbbc776a0a5a63cf0064dcf6772732a801ca90e76d03acbd9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f56e9b16f4f9ae650fbe77b1c2b70968
SHA1 cee8e36784498d560c0ebf5e8262451e6ad337d6
SHA256 80a3d5d05528106cba636723ce0546316f2616296a6af57d549a01ba5ae2dcbb
SHA512 6250c9c875337a6097dd7e137608cc1c53a308338314ab3c4aac07c582a00424aaa477070f04fe9a89a0c683a9c48d7674244e9be690ca5c2973ec99e8725d5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef1df50f7ebe0915a2c71b2ec6353028
SHA1 5a32f26cdcc4f46a1cd499b02df619a63bc08f80
SHA256 e9d8f126080ab1afc7b73993876f357146dd13ebe342975e1a024d5d46845a9e
SHA512 a0ce7c42d8184e2853e1a5ade26bf0c639e91a18cda3a595574840f59ef9b25a8aeb656cce8295df63dd23bf982b79b45317181a5bfbe015a81db7fe2059555d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84a63a43f3828bf80dd574c8b0456033
SHA1 c3cc96ecb245fc16c86f1d8801d1187aee861f80
SHA256 14d94b046420f28753941da9eeed51b2d6a85e3f9d40d4fb16af589420d47bd7
SHA512 0dc2e089ec79e9feba709f0ecea844d7b1acba489cab950bdf73514c627e977434b650aa1016359d13c303a3ca05f089534a6d0a99ef79f390762601dc5b706d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 209d5f17e36e96abcb960b8cacaa01c7
SHA1 c05211409b374338e4104d284fb6af8d6c8e3b5c
SHA256 04c70dcfa39bb8d8163c15e174f423718dfbcfded9d966fa4545e6e663c0d1e3
SHA512 1863dc070a942a420ab0b8bb20568f61366f26d3934094aafcef643a3f2e523f655b71e1748fd8464c02492b62d4b423434d0da1612c23940d09d908c7859fec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 900d4089fcaf0d2c9ef6535185c2aab1
SHA1 f0056aaa367e8f0b94ed5a90b9500afbb05196e7
SHA256 2f7d36f50ba651bcfbea5b96a857898ce0e89e19e62f80c02766b0c2b13cf74c
SHA512 42b3e1cf09b95227ccb5efe5f0e0264fb1de4fdc46384ddca38db2c42b42891245bdb64f6c259ad119ed862b0b7a12ac0060d0e1c25a8a2052292469ec44032d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5a11b998340ff4a8ef7bc3d02097eb5
SHA1 ee880be5db5e2c69e9c00feac6a2b487debc679f
SHA256 519d98be7c140dd503079c37b9631638dd63c498b201b2368b7b0b1cc5fef87b
SHA512 3ad08c412c6e36627cc7e072ac983eba2a26e6d88c9cda1efb3fa8a87a394949d19201ed0d851b72960c6e9623a3fb6e579c675ca107bc8c86d0d8b26ad4c4b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca7a574abc8e9373ea0526d6e4ccab57
SHA1 7df5e9f3fe2ccfd3bb57ed7e097700606699d530
SHA256 5041e2c5acf07f19ada275f3b6d3ac33d89279bae823ea879efdca629fc549b7
SHA512 7c156da4d349515e94366ab367eca9134e5046aa2258a2c5c13989a520fdc6d4c1baefeb336fd7cf424b3d2e1484445940d054c9c3e38447954c3c7e6be3b60e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 0b623193a85907b9d3f0c26b3056bc99
SHA1 430c10a2007171f6f9a7217387636e0ca74583e6
SHA256 41fadd2dfb9effa2672c05076b9b6b5f83ed5592dd22e4290eef5b0be41c3f95
SHA512 d8e91a409b310311f84eb16209903df59ba18ab408a905aa5739a8903e885bc527b8291e62a921debfd55ba019533dd88f0a8bf5dad2be6286fa49c298e75fb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56280bff1200e8373b1131759b09acab
SHA1 f70db2b33344f584062db05d04b81de784043475
SHA256 859f2c363520633cdae3aca3cffa782bdb176475fd1f9f4404d719dbce5579b9
SHA512 78df67602b366fea109b90a11933b0d895d05bce872c96c39e17cfc3fb9589129147208ac53f5120cc3d443b3cf3c4229dfaf385f6b600d3da649c8905a81971

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 03:15

Reported

2024-05-26 03:18

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\742aed91c06d0cee9ff191b1dd4be5bf_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\742aed91c06d0cee9ff191b1dd4be5bf_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1344 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=1396 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3516 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5816 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5236 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5512 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 herriakmargozten.com udp
US 8.8.8.8:53 herriakmargozten.com udp
US 8.8.8.8:53 www.herriakmargozten.com udp
US 8.8.8.8:53 www.herriakmargozten.com udp
GB 216.58.204.74:80 fonts.googleapis.com tcp
US 8.8.8.8:53 herriakmargozten.com udp
US 8.8.8.8:53 www.herriakmargozten.com udp
US 8.8.8.8:53 www.herriakmargozten.com udp
US 8.8.8.8:53 www.herriakmargozten.com udp
US 8.8.8.8:53 herriakmargozten.com udp
US 8.8.8.8:53 herriakmargozten.com udp
US 8.8.8.8:53 www.herriakmargozten.com udp
US 8.8.8.8:53 www.herriakmargozten.com udp
US 8.8.8.8:53 herriakmargozten.com udp
US 8.8.8.8:53 herriakmargozten.com udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 herriakmargozten.com udp
US 8.8.8.8:53 herriakmargozten.com udp
US 8.8.8.8:53 www.herriakmargozten.com udp
US 8.8.8.8:53 www.herriakmargozten.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 herriakmargozten.com udp
US 8.8.8.8:53 herriakmargozten.com udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
GB 163.70.151.21:443 connect.facebook.net tcp
US 8.8.8.8:53 21.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
GB 172.217.169.74:443 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
GB 163.70.151.21:443 connect.facebook.net udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.herriakmargozten.com udp
US 8.8.8.8:53 www.herriakmargozten.com udp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 www.herriakmargozten.com udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
US 8.8.8.8:53 static.xx.fbcdn.net udp
GB 163.70.151.21:443 static.xx.fbcdn.net tcp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 92.16.208.104.in-addr.arpa udp

Files

N/A