Malware Analysis Report

2025-08-10 21:53

Sample ID 240526-dtbh8sdf75
Target 742be809b42025d7ce7b21d09a5dafb0_JaffaCakes118
SHA256 eb9266000c68a6672054826b9d6fca72a5801417c21443ce8cad9c56290050f1
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

eb9266000c68a6672054826b9d6fca72a5801417c21443ce8cad9c56290050f1

Threat Level: No (potentially) malicious behavior was detected

The file 742be809b42025d7ce7b21d09a5dafb0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-26 03:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-26 03:17

Reported

2024-05-26 03:20

Platform

win7-20240220-en

Max time kernel

137s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\742be809b42025d7ce7b21d09a5dafb0_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007da7a4778bf00e47aec291648970632c00000000020000000000106600000001000020000000f319dd291330fbb38efe438aca4e743a84e3227ec6cdb21a3d0bcee5684a917e000000000e800000000200002000000043ac752f3d2b056182df5d90e52d3b00c65963963aa167861185253310dd062690000000c80bb2291a2daac09d709c269034735cc680c0f940c41a841526c3606dbc06fcc4893853b702113642ae7c807f45eaf71e7f628c23d0865d6e7d828df2ed3e31f37bb11955201e94c16b70798a2f8ce6f02b6e90cffa569c6641ab3b4c6c95c83195a6e7af9cd15a8320a188f3834e56802ee02993c6d22b4e56fc195794957dfaf818927534cb52e4258207106058c740000000967c4f04e0b87e63852c543223b01581051911ae862670b920ef25e5da5ebc9dc3da596dafa13a1383384d7f108a7fe990f8258680934e65a332071dff509d08 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "422855324" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{800B48D1-1B0E-11EF-BE0C-E2E647A5CFB6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007da7a4778bf00e47aec291648970632c00000000020000000000106600000001000020000000c09dae41a3b8426203cbddf67d3821ded6bc6f94632e192a39f369322ee6b352000000000e80000000020000200000006f9778e2276af29b6b96f12d72f1d767bae2139af52cee997e59bea24cb6cf2520000000f7b7888b817c772f2dcd4de6c131bef35a1de4cc72949e6dd759033b6ce9188840000000feb5521abdd70264ddc98232b91fe68f553c3e25c1b257fceaf0fb7e140893c4c8cb93b8cb59ffd61ebfd41367353ec62209edffc0aeb5b2a96991d4c48bf4ef C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 8024d8541bafda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\742be809b42025d7ce7b21d09a5dafb0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img.sedoparking.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 sedoparking.com udp
DE 64.190.63.136:80 sedoparking.com tcp
DE 64.190.63.136:80 sedoparking.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1F56.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar2047.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d13f2cddfb5f5237e2c7cce89e33e46c
SHA1 860634ecfed6fe6d9bf02e55ba6122218b277b52
SHA256 e935f0d7863f45cc752db92e60005c49f014a45b0dff970000dd3500ca162649
SHA512 457563e7c268c0ed8d424aa7426acce906af9f131be5ef8797369081f48f62409be2e1d0600bced8b3937610ed7f7684f347e148b132f7a47777c7d21466779a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 261ff334115aea0c47974ba7716ecc4a
SHA1 644cec366e1e2ec488e2a565b59a5a9bd59eb789
SHA256 62933af2ffb79753780fcbfad593f424a7a49ad0c9838f6ab10c6a311fb024db
SHA512 1128eebc3bd22ebbd74be58ed520b64241d8006faf1133a50f3b13f8db9f1720c958b470be19efe4b0043eba92f063e64b1ca37fe207056ff8ae93278d529dcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 872ffa29165f076fa086a3ef7ceb06f3
SHA1 47f0a5ca9d086b3f07d4c45c4991253dad194ade
SHA256 51e25c752d95fdaf488166e928a3a8a66bdc850170dcab908c6b5e10db9d9d0d
SHA512 87c37a1d79cc2f87a5516049148b734df85280a23c227821d8986971e98c5a031beae66b240b232e1765fc09a2d340372d1ff091906dab9cbb81edbddb67a6c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 932768e83bc11fd29f2e10ca43232e41
SHA1 aaa514f70b9c33d521a6707f8ea9341d371818dd
SHA256 2ca7af07a5ab88034fe43999e90e6a15971407bc4596b8260e2b77f497870865
SHA512 4f2dc599ac8d7dd049262c02664daf6b604cc282207a81deeea52ec27fede836ffdaacfe03cd8d8baa056d3e7698bd8cf600b3c8ed3eef72d6a0368934816bfb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af0f939b6bcbf4271652417065dd912e
SHA1 25fbd1563f1de06dc0bc944022d8116d6b9d10ad
SHA256 080f030ddd30282fdbe3d1e8bfcb1defceeee07e5770c66a73f40291a3eb924b
SHA512 ac9413dc7c9bc5c646a9e681cd0f366eceb4e639b44a4e91ed7021bd3fe79516490ef9afa982510f57fe0eb41e4a6a4141b035e2adbb2b63dec5f0eaea531db4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2472a8c290dc6bdd9c7dbe0b163e6f20
SHA1 186a5dc1aec08a24bd4bbbf5f60b1d29bfc916c7
SHA256 58ccfcf562f44f2ad9dedf732bbf560f8c5628e2cf26648cc449ac334d7e5143
SHA512 2cfbd08975c59a7e70e8ed9b8bf781aa7142f0bd29543f70118f0d60b307495e8470ade2ca2bcd6209757c68db9d48f3ac02bff125980e4c6b3e40bcb16f6a3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4677cf4a636b53b9d72e36acb7db293
SHA1 fd85a61c675761478f369e34e1c7a19ecce3d268
SHA256 1e7c08678bacc95f7ad59e76d4d90755a35738cc1e4246fa7ebf928b51ee6878
SHA512 d48a27b84c3160e6008f8e2bd56789ea4445b48d982072b87344426405c1fbc7cc69a44e56cffde31eb485e9512bf2dbbfc75ff66f73394b4e9051048ef0d1f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9f1a42fdaf47dc786aee18eec6eb667
SHA1 2602bd15e853805d8a91d89f79b836f963b15f4a
SHA256 0150b876e95c794882bb04c71cd72d49ef7d74b03103fa68546c6884d5dfa59a
SHA512 1f6f9e3307243ece451402d270f4c568651a1edbbd9f883d5fb0e02a42a0e1f5a151a971b6d616d4c41b5b2f904a185924d257e8aa5e91fae66f42cc585172ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae2ce9baa83272d75b3cc1320e5cbb8f
SHA1 7b17894a9f55d7673e78da7036177aee598738a2
SHA256 2a0bc974aaafcda8ed216834cf1fbf8148769d5a0b0a491c5126c985a16c546e
SHA512 aaf3aa72726ea6129e0e2646ce777e9e80044ccaf0edd77297b7d4dfa21f26036f669b4903205be30d928200b9d918243251c75630239dcb1ea5f868865e6a15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08af87e222888f9f2220a82943c144a3
SHA1 0c00c77cacca2181b684d9e8dea582660883d907
SHA256 54ac547aa5505cff03c3263396015f42f1b21d35541c029e1f082776fa1fe899
SHA512 7aa83e82f55cf0eee7da075424bca1be3ac14ad9da6be2c36c04ab0bc9bb549d4b42387b77a03d77baeebc2d7925fc5da43d5c027ab4e539899bf0b32a1691b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2273d1075dc95abe175170eaa19a8a40
SHA1 cf19c05cb6971b0a4f6ca2b4ccc241363981a2a9
SHA256 82a148b59d421173eb983ef5a6359b02f9c22b8f3e3b6ece80e550d4915e35e2
SHA512 830b703fb01050069b453f43abcce9e76ebcb1d82fe24e54bd12e12eb91b091cb7718053d954ca1a224228359f25ae65dc5dca8fb603048d574840dd70bcf6e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0119fb90db4182b67dffcea7e08010e6
SHA1 4eb6eb6f30fe435f646570bda959bb71f165b08c
SHA256 1546bececb19d090b073194209b858d4475189d6fb955923cf3949b73401c0eb
SHA512 354ff8e2b2a9c6fc3c978f7ea3a3a51331c8c691b39c0131aea337a1fe811676963fe1753457b5af07dea80f6c8e3199596507072196072421e50c9db7c35d34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8cd5f82828c7fb908d2469729c94c86
SHA1 22afc01d01b857a6e155c99d9efb6ae310a48be1
SHA256 6640682f33faf7b5725ce59206bd4695e3d9efe66767c05ac70200a0884ea13d
SHA512 46e38e919d589b67bd51023165cf746258d7c48a12478e803e59f9fbda4e2b7282e2354628ec7cb7da08a084aa412510bb20b141b1f696a8c618d6a901b9d1f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37e0638bc78e320d492b15317f24a9e7
SHA1 0ce55f101df604002848d23fc0e2c39906ace87c
SHA256 702e80e3f99992b8ba5a645e6c37b4195c7c877f0828f5813827871846d9cd62
SHA512 f02e755119c664b99cfa3e257081bb1bcb9c1309c97c806ed8b3ea24af77a4ca80fe481eab13e8d71c33e43fda1d5602fc1668b5b2bd7c18eebe5b475758acb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0c6f3d8843b7a8b2acad38f42e1fb9a
SHA1 16254d4e8f72bee117434deb8902bea3a98683c1
SHA256 3f09b536b3f74a54fcc45e38e818190aeeab4251ebeb057651c0fbfa8256f8af
SHA512 c34aa95e9ccd0e4a1ab14d4ba1a09b888ef790ffb2d3e5b4a21015eba43ea1c93c995f15f26e87bee099100d1aa04500dbe39d54d45cf016d917cebe1e1b0422

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebcc13c678e889fa88a64381cfb38da3
SHA1 672d3da2a9ca3be745b438df6c739644906fb875
SHA256 58e22d21621eec085b18695937bd4d68a12370633960eec81d590137345e36f4
SHA512 9e373a56b5be63e250eaed390b0c7357aa434a2bcae9cb37d09be1f1fa9855e19f47b7382ed8b750d05138526edfaf98044a9956daea5e784e205a86b8af5565

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0b5770b3c01c4cd08d29916b8c19f70
SHA1 4ea03f24a072b0219d026f0f3c79fb2665d15516
SHA256 ede0d47dd6783d90278512f984e77ed955aba8faa6e05ffeeadfe1dfcaceca39
SHA512 3db61515906af35edf1f7a73f99f64961d11dac702624a18730237ce8ef7cec67df27a67c2e725920917cfd1e1efa7a7695f791adf3a7982048394212fefc32e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e51a1434bd669b3b8b5ca593a3c0a21
SHA1 1c75d18d535be3723af1b59caa630a1a7f3a51dd
SHA256 7358bcd6b15f6e587210a63aa49db16f0ed20ad4f61682b132b17eb14854a34b
SHA512 7af36e0e09485c224cdc8bd99e566bb84850b1a2a52f79221ec8d619ac647e4c3af93a0709c46c6acd6fcb46d765b377d865283edd2289a3337a6d716b383b88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 349befe1a1180d0251fc948828bfe1e5
SHA1 5afd153446ec07430999c0829e6ae9447802efc0
SHA256 53778e644ad0f6b2f91716024e446abf289adbd9e1dd6ee4303144982849119b
SHA512 e4d6fbf585f91ed391adc3055343796a3b640409e7734d0d9d4d07ffe56ad7ac0cea93f27d1f19a60f3f16ae50758392ed91efe61c9162c049f66d1f32902529

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-26 03:17

Reported

2024-05-26 03:20

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\742be809b42025d7ce7b21d09a5dafb0_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\742be809b42025d7ce7b21d09a5dafb0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1028 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3984 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4024 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5504 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4916 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3512 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.140:443 bzib.nelreports.net tcp
US 8.8.8.8:53 ww1.srv.desk-top-app.info udp
US 8.8.8.8:53 ww1.srv.desk-top-app.info udp
US 8.8.8.8:53 ww1.srv.desk-top-app.info udp
US 8.8.8.8:53 sedoparking.com udp
US 8.8.8.8:53 sedoparking.com udp
DE 64.190.63.136:80 sedoparking.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 136.63.190.64.in-addr.arpa udp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.182.143.212:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 212.143.182.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.187.202:443 chromewebstore.googleapis.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 28.73.42.20.in-addr.arpa udp

Files

N/A