Malware Analysis Report

2025-08-10 21:31

Sample ID 240528-y6s92aca83
Target 7e4858d873ea56d3cfb98cd0a198b041_JaffaCakes118
SHA256 8fe4f1cac4e4ef716e927399a912bdfd6bc361654baed521cec2b1e001e7dfc1
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

8fe4f1cac4e4ef716e927399a912bdfd6bc361654baed521cec2b1e001e7dfc1

Threat Level: No (potentially) malicious behavior was detected

The file 7e4858d873ea56d3cfb98cd0a198b041_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-28 20:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-28 20:24

Reported

2024-05-28 20:26

Platform

win7-20240419-en

Max time kernel

133s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e4858d873ea56d3cfb98cd0a198b041_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000516976e4fbcb90dab8c204ac0c18dfaea47310a752aa0698913aa19f0b0227f2000000000e80000000020000200000000be999cbb0824ed757c595734bf4989bf62860c9162be30a4a45c255e6c5864a900000003fe440b2c56f05825294d1135c233adf21380d47ed660b4f46d535e52999758716aab1670b7f2d76aafe7564206fa2bdab777c48262a80ee98deb468ec74bf13859a8d3623998a4f367690474984dceb6a45dcd34c8956e721d7520b09ba9db24ec9bbd79fd4f068f69f3d390b0e49f3687fb32b34f7b04405a308d389741da1b3e054faaefbf34b9315dabd644e1fed4000000016bf302fedda212eb4319724791f37025e46f5a4ffd910385ec14149034096e1908e9decfcf28066645a00ae2c85035128b48972c7c43281c0b006ed22cc0193 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42904EA1-1D30-11EF-88D8-5E50367223A7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b06427173db1da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423089726" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000002f689ac96bf42a087e0bd4d625503b00ace8bcd086484d3fc3baa7821ee02bca000000000e800000000200002000000080ca32ac965d4585ca24e2e01f41355683c031f2798a0b4a14c429959e7e8dd520000000f70fd4924325f81e909312583c3852e073621a32bd9f81659b4ddea444114a4e40000000a44e1cbdfab7e0e1670929254681a32fa875fd1ec155cd442fa273054114f45a2a7fe49fe5cdd3e2edd89a05cbf06bbf161dc716078fe66fd849c23b6c9f46b7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\7e4858d873ea56d3cfb98cd0a198b041_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab231D.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar238E.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da5d81613fc2052037980ea151e0e318
SHA1 134cd28ac8d4eef907cbc96f2b4ac15bebd556f9
SHA256 fe15a8e4b10b0f8c58b4e420483e8d53e2f9a56f6ef66eaec022f84b95fe1f50
SHA512 103cb29242e485c187e2830b974df77e3911d3a2092b140984a314fdaf4a51421c00b6bab28edd88e8b83232ecf52ca59d8c5b128f9e6a34da30719e0126fb66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecd606891ce4dbdbafb27ae2382fef16
SHA1 fbcee66a4a4219b886717b9257c5e740aef2fe15
SHA256 755af85e8721addab3da03cc46a4bb8f2d5b348b8a09ee9e8938bdce420404dd
SHA512 9f57bdb4744beba51ee246c4abd4646103b0a9b6c42b9967a81836e38c980e97b0a833d31884f20e4ec038444f278da96a48683c070f90a830b2c2ccd5e43e16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 132febf7c75c10dcec798c336cadf488
SHA1 1a3437e536643dda11cfaf762cd69319cdab7403
SHA256 609c3aa349d6a552c67d405c217c6fe5ceb92d6d171bf68798847f24b9814b5c
SHA512 3d3e9ce00a97433521964d60aa78079f63206641ed094dd9c8f864d31b11386c913c43095556f4439be718e0e49c3f1335b2b64e765e98f1988e64e0ed312863

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f9756e288bddfafab8d12451d0ad2cc
SHA1 712c078edc5736536d1d18bd8bbbf19b92a63f5d
SHA256 a7c016a8ff98a2a1d693318286c8139a387586b546eacd5ca011942707557311
SHA512 0fff28bc2db688b2a38e94a6b4b08c1b718551c7362e4c0347085b5721f5d36f70b3d268aab560abc12ecead550e230d158dbe578a28aa6598179ca33aaa58ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c34af8ee272ce9fe1e308c95056091de
SHA1 662a80eae7a04fb230600e8cedf40a4de8a86257
SHA256 a7f0aafa963bc835c2fdd77e0bbaf254a3a28299f6fefea74fc062d91e54524d
SHA512 33753277ba940cba6613db5cdba88fa53fdbfcfa5a983fe99211c537af7ce8e2e3e8d720aa485b7d98e3267e121be96afbbcd3edc02f31af1599313ffc72dcc1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f4a464f590b970db0879c057fb75724
SHA1 e2abf99552f92b7c28f373fbc7defaa24caa82d6
SHA256 a59a1b1a8626887cb89c6624454ea2df8eda467f691d0dc825bc17689c9e9ea8
SHA512 ab84e0feb569feff20decec28c5c6dd78db1ab5cf9e113f7ae15d519ef213e9efb111a11f5843c973ec64308f8be35655ae343e5dfbdbf9fd4327b0499428b3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 435ebc884c8068bb0fffd86bc91d42e0
SHA1 b8145d5afa4a3e9bdd8c8a7a50a0194032904c30
SHA256 b99da8f58e04ff02f8835d6f676499285454a7d181c9284aa403baf411d01b5a
SHA512 96dea6f5f9f28772f6bf9b6a8c1ba6811d8cd418d3b185a19908867e849936dccd7d6e518cd36ce7146bbdd8d7f4adc2c028088367e3832324e8960dc7db5eae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74f8f2865bbafe2a32b948da49070428
SHA1 4a90d7a4689619228f28d9ae63d9850f2c3abd1c
SHA256 0400e9e84fe7efd68edb490896e40dfcca9fa6720bccbf9287fa5d1b9584c7c1
SHA512 74bf7e1b51fe19309eaa412b3950ef23981079881ef2abdec1ae9d2be5781b35a38e70c1d75c426f1142f50824078efc24c4d46d95b9ca662a8e5d11c1ffbcd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b015ab6a7227285b9453d81abb7816c3
SHA1 318a6863bb821f8078ed71183deefdb283e01cca
SHA256 3c0d9a8cf3595611db2d0e4374993bb27b236b4818c1799798235e1730e314cd
SHA512 74e92d822ac15bd31cbc1c70340c908cfd56779de1c2984de8f797eb72ffe3de53fb92ecf8fedab66702cb4f990bc2d4db2e8b2c82dddb3d437fa4c9c8067ff0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b696497e88a31fc2e0ca77d719a454fc
SHA1 1769f8d9b1309bb860e11ba565fd932228bebc3c
SHA256 fbffd91330ec4a771aa16366f894a17b97f1190bfaa9c8c4b1ec21ac23440e63
SHA512 50755adeffa69f1dfcf6f7c64a0b7f93729360ba6eb4aea0222a89d81eb64bc4ab028e51978ec4e72180a49623e75329be27a2616eb87f946f1deb55708acbd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 824ec5bbba26da5b36705d54df03032d
SHA1 378ee2ff46d27e15c5f4e5f58e8aa54bf0120200
SHA256 03890540994f82c7831cd247de9808882fb5195701d5f179861720b282d2312b
SHA512 16a241dcd2fe994d9fd96ccaeaf7fac15d1ad4eb5f1fbed42d4371706710707925e7cfd49bd75e5963ab97eff1d8d2520a297b222a014b3a3ef17ee2247b45d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 549614a3ec498d88f87a7c3ec0a2973f
SHA1 a9739eea6643944d6d5026336dbc83f080b257cf
SHA256 fab98519357a83deaa6d3ee898761a5ddd14dc748948dfeef464e9c3c4110179
SHA512 cc859fc894566829b28ddd9012606daa0756207adf7d5b4951aa767ed941eeab2a3bb7b4b3d0bfe97f658bc3792e7c2a82c9392210555b45a7b22b2bdbe91e1a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae94d2dc3f643d4035cfeb97f097ee88
SHA1 14a3127e44e686021d7c5913710d288e28f8ce90
SHA256 7115f958e8fbae1ebe801516de7840df4c83ec13d7875d2c2fab42eb27e81ee0
SHA512 541f0e47aead7d6b7f6e6251b8c372ca905bc2edc237a97023c7cd996d4432ae9c519119fa87b6bac97a1d092306b7072707a42187d06a2221abca6912f276bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39cae93c5262b47d2a499c17f8058dd4
SHA1 274afc4d6abcbc825536cc1cccf5ac29e5e42ffd
SHA256 2d55e364d6aaec9a6f3fa4a6a83fea115ffb65590e1a85a2a75238ea16dff753
SHA512 5dd01eee33ba540f3d13c0f5d3d3f2e2e0a2391aae49d3beb91e75dea7052f9cd392be0cfc8a88980fae34619e31b10603112e5384ef02d3ee4eff6dc425f5db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 109cb23f634e51f55280d9c943de0ac2
SHA1 8b31eb03567635eac6260ec2223d5d017c331cb4
SHA256 766045c5501ef2fa7fd91763babdca044e5065eee9592b8da2c9fccec3f5924c
SHA512 e9b560376d2d48f48fd7f6e90cdc103a047672c96f9660371479f8087af2ab0198461f3353eb098af8600938599973b9a9381287400d0857d849468e27c3beb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfe0478fb4468664f24eb894e6db2eb5
SHA1 b0f1d9a91588f4730bb97391e5ad032cba142e7d
SHA256 c75005eb0a341e121b16bc498b330264760c6c17f13642653b8ab932d8f1e8cb
SHA512 5c1a9378e64a788fb416cac6cb5b7ed4ce714b4fc40a2556341f9a27e5f79631f411c11ed6121f2a24e228c81da5c95116dbd1568370d7af3819b80bd9ebdc66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b554455ae27a226acb5dc48c1326d88a
SHA1 81b37b6b757026010e2c770e0fc836affee97e89
SHA256 7c76655ab3cf9c0eaa32bfcd753f6d9f4d11615b64b5c2eab103c02b9a941fcc
SHA512 30e0b592934d2dd48816a01906729383012d85ca3c03bc44b7b9fcd1bfae4fcb3d6e6aec92073384f0f5e00d268e88ca8c0c20a93e2e0ce2babe8226d7f70558

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b19dce2b220afe66bf4d247d0e5d084
SHA1 fe873909f9d04fe537c0d4f70834b5110a093131
SHA256 92fa7560e475786152b3b02dc96c79835d5fbd1181268a2b7b5f6d178da4f5dd
SHA512 7611f2da2665f52ea0711e8c2dbf26d7a1dc1a8c73f6eb4f01bf410ce33a193c81fc5761b150ac5b4b6bac997bbf57b9eaea973455a95aa5a90bdd443a16f266

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e27c87b444c7ef181d8e86401123f70
SHA1 c5102b1ceeb572fd28628b039a52af4abe2b5183
SHA256 29ac97312d4e8410fd13f9c939dc391deadf53a1f11f578ab806f90aa3621f9f
SHA512 5cacaa51de0434aae0ee5ed3d407147a37404de4138df999a4fd245d02176afca4306fd18c88b184bb302cbf588cabd99a3c97cf9bbc7ec4a6cdb3ae71ec6f8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8826a917b3970163feca80a7677129e4
SHA1 d0cb09ae7e06fc3a543c4914c043e8015825f59e
SHA256 0c4b0b587381b0a9600e6015fe552e2af2094a59116ce876a0eeba372c6695df
SHA512 3876f4e5f270427f4340298ad6978d30d573716cfec4920f2fcb388f327c99ca463e9785aec5d4773ccb0b120efec953b845521193582963f53bcd8941d00f00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27a6d31312adaa8766e0d3605f1a90f8
SHA1 048d7ec494502ee16fb38a9be74de65ee478629d
SHA256 fa66afdc995551d6417af1156eb6f740f2797eae5fe9eae1c4d0f9e9586647e5
SHA512 d3f079514b80ab7da31c2dfcf0888fa3af9b59fb3cfeb7c90ce3a16ecb48f98667475784c19fd44515dc0a00cb918b5d15cf69cc67f5cbe7bf436bcfcab33f31

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-28 20:24

Reported

2024-05-28 20:26

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e4858d873ea56d3cfb98cd0a198b041_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7e4858d873ea56d3cfb98cd0a198b041_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3776 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4908 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4884 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5520 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5944 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 2.17.251.32:443 cdn-adef.akamaized.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 32.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.21:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
US 13.107.253.67:443 tcp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
NL 23.62.61.163:443 www.bing.com tcp
US 8.8.8.8:53 163.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
NL 23.62.61.152:443 www.bing.com tcp
US 8.8.8.8:53 152.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 27.73.42.20.in-addr.arpa udp

Files

N/A