Malware Analysis Report

2025-08-10 21:24

Sample ID 240530-brrfkaac67
Target 82a2fad5a6723990c5443b9608325f30_JaffaCakes118
SHA256 6a1da360b26f19f95d48f56aa39fd69ebd376910dc0f13a8786d2ce384310c52
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

6a1da360b26f19f95d48f56aa39fd69ebd376910dc0f13a8786d2ce384310c52

Threat Level: No (potentially) malicious behavior was detected

The file 82a2fad5a6723990c5443b9608325f30_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-30 01:22

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 01:22

Reported

2024-05-30 01:25

Platform

win7-20240508-en

Max time kernel

117s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\82a2fad5a6723990c5443b9608325f30_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000b057b148f5b50c7a0e14295921f1b7267de80ece576f4d93297479be5658feb2000000000e8000000002000020000000af0ab5f5a130811174d46b2401dd462fc91c84f0ee793451bcdaf585c824734f90000000d002987c87047988c23d465c1530591b81323ea1b9a4625dfa2a259109942f1a26c7983730d288c5cce71aa6d9f8ac31c4642e09861ba8ad4132fe193bac574ad3efc9ec5bf4229686d2cd006b79ee1abeb699f718a78e584d55beccc983ba8839fec5831b27bf7d127b84c8a2d935f0f1874f4bf7e987a292375bebf14b6526405f4cb79fae1588e69bc4106b4a0ce640000000bd9eb02f7a1a039769c1d8df5a12210cdb8a013dd2d1b74fde4c0f3c16d217d780ae8723178a79df47f911c9d60cb99a9fd7dee62e5c22077f3a914f0a84972e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000009b6f127977e511f2a7c10047439f11bb9a26a940bfac536dfba7d36bf8d28156000000000e8000000002000020000000c39c8f642b18a7d008737c63accab9c2ed6ee46a36f0bfee12e3d92874339612200000000a55a4958b416ec248ad7847566b8666f6ac67269520a97f66835e6d902933464000000087cfcfefc519affa4a31b73c0ac43f213a1cadbe74e628dad7f86f28f3a5e2079d0cddf5b66a718983a72460bfd5289949d57fb80f21fecac7b781286f56f555 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423194048" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4065b6ea2fb2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{27417A91-1E23-11EF-BE4D-CE57F181EBEB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\82a2fad5a6723990c5443b9608325f30_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2120 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 fast-lost4tmz.world udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3391.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Cab3420.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3456.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b325c2f0b81496391d132a1d0cacf8e
SHA1 bca61aa5c47c057de9ed3f68aad9ac2c7407db6e
SHA256 5ca4d3c3b494316c0be4e58ef434d664ee144b26c1dc86a40db27f5e52d07183
SHA512 91814562aa18076800e7dad296365f3b36d206ad53f9606e0857bb940046d0e4c0278845947b10743442b704176eb6cff9bbb7d4ab03f932d63c9144d4c28f39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3378ee1d85b115e1b4ef78ba21581771
SHA1 d9f454ed728210c85ab5ec225006ebb3de766e52
SHA256 7a33619877fbc3066b7c254196fd9da53bb96c230a95cbfa7cf6c56c8df98bc6
SHA512 0c73d59e9799ec413e8b82760f99fbdab777f48aae47de99640497bb09dddac6d7501e803048fa0954e14988caf73ad930b54a17f35860af391dce9b765d6c63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 540479336e75931eae215b67af73d7b3
SHA1 f2e74794f4589a4374ed8291a3a1f6cf373d198f
SHA256 16e435433505322cb916888452ec93fc2389c6c2caf1664313339ee5a4419728
SHA512 4113f4e701e58323f9f65bb10764ae1c565d2045c01e263dbfaf6e77559a26024e231c38238fff82e5a6cc768f8ed403ae16f4e09221cbfff6cda164a3f01dc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b3f97909850cf7f24a0f6785199f86e
SHA1 71cac4838123ccb7453bfcc5d28f9ba66d0e2bd3
SHA256 6980d9538bf3bef2d75c3de05fa370ff23710f7d1fde9f657cd3eab1e2c54a63
SHA512 c1c954214f9cf9dc9ca04e0a2214fb2c878a1ebad9849409bc85d21e49858e1e378b8622f2a0592d32a12f5a95fa8960e797f8962dcaf040f5fd928cb0074f61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a9933e5c2f57acb8680d2e1c545e718
SHA1 bdedf7ff29f2eba9f69be08f11479a41cefc5b91
SHA256 be0b1c42c1e46ed8586cc95d957389002baa7c77e2fb3e56d7e36a032f52eaad
SHA512 076e4c327b37d792c6070a0bfda252b6042e9f8ed033e07e640d646d685009b5a457ccc2c61a2166020f1d1db88cdc9aa6577a81a73c634ada4c16b9624a2a9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4050173de9038940348b2c953bafa017
SHA1 f587f9bb8118e5d71262c36b15c1becdede38a32
SHA256 f49d433539e8ab4ad40fe37a26de7ab216de2e44a9311b33dc63c8b672a317ef
SHA512 2e278c661bff380f2fe3aa4f8f03e45a45fc5d1e4cdf0a95e1962553a2ed07de4865240566d63ce2e382f6a0b71a9d1da9f073d7a757cf509eefbb1f0737e288

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5aa0859e073328bc6f590886be79fe81
SHA1 db6451c9c9ade2ff50e6c910988ab23697df294d
SHA256 458db00c63f6e94e3b7211c19b3cfa808131e0a5173f16779bbd5660c0861ef8
SHA512 057f05db31fb359c77001c70680d40e681858a2edde86b95ebae3eb3c3dcf6579575e0bb3a6bdd20b721c71adba4988fcc165fc9afdd961028745410290d8de2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c98cfbd363c99300c59e077a60b24e3a
SHA1 8aa7174d529f762e49cc54fbbb5cb83d3b329ba0
SHA256 70bd89acc055d93b27fb3fb244461e834428e352d36345906f5f7a9d62f6924a
SHA512 773ba2d7ab1971e2bf892f4ed587721229e4eadc8a3dfa60b68c073c9467b40e8c01174af5703e0f62123522e738348838a2ae9e77bee75b5cccc1535b6f6fb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 02cbe4fc00c2b20b97e5f1bb93720fbc
SHA1 869ad1a43e83b7334d3b328eb9499087a3b275ff
SHA256 e99bedd761b610e8e93abcaa54021d6773942f746e9a92b326b6d6eb07ffe4bf
SHA512 44f6f2534d622c5d6581892dc4cbbe01cf1ffa757de2df81f947132bb47a78cf4e3322875f78083453efa56fac19d0236138f8d0dacf7a114c007c0260adedde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af7f2959b16b1bbaf1345d7ae2788b2c
SHA1 4c02c0c9ec0f1cfc4f6ed59de987487e04806191
SHA256 957b592065005bd0537182bc1827d9a6f571f1c81be7bac98f6b00478894c863
SHA512 dcbab9091503620a5c3e2952326cbebbe9690e28b8f96e5057de0ae51966c697e4458517f006e99f7506a87cf1bd06234c9458a127c4da8d25b9970ae8e82575

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41be34c96399ce0f4db2ba3e0ecaa0c9
SHA1 8de622982f83b913212553e184d7563e563c7b95
SHA256 a3850757b7d2543e74b944331252ce76e0eea66296d1d45a1d3e69967d3f2d16
SHA512 a3525d3f6158707e74e44cb40b33628e0a37adf6206a40d4308ad7b54113123d6b85e3dd7bfacfdc440b737d1be923ed4e0f97caa63d87ad22b47a8eedbadfb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f19aa611c83ffaa18eb409de1a76b048
SHA1 61a12e96e93222cc16f50e1ee198acedfe339533
SHA256 ed17fb3251cbef10e698d85db4f01fef4adc29c8b7e959cdf3c4be541e0711b7
SHA512 ea295c4574747e5ecddab951caca9c2c9f99c7c134c978ef5319bf709c9823d82c571d17a710d0614c2eaf566c7c01ad8da4503efa25d0a95b2e4e9f562149a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b27f867ce50d8b25b70f6082bcff40b
SHA1 94ca25759a14ecdeff79706666083f2ee1e24026
SHA256 62159d23813950f3396a339a0de63fb6c91abdc7dbfae11c464e98a427821ba0
SHA512 d1dca68bc404428eda75ac5c6c188928183c380e05adc2a88243b1cbe6cd6d9b0c7e7dbaa3bbe11927c77df00ea264c95c50b4034f02c6675ae67908f3921612

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e16faf7ffe377df42d291302b9558f8
SHA1 d06c2a23833c993cf0abbe880814784938e2f96c
SHA256 274bcf903b505e258fbbd7e0464197b9ba8f80ea67816a6afd0c3fa624f60cea
SHA512 bcb436cf580abfe8d7f2f30e6623be4a22310f6cb952537f2280c2f5439d876c3073bd0546abffc1e636caa140dce4b66fb4f137927c569940e4e16ff51f8e74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 533fa9dfe14038f34c81f1e7fc0ca835
SHA1 c5ce043eb31e739ce13e3bde129efde649968212
SHA256 32cb6e63b9bf5ab4ae28eb4f7cd6e1a39937ba63ae25fc6992c3b59ad464a34e
SHA512 11726f67b1d3c740d4924b57e808e261b63e28765b1cfb7a95e348a1847c3cb943c9bfd2d755cfde209eba87fa2da96e51f9b2b0cfd5c1bcf79b6455ea682c1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ef943b051762b863b5f01b06140c48d
SHA1 11025e24cab29ae8799f4eaf1bfe7550ed11956d
SHA256 5231f2bd57e674e9b8569a393888672cacd02dbf833d1dd2006d7620bb9230ed
SHA512 66b65ac4b46aa9a962842c1a4175f1ac4dc3614e2df82ad480c2c7f4e9229124f77135c8348b0df29cc703d6b74b16b39d38b635c45e097038cd61400cef45b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 074b5d276097f2d8cc577648761146dc
SHA1 3b849f2982df7098e6faa3fd9f2c17987a00181a
SHA256 672be68bfffeb59bf7e18fd86f3cfdfca1bee6e749885eba8a9074ae95727912
SHA512 3065a261b1879a050197e57def6c23d825ed4062a17619ca413093bb930873a3c364b1246f21621993ae3fc464f75ae27b04f9cff1a9e0c7bacaea3c0eced0a6

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 01:22

Reported

2024-05-30 01:25

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\82a2fad5a6723990c5443b9608325f30_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\82a2fad5a6723990c5443b9608325f30_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3916 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4932 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4988 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5332 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5756 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=3324 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5680 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5308 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5688 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=5636 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=4988 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.180.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 fast-lost4tmz.world udp
US 8.8.8.8:53 105.193.132.51.in-addr.arpa udp

Files

N/A