Malware Analysis Report

2025-04-14 00:58

Sample ID 240530-q87lfaca45
Target 84624011749b65457a6d8301ed528cd4_JaffaCakes118
SHA256 acd60f63cefada6dd2749ba32caed934f04f9f1434c08d346d226a5ca3df487e
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

acd60f63cefada6dd2749ba32caed934f04f9f1434c08d346d226a5ca3df487e

Threat Level: No (potentially) malicious behavior was detected

The file 84624011749b65457a6d8301ed528cd4_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-30 13:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-30 13:56

Reported

2024-05-30 13:59

Platform

win7-20240221-en

Max time kernel

133s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\84624011749b65457a6d8301ed528cd4_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f81e96d11613734aa7086727dce7c14a00000000020000000000106600000001000020000000783445042473aaa181d0ee9f5ce9994cfb76a0a143cc810a207064152500caf9000000000e800000000200002000000096664cea93be84a02385b361370a64a5fd6b5d59e112065a165f720b03bac84120000000f0d6d79902061ba548ba78a026fc3abf60eead12821c56204b234a0232c5b939400000001b245478e54247bd03a39237b4a25b7d8a73e0e8442abc5283fe683de7b2c0fc82dbb39f0a8d7eee653f0c399918a32d36ef54b8f37af6120cbf768c7f911751 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c00b535499b2da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7BCE19B1-1E8C-11EF-8E23-7EEA931DE775} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f81e96d11613734aa7086727dce7c14a000000000200000000001066000000010000200000008e6e8aa24d87110a7bbf90a42d77d7b10d21aff377069a8cdfe75ba72ce556fd000000000e800000000200002000000028d7e1eb9ee2904ee90107a05c442f6a2d03fc50a252eefd51c1cb6762dc0c7a9000000056f0dc1b226beb3dd1288ed2809830158fa43a4433eb44acbf60daa87aa3df42492a77a79935e1b62089ce8c2878d0b5e5049ecbe8eb9ad29b9bd6fe070393b43db24d04172fc9139dc1a04b31165841429ef30b243fb1d169d4ea1fc5c0b7b172eff40925550e206f2bc4b1a865c9852a4f19d893be8d07d4d63f77411406db4d4f7ecce9160bc078e8b61352a9d629400000005c6bba682bbc87eea3f417e0641d1ea5a61e5a423eb04875ad85f708b435b574b4dc0e6710a1076957ba365d5be19c5a93b62f16e3e99855daf29227a6c8b40b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423239287" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\84624011749b65457a6d8301ed528cd4_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ag8aq.cn udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab4C7E.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Cab4D6A.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar4D7E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0120c7a0f1947e2972a0949b435580fb
SHA1 12ca0a42fa04f713b96817a75cae413fb499b17b
SHA256 cadbd4e9eebfc000af38773dc5ad67ea0b71b8b3b3da46c542da5fcec932b087
SHA512 5fdcba85873a41312c333f31e84063af0e25421539be26a687a3fc14a7f467f642b6908323242c02888ffbc00452ad4c600c1221f3a3448f6d8f5d03c52fddc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e43621e2b9806988e7f568130a1c6f14
SHA1 9f1f1c4ee96a1fbefabc669b755e93deca1e05da
SHA256 51e5eecedb33fa8e8f10bf333987e998774c7b096e3a2558d78f097d9378efd0
SHA512 c3a9b858393b73fc652f09c8313af83a56692314e74bda1491a082831aff3270219037e9fb93247a317e8bf29af1e653d6b88f9a75064e66d3f5c52a81e4997b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c05f030cf4d696ab67be560727bb063
SHA1 a26f0e4a1aab5a87727cd4201305e315a636ff97
SHA256 ac4a244475fa09b07b69d0aa1a85e82f671f7b77fd5ac02b759c3345fefd83b8
SHA512 a2d21d996124185fadbc8c55d415a59dac07524f806c8dadd8c6ff4960f1bc3bd4de200dd9c14d2f9ebe0a0838be6289028be992401c1e4101c145450e5472da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e2b22761ec55102f6b2d73b1bdab664
SHA1 6a4edf7f937ca7661764d0453ceb35f0bcc4a8bf
SHA256 7cb6a8fb6de8a0ccf24a2f702d16ae36d594a4f1d4fb3b70864aee96772ffc3a
SHA512 889309c99808245ec2e04795a2782b0c4a36dc3b067df2f5fc515956a2e24b9a3721e4b26900323df16905a3bc379afb63caa81443063b8648e39a58b2b875d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f00ff5e8aebd78af3d8dfb98f28f12c
SHA1 88867b89633de466a7d029d23fbd3a27d0717647
SHA256 94361c1423d7b09794acb800338d0aa5e6b2508f93af71af7272de2975943549
SHA512 dedd06b6cbfdc59149ae86c72c3421444a08d592c65eff6a7e0c768bf1fb73b2baeccd3dd9c518571aa4f576be9628d8fe5ce120c44363728122379f182dbca9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 423a5a6d8398e6383166f0e905c80638
SHA1 7a2671928911a6a8da5604ca4d2035df77c862d1
SHA256 40207f11433eccb3e2e2f0871405712c702197763c7376be6449aa39a63a207e
SHA512 ff2770623353d27d8a1fd03851c7ebffd714459a45e95011de040059e522ed6818a706a8b99100353946117ca4a4bc82047b734e0a19f8c8710fc0d567476663

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f8ff6fd73c69b24752da7a7b04d5922
SHA1 a84ed2ac9beaad06d0d1c38d91b0032817bc1601
SHA256 eb3b9fec398f9e5d85d6a09591026a102d263679b2c3748ad1f528c646ba84b5
SHA512 97072a56f54622742551e98430ec4f3862c5936d0ef6d38d9370c9437f5d12fd6cbbc25e71732183eadd215412d4c2d1a33e31eec11a06367005925e459a8eae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13b7d10d33b02e61ce367207f3ad83aa
SHA1 29be25db4a812abf0c201c64e172f335e8eedf3d
SHA256 25680003fe512c292e62fb3a794c5a7268f38f137b86bbf68f87d420d9854d43
SHA512 ae487282b2b1578a970c661f4e0128de30cf9b3db968c154a26329f090a14a9b2397d76f6ce469c9992f0e79ee9ec38aa0e35c00855ee01d944d234dbd3d8097

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc1eff57525470e37d019186b968a913
SHA1 042feec9e4866d836947bf3acca331449f60daaf
SHA256 3c62212bbbe660373fbc2cc6558383e4ff71f0a0d159104879491c5d1dae87e0
SHA512 364fb324e7e87284b0de80f5844afcb6dc2b9aa57b51668e52ff7b7e4c8f9f23c34dc363f0ab81d4bc054e0c6e9224162e376fcd6592ca8fa18814c235ecfa64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3519f703c3f03a88dc37d06eaaea2e03
SHA1 dea513580166201942639ca7888d066992f9b20c
SHA256 92808a1b486f80f906cc104e33654880e8343b0935287e57adc35312d82047fe
SHA512 501445ff20f5d0ec9c87be652a5340d9104dcb91de78a8755e34064db9c8b778560cebb8d4a85be1be45e88ebf357444d9aa31a10fafd1233c494db9e95ec935

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b9403e1b2fe0d805547e396b0fdbf40d
SHA1 db8fff6cd5f2fbbde74fb63ce8ec275b6ae74afd
SHA256 a249716e1f90898febc8d17010fbe8d55a2ea59e9248a840159f87fb2911941f
SHA512 32761801c25e25b625b93f3e2074a0cf993a6dafb9496745e8e9c170fca560320bcb15a1f9878b7ff32f184f8d96269a64151473d8917a4135a3d5d421150320

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a0a89b29c3f0ac86524b3353f1290c1
SHA1 be74d2a558c2b7caa94de828d78841f1952ca5d5
SHA256 afe88dc606d198fa34347ef7f4f31e2ef3b2ebbaa10b185c19c31cbc0a77e59b
SHA512 41de47534b2ca7d9a952f93f5e29d7c903826149448fbf8307358a690a34a2c718c605363cfaaf03e26ff8186ca77eeaca7ffc064d84ebbcbeafe3abdfa93f28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbf8b88c4ad66a09b0543e3613a7ae49
SHA1 5c70cec0e0e710ea6df7cc2dc28117a26380944c
SHA256 acd605e164f7c39424816b88e9a0d3c77f27da1249ac8a2d81219a70018d5bd2
SHA512 2b2c0b9c9ff540b4b388a93d59e397eeaebc639c170dc449ac13a7fb0fa659d0c1b54163fa9fb9259d3db783b6f5d6bedc2213c64e02f95cbafd1a1cc67ee46c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8d38f4a83f0e9af6b61b54cd0caa275
SHA1 03c745a393f5849a5f05aaa7b59262da23b37bc1
SHA256 d2a7d7708d85a21813c73dae9baf683b8e725d99c643e704450c799b57a1e2c4
SHA512 3eadd216c02b5e8dfaa8a542d6f030a9210d4af2e7810a02b0678645f084e89af30cd342f3cb897bc041e6733c7b55f6e4472a9e347b84d6d3888cf7112e7858

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b82d2a4274d4dc358506e3982346532
SHA1 2363aa1eae3ff77926c7663938bc1ea919672ab9
SHA256 57802cc00351d163b37908a78b6749c4fd8ecf9c2356583f07b9ced08fbf605d
SHA512 ba52f87b87a22f5efabaac89f0aecd5a280edb8d8ac605f8d5bcf97093997cb7905a268912f0c317fedbd6dd05f05b2640bdfe3f9ea7852f61b6ff1851d1b323

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82dd82d9cd9d7e2b2a86415aa56e6c30
SHA1 065567092e56a4383ddbcece4389083e331bc583
SHA256 03d2cf9f3be520c47d06ef0661f2d18c65b099d2c0b6cd0ebe1ca474d603f6c7
SHA512 19c100e60fa84a4bd3fb5b96643a1afa525240e0fc9a20ca9b14e40883fc2f58136dbe59114528205d2624ab5364956e99301809c806f5c19186d642ca95e0aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bcf624cf8e5b810b1c04827fba0342c1
SHA1 9391b1ffeb27ecb68d56e94f326196831dc6a656
SHA256 a2287969afb1210f237f40dfb4c245f6bd3273f87663ddf9ca3b736ebcba7ac7
SHA512 1894449f1a2758f1e469ba1b62cbc7dbbd4e364cd628136d7c4a153d2e3f84be05c4e8933651627f5d38bd926cfdf99cde867719f39b446a2983ce690de7db33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9807d9414bd189497f3e22b79a05a894
SHA1 e0bb0e33d56ba479b115d1a635c9e32cfc50467e
SHA256 e86607ae32f8eaf1484c2d29d12751967c6048d5acd5b513441be53740bcfe58
SHA512 5045abc9b59c99e7b0d4dcd376432535306a853fa7ba960dbeb4ec5968b97c0b2132b2c120b825a15f5657781d067f11d4977c3f1d32f99dde10da17897c697d

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-30 13:56

Reported

2024-05-30 13:59

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

154s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\84624011749b65457a6d8301ed528cd4_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\84624011749b65457a6d8301ed528cd4_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2472 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4344 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4284 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5928 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5956 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 159.113.53.23.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
NL 2.18.121.5:443 bzib.nelreports.net tcp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 5.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 16.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
NL 23.62.61.137:443 www.bing.com tcp
US 8.8.8.8:53 137.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
NL 23.62.61.121:443 www.bing.com tcp
US 8.8.8.8:53 121.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A