Malware Analysis Report

2025-06-16 07:17

Sample ID 240531-2b1x6sge34
Target 889044ca214be06855e5f02851696ad1_JaffaCakes118
SHA256 17ca6bbd6bbd926e402a1a2f47c5b8d8919b6e1c6d2e4a0997de5dc8331c1e10
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

17ca6bbd6bbd926e402a1a2f47c5b8d8919b6e1c6d2e4a0997de5dc8331c1e10

Threat Level: No (potentially) malicious behavior was detected

The file 889044ca214be06855e5f02851696ad1_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-31 22:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 22:25

Reported

2024-05-31 22:27

Platform

win7-20240508-en

Max time kernel

117s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\889044ca214be06855e5f02851696ad1_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000006db572ebb180731c00e513b423fba5341111f8d32946745422b220ff17c5217a000000000e80000000020000200000001853029c24a9b49144ef6d8e715b42d76e7905cbe9aecf90c85155593ffd7bbd20000000f0bbf1ac72489e819e8437de38dc569bf2dd7c0c40bc4b320b214fac851d42cd400000006cf613126257363482c93d5421631d5e8db47ecffb35fee07d3e7769b2aeb7ebfe0419dc5c1e6f7a9a6a38d12b4fffb2d839dfdfda6f9cdbbebd8b378d9b6074 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423356181" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e93610000000002000000000010660000000100002000000080e068cf96ee8a609404a4190bd2193ae8176f291742bdff8a2112cc46ad8585000000000e8000000002000020000000ccbd1771ab07700f47cc12a7c96bfad55b6f671a219c167e51167f46fa913bc7900000005318d75812175d5ddf8f9c379e4a0aebbeb8585afa77b9d357887c1d479870c97075bf9dbcbbf82062e953f65fb62945d50604cf1a894974797e335927fe3a65d2490145d04a36ed0f4232ec6dd567ac7767d16f5cb67639396e33bb6cd932a4c565616b8595ff6d7656383e7456979b7d9251d7510617b182dc6ef186856a24fb4a7534ed8036822d256d414e1d0897400000003af4a416d154658b18ed063100fcb6759621c4e6a8645a09adfb0798ff9247e7cc7e11b7102d105174d24aab1d1a9afc60a1c6d1d4f59d128f3dc30a0e85527d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 800def7ba9b3da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A6A827A1-1F9C-11EF-91D8-D6B84878A518} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\889044ca214be06855e5f02851696ad1_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1704 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 js.users.51.la udp
US 163.181.154.232:443 js.users.51.la tcp
US 163.181.154.232:443 js.users.51.la tcp
US 163.181.154.232:443 js.users.51.la tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1787.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar181C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f60d17f9e39daa514802f1aa9f89ba26
SHA1 44dd44c03c37adf5a77510112f6cd81a8695faf3
SHA256 d7070724d548f593fc55ada0efa6674164714635b0d5125c1d28aacc0080bc7c
SHA512 64fd496ad8745c10ea977692af98e6710a9af1365333f5a146ff5873a74620b277a1e6c545957d01e1169952bb48c1804b535847e7dbb09a2a16af58eb3b0506

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35e2d5e33e5d87978c7500d2dd604aa3
SHA1 8bc744afff044e1616e540e9b0287b12c5eb1395
SHA256 dad7423be26819c5248a75e1bdcedbe28c55d68b1058b132b8ab73461a432205
SHA512 271ccef0321c8077ff351d6091c6bcae1741c84758020c5f95b40dbea32aaed14e5930add0104ffa62cc04c15edc5d43d26985050ce488e1a9f857721a15e5a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab1dc7b25c41da3ebafacfe2058f6f4c
SHA1 e0c50bbc06cf9d41edb161c50c065bed3869640d
SHA256 903e4492837b6bb24ed912df0cc26377581a8f6a112efd83f2c47d47b8f2c217
SHA512 09e253a1440d5e8f751a5673ca264e5ffa77719d45086db244337dd52de1b34e8288fed5254f7cf84c2e61fcd00238f8b4774ab0292d8fcff2dea6e4c9d1328a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a372f46d139a2876768cf040a86472ea
SHA1 69378974058911efb5f1a6eb9f6a99d7c11f8f46
SHA256 467a43570e6fc618a7d474bd5512a3cfc594d5ecca7a5ec82b819d779d150bcc
SHA512 6465f88552e0de28ef3e8f2bbcbd8359622d3866a99409ca2f250e22649575c46597a4b4289d8ad2f078c31cca7c53ddc6a2cff17d6d27cdcd928d39843ccd75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5ae19648836673c8c1430998e67f5fc
SHA1 d2dbf01bbf0d4878bf7fc4a2e2be4254737d4e8f
SHA256 de72bedd14b0ac4bff97b77f2468a7bc09bf4e9e97aaf9c425a0013abe8dcc82
SHA512 736cfcccc2fb582f43bfa6ea797e8d8b6752d81167310874d46661b661ee6bb959b564c8b56429bbe100bf035f38f45f8db0d70e11459d2a9b7f458277e0cf3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6b15aa4962f868452008e6ad2f302a4d
SHA1 2e7e722be0455adec9b0b5a3a3b1233583c98e00
SHA256 6c1efaaeae62733b2183a557a312a246a488eb57655f92a1fdaaaae565e72c54
SHA512 9bdcf4e5f9cd6dfd1c7306a99d3ffac822c640e7addff08769ce55de4535884d0dd48e7b43fa4e2ccf00f80cc8d725e299dbabcf09fa767a73437a83e3f0658f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a5a661ba42b793ce1f6d330645af3fd
SHA1 12dcb23311b25ffcd875e4aa5fb3d952132bf41b
SHA256 f2a9337e4965aee2f1b591971eceec878b596c219457c1e56347c1f98b4147ef
SHA512 db9540a12cd9fe36ca6ad9ca42698ae50834bccacbad86110751edca22d59f08cf051c5f6b2b2db32206462cdefc36ce58b35266c3833c15d591df6cc43e2e9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d71f3c3d4a8aa5e82d664ada288c01e
SHA1 a87ab75a1cead4c8acf16d6c3382d720d5d8641f
SHA256 9df43b482e6e76d68b8215a925f8c897a790cbc3fac1822a9d9c73c008e38bc4
SHA512 3fd7c7deb54f8edde647c149499671a37bd3b23e205b5d985459cb4623bb1f82ce577a89f1619f6b7eaffccd501d4a063b603a61dc845c86f4d0a0ca4e2a6b9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19704a2bc2ad2afbe42d1c5bd9cf99e9
SHA1 dffd1a8d84fcbf7a3f3880d7b2fba3b5ff266c42
SHA256 ec26fc1ea7c9935f412060d6f66ac7ca349e04bf1c8bcff0b2e42b70b642e594
SHA512 89b20b5e4676c6416ace3fbcacd9818c37d5f7571336de57b2bf3d9f2e947ba9a5631d8d3c889140c84017ca7588acafbc027e29942a8568a057e88bda4eacfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b1588092c30e1b1d5b7661ece301191
SHA1 815a8c1e6cea9efd392e2b9c4bbb626600c1d6c8
SHA256 64759068bafed8fd292baed40a40b284d95163aa01ffc157729d9c96f8adf8c1
SHA512 df0a990a52569e7b450aa95d650866d91b10071b2c0e2eadeae7992f22228ac79ed90b0cd941aed395547ecb5d2397531d115bf03f986f8082bd55e5c55dc119

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4726ce40a2274075a17118f0780c7edb
SHA1 5ef08dc1de7bd266deb4abb7eb49e525fdbbc359
SHA256 ccb80a8136d2817ae9bd571199e920f3bd772e931d3faf51ec071da9cabd4f4d
SHA512 ecfb4801d1715b6d36b0bf4603cd3540caa930071258e8e9e2db310aa11b9d327041a3e2f8b6c4b1b09d9859d31e6d594d00fc8f7ee14082809fbb9e3806e084

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05c6ff20503ef9fe53ddc947f9f3623b
SHA1 5abbd87611ad79143d4f51059f84352109cf59e1
SHA256 cdcfc7dad1006774ef5f42dc039e3efc91f924335c40bf95d3298e9f12ceec8d
SHA512 09b09796d05df1fa2dbfd34bafbc88d456086c26171b61d65699f2cc1d4a4d7f5ef65c3d049e0d44d23da0d1a44f0586f7a2cd5aaad269b6a588c09bc61c8e1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0c0996731664d2ac69d75a9805f979d
SHA1 13c60559ab31b106951e443dd9e349311a0a6d12
SHA256 65c66a1940edd162073e0f619880ab129fd31f57cefd43ecdb6206da5dfb3983
SHA512 ede8257557e172edb8ad8839e02e2135b00c08ff53ff1c7fd080f661ad363fc544b497294d601ad1d1bd4785aa6d259238ca73b645eec45fe590c8e874a7dee0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6193859a80eb22de159b5baa521045c9
SHA1 a023abda6e45dd99532e27244402001c815d68d6
SHA256 8b7fb87b3497a7dcb0e7b55cdc712344175567d441dae6c4cf4687d97786b284
SHA512 265081d327137e8444ffc3e158ce58bb0b500a4d34c56f6ba763abe17006d9116369ba4f1ce3fe5ba37c9163d31f3ac9ddfb2f96d361c2eb582d7f45b842dbcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d973d6d6767c9f25ba69800c0330d15f
SHA1 091c5f5e59324c827886b2b45bf2efd767fea962
SHA256 0d7da83af1a1df02e183196012e9c6b2e100d0eabbc40b517ea4469719ba6709
SHA512 753189d0dc6c2dd0b7a955676baf7cba1fc578e2596f4f1ce7c3fda225504220abbef97356cb99dc9b9dbabe140f78d89cabf5425679b3055fdd368b9a9fb283

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 714863bf031dcb27551e1241896e5054
SHA1 e52b6e0e1ddabd90467230914e3325ea50118adb
SHA256 a5124b10772fc78d625ce2cb6cc54b2b1dc4af2fa94a8939e085aea63e2cfeac
SHA512 0731d80c3edbb1bbfe53b0edb22959ab79b11f3af395570b0915a1696d02d2f010d8dc81fc2d3fa743d8d0a30fb2b628d9b113c82bcee469632d25cd027d163b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ede616a6012b29b462e1620e519e4304
SHA1 85b4968443b7de6f9a1da569d5727c0f692c09ec
SHA256 1113b3874bee374fdffe162405e9fd82ec9d50e0fa450a6b4fb8dc5c073898a0
SHA512 d9f699a33f965d160c6ec6516640bc0f6397965ae2d93f284395676c2db51ebbf3338756a9eaed1896356f36f39ccc28c9101e324ba333eef436e29ef72a0f2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f42c78ffaa2d08505c17ae6c2824c1d
SHA1 a500886fcd54ecb1f9e16eafdc618c3cfb4662d8
SHA256 ca15dd914ecffcdd8bbd6a98a700901a31ed3ffdd9706a830658d0c87a941b86
SHA512 42ed4ce8ba30a42b230226834745a9a62a4c8e7f0ddebc39f1d9bf316c2e464842ec90d3129e8bcb55c58a09916fb6f4cb3a394f9634c614127ecfc40abf0181

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d33e8a5e1ffb6459a450b46e94421a6
SHA1 65a3d994cb97df62bc2a703ca15f83cba83b6d33
SHA256 c6173bcd0f414a7981754e5c14025ae864b3b460058d41842f92e4a296548b74
SHA512 e2f889b4ac3dfaf94735cdb33eefc96fcd4130f34683b68fd4d3ad8a791096465d3f817bb5d37371cde50ac110a251a4b2dd0ba9c0b4690b57c7bd60eb3c22c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 feeaf1bf429fb649bbf648fc2c329439
SHA1 93e94e8df94b97716aa61c4ca4824ec96b7bf05c
SHA256 5852751539b048d7206ed22efdaf77de29d267d8e24ced6bb562b66742e73773
SHA512 412caaa45a6269da29857dc5cd440a390cc6826e606e8f039559922932ff89a6b21760a69ea39e51ab1c0632eb81bf6a833ec32acf77738d8ff34f0c4ba82c20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb5b37fe28f2a43d3c32d7771f40bc59
SHA1 87ed875573eb779e70d32db562c48d5361b5b502
SHA256 6e3180dc9f68811be54ad844170d8452af275de4c5eae79fdb7616bde401f925
SHA512 d33344cc8014cc954696db037bb572dddca7757fdf7a02c59fabd9cec784a8b7464f1d395d12f097eac00fac4ad9787939557a0008771b490d45685addac64f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4311a4452eca2e814528d3b8379c1f9e
SHA1 d79c60391d208f2ca6dcd13aa0d900c0072dedc0
SHA256 f4e6cc508fa348f5a2bcf968ec098391494b62d61a2ebe9970ffcecf558d3bbf
SHA512 7d9fd797723708ec88ba4d784f5eb2990f51f9feb5c522c3dc372796940c1ed2427beb71ef86e86dac7ff07202914fa551e08798735f8ec08de37b2a536c2000

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 900b4243ea6a0648131ea0f29d00e14e
SHA1 20468bba87e669d2959271b69eb78a6f30113134
SHA256 d6935ff99f861a22e0da886a38d06f40818c988d8969ba2e8a3c221813c33136
SHA512 d539bb96fcb9c9b2dc530bce89d9cb511943de577ecb0c04935b43da642d463626257bd353f56ecaf12c2271940a6a0048a288305511a97df690e34068679a8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7dbc601ba1844fb3867d7097cee4000
SHA1 869c720de4fab14e14d14cd653c96fe92a63af6d
SHA256 e880853c35189f5762c60c4db71e37d9e9d0b79047eac3a4ec9498e7b7eeae0b
SHA512 d59040ff026db6e9035b45d1c8e513fbec5c00d505cd2f3550730d9238a9b35dee272d2da91ef05d4d1c94db5d70826ecc90e30e3ec2748e7cd08272f8bb6b2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ba38a9eb0d3d70abd7e460e6538eadc
SHA1 201452ae0ab029ee0e062db5aa048293652fe1a6
SHA256 2df815afa6f36ed94c085514dcc0af7a54111a5edcc8a9d46bed45d61f37122a
SHA512 3372091ae79f06fb6fa44e9a3261f8229ae60f61cf8c3c735286117fcf0fb22fd28986ca71ad4c81472623d7045714250e5ea869355254ecffc61b6015967f9d

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 22:25

Reported

2024-05-31 22:27

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\889044ca214be06855e5f02851696ad1_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\889044ca214be06855e5f02851696ad1_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5036 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5808 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5924 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4088 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5936 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5276 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 js.users.51.la udp
US 8.8.8.8:53 js.users.51.la udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 163.181.154.237:443 js.users.51.la tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 237.154.181.163.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 ia.51.la udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
GB 104.166.160.229:445 ia.51.la tcp
GB 104.166.160.226:445 ia.51.la tcp
GB 104.166.160.228:445 ia.51.la tcp
US 8.8.8.8:53 ia.51.la udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.182.143.212:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 212.143.182.52.in-addr.arpa udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 1.173.189.20.in-addr.arpa udp

Files

N/A