Malware Analysis Report

2025-06-16 07:05

Sample ID 240531-s7btgsch9w
Target 8786c8d77405f67eaa12c495341cdded_JaffaCakes118
SHA256 28540e25d0a220cc3f97b8935bf5575d88f1f0b53f8fe1b08fa99a5e7041722c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

28540e25d0a220cc3f97b8935bf5575d88f1f0b53f8fe1b08fa99a5e7041722c

Threat Level: No (potentially) malicious behavior was detected

The file 8786c8d77405f67eaa12c495341cdded_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-31 15:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-31 15:45

Reported

2024-05-31 15:48

Platform

win7-20240508-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8786c8d77405f67eaa12c495341cdded_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0df5fa971b3da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000478f4afff40715277bf5e609f06525baf437799d5d80e01d76f9187fe68cc364000000000e80000000020000200000005c963e3e37a856e79503e1c994f1712d55cf61c772fad38ab1e9deee81b4b3f290000000e33653afa023755cfbac60c4a6544d4545c9f28706f0ae4974e3099eaa700a7eed7b7641a5735c68faffdd7b129531e1fbfeba46be5dd63721c0e448df6448bcfc743a70ef0c21236f5e1e4eab81250662c5475cfdca0236d033cd745089b37cc3d174298acc15960c3444df3490679279746dc24a747c1b8ab2220b41fe2d1d8b6ccdd8036c202eeb0df3f2aab8c3e2400000006ba09584c556f00765faab95551f250ad561f00f7f46e2b006650e0f4851d68c9fcabe98779b7bddc69867e0cf0f420b6b15398bcc622659fc940ce91a220062 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000b263a6dd9efba54a41395333c4c4a4179a13cbd95b87989773c006a50f4d5460000000000e8000000002000020000000a03805dcac2db3653e7f50fcaca6ed846de502fca050abce4c484fc634430058200000006b81830c0ee3ff56ec3b864f9261f6057fe64a39f68210e5ddf2cd23698eb8b840000000af3a72f89fadce8eb0501f319f84cb79bbe86d1fffd40f7bd0fc1837c0e3162b3049f36d83004a4813b0dd1a132a61afa1837bfac916a40f5f0b0da9ef4479d5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423332201" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D0DF4311-1F64-11EF-8C89-6200E4292AD7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8786c8d77405f67eaa12c495341cdded_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ag8aq.cn udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab54A7.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar554B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81bed391d4f3c361e97310d3f2aabb81
SHA1 97f446c23546905e66dafe7e83c0e9a0d5c4c5e7
SHA256 a7b4fb2c5c24622598f2cccaa894a73ba23ad35dc884451348a876f7117efde0
SHA512 2dd6e48f2645b1cf54127760c50ca2414e46b7301d62f4ab14ae3cabdf44f88944ddf1ffe782166a824fad553127c5ebe870603e0d82e109b8f5aaf8a12013ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fe4b2c1ab38f0caebb04177e27d3207
SHA1 50f924ffa21e49640c918d15daa14ff9b892c765
SHA256 77d32c89521edbc5c9ba9103a17ef4756e2c7573c464b62cd77394cca6651157
SHA512 761883348a8df0b0626af372ce8a118c89b534f84515e8e3fd96bc464200450ce01a982fc1561e059a8dffb5ecf1bfbcb16978634dc0fe2a0a7f0df1dad10a9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6af2a0cb71059b232b5249ba5e98a302
SHA1 f78ed6d848757b9ced78df3601e2a93769d807cc
SHA256 3a2a8f78e85929857c874d59b79ceb1df9e9ee18d718e61f9fbaa6c50e2e4a9c
SHA512 445f563438323384ce10f35909c689dce268253355e26c457b0ac5749ba444721b7b7d4ce48a8c124ae64c5811228486b9d8cac7cc36d7ef23df3e56bdccc4c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 758d4f62611411280280063097beb44c
SHA1 5494efc42543402cae715a3a3245395f9d8c51a2
SHA256 5010446719125e31aca0947b9435418c381a73e84ba9e9b3946e98bb6f109b2f
SHA512 b18ab431e268e91b681d99b58b9bdef77ee84aacb6f4a8728cadeda1f521f2755a70cf0be2dabedb1341b964d6bd37e1b53ce7d5404992343d68821b06ad63f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e5a5ab299a7cbfcb2a501b318b2ae2b
SHA1 01be66b4f4a2c7dd677dbe3c3a8977d55576963f
SHA256 9d2c3e79c674f8a0f57f11ab9e9e29e25bf7f0c4de140c6598850d3865dad5a1
SHA512 e116b6d8f6b8a9abe7d2e3bad52d267e0a85f8e5ab16a336b3a2b97c7512cc3c073ea607a8cc76ef5f05b372711092368bb318fb4edebbe2f670c450247a59a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30587aa0b93faf0b0d2fa37647f28da2
SHA1 d56dd5eac72c2c7bedad5601d14e07af218c7217
SHA256 50876816faf42f7ed0385c2ec9dfb211dc7205bd7042193f8fdf9d3e48291b52
SHA512 a861ed8821f0891c20624cd2795b976ecd6e710b1b0911d4ae217a4d4feed3ae893345c52c5990f1336d0fe0de7c52efccf860c2754857db50e53bfb5daf7e31

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43a7e69dcbd29f5d8a9a57f4fefe0cd3
SHA1 95dbc8ef5e0e07245cf511a1bc8bffaa93684bc0
SHA256 f07527e0c8531a53c962134c7f55595212ef4325e8f2fde5f95b32f787d23fbf
SHA512 270961086172a99ec7f3bacf069a9f5865c83d801f6356cde2bc827963e762e6991029e78185c1c0337a9125ea0b845f49906dbd920cd7582d4b9ff4fded4bb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9980d89e88cdc5cc118b5f095894d81
SHA1 494eb078ebfa4af4b69ad2945812f15bd8009053
SHA256 476e68d7ecdbaf9ac1454bbfaaa28724c9f5af8c5609083e2101ac1cf54ef2b4
SHA512 8826b3b05ac6c85a249b96c06ffa757342a58c7f63441dc0608f7b1ce8d106a8dfae29ba01cd7cf5dda0fa50b087fb268f06eddceb25b4764fde09b8de985f9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 601b9b35d8187349af08b27df25bf070
SHA1 020c76422f77a447bb1116055030d671fd2dd862
SHA256 5a94743ab137563bbb2d67695e9c499f603150ddef31ff4a35bc1353a122bbcc
SHA512 b049ed201daaca3b5d17dc9168c9298d316ebb3d17fe632b5b96f08aa4f8301b3c3562d9463d579b1225c42bd5eb176a609b6503c261bdce492aebc478f7f3e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3136eefe4d1c262dd4f3bbb71d76326c
SHA1 3610018d4b5e2c772b72837ae54651ae77adbeec
SHA256 44a43afed676a1316d755ff4f61bfafc2992c5fe4f22af97ca64df351f485a8f
SHA512 4351450307a2d396bfd47c6ec262b5e7b4ef23837e2a48d3bd0d909daac23923356f47a8a3f66f04b0d3c272e63b60cde491685f0106ca64de56bb94b06c4429

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4c9adfa80c21f339dd9087660bbd00a
SHA1 1c56923e994de40d9d036aea961230d06daa58b8
SHA256 6ece05a968dae4d3601a6fb0d0df37e38537cafba05ead2f23e7a8c188e1e69f
SHA512 a66f4d0ed63ff4952c3ef586bcec4683faa79142026e51ceaeb25abc2169806334bee47bb3f9efa0e260693fef77ceb7f6c8ca407616b8ac84ee1e96dbb3109e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c7edf7b7df5690880712966b8017a5a
SHA1 bdb34165a8ab23f8897c110e54f89dc28ef4672c
SHA256 8510d9042d0e4b8c995435436347fc8328eb33f4d7a413fd577ed0354e59a08e
SHA512 4648314005d69323604fc52b3bb4036e9b89ea8d2f2100bc50a296bd3240661b424d829508288e36c490ee855616c45fa19165b6d2fa06e7bdeb00fd1d0afc6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2764741d47237d9c63f10d53eabf8594
SHA1 f517e9c3a98aed4e452daf362132c73cb8fc728d
SHA256 c55a9fed5f917373e1f3fa20e7a5dd7cb9943d7a9afc2504f5ea96e1a8492e43
SHA512 f70e6f6d86dea2b1251d1903d179ff28eb344db979ac998f225979c852b51e67d0bb79ee90c001bc5ef48077ef9119527c06d0c719beaa16d05cbeaebe396828

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b18845c2b80788543eefb379122feeb1
SHA1 fc8f34f7c38e2497411022cffacf2033e9fa821a
SHA256 86d56f2729708431260064e6046158378165122afa72233dfa19d17772d3e7c0
SHA512 69eddaa627f6d0791ae03299ce2165be29bd08293a6c289b419d4903cbf1af50ccd77528ed24d458c4314fcb02dcd61470dee1bb29f25a62825bffcf1fe3b093

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 682a4720d410a4b61295986f235639bc
SHA1 c93f84a79f6f5461ececf64d4c87b39b86cc4376
SHA256 339bd77c1026f913a94bc22884dd1718a87ee0aa78c3ad6d786a12d49c3408f3
SHA512 f3dcbf5407df24a8178cfd5e2b1c7c4480674ec6f951b675975c784f13c1dc0c242c07a01d316b20a3480c15bb4d2c94edb9291ebe6bf7980ef75b69a1a67b33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85b96287d1c9f2b7cdff45b6e0a0bb73
SHA1 d422d5cf4835496d6e33617cb3d31e2239fb0525
SHA256 75ed00d47ffd984f04535ef5bbfa38d80483413157f865d617561e6199e941b4
SHA512 1b72f583712cb660895bab233d0e590561af3d4139a5b8d1c0642b2d34a8c69f69398c705f9a9db007e99143e64b45b735a44144bf25e2e42cf5d9c53aaeaab4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1f8a063d1e373fa78e202abc5fc03ea
SHA1 6c849cb1f47843f6de7e7b4ccc10bf5f21f59c3a
SHA256 6865f6203111ae461317dd7d52b0fe09b60ceaef3d972262199adcb1e64b152d
SHA512 053f52840a20ff7ce78dc554ea41bd806a1acd374c4dc435c95fe1b87fd6bc6f69beab002c2c7b91ad166ca92d9255b6139e5d667f79a949078909b6179e460b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c02dce4d6127641d644f2a647dd773f7
SHA1 7c43831e75e0139aba01c5cd0385382f3b36e5d8
SHA256 c00e1e6d1b69acf89c23300ecbc32fe3289ad0409fd6df0c4ff2d0a66cb99660
SHA512 deb8e99d7e1c5ee2b5bc07099b96643eb172c97e317aec5ecc74ed0607b9f5815ecb4bf09d28a33db00ac88753a4796b42ade7fe4790eeb9c81105d78dc2c968

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1cd12f6fa1e5c0e8973fa0ae637cc1a
SHA1 3f35dde66c776fa2da59bc22287442ff4331b00f
SHA256 c3278d98d92eeb1abd0efdb59711b77bb740512ce89f9f8f95ea1d35ca84c589
SHA512 68f640cf4697c278409042972404c709bc4bb39645d84eaeae2ed602427d08acb374ba0a3ed7c9021d7c137325d5b54292a8c70ae744d82230230e8f34a85615

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-31 15:45

Reported

2024-05-31 15:48

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8786c8d77405f67eaa12c495341cdded_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8786c8d77405f67eaa12c495341cdded_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4504,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4588,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4772,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5304,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5404,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5240,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5828,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 107.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp

Files

N/A