Malware Analysis Report

2025-04-14 00:31

Sample ID 240601-w3f47aba3v
Target 8b5b636d3732ff3d22360050159d6c47_JaffaCakes118
SHA256 01a55f32a1327018d05d0c312686449979c4f81deda98e7e833a06a8fb312e36
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

01a55f32a1327018d05d0c312686449979c4f81deda98e7e833a06a8fb312e36

Threat Level: No (potentially) malicious behavior was detected

The file 8b5b636d3732ff3d22360050159d6c47_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 18:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 18:26

Reported

2024-06-01 18:29

Platform

win7-20240508-en

Max time kernel

121s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5b636d3732ff3d22360050159d6c47_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7B817791-2044-11EF-9B71-FAB46556C0ED} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000af1989d5f70e862363b1ef0d9ebb8ec86cdc4247e373910fbc785091a410beb9000000000e800000000200002000000050bc4b188746beaf5068cf9a61c08cd0fde338163f3725b4224d14fab6afeab720000000bb7e3eca20d5b7a6ffa9e5b710815955d65d1268755cc367f8c226fabad0a48140000000fcf41f97f811f4be57828368d7547e475b6b3b56577953dc41830c1e450eb1a69322d98c58e601b0dcc4b4b7f9425ead44822e3738a9c0413d2f405265c4b30f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423428265" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000760f6fb6d7365248881a38bcea68cf8b00000000020000000000106600000001000020000000c8ffa3f290a54e08cd05ebd639701ceb877baff92064daf09a6f7d2ed9e5961e000000000e8000000002000020000000d7d24f261977aae95e83ce5357e3c62b76509385493e01de8f272765c49af895900000009f6fb788861563f32bfcfd6b08804dcb248b8d6ff97cbd830f60ae900d77dd28e54f26ce5b2683bd5095f11e1c6b471d0e31380db3368ca05ed9f65ccb4ee50100c75adac0c86b9213cf45b83c9720773772696e8b296dc26bc223e88e22f636ac56666db486396c6805a7864e03da4d16346b651c40ccdf47dc4c7c65591cc2c60af51bdef3ee873e5e9a39bd222df94000000026fdbaf8c35d031ba57eb95aa35205071c81bdffce42eb0883aeb1db7d59542b21be182baf7764735a4899f2a73b1462dbc22ee4c4b76640d80a80d50f1eee82 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a019c05351b4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5b636d3732ff3d22360050159d6c47_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 coinhive.com udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 104.21.57.186:443 coinhive.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 104.21.57.186:443 coinhive.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 8.8.8.8:53 gamingw.net udp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IO0LJX84\3ca36621bfea7bc2fdcac906a60b3044[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\Local\Temp\Cab2399.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar239C.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 367be39f0f0bd10ee528276085ebdf48
SHA1 bd2d8f3b91e3d0e5dcca4c0734f27ca4b0f257ce
SHA256 6568d4a4c638ae3fec4d5bef16d7f5378195466005a7d7de3667b501878e566c
SHA512 1e33cbeabbf89c1d5f5320be70459a27b2b4fdbbb4e5bd8fdcd4f4dea5b5b7761e49ca4cc72dd0a33423e4ce15353495eeef01472c7cb005c9d9dd4ea9d4a606

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed6c6c3336ccf3cadc4b8d9357f9d2f1
SHA1 1e1d1dcf322290081e4a83f8d0c5c720dd67f766
SHA256 b7a41701a8e2fa763a5c58886606ebff868635a85d57988bdbd3a890159f728e
SHA512 c0c82bba21a57bb74e378f20959c81e8cf4c821fc2b600d75544b4f0199700a4751fd9c10d3fec6e341794e56f409fda110d479028f8fa6a24e132e763d858e4

C:\Users\Admin\AppData\Local\Temp\Tar24AF.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b00586d7f1bb89953662be6e58aa221
SHA1 bf55cec898ab47e7e2c82c7a54c1fe6c5c32c926
SHA256 7bd6f6bcef155cdde9adc21fb631e930f79e8e442003acb7fa7530d6188b914b
SHA512 eeae2f22a529b5ab2197efa9a2593fb1b971b2f14ba159a8f57bc32535df3c52a9a282c4f82dcde3abc3cac382fb9efb94fdeec9bfe38a7ceb3d1fa023efea3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7f61e644870e676f9b7d60b2f9535f42
SHA1 df66996e533ae3fe684d69ee8cebfe8eb01af493
SHA256 fbebd7e7d06034a4f088692794af69360e14c4abc82b6c61ae335cf27b057590
SHA512 b6532ab8254348e01b65a093ac6dddffc0b4e68fb47cabcbeaf5fe56139f670f810624aa773cedfda6b1838410171b28462a272b3230cefd15ad961b40942173

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 704230054dc29f7c51da3916fbe0fedd
SHA1 a699a46d9c9fe7507344d29835ec1520ad9349ae
SHA256 1300cfac25b8f725c9f99ad1966f2edecbeecbbf13f6ede0cb50d4165fb8c1c3
SHA512 bef4e3d0ee9bd92b4006a1a7bab996912173b4beb26f90feff09cd6cd34d9faad30390894aaa20d1bf1fe9052367b7aa8a0517d4714252234f6dd4f25f4e7525

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 070dac7114e0c1cef45fc28cd2b135d8
SHA1 acf424d8158ead1f4abcc08ad0034ceb78fe8e42
SHA256 6400da2cd0dc36f4290aa1b3be9608ecbeb68b6b0d696271a5376280a97a7409
SHA512 b46aef0dccfaa0c3a563f070fa77144ea20fc2cce16a7f28b5af2a6a2b2664d8fc302d5c3f52db50ac1f7255b809a28510bfb4ae991c66cd2568cd57e0ee9502

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31f7102e359e571bdad988d71d787fe5
SHA1 b3ea4670c8f8019080fa216f67d16ab4ca742300
SHA256 1db15726a0ecfc2796b3c0f241f3bcfd7d2b1d9ff48352a23c1386af3310992c
SHA512 521ec112a5993fc833ee0396a7e703342c6a08220fae64633c991a6a68b87f37e60b8ce72ad589da8314ab91173c44a9217f9bc4c53876135b8fc8f0418ea2cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a7be9cf8dcd190c250338a196cef977
SHA1 3fce1438cc851ce62e27a0216096148fbc1031e9
SHA256 f860b1cb03b66d0027a6addfd0c81fe52e0dcab0c7e89d5267189871c078556c
SHA512 75224c47fc753951035be8b1e6ab29c3ea016ed9ff1bbdbf360e817f5d90dc573e2b682b9f0d3ddbd13a7a3e83912af56b92223866fef1c0da17ae3cc7aa4915

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8e84ad4f0bda3d2e422a64c41c34b4f
SHA1 1eff182b093b82b9914a24ec644c26b70502a91d
SHA256 a034b6fdd2a55efa4674cdd25a692ab7c771fd23b4dbf3d1f1377f282ad09be4
SHA512 ef0c412970f8f7ddfd4de695ffc374a0e0182827a5e9b0da5bb6f9a52156dc687f0d798b77729923c2a6c09435ea037eb69121da203be93c0de939859b8b94aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 573b6b77afeb3c0b5a1a2524bf2078fc
SHA1 2ffc6b41db9affd1215e7d0dda2daff4b8d8a464
SHA256 9618cdd4a5b540351059972b26268e28fe398c68c8e06f2c7038b9a6d00bda05
SHA512 1abdf95fec8babae5c0470c66810683f7a75caa76e7a591c5547c0599fca73d007071f256aac16966620b898f4307d60d1587e4e857bd7f5c468d636193058ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39fb5c9ff6f5433781c33e7a23acf034
SHA1 43f2feb2d82de1c05dd4da356c91ed44e517ddd5
SHA256 ecea252038fa9c1321a52fed3dd346a3e277ab93b98b183a434c0a4fb3680038
SHA512 e5bcb3c712bf80e292a853718b7df4594bb57cad61f36a24286952003aec089f71943efa50030434ae09d2bae13c5409de7251fb53bea5216a06c73d43ef1a00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 652fd1c08fbe62fc1552d03c33e44cd7
SHA1 c0f2a4724d62991971834105817037aae7805aaf
SHA256 75c3900c38aea0fc330b33909294ebe1720851a82aec21e3e5d262727b123b9e
SHA512 6efb6e986741cf2c80ed75598d6eba17b775571aab8f9407f3a22d2535f6e43f014e7eb9397e5da82f8dd000352613ce2b3ee2458dfcf30d841a47e73e48e109

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3abc802f958859a369ed3a632cc6f42
SHA1 b6021fa38524192d5a18b48b20962ab5a4f48148
SHA256 3638095f58fc22f02dfd215a9ef9f42d9904748ec0614e4d6816b3c30a9c3e12
SHA512 47e9b01730b9aab38b9a446b0420d5dd4b669c1a3b637608a785468db6be4a3d4213ba5506f3444a93fe3c2fe05ca6ee8d70bbeb5357f2687698519fc42e021e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc0b53a687b63821e120fedeb1ad2e00
SHA1 2003c76b1d97db473a7ab08a2f4f90572d6724f7
SHA256 9a789c0e1d299b31f03081f7be51e6993eb124d678ffec5830db936415579118
SHA512 a13bb3b8e0df0e3c09c7fbc2b0a4fb2c0b3997712ec4f07a263ed82fc17a18fcfdb038d9804a95f21a8c903c459fd2c82d2896bea637839803e390078843ae82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e9bf40c5ef159f5e5cd44d4d077d5f6
SHA1 8c1214dd7a7673fcb3dcad8ce9ed8f689269a2c9
SHA256 d15f54ad3a2ef6eee9a1528ef243d20a0a1f637474ca001fd1f0b73b01b2b373
SHA512 7d5a3789a79038be82f45e948ec1f809539145a796c9ea8ddfc09cbe3435cc2d0f557ec488e61a5c571d39cf60d738836a64dbfa24e56f75a2491c7f064d4744

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 388922f6f5df9c5c5b70bce642a0497d
SHA1 6a8f99c7aba2a2c4ef56b230d1ec85db446e8098
SHA256 f3bac04c0a28d65e1eb6b1f95f5fd076bdd06a38fe03a5aa4ebbb98d0d502827
SHA512 aa0539a4eb707a34dfe8f71ef9bb39591780a2a0e31120345904496e90b226827dd33286df4de6dea2c871bca8010d07ec7b8cdf6139a81b175922e291ffad87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cac16d84a21bd7b5cdffca5cec32843
SHA1 5afe9b8dd15389cabf71f580f007a7fe55c2d7cf
SHA256 1e28d442ab32377ca7d09bf213ca609be1a7f766d0da5c690606c83b0f90a1de
SHA512 2818340af00ee08a5d0685e3a6de71017d78010ddd2f133bf49198911ff0184d8401afb22a259fdca81e6097524967886aba60787d5c9b02e97cd12710e05526

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 060c8abcc518f676e46b7ea790b5317d
SHA1 a86f589df2bae2fa14760cb481c8ccbdb3754d39
SHA256 5be92c03315d919328439dcd28d0b87d759a992dbb145ccca515407238dd1a6f
SHA512 a6212c66a318fccea48853411db4f4993c12dc462ca3808dbe3eeca4242df60262083ede2047456a2903a38949582784c8bd02c3dd483255a6e7e2a8c4351334

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15a81dea4d815262508e50dfd4194152
SHA1 2c4610fbe703c2d4830cf2c78c0b1898d9bb0a2e
SHA256 af39d66ff894179c94637feee0932403452228cd12e7c0fa29f68d4bf4fcbf21
SHA512 156527624ef0c3de771e8900abc0c58efe0056a0b79ffecb6e90bc179eee520f7e186c0d09f868e586be827671689dd9a773cca9524b5cc33679517e560d6f6a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 881a4d968909c959246010433db97cfa
SHA1 620c8bbf7faa355236462154fbf2648a5437b3a9
SHA256 e253b8ffcbae58339f807292147178a7c0f47ef2eef35a9d6604aa5a0f881ee3
SHA512 69e35e76ad0bae77113fdd31897cd29b9ad309b1e142b2229a3773363826c2828d73f1916c05d10f578f0e7da9518150f869c04f1ac64baca1ee83b49fe25eae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 205288adddb468cfe0c3450f0bd4270b
SHA1 531027513abb594faf8b09e14982cddcbef634a6
SHA256 415e57eae7564b83eaa1967136c356bd5483460b714606638a49d3f6d0e2f0af
SHA512 efc8a76dc152aea3a0698a936d976f7d18657f24a927ba2a4988325bac72586f416ac09cf8cc8900201916a252ae9732db409dad161bae0595a617fc354d1e9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b10d63170c157d5ed189b10d5dd58d0a
SHA1 d12f38f3d55a7a9ac378c2770d7744e9e65e642e
SHA256 b5c691f4b44bb1d2cb97fc5d1eadf4854ab54108bfe678d733a268853ec9353e
SHA512 c2d7d0f8d6a7cc9e88b5f01a53988c4ac679f9bbf7ecd6332579d26f0ee656a14249a0bcacdc2fae34814cbff9f7c402dd7bbb5279444e1cce98bf98158dce88

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 18:26

Reported

2024-06-01 18:29

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5b636d3732ff3d22360050159d6c47_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5b636d3732ff3d22360050159d6c47_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5276 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4068 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5832 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5804 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5168 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5240 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4592 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 104.21.11.155:443 saltworld.net udp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 155.11.21.104.in-addr.arpa udp
US 8.8.8.8:53 gamingw.net udp
US 8.8.8.8:53 gamingw.net udp
US 172.67.160.162:443 gamingw.net udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 8.8.8.8:53 162.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 i1.wp.com udp
US 8.8.8.8:53 i1.wp.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 192.0.77.2:80 i1.wp.com tcp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.20:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
GB 142.250.187.202:443 tcp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp

Files

N/A