Malware Analysis Report

2025-04-14 00:32

Sample ID 240601-w3rwpaba4s
Target 8b5ba847f65dfd4d54444b80ab5b29cc_JaffaCakes118
SHA256 d4498f53c2e11f2917ef0183eb1f972a71006098af0e70fbde4608bac7b407ae
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

d4498f53c2e11f2917ef0183eb1f972a71006098af0e70fbde4608bac7b407ae

Threat Level: No (potentially) malicious behavior was detected

The file 8b5ba847f65dfd4d54444b80ab5b29cc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-01 18:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-01 18:27

Reported

2024-06-01 18:29

Platform

win7-20240221-en

Max time kernel

120s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5ba847f65dfd4d54444b80ab5b29cc_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b6096f77dfd73a4689a91c3f174d45d5000000000200000000001066000000010000200000006f25c4e8f5943c09046faf9fcc85a7ed7b29c526b668b51883d0478c0fbc2a93000000000e80000000020000200000008d64de73083663250660fc1d757bf6e55c86684f2ebd35fb71845a9e0c280b4f200000005722ca0dcc0ff0a55b7ab7cdb072e70177fb8ee1863c94bdc84c1218d1722c8b40000000f780d5da47e0d64dabf7da04ae384685a4c7f1222275a5042044f1f69a39e42d865edba031932049327dea00d5d3a2b1f1c4f3ba4e4028f63dd95e19b238f7ca C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8E8328C1-2044-11EF-B238-4AE872E97954} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e02eb56351b4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423428297" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b6096f77dfd73a4689a91c3f174d45d500000000020000000000106600000001000020000000514fac8dc5927b781e0d588ef09a917b830f9c6f3f3d3a3911b703842db3c477000000000e8000000002000020000000adf33d823c2c244a45354e8f59e78724bc384d13cb4b27e60390755ecdb4a98990000000bc6e215497e182053e9da70f989e20070923f4c78396e0d0774d88cba166a570d2c0a19028c1818615bef8d057e9427e575e0a8a710a185cf3f7c81e66ea81b704ad9347f6d7a9b253ca9bfb3a92ecfdcdf70326ec655e8f372b6ee2aa74b90958b682884f9aa8790cc03dc7029624d8ea0636d08c61165375a6977f59119ce47a3799aa4c12adb68e317b61c5f4d9e04000000076fccf8a1f15c29e9cf80a382f9c352a9c98aed6b03f2292fa04b85047712a9b5ecb3a97ea5fdf409d669bbe6c6a957398e763e8fd036d7398debfa60d21895f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8b5ba847f65dfd4d54444b80ab5b29cc_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1040 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.178.2:443 partner.googleadservices.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 411dea74b93630f911f658bc8dbf7302
SHA1 8b3a1714f0df7596feb435e1834e479ae6923622
SHA256 6c1eda8ad70d58a23b5fc40a32e7bd3689ff1dcab3cdb1f20b96597b1d6f5b34
SHA512 00f6a517fb44fb9b6921198cc0ed5079074ad4a104f9da90d9696b4db76a9a8150ffe2e018c54ba0053cc836427cde9cbe86fd6ae53def9bd25894d4b9598c86

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d21af126f4ea65c50708b3d0d6287eee
SHA1 7852aacb4bedc2848b590b110985b8a063fa631f
SHA256 a9ae28ba9208007c94785a2bf11a38dd383842dd311c514e56f7f1451d567808
SHA512 0eb55f57c7313520482fd51401e2344229b03e44a14d3c53f0ec5ac481d34987f6093e152118c0ae365d927d589eade45f09859af196324d83a284ba4403a09d

C:\Users\Admin\AppData\Local\Temp\Tar3CA6.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab3CA5.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3DB6.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fa424614de3ba3d8a46017798261186
SHA1 b412a3e44004ecccc0c75cae5ac67613dd14ef47
SHA256 8209a26888b80fc20410186aa3febbb277046fb4bed3bf41e28bb19f85e71ba8
SHA512 cb6adfbb8e6c45310506492c9db463f88a6e77c093dd3770e4e68f4642b33ef5ac0468d5bce80c64320b24ca39188914d2f25f47bcc9c9a3297b3f8a8d694cc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a3363bec9243d384230ed8f1aa3889e
SHA1 3627a65707065eb62c0d0defabf6e51b2f05a7ad
SHA256 8f5c9d6f5ae653b02d04d6bfa2615bf334a873d146a75f9f63812129e11397d5
SHA512 5aa7c50837fc030150f3319d44c45f18e9db415e8576f7c734351ecf307a87a977e08c0653fba1ef171cbf853c68d095949761025920fa7ee16301bd3772d1a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4029b132d4986d60ce1d78768ea4cb1
SHA1 850c74c1291cc4d10574cec9b21a995cabc58608
SHA256 e089d2749da8a8238f2723b1bd075f000557659d963aa2fc30df94d043bca15a
SHA512 888bb3a001bdca983ad8d7796159bbae1fcf5a0be9994d1dc428541d86919d78f85165a64db90b67c21f7b319b3648cdf6d7ae287ef6a19643e1fde46040cf42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4741fe2e946601f71bb57836460f26a2
SHA1 d6805e509d553709fc892a647821abec0aa6981c
SHA256 6e35c4837bdcd49df0dbf838c9acdec9b8e66d9b9141e87a8ec89dc6246f5cd0
SHA512 fa5ffeb5b718adcadfc89d420732ff7447ddddbfe584bec616d1845468f3fcda76c082ecd7957ff4e72bb3524a7629efe5eed666aee0a9014d6b7e6076739db6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c4d86db63320eedfb1e94218237252b
SHA1 8031a9eefb5113083421d6cf060c1743966b13f3
SHA256 81513f671a1adada4250f5f527230a5e73c36e9b9191f69cad2621b949e77dcc
SHA512 d0cbc1c98b1aaeefea11c731ca6beeae24a1ad263934940e568b89073e0976db82b2ce128bdc4f6b02eabb908922ea74ae0b137da01ddfda855eb02399f9f8c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7bfd4c1c1f29d3d4b5df302f7e1cccd
SHA1 96c564ca046bf9d6721a9a001c1ddf82fce2a019
SHA256 6f26c9bf7af921abbf1465ad8b8059c4a3a4ba3687d5995718bfea13069a546e
SHA512 f4f949bb4698b5cb1fe1537bfc82431a847bbbf0c47e0a06a3dbb6ca0bdee40b0a68ee95d99f098b9d933f9b781f37145849ec9ca0834b1669ef7368bb911045

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00c31fc5816095f280efc713507b46d9
SHA1 38719f07b417a22d831586ecb227b0983861e48e
SHA256 68f4677ae57b6f8ca3cf5b42bdf917c90623b80ffee6ee3d1a677c8c1b09d90a
SHA512 f944f701f4f46848a82caa565c01f52ea6606c4fda2fd51cc574c02f55c27856fe20498f99d2e9f03b228565e20f370c1daa3cf895417c7170e194a647950aa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4849081510116cd5453003e65da814d9
SHA1 f61b17a285a7d717cf619ee9a27da4849359febe
SHA256 38d3caa209702fcb93c8362e6b9bc6f513d09ca0cbff5319fecdac544f39e4da
SHA512 21e4161b9e278921008f16cf83ace73f2a7a21560412f70e28173c1b03b9d31c42627cfdf301132d3013de6af4675ef610bc20f8c278fd8e73e2164f4b117de6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fe4c8233293cb7fced73965b4025e31
SHA1 3716bcb8ce65a91db97ef0f4d7c09df2d782277d
SHA256 211d9d442ec5a082cad7791320957441aca209cccf01a4cea60218711478a79b
SHA512 c746d1cb2e717821fd4fd87a3dabfea5426d49a1f9277a2b8bb8721652adf488070a3a6ff42de81ea20ccefe1a0d759b254c17403dd321bb5038188290f32f88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2bd97e5265493ff998298aae185e565
SHA1 17770b53581bf4dc600e0b11f57f63f3af5ddd3e
SHA256 f961ae3e4fdc58c0aed59c9b5909b496e74ad42cba2a45693375f739fc36fb1b
SHA512 23d70fbe3115b5ad69540d56469c8172541fa5929b0ffab71f66f2f6f563638e3878944d3a2d4deaee5c45b3927294c432f6e250fa4eff518e9adb18dfa18bbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97af65f25c1f0c564ba0a8d3d6345978
SHA1 b54cc92a6c1d9b056fff9d0e753e1ced2c5991bb
SHA256 97c297c681121e4eee8c53cd7651cb089ece60537b039c5d07b8beb7b38df4d2
SHA512 410c7806d8b7c8f71acdea8d4b80d54e81a6a26b2050c4e302a0e90f293d654916d05dc8f231be63e1f4cff24aa0d7ab75252599d533c26970e3837db1e7e1f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 896588373efdba96118ddf0debd08dcf
SHA1 3f1b6b2a79b6c973e69618bcce5c04602fb8389e
SHA256 3c7c181f7e4c1c612cc3285dcfa293357f6d90dc0e56ec3830e403d6735d103e
SHA512 3d0311837998247ad8037328a173baa77a00694fd589b654153eda9472235f863ef4426355bcdf277899c1255ab6c118be0e084295edc14dd299b591d6f415c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7289e5e7cd6fbddc7c9d810212d24e10
SHA1 64b8cb28d654b8b53174218be2668d5cca7d7cfd
SHA256 2dca6207917576a14bbad760aa8a00ede8826257d9539b3b666e6ed91cbfdc1f
SHA512 3e74b168e064939e21c6d3e92d54b8a9e63e8d56754051b037d84503e60702aa05462c38b83c744fe0adfd5ae6e3202a83c2d303029a2d29a8b264b90ec4b2db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8974bd951b5631fbbb407f100c25fee1
SHA1 184f2a5f6cdcc094d83c0f2aa139bf59ea161950
SHA256 502afff78a3dd482aa429b96516fb2886e6b816bfb21abf2a0daf4455592fefb
SHA512 7fed815ec1908b510bb9968cd8092ad2b74074085440b4915934b42522647e25be7f54aaad130c4e4b83bff2e04c76a37b32e78d2950c2f89a4f412fa775a299

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6e3abfdb5c8fa3429b92b1e422dee2d7
SHA1 6a3ad564886aae543bb693e903c935de56e0ca94
SHA256 37f3a759307f9e62993f26f6ff486f964c7fe8862144547babe4026e4820dac9
SHA512 139edfa7ac46fdbd4b48974193bfc842d7460de69a5a1f0f0710d66a2fde8067f6b373d716b36cf773678c4e61bc165652e1c193ecd3649648f0cab7239dc736

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8195d77b804ccdecccc5c1f27de0ee8b
SHA1 a71cdd7a47b9a696f9a072ce595b803f52b63cc3
SHA256 1dc27741f6aae5bab53f175d856bb7d815f8311add659f07b9e491ae0d76ba72
SHA512 e72b8345b4c47e334987a5493834b8dd47c84c508e77fb4af9fe501b0460ac8774a4df94c6902e087b85a6292287f272adf94f7b395718e174cd7e108c0f2952

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 537ffda26196066eae7c369b854dd590
SHA1 bdf0d49f90318be78aaa1f0218eccf47e2155f4b
SHA256 99d323b91f8da0efe945966bfc5a6104b86c2e5bdc20402ac7dc0311f7c5383d
SHA512 7e506e3e941da7ee8adbc3088499a7199c34def14dfbf5a5d302e3e204e111e19b028c92bb9480d5eaee06afb318e29b2067a243472ca654bfbb1d4a1c7f0afe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad3c54eb8884d8d12f7838bb6b1711e6
SHA1 deeb2bc885b3e6ce2b9360e5d5a9d871d4aef500
SHA256 480b126c1a42cc00d3dcb529d5790868fdf51c4bf349086ebd4e8f97a8bbbb18
SHA512 80667ac43572df27fff6b3e05bab51f027507ddd5ce8a31b6151376de085c2b72ac418026e782d37fe8f5a8fd0ff780dd44c230327168efb555cd8dff34e8a16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 faeffb0d012469dd5e72f242737d9460
SHA1 e93ac6c5058154f4cb7321619e0f05ed0b7165c4
SHA256 bc3b69f042a881790981561ac7f049e8d7c497f461b707ca730b4809b465da9c
SHA512 e9b921ce7cc6c57b47acfe59432a63774e295e1f26311c01f7dffb1dc5b9477861ca2775e2e159066258f360ae8131d0b85e48bd6324a777f206a43472fde194

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d337a66abe66c72ffd0377126795245
SHA1 ea41ff508f6b142f16b78a19a66d7d2d7c36547f
SHA256 cfac88eee6643b1d2764a7cb9d2c3492ecda952839947408bf977368c3169c87
SHA512 398b473ffe9e2636d9661dbc009587e8e58257e41621da1a063f2771923aecdd82bd19502144d762f09d1ba29d2f492d34610774ece984d8ffd6cf128027c03e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74bef0b419f9dd176f43dcb25f2f006f
SHA1 dc47e08b18667a315a63cc62d85a3b04e395f366
SHA256 27a9e10929eb9fcb48198fe142e03686acb319c599d9325bc9fb49f096e8cd9a
SHA512 1fa81ecff353e5a91e616665b525ed5524baf00a4a78ec178f32f52b2185228857fb80e53a3798874280c7e13bd5cc9aa586335a810dcb1e059c6cdbf49241df

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-01 18:27

Reported

2024-06-01 18:29

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5ba847f65dfd4d54444b80ab5b29cc_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8b5ba847f65dfd4d54444b80ab5b29cc_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5348 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4896 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5684 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5480 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5792 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=1852 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4596 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.178.10:443 tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 shareofficeonedriveinc.com udp
US 8.8.8.8:53 shareofficeonedriveinc.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 shareofficeonedriveinc.com udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.208.16.94:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 shareofficeonedriveinc.com udp
US 8.8.8.8:53 shareofficeonedriveinc.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 122.10.44.20.in-addr.arpa udp

Files

N/A