Malware Analysis Report

2025-04-14 01:41

Sample ID 240602-2f7lhsae78
Target 8faa3b47912137afa3ef342e62b5b7ce_JaffaCakes118
SHA256 e82c428886bee1d3a3340e0a7b791f57d1646647854c99295f94638034b867fd
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e82c428886bee1d3a3340e0a7b791f57d1646647854c99295f94638034b867fd

Threat Level: No (potentially) malicious behavior was detected

The file 8faa3b47912137afa3ef342e62b5b7ce_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 22:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 22:32

Reported

2024-06-02 22:35

Platform

win7-20231129-en

Max time kernel

118s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8faa3b47912137afa3ef342e62b5b7ce_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{01243E51-2130-11EF-B9A1-EE87AAC3DDB6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003607f1e3f3da3c45ae072e00b94b49d5000000000200000000001066000000010000200000008551c6a2c9069376d091791a147a36a691d7625cb414c2c8a2d838cc0d437e34000000000e8000000002000020000000238b90a65cb990b42bfbc1b2a4bcb92a272e1e02b2267c82fb17de336442d53b200000004f124ae12578e6c752fee8554bd24647434dd7c0c1fc2f24fe5d2ae91726c1f8400000004462b7ef132b867690e5f46f1ea7991864c20f8cdd8013cfe2a0995d16f4c204c8f543379ac6e685dce29ff3d0cfb967847f4abfa344e641e3ee92645f7b3981 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 9067d1db3cb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529420" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003607f1e3f3da3c45ae072e00b94b49d500000000020000000000106600000001000020000000b217791df9ccadd55f33322eab68a546eeedf3d40cd56b275b5ae5e5979ee1db000000000e8000000002000020000000d954b7cba36b68e6fa4220a04c46569f1b2b5465d3e08b86b0b6aa109e10553c9000000086d82be4db16fe8309ef84ecef9a130ec6b290ba09c9d32d02713819cb0fbab5faafd3e374740c1855a4051b5b04a3ef77f88b7806e81c2f9c2ac35bab8dea64de2f0f234e44801ac1dd374f038f2bd81c1551438c800bcb3d20f8748fc6b71521c33cf8dee7fd28fcc18bd1220bdde31b4aed3c04bd8760fae9f61d9a4a0a68529a61b07316147b4ea8fb6a1b85691e400000004ac2b035b492accae5c731101e524dc9428f6ce19fe27758dddd344838d23f5c90ddddf37c839ad3de18eef734c532e37ba3963d4452a521e49c7a91593fe92c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8faa3b47912137afa3ef342e62b5b7ce_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1420 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.mientay24h.vn udp
US 8.8.8.8:53 fashionretailnews.com udp
US 8.8.8.8:53 mientay24h.vn udp
US 8.8.8.8:53 goteborgguesthouse.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.lduhtrp.net udp
US 8.8.8.8:53 banner.mientay24h.vn udp
US 8.8.8.8:53 thietkewebmientay.com udp
US 8.8.8.8:53 quatangcuocsong.us udp
NL 89.207.16.75:80 www.lduhtrp.net tcp
GB 172.217.16.234:80 ajax.googleapis.com tcp
GB 172.217.16.234:80 ajax.googleapis.com tcp
NL 89.207.16.75:80 www.lduhtrp.net tcp
VN 103.77.162.18:80 thietkewebmientay.com tcp
VN 103.77.162.18:80 thietkewebmientay.com tcp
VN 202.92.4.5:80 mientay24h.vn tcp
VN 202.92.4.5:80 mientay24h.vn tcp
US 103.224.182.253:80 fashionretailnews.com tcp
US 103.224.182.253:80 fashionretailnews.com tcp
VN 202.92.4.5:80 mientay24h.vn tcp
VN 202.92.4.5:80 mientay24h.vn tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:80 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.194:80 www.bing.com tcp
NL 23.62.61.194:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QNXIQUC2\ncode_imageresizer[1].htm

MD5 3c3c5deb7a667ede691d54c1fb3260b0
SHA1 16b2c1af68a248e4a37f9817c8fe3f9d3b2cd298
SHA256 7586bb4333f996d1085f002ccc37f7ae87ac5231caf0243928bcc9aa5d2e07ad
SHA512 56d3b12972b655b3f566e38b79a46a219be660a04d2f0edd547c23103911350940096dc6e1d2fa1da6454aa65f174f20925a2760f16bfd1eb1e902bf9db38bc2

C:\Users\Admin\AppData\Local\Temp\Tar36FD.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab36E8.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8920b7f7ec376c9450a43c48bac64ddf
SHA1 834a67199d6f2bb4f441ce2f084286b145192714
SHA256 c4465f135267cb2e13e18757668b754729ace721ae956d44a1ac87bf4ee7171e
SHA512 a39408ca5a24ef6f52700cadee0c3bdadbc87d03e7cb3d614833c30bf1a67aa3ff7ac89340323e86b9136cbad50cc6a4a8882013dd54bb8c4c4c960b217fad48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 223a3a937b48611d0531d01a7673c0c3
SHA1 9ec853b7ec69b280e8facfb549f5d3e35e831c03
SHA256 585a97d9d9810a8b1f4bb138fcaadeb2ce040d84390a1fdedb183a0b32600373
SHA512 7bd35c3ba896c409e6caeb8846c369bd1396ae76bfc73d942b37e66ea60fc46aa33d29c07dcb773d5443495db895735e5e619485c383463d03c4b77bede88ded

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aaa9bd305c878a8c726c6ff47f1c1fb8
SHA1 1f1deebaf203f321f0ba082f229cb098324b8cf3
SHA256 1226ff64e0c9509af003590b827ee36e1b0502c679194c842d9ddee03de7345e
SHA512 9a8c50a59aec33ab3e7d926915e6afd003c6082043321e5149b82d595f5dfde48fe5a550d2c303a12048ef0c5977f127e10de3b7ec6bb5897fec5ce0d5113cc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ebfdc81ff7c08a0cf4f34a60583fe9f
SHA1 867fe326fa3267d366f657316316a07a3c6cf652
SHA256 b400f3f6004f7b0d9950a69350681b2a3c0e949214cfe2691a31cbd4504dced0
SHA512 69474882eb09e3c69d776896982636980ffde38aaa32bc1d7e7f3ca20405edb9f18d0fd7676b49eecd6bbf17def7749406a19478db405211c3bbb4b435055fb8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d681b4481730460725b205ae4115377f
SHA1 6d7acd5270335d62a397436267a9413786f796d2
SHA256 92f64f44a2e871670c1c4f0b144c5528df808ba1d1754ea7fe7c67af43a95908
SHA512 4a81542f8805fa60128807fa854e9e475a73f578384d82c452d89439a52c10d8913e9eec078ee9a7a49d6e1fe9ae7a73df1f72ef5e0b6b13c6c133a007201d10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0be7e43f1fa66ef4efa87bbf6c47e957
SHA1 b9fa76aac83c7915327fb351f3fbbe19e60b9ab0
SHA256 f58adea2cc1bdfd7d3abd85ec3a0d464249a4796c5e936eae4237fb15e5f3497
SHA512 47279cfc2a2ff92f708d41b18e5553ad93a404401e6c9c8fd70d57bc6bd53bea8d7e07b9936ab99af0da6a5b5a60852bc3a5211f1c1c9893ddec77ac3e662657

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e434d45c4385fa4f837528a76fc97cda
SHA1 26f495f5199623fc45aae622db9b634a514ca554
SHA256 9466dac6eacb93cfb43203e5008ffbad4e0efdea9808f0dd9b76d949f752d8aa
SHA512 d049318682c5c5bcdc4e9c25c09257b1071579d6cbe83a2382a05616cd860cd9f4b945342390b7cf5b7a7e7cb04a955af6aac221923c69989e6abd109e8cb823

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1172b14e9d89592046384e9491f2ba24
SHA1 d87f742859e37d4f0cfd0b67c8f02056825c9b1e
SHA256 db8f63808affb41770ab731252ccbdffd04dcfc7cc3b00f704e91f33669fd111
SHA512 385bd6eee245d5c93bea9f42f9a654b5c3f68e1ccd91aea8735fdd975f52a1a997bc37c94ea650fcf7a35809461d9089317815f1118dabf12f227e1d46b62541

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41dcab2b5861013069671e3d53e4b2c1
SHA1 3a60cd5c54507b95ad226b8c27a432913a04a50f
SHA256 55488f85699837a3ea3bce90178b40ca4b4a24f5a539dafa02fe0d2651115c90
SHA512 d82b40726c9160c76ed051f44320bbeefa00453b0d9c155c6db4c58c863f7f4decdc8098c060928d91e20b4d87a321d3eb117071eda38ad6b91d50075b27427f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 aa05bcd2eec5e15dd21a1503af5edd9f
SHA1 02e38c066c1321178f033cf5ef7d57f46c7e4ad4
SHA256 5743fa86cf884d94c15913daeb54e6a9cfbfbf95e9fb54f089c8a16fc5920e45
SHA512 a21629ef1c09a65ed4cdb41ca94bd0db1f201392f44ef5286a1970a4ebba549727785b161ed37f121cdb00bf21d254494d1232bd79c1ca152bfc81bcfde5ec6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6713e148412fb99fd8489bed9ba10b1f
SHA1 72e66a0b9b6bfdc326ad197c04292484df354e2b
SHA256 85531504ca9fdb98c4fb031906983cde4b0e405f887efebd1e4af023877c0267
SHA512 aac9c748749f495befe05655ddd145a378e4ff279c542cf23c0cdcff9118564f1ba5bd7eb2fdb8e6c3c6f68a36ec0ee02b00b3060fdcdf3f94f709e39eb0c1ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71cdb89706f4b5efa421ca4f88c1d196
SHA1 0131ce06c6f60b9902cbef50f3bc7f98ff3bba2b
SHA256 4a70bc9a89a671cea315f25c47555e2d368c5df48c1f90ec6253aca89090ba43
SHA512 9fa0c642a0b568b18b02fc3f625b1cd9a0e3f9f0614305e3298cc7eca3a18112862c6de48cac5945ca9b382e72ee7928e370997d8beedd8e72edbdfe3bda6ee5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1efae1d6d8fa1affb9a59f3043aca551
SHA1 15b8566a767429bf493af08d5e6d73fb1856e8bb
SHA256 10c13e58800d77577e19ccd56be7b7d20da11c24462d6d1d486ee3f9730fc435
SHA512 4aa2b1527a3a424b61b7bfcb0a8aa9ab6d67d898bb9e23a5af57b8bf81c6848c7831362ae274f229248c02863fd4ad98dcbc0400d83283b5cff2e80f27a40b65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eacdf0fc6d591a3066e38599a23ae7d8
SHA1 ae578fa89658db26c7a44e151d67e5f01616837e
SHA256 3b0881da2f053be0ca80865c719c82647edecdd2f8a08ccd729e0db1bb39bfda
SHA512 ceca009a4d9c7c9fae818b5ebf212ff867dcc78e9e03d624d521ce4a6397669f236ba4213f30b1c7fe1d923caa24e97875b0729e718049e6aeca5f1a7413613f

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57f42d8b371ba601843cc7b8cec6b4a2
SHA1 900ebab717cdfc76c5c59d651586748b12e55308
SHA256 ad1eee247ccfa5c506e5fa794cc654c44fa3854aa906c0e7d6871b67ef7fe12a
SHA512 2378ac2e6238ba8e0c531ad201850265ae9f5a7c83d7b340982cc4ff061565fee7a3db7af2e75ebdd5e457253323701ab63c930923ad285698e8f883aedc8e30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c4e728d9dd34ea3a2daa9581fba3b2b
SHA1 6562d96bccbc4d4b2a0f0f7d49d996e0efe290fd
SHA256 77c0a49eb0a1f355c5b605ceaaaf67659815794db452caeee87b06ac8f902629
SHA512 6919301f02b7279d9849ca82b941e5340100e99f18efc50a8f42cfe78fc3b5831bbbd9cb3b5dd440e7e798ee1c79269035fd522c2d94a7e22b352ff61e60fac7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de55c1abfa086208bbc3c17f3a95a6de
SHA1 78921f0a79118024a48b4b1a16b225c5da515f2c
SHA256 85b4d5bd0483c78570357f2d4c4ceddc8592a45f67095afc98acdb136b0e2b6f
SHA512 88413df4e6debf7fba765072dfbcd721b8792c9984207ffa11487c1bf1d2747901e09c3015f0f6c269c5e65bbf4f8e3b176ed1d9c75d2b6cb911c02edeecc9f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 243813d5197c8f90d815f152a2e61349
SHA1 86dc36e16a56765368391fed3f09a5548b8b9fed
SHA256 634ce52d18e59e1c2cc97b5274a905a9b0cb71bdb95c31c14e271fb950078199
SHA512 9fcb108d8b265a428d7fc54e6df7c80e0e7585d40220e141fdf7787f8abf73d524d2b7534cbc24fd6dc47910e9bbee4bd2d1a2ffd53a84c6edb8e09c631f5df4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f45e1d844bebe064436c0b6ef33ef0c
SHA1 57e81308df8eb0df9f6661871cfe89543d1f75fc
SHA256 1233ad74cdc6eb1ea378d24ec8acf70249fffe07d96b9969e3ec5fa2ace3b5ff
SHA512 327added60edc12a06bccadcb4843762d7835b7fae0f34def6e22fb7252961d633d32b34bcf2498f0614a93476284df9515cb52c310fccc58a1fb4a497511f68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62b12e168c8c904b0393c93fe718c3ed
SHA1 47dce616e1dc8623914a9f9d7e257dfac394e6d6
SHA256 c1a1904b19fb363038f7ed8019fc80add864a03b470284bc4e2226f579c10773
SHA512 2db41aebb107f6196182d3743fedebcb1d08fa5794860798a804606d13c86023c3691f048ea2c635683f3f0537acf827e31cfab7dc45b11aab9af5e791d7a7b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f431115cad7829deccc177125c9bccc
SHA1 500f6444e7623bee76404a7422d3880b13641446
SHA256 9f476f381ba170014ebc50a72fb40ba9dd27aec61b14908bd40f536a68f6e962
SHA512 601b677c662a2e27db0ecac6ffd8db24bb735854f1b699d1e2317e2a287e0639bb215ca5904a4ddd6f760ac0076228f5067292bfe1048470f902debdf3e84ca6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d50aeb69addec798af02336cacba74f
SHA1 9bc86376c57a9072c1de7a82d127fa37b10497e4
SHA256 c9896a1c4c515aa65dc032d2228f68870462b658019118d8ea2d01b3ce5e5a3a
SHA512 eb54b646491e661e053c37c6788f903b962cef875e03d1b15215d2fec978c68771ffd62e45105087a3c04b4ad139ffe1b268a4ee2bfaf08f8d8ad15d0c66e2b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8619b2e889c9237b0db50a0583a44738
SHA1 a938f15551df96aa35444201d0d146b4e61e03a7
SHA256 e19b3f48b58051fad9f031e1691e1e9cf7986c44f61126836c004dcc9fb75b33
SHA512 4cdc57a681681dbf1c385a3dabb9e8a8508ae0942869e2aed4826269a6f30cbc684054c2d39f3828ae04ffcf144a802ed07352d4708497fec2c254cf75b5db28

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee3b7e765684af0b12caad6905804195
SHA1 b87bdd9b859fa12dc879660aa3b7eb32226bee71
SHA256 a0e4209df92affd3bee2c24c81fb101c715cef8d2ffff00a0dc52be70439164b
SHA512 8c662354b1719aa38335f3ed0c0d9373237d5f70302e532e3faf06cb798ac41ff70741c09b90fbf9aab314618c1266dd5eafee8204d6d04231b09a821cd699cf

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 22:32

Reported

2024-06-02 22:35

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8faa3b47912137afa3ef342e62b5b7ce_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8faa3b47912137afa3ef342e62b5b7ce_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3692 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=748 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4952 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5476 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4220 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5160 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6120 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=5484 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5888 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5768 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.mientay24h.vn udp
US 8.8.8.8:53 www.mientay24h.vn udp
US 8.8.8.8:53 banner.mientay24h.vn udp
US 8.8.8.8:53 banner.mientay24h.vn udp
GB 172.217.16.234:80 ajax.googleapis.com tcp
GB 172.217.16.234:80 ajax.googleapis.com tcp
US 8.8.8.8:53 www.lduhtrp.net udp
US 8.8.8.8:53 www.lduhtrp.net udp
US 8.8.8.8:53 quatangcuocsong.us udp
US 8.8.8.8:53 quatangcuocsong.us udp
US 8.8.8.8:53 fashionretailnews.com udp
US 8.8.8.8:53 fashionretailnews.com udp
US 8.8.8.8:53 goteborgguesthouse.com udp
US 8.8.8.8:53 goteborgguesthouse.com udp
US 8.8.8.8:53 mientay24h.vn udp
US 8.8.8.8:53 mientay24h.vn udp
NL 89.207.16.75:80 www.lduhtrp.net tcp
US 8.8.8.8:53 quatangcuocsong.us udp
US 8.8.8.8:53 goteborgguesthouse.com udp
US 8.8.8.8:53 banner.mientay24h.vn udp
US 8.8.8.8:53 quatangcuocsong.us udp
US 8.8.8.8:53 quatangcuocsong.us udp
VN 202.92.4.5:80 mientay24h.vn tcp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 75.16.207.89.in-addr.arpa udp
GB 216.58.213.14:445 www.google-analytics.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 thietkewebmientay.com udp
US 8.8.8.8:53 thietkewebmientay.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 103.224.182.253:80 fashionretailnews.com tcp
VN 202.92.4.5:80 mientay24h.vn tcp
US 103.224.182.253:80 fashionretailnews.com tcp
VN 202.92.4.5:80 mientay24h.vn tcp
VN 202.92.4.5:80 mientay24h.vn tcp
VN 103.77.162.18:80 thietkewebmientay.com tcp
VN 103.77.162.18:80 thietkewebmientay.com tcp
VN 202.92.4.5:80 mientay24h.vn tcp
US 8.8.8.8:53 www.microsoft.com udp
VN 103.77.162.18:80 thietkewebmientay.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com tcp
US 8.8.8.8:53 banner.mientay24h.vn udp
US 8.8.8.8:53 banner.mientay24h.vn udp
US 8.8.8.8:53 5.4.92.202.in-addr.arpa udp
US 8.8.8.8:53 18.162.77.103.in-addr.arpa udp
US 8.8.8.8:53 253.182.224.103.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
GB 216.58.213.14:139 www.google-analytics.com tcp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.151.35:443 www.facebook.com udp
US 8.8.8.8:53 35.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 130.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.208.16.94:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
GB 142.250.187.234:443 tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp

Files

N/A