Malware Analysis Report

2025-04-14 01:00

Sample ID 240602-2jfbfahe7w
Target 8face2356babd486c12c55ebe63f002f_JaffaCakes118
SHA256 5c84424fbf176989153ed87e987d604800791842359bb0b67b8ef3d47086775d
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

5c84424fbf176989153ed87e987d604800791842359bb0b67b8ef3d47086775d

Threat Level: No (potentially) malicious behavior was detected

The file 8face2356babd486c12c55ebe63f002f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 22:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 22:36

Reported

2024-06-02 22:39

Platform

win7-20240221-en

Max time kernel

122s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8face2356babd486c12c55ebe63f002f_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004b76345a4ac84e47bbf1e2723745993d0000000002000000000010660000000100002000000088e23353b4e15e76b7f7a45f54b19677b6954fee67324637b6c7150af8559d57000000000e8000000002000020000000bc55bc7b433633496ecbfa92e4b5faa5a1d4949c606c6e7498ced88571131f29900000003e4b4e42c1e62293ee1b1bf2344fd70e10ce7b005759ae47a436737206fa528b4abfe112bc1e495aa007c858954765373d21ee9f3f3a8032b78a355752a1926d8f15fe55022e4ee7f6fa4182662dd505b17c2f17eaf06eb38555662db2ea0ca2022e454c0c97c7b57a0f68456c705127096e8f29ab982625187980d39d1c96dbf2d0af395a008f4c0358f29388fce54f40000000558b9f7ee27550f0c19e47cd6788f3bf0293dec65fee6387dafbb78e9a35a61a54cf7a811280dfb141fffc7c88367f1904f19198be7973e3cbe1357c7c9cfe52 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0bd84623db5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D454A51-2130-11EF-BAF4-4AADDC6219DF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004b76345a4ac84e47bbf1e2723745993d000000000200000000001066000000010000200000008a888368ba5c79fbfa0c630556f68517df77d452c9f6acb6013a53f68140e3c0000000000e80000000020000200000004a644098efa5f22bc619259103d6ad5b1342a681f10135707d10c5a5b275e3ad20000000ff8a2141b34c43722ef7f810128e650a86ed93a2860e86db0d9313961915cdf2400000008c068d20a41a2010a2726e576004a1ff6ab7feeef017cacbff47472a67983b991a897bd01605db430776106f07018105a996765bc1a478b341181304b74d130b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423529656" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8face2356babd486c12c55ebe63f002f_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 coinhive.com udp
US 104.21.57.186:443 coinhive.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 104.21.11.155:80 saltworld.net tcp
US 104.21.11.155:80 saltworld.net tcp
US 104.21.11.155:80 saltworld.net tcp
US 104.21.11.155:80 saltworld.net tcp
US 104.21.11.155:80 saltworld.net tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 104.21.11.155:80 saltworld.net tcp
US 104.21.57.186:443 coinhive.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 8.8.8.8:53 gamingw.net udp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab282B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar282E.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0fe896c1fe25eb524a8b49a572503f14
SHA1 244f5ac2e4e56bd4a924814ce4ac3ae4f900f94c
SHA256 057d3ab57e61cf3b84e64d0ed324b5ab2a29b4ad2e81a107a17bb24222474e1f
SHA512 718286f53e834eaf6ba5f844980aa1695f8477262d49dee7279241c466dc118328f1e5979ffc09e76fb52a81a0d5cf1f8a96020f6ecf861c057ef0d487f366f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\Local\Temp\Cab291D.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2930.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b52b14b81115a20e061ffa35680490d
SHA1 018c52b74ca9f24fe363c650b5b912017ce687fd
SHA256 c90ad4e2fd5e43403e1f932dc0301a41806ef0a35163b5ab4d16208f250f854a
SHA512 de6d51b376206bebc2abab9dec6e752cfbe9ce71bda408727f6feb1453c0591123e572a1220a93375f6114afb23dbf12e985fed7f59c9bdeadaf9316f41e7300

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff4a5811f2b27ffa4c81ebe704cbf728
SHA1 227a4652762e13045303303f919605e96e37b952
SHA256 c1dc8f2bd18bcbaa240cf89434faeb06f8875acff689d37290efc47e8854d6f5
SHA512 f73948ab426d5e8f9479a516d6c3993645ff9b0bc8e5ffafabad4f641c02f31ae68f9ca59cfefb666b941042ab085c2c802316038729642a6a9534cd49f99851

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 909ff5143e50dd5b738ad8186119e12a
SHA1 4461e3d32a6d1b596cf80d7ff4e1c395bfc1cc4b
SHA256 80465b676e10ffb84753ed19d4d0fcd946a1de5dafa045c9bc95b9cafda9cb31
SHA512 e4904cee903a773f50ef02e488f39ba6925be69da9282cb34f85c08fc1536a42a081691ec0203284a530b26c8fc058941a3ea5c79e1023ef927ddab5a8505be1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4b68023b95d2cd2890dedf7ade7a7d6
SHA1 cdc9b81584a4f62bacdef3aa1951ed52fc4312d1
SHA256 e1c4478709f512a03c3d85d24009701469c36d162934a10afdaa2d9f2cd66e7a
SHA512 38c42ca3571f2b3a48927abb62a8ce84b28843ea3122d69da8bac81b5c02652aa2c30a045efb7b71ff9bc30caed88578cea13a1a007623f1371d7bc564fa58d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5291d57288f94632b7f9d1a32883ab48
SHA1 7f5293a6982de229a5ab40016cc51649a5a82bbb
SHA256 0ec11fffbc4848a91392abff5f404ef7192d7f52de495cc274b82ddff1eed70e
SHA512 bb547813ba70320c47c27f2285074221fb664512d7be26babd1daf31391906b6c989256cd5054d65c288a2dc98f48ad44dc9577368a26536fd9b5df92302d9db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 296ac2ccb612ef048a77771e197bc70b
SHA1 231a8a726f54c68c00b64be26b585458c89e20ea
SHA256 764378eb132969c209759e97433b21fe73167f9b99e9881357d36142f02dbd2b
SHA512 c53f83cdba895bf4db36ac843e8be1394aa78bba4fcf189a81c488d103219578148c7e8006462f74508ad0ab0c841491b32402b534c68bc06f849c40ffb150aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1856f6ee3f5f9f9b07168fbe05855341
SHA1 bb673f6e08bca16f6de568627a8b3807a204d54b
SHA256 abb8283cb4773ec6be57a1ec7888443774dd619f85e1a0e67e865c191d433907
SHA512 d2e19104d0042ba9b19dfaa8a0bdb81092f98e3e0e5fd91d788eda42aea481e8cb7e368d73e3099a7e312471ed6188afdfd07da1ce002f7857ade8eafb03a24b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a5feedf381cec5d1a05841bd71ad978e
SHA1 941ea81a9f56d74b6e48f90abaaeceba408ca3c7
SHA256 6d51ea7eccc1783aef7ee90a75dfb668e768ba51b641a433359e6e63ca006d18
SHA512 080e461061aa5859313f197a1878a26162b57c2c0c54d78529ffecf18a7272e5d67d341e56d8fdf39e07d69ff886010197f466f361dfbeb8ca091efe06e93c58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ecc3d42bb5e781a6e0bf8167940bc1e3
SHA1 6b684b666665d3f5b1868805ea69a762aa14a84d
SHA256 1e196e7b0b931a1b8f48cc26d79b4df64d3567ae1af05e6657fea2ba77d82556
SHA512 f7d0eb8953fabdad729ffcd3066be17d64fc9b20339917f34f50f707e3b6da86e3e4b393d3266a12584caeff4040aa2894709ed271f8210814483301bca5ea71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87816e625bf1ea875565072de6251bd1
SHA1 1c82f7edfc0026926761c9fc09feecd2facfd227
SHA256 07d7d6f9cf27f99180d0116cfa4085a99aaeadbf4b01a747be425f70d2fbba52
SHA512 5b389d5f52fa362b4fc9176c461fd3179dbcecdb049045f2a9dcf7e51eb8ba8bd6d49a9732ef41f7e9a0d55de9de9b5dfc1484893da98d7b1c75a938b67b9f03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3490ae05eb90977bb2123486a6240225
SHA1 678be8590959c1b5a49fd7983a6d7d2670370a6b
SHA256 85c4378b8733d874e2706e4c2fcc9a964b80b4b7f78134d28217e11cf7166b98
SHA512 582df26ccdfc1f8fec499d6594f5c03ee4f2c0226bda1bf022f2fbddce1172efbcb0c029fb293eb2be308c0ab0f3d4fee19204a43ea6f21e39dc7928ae07df6c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0427fd19b699c7bec3eb5c7319460d1
SHA1 a69eba6461d181460f1efff81f7c558d9afe50f3
SHA256 5f6f93b42cd8095ed49b7f650ac48bd49e60f43624e6accae4137e1305303d48
SHA512 59192fee34489e424d84822eb4b515a6f5bac146b9dd0f6ba0120bd6df8d5aa366b1c769c5ffe744dacd09313846a1a76292047135d6163dd2ea5cb48c3850b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd5770b0b796f720bd0652597faf43f5
SHA1 f9397dd2b69baea122cf8b6311e2f27a97771f1f
SHA256 12a1d4c6dfb998f4f6b1bce5b9a8b878baa2eb603aaa004b7e16f6c0ebaf0a61
SHA512 751b9be7b59997cd543131f6971fb815293d7108e952ce8290a78a1a7687ea88b679d43ff98e0ee257c31413bc791f09b07e35779fc8040306b2f2c189ab537c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 ac98768b41e1fba238b3813c5af5d113
SHA1 e7537d5d0988fcc7af885a73d99d73b17f38632f
SHA256 f7a505b37a57b548b89af5de0ec4e7ac852512382afc67279695e30520e57805
SHA512 a0b093e6f70c765494af8d0d04fc52b38f0234b8d48b47da7554e8e0fc5cee715ed97e1c166f9bdc18f7c0d30a9e218f6463ae93e5d77b5e7065f1fdeb029dbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ad834f9eb8b520e1593af6be057b6ba
SHA1 34a030c1675721979bd9c3c7a64ce8a40a3625b1
SHA256 b9860b1b81c7934671c9cdc1ab39fe5e82a504f3095a6544e0e35788e93d18bc
SHA512 da854c3338565c144ebfb27d16e926551ed6873408144f2b4fb0413626ec6aa53be52f678196f347bc8ea55c9e6920cb6c864f6b517e3dcec0260261224907b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da64c650fa2944c0e17e11a623fd1b5f
SHA1 a96a3fb8ecd49c42512bf3d475bcd35a2283bcc9
SHA256 f50965011172bbb597dca5bcfc747299a1779bd301cefd7873437613e3e68b8e
SHA512 a49ab9343dd36630625e6def31c07a3f4f3d7b7724d65782fb8649ca49567718b5c0863ea6030b1a2c72cec8c517b9634c276a61e779fc296a6f2b0cd7754d9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04682ef1946f2e4983cf24c59cd7b46e
SHA1 dd5ae3e11f5d618309164ddd9356c3d29188e5a3
SHA256 9d2c58a670d3c202a9025e1a12f6877d347ee944ec67b8a8a7c5ce1936a54821
SHA512 c926fb1df0b19cdcf240f584d8451cdd676ca1a5f4be3c8d90a41d4fb3ba29a852a74d1e8d8bc2c9c9d4bb1233141705d0528731d1f55b8583a65307518c8d6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6dfbb862f9a693f1c507a48f535c1084
SHA1 c081d18bcc9227b9757ad10879244fcf2f67992c
SHA256 701da131235208a42412fa3d705c7afe09d9864c334608e8da2d7efe07dff83c
SHA512 0e0ddd6e5157f1ff47b8b5a698c280194de83381f38ca339d36731f93fba35d73384ccca37e99f5b4bfbf1882ef6a60771e43fdecaeb820d1b0e69fbf825fb89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 14047ef45a913023827fd57dc6e2a541
SHA1 0245905009f26d705c365e8564b44a5e83042c21
SHA256 7c69f18d696f8de933669ca818e1b6e18d957f20a5fb3cc5732a296d0b28a6bd
SHA512 01b036065ba449f4a4e17ef1de2a8429b9c613e89d322ff68a18cc94a38a8a620ae077f70981f7b48282a40c2c27961bcbc08510163fe63c86bb4566b8a922cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 759ceb5b081f7db831b92bea985f4289
SHA1 103fc82e87d3991d2be4f6edffeae8e70efd83c5
SHA256 202db7d268a89e98dfdd4b41bbcd25c06b6f85f3034a27c3daf977d4632bf0be
SHA512 d5dcbdbede714f9eeb4f70156c9b5369ac26190aff691a170d32f29e6fadbb712357941f9b730ddadba19420c7a9a6ef7ce4e10070534ae7213528aea148fa77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f465fd567299fe3140d3c2354eefdacf
SHA1 4482d763024c5e2a1fdce9a50e9c6d0f220d098c
SHA256 c0fe47c80266b072000e5f4ae625f2ab53f84dbf95c6e0bd7bb400e9da08d682
SHA512 455910eab55521bba10253834e61768b5987b8e403951036e71140da5b8fe1cba093e8feda1843cb1a1eed34a0d0a74bdd259027e85a4faec7ed02d6548d8e9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c86f42a47701d0e4a7647f63494039c6
SHA1 69cf5269d5c38eba42b5cf4a669728e6948b73d6
SHA256 8d6aa671651f37538a01149f50a126d9435fbcb368fa45e33cceb7494cfe7522
SHA512 515315e2fe239cbc927928b89bf47accc02c6cb4748bdac303a121453966b33299d04c9a91323de18a2dbfc679fd94da7ad9e408095f8a9511bd09293aa6d6d6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 22:36

Reported

2024-06-02 22:39

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8face2356babd486c12c55ebe63f002f_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8face2356babd486c12c55ebe63f002f_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4044 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4844 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5680 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5552 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3848 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 142.250.178.10:443 tcp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 104.91.71.140:443 bzib.nelreports.net tcp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 gamingw.net udp
US 8.8.8.8:53 gamingw.net udp
US 104.21.65.85:443 gamingw.net udp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 172.67.166.97:443 saltworld.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 97.166.67.172.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 85.65.21.104.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 8.8.8.8:53 i1.wp.com udp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.20:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 13.107.253.64:443 tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp

Files

N/A