Malware Analysis Report

2025-08-05 15:54

Sample ID 240602-3q126acf44
Target 8fd8ba54df921f166c59ec439087a960_JaffaCakes118
SHA256 74902001c62f07ee070cbebce0428fecd18c31b0bcea9678d42eab37780fd18e
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

74902001c62f07ee070cbebce0428fecd18c31b0bcea9678d42eab37780fd18e

Threat Level: No (potentially) malicious behavior was detected

The file 8fd8ba54df921f166c59ec439087a960_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 23:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 23:43

Reported

2024-06-02 23:46

Platform

win7-20240220-en

Max time kernel

134s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fd8ba54df921f166c59ec439087a960_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000030cf21f66d8cd546ad1344324cd670ff000000000200000000001066000000010000200000003e4cf035665bb7c25508dae67b8b07d66d40edc995a7526daa792bfcd47f3e75000000000e80000000020000200000007577192e9ca5f776e6b0a66793811ce8a5ddd4d7f808de2e7f83953000033ae9200000005eeb0de8d949f7104e6c0d008604c9527bfb69777e92fd3c658b8ad03ed462f8400000009021677d628e6552d6f756f7ff74b0d11f76f30417201300c22af2f06dba363c442df400d22502824404794436d2708b6e2a499370c66bbed403a63b80015840 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F8DCEF81-2139-11EF-9680-DA96D1126947} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0761ace46b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423533702" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000030cf21f66d8cd546ad1344324cd670ff000000000200000000001066000000010000200000005b7921ff3cc8f6707f26b2ef44452ab8236b1594a1fd5c6bab31478e9ef414e4000000000e8000000002000020000000a5c05affba2b899cc5e361796ed0f21acde9c7969efd3cfd44ae1f918e8c0072900000000a333bb3bb012aa71230caeeb55de6e9a8b7efed571eae83c49db8fd1f69321a771f3d90aebf9103666b2656e48c5a43de8737e883ed0e4f8285a412cda9e2747821c5dc75f99968e805ee0570049d70de98cfcd3c0513377ae01484a7554b5163b02f1355d7062739d7a4f24b8f66881a98187ebb18bc4d0f029a69e0d695a8844d646aefe4b87539c5e6a73d8f695c4000000041077cf95344dcb9ca0ad350daa38883c88d9fa4854608b29740a682b7bf352873955e0dd1b3f5a0dcbef7e9de1dfaf32443a6bb30ed2e73110a22b023e8cb59 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fd8ba54df921f166c59ec439087a960_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 urbanislandz.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.allkeyshop.com udp
US 8.8.8.8:53 megagames.com udp
US 172.66.40.123:443 urbanislandz.com tcp
US 68.168.100.199:443 megagames.com tcp
GB 172.217.169.74:443 ajax.googleapis.com tcp
GB 172.217.169.74:443 ajax.googleapis.com tcp
US 172.66.40.123:443 urbanislandz.com tcp
US 68.168.100.199:443 megagames.com tcp
FR 176.31.53.220:443 www.allkeyshop.com tcp
FR 176.31.53.220:443 www.allkeyshop.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar2B79.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab2B76.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2C97.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f69efdb4c1d15848512a1aa1d40a7d56
SHA1 d25f6a5c20222c792bba66a6195c213525acd007
SHA256 162b79fbae4fd2519056e0865e111553765317adbaa53f9339718c2597173e9f
SHA512 b299a2b6c41216e9ebbd5b8f5ba29ea088341c6c162a4a39659ea1a36c6be61f9520e9422323dcd077da7b6d1014b9492b3d00e29ba6c6d8751684b55497f1b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9df5a5cf6a76b5fb4265a378520c5dd
SHA1 2aac81605309001f25d79fc79d8731d802d2d2fc
SHA256 e40f77ed9f80eb5e05d3a242b71d7f77ba2bfb5d5a3b7fd23fa5d17aa795965d
SHA512 574e826d1301b7e3546b038927d29ff50bc388fd2ef3c801fd9c0af5fb6cb388874238ab044e80045503ce2ab93c4109a8a92f0ede8349318c049750c65b70a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 941c878d1dffb6f580a39a6bf4f7c776
SHA1 587dd75f1c838791b6cf4cdbf1062c82822924d5
SHA256 9998c89b86a40953884d2324bd6a1db5df04dac98d00ff7030198fd6c9cd4e51
SHA512 a27042aae25910034f981a909b9c856fd873fe7f361890a3d7e5eb0ac279e4b8a0ce7aaeb365671a09c699913c040e3a1ac496c4b44e3a74a43ccee747fc8ba2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b31ed43e5b7a0930e8622ced6cce1539
SHA1 35f43feffac05976abb2aa9c846aa428267b4706
SHA256 88e8c932dda388ffad75a971643143425a7828b540a7448c03cb1add3a852a15
SHA512 ae9a68ee0797a312b1d7f0c0e7881d83644190abe82dcd4e0729af5153940a2f1a4d5d99d0cb5c152de6a7ec32ea1509bd99d24ec067a385093e367381679d9e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3a71f9d204011f8254795ab942520ff
SHA1 283f740c27aa00549629968d69189a09677a31cb
SHA256 fc0357938eceb8d3b33ffd42cfadb9d6fc93ec93ce6ff90039578ba27d3b9d3b
SHA512 1ff61ac578d5cc9cf164bc8282e08b5e537eac10c19578dc835bc8010d58c4813a982096fbcfaab5a18b293e8f6ad80b4a849a9ecde700f191d7c181ee626781

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c038352f5dbbd5e9a5637073e660dd3d
SHA1 5abe89f75f337274eebe00e668acf6624581b90b
SHA256 a176a11bc48229bdc0a081b6fe7d6bc62553b3412e78542eaa9b948a559462db
SHA512 1a9fa6e022a71de3d253c70ffa860b2126d05880fcde1044f41fc72559800032eed591371830d6812c151c2c91cab583f3f79fe230c52dc2f8cd6270d26ee8ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b621fcc4dc7718a770c1abbd8c31992
SHA1 f5b461dd6a2bf18bb83d6b7eae74562b324de4a3
SHA256 e6675dcc42091dce227d0b72a1da0d6f7c9ac3c40a0b39c960574777afd44d5d
SHA512 48b721ba5389028cb2f2a9e18ec168128c76b1eb5360fb8860e147cbce9ab014cd268e06149e022e6d0f9b2378d989ae185484a342bfa4a62687c9198b6245f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bbfa77916e16fccd54def9795996f73
SHA1 88d3a0ada9df27e84dee243d0714ca006a0ab6ee
SHA256 21e077a2169ef88bad5d47c1339c78ef2ce30c72da60399e837a8eca8361bb81
SHA512 e8260adcdebac5f04867c696bbb9a29bf21ad0c53e79b83d8a6c0174d93604a3f95094c06676c59ed79f718f8ab5543048d932dfbcb0652ed1ff6ea0a9eef8f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec7ba664608d39263ecec2496277d391
SHA1 57f5002584c4620ebf4a1d17b71bb646271db4c6
SHA256 bcbade37147b2c7703d7d27f51fefa984eed2f8c8b1544b322431b39645f5ffd
SHA512 7b260ca762182ff2742a06752c024cef8d8a1ecba6b2690cd0dc64d9a444d81750ca2d8fd7f4529b9b2e1003db0af92fd229483276e8bbed6ca015d45ba4ce00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ee4ea7e6b60d7f73270cd699bcf7831
SHA1 95aafb26b53c96fbaf5cc7c340bc761951c8dd1a
SHA256 c967951aa888a914df8f5ebd9c7849c9b2f651010c2e602bd481c89a931df2d4
SHA512 3d46869fad887694a2b0c3395732dfd9692c1caab7b2f50e29f83d956ce0944d3d11cf228a2a58a54cf7c458981bb4590dc3b80d8b59bd497114b92ed96f4552

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2484ea50183add7701c356d373518c3b
SHA1 8caf2450e5897028623e412b77187760bd1493bf
SHA256 5a4309e1eafe4d4481b2a479a0499f2abe79abb29e946339792589f3bb7a9b89
SHA512 f3f5bab347a600177a2b8cd0fb8825b26c7f58ea15f0eac7a7b222b0d3195f3e31dc87516bf72a944d9e7d5547b06d045e1871897777d02d5c497aa8afe7b5ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76f05fd5221844e18ef2def144d7575f
SHA1 4b82611cefaee70029f7eca0cc5a1f0a5dd1ffb4
SHA256 5ff76071afed5951e3048283f04766411ada0ef320b2add265a2fcdadbda6e2c
SHA512 9441d415f1104765fb204127001886ccec97f36bc4fe1f382a05ea6016f50de6464536f0e3664f323a6d497e7d390e2a4dc5d379f8b85d1ee4fc2147d5197bfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8feca1f921c7a9a94995fe552bcacaa4
SHA1 1ce2d9d1c0acd2eff76775b1e5afd8de1ba0d61a
SHA256 485790ef0b71f69331623771fea722ea5732e9ad494638198e6e36895873c824
SHA512 2013d40fb7ffe5effbe68d182b5f4f8bfd4e7533342dcd3cd496b28fa5f4f4af67e81497e2c1a19addd023721edf90099c05d96893ab46079512b50a1da75482

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d943d372f5a2074f75af36d975e88376
SHA1 bcca680d566b06baf1bb32cfa0437fda50bae708
SHA256 8522f565880e2b7d7d97a487585f36c40df3d50c39ddb764d5762236a85ca695
SHA512 c11fd4c1d36f27b9e1353080fe8be705768c6c9b889c780b0f74322579e85dbeccd08a87517b63dea24fa7555ce42945e05f1eaeaed04fc3789589c0eff282db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7b6072f8ad81940c95e306981c51db6
SHA1 60a7fd398028eb1456c42d7026602770bb5d13d1
SHA256 e1d684a70d638dc3db38506426cdbdc6355eee9170bc2d86c228d99abbc5ddd7
SHA512 b7f113056d8dc3a8c34684a1773c5852e5a61604923e6986c0101130cc784ae0125cc963894d05d45f715c4d3f205fc9431a0422e5e89544e3431f00ae42db02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a55d9fc5d4eae725a12f33777f26314
SHA1 4f8cbe6fcdb1599a5d27885eba10a2718131f72a
SHA256 d445fb78a050383030271b471626c38fab7f3919ce47be21fbc8bea7576ba120
SHA512 35fa8bbae019cd62a5a2a3b109cff96a5bfa72aa91716b4759365c5631d1b218c484207b3a5cc982feadbb56e8881a3383ee3a9440e60abe6306ee89396499e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7cef883048c5c0923104e5954e8e83a6
SHA1 c963a6a2a66b9a2e73c714f057dea1fc73c7190a
SHA256 37ebd866df40baeaaa018ae0d6d2e7bb840eea65d8aa71a709a2633741a16521
SHA512 d5e545a1032857aa7a3b628986fc90da39777a28cafb7be096c4fcacc1368ff48c7a520ddbab7cf2d7ec0ea008408b68184abb086bacc9a6a239157fe82f594a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccdc475e3b2c6c1f1d80d58ec34b82ca
SHA1 f5c120b0e0a07bbf009252a7eab16958dd626d7e
SHA256 4541d780f58a8296e84243bc8de706b6416dd29fd199d8448ff1ccf321fa694b
SHA512 3fe1f64ff2837c65447a85531f5bfa9c9ebddb6ffe97b812edb84a0fc354d6da32266bda389b40cae41e7bb3b0c64aba812888956a00d1cddeebc6d9d9346e19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09c27b428a448c007b8d28a394298b53
SHA1 ba9f4fb525262a860f96baa894b52e5451f3c5a5
SHA256 06cd4cdba7bf9131b8ec46eef00e78a906d36db8acd689b8f4204c8d158e549a
SHA512 520b97f7998aa39743b6503402ffe4eb1733b96b0d5c0530fe5c6071c6eb6e2e4036c13fbe7d4b327aef137db56a58b47815451a7702f7db5da59ddda9007658

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 24bf80f45cdefd0bcce3edb0e3572177
SHA1 d66921360699d26131c2a3a96cbe4d7de0e302ba
SHA256 6a19f5775d7a6bc1cfc74cd2e843e38b4e624f222061a64349c4130a5bdc506e
SHA512 f9afec782e3ffa2f515a8db02febbf62174497ea32f6806db9a825b725720c86570dfc1f0fb639e06a31aeab3ef8a2205c319205751a43ca257ee4744a149b5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36dd5e59de63412480a5e826f373b602
SHA1 672f5f64831374ff25fb1b14019ace537fc957d1
SHA256 963efbc764748340ef523c18b4e56a28cc0a2fe66f5445be2cc5ba13681890c1
SHA512 a540799b9adbdee112255bb91c477d62a53c7c974253bd648b2183972543c3747328932fbe8e69ca54038f8a60e6e0aad160e7ca989bfab632e6944b29e99079

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e64ab7a58e21f7f2a0e1e8a89efac9bc
SHA1 c53dbf623e7d493cf7959ba075415672bcd9f08e
SHA256 fc3ef607f7bdf9c2c11af3df115fbc88ef594c0de6cade658b8b8b4738a38679
SHA512 79afd0c588c3e2b80897c049cc55b80e973fbaee47112cee4ae42c2f3dd0c9294c56d7e1587013994ce29f77bfbe685605b654ac2b41904abd39242a1063b407

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 772872ecf1f5f4952c8bfbc010b85045
SHA1 c5600f60266bff975f209d7ef4e29d3996d4d84c
SHA256 41300aa21788b06766ff38760e26a04f12bf36c58d32bdc6605ec74977eee64d
SHA512 54fbe366fff7074f0902438ee8aa701af1f9d70825569277788e19a1357f9f1f5ad419495d19096c558128e109f0581604073f4d06499d74df3e4806336a1dca

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 23:43

Reported

2024-06-02 23:46

Platform

win10v2004-20240226-en

Max time kernel

140s

Max time network

155s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fd8ba54df921f166c59ec439087a960_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fd8ba54df921f166c59ec439087a960_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5048 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4832 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4460 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5520 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5556 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.allkeyshop.com udp
US 8.8.8.8:53 www.allkeyshop.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
BE 23.55.97.181:443 www.microsoft.com tcp
GB 142.250.200.10:443 ajax.googleapis.com tcp
FR 176.31.53.220:443 www.allkeyshop.com tcp
US 8.8.8.8:53 urbanislandz.com udp
US 8.8.8.8:53 urbanislandz.com udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 172.66.40.123:443 urbanislandz.com udp
US 172.66.40.123:443 urbanislandz.com tcp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
GB 142.250.180.1:443 2.bp.blogspot.com tcp
US 8.8.8.8:53 cdn2.editmysite.com udp
US 151.101.1.46:445 cdn2.editmysite.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 220.53.31.176.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 123.40.66.172.in-addr.arpa udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 151.101.65.46:445 cdn2.editmysite.com tcp
US 151.101.129.46:445 cdn2.editmysite.com tcp
US 151.101.193.46:445 cdn2.editmysite.com tcp
US 8.8.8.8:53 cdn2.editmysite.com udp
US 151.101.1.46:139 cdn2.editmysite.com tcp
US 8.8.8.8:53 megagames.com udp
US 8.8.8.8:53 megagames.com udp
US 68.168.100.199:443 megagames.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 199.100.168.68.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.21:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
US 13.107.253.64:443 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
GB 142.250.187.202:445 fonts.googleapis.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
GB 142.250.187.202:139 fonts.googleapis.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.179.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 8.179.89.13.in-addr.arpa udp

Files

N/A