Malware Analysis Report

2025-08-05 15:54

Sample ID 240602-3rewbacf62
Target 8fd96a5c72953ca3912ee1d6c0101ac9_JaffaCakes118
SHA256 a4060110f5a522b2f237c2ccbcdcc25d281651467359a2abadc1c4accd701d36
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

a4060110f5a522b2f237c2ccbcdcc25d281651467359a2abadc1c4accd701d36

Threat Level: No (potentially) malicious behavior was detected

The file 8fd96a5c72953ca3912ee1d6c0101ac9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 23:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 23:44

Reported

2024-06-02 23:47

Platform

win7-20240508-en

Max time kernel

118s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fd96a5c72953ca3912ee1d6c0101ac9_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 503d73ea46b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423533743" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{11E23581-213A-11EF-99EB-F2F7F00EEB0D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000834dab81c293a8f384083003fa70f165800627dc6b39dc9bd6689f18c7b0c5e4000000000e800000000200002000000013cfeda9fd40850a8af3dad07efef46c0c9d9e727fbea4833f40a435f62d1c5f200000001a1aad10985e568ac118549c7927e207268a1b14e9a3385a4373e5a4cb02a64a40000000095cbc87f824b42667ef07d0fda92df58b1c616501ccb5ddb03614d1f4e8a5be6516ed509236117336fe0fbd8b971e990fa6f3de0ab77702c6296a7b6d96e5eb C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000008e9e152dfbe2fa2b56f0aba06fb23999b25dc6adc8cb9e3ea45e721f28b28f13000000000e8000000002000020000000ae31cf9e1f589a7b979b380bb6127bce08db5e9b9d09ea0711562336306cc44790000000bdd8a61df301e9bbf6d4b35ee06e6046ddea60bf49c37e8e45b90d3d2077344549db3221fa51588489576dd35d3e26149161be140edf292f1e56a753fe72f9879f7015ba4ede8c16a8978c9db9031832101d4cc342bddfe1b4f4f4fdcab7af920f6e2c28ca1253b5bf468e5b8ca89483b5ef78c6909e72f68ad5f39f2e9fae130cff5e037af0201f83f2b3b4314a037e400000003cb40983aa95824238c7be2caaaa0faa5d5a92393ba6d9c0c14dc64363ab18dd49b0efac4b78be1068d7be5c7df38fe4259c9f14ced3945e00c664f0829c4ec8 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8fd96a5c72953ca3912ee1d6c0101ac9_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3056 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ag8aq.cn udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5591.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar56C2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b7b2a1414924f3a5530007a61509056
SHA1 ed3e2847adff03a77c6b69c91d32b09bcb81d319
SHA256 ce37d7a382dffe3b9dcc46b911b7ef2cfa0d4bf115c42400fde4ecce433010d2
SHA512 cb1e853ad17d0eb595ec2d995d41cd2d9df2f61f00706835bd8f14881330174df22f53ad658c72da8d19b067fd971a8c382b6f2b855ac9a94843191579c85453

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6c2649eaabf9993212a323387481eba
SHA1 e1962bd0382a8281cb7368c2e7172235e8b6878a
SHA256 7c159ef29d06a9991d94a42feea7d73d90d1f10c4b452b4d771e994eb1ff42d0
SHA512 f199d2dca58fe37ec55ce8eb4f9bf0f8912de3909b744ea89e11cc20880f0ef1f35b28ae7cf020b8109651b120c523e98f2adee8d172538de10173f32f6775c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ca0595fd863116bc9656269826b88d3
SHA1 418ddc9a4286febd93974c143c99d6ce9e643b8f
SHA256 368fb40646fded8e6efc3cecc020101c49c96f97cc89ce8a2b124451c888a6d1
SHA512 0694f6220d90e893e27504c81121745b5b8df34a5741b2ca11f8c4e295880e62563a594b2a5443742f3f0065052f3f699a9467722bf1b09f8ee86d19c50f5b2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a6f472b0e815d4edf124935a7bf1600
SHA1 31e7159fd38bde8b056964fdeffd1437ca7e90d2
SHA256 959a844e3cb735f76b0ef26d3a2c2c51f25c46624605763addc7716430bd67f8
SHA512 74f757e402494acc57c03349c91a22449a278dcd2f2cf87695f379ac8f90660d0903f782723ceaad3c444077235ca92a1ce92bbe3d83ebfa8055bc81faf4d7ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc891d55518498db05eccd93c64e441a
SHA1 eba393c6feecfd0bf8277e679f6696e057256493
SHA256 22a530dfd16eccf82b82297c43d6fcf7c830fb65b4e9fa505391426e0bfca2c5
SHA512 23167bc37ea834a37b78cac0ae0929a25ef21fb30e6441bfb31494466a2c777c68e4d66b77d01d70037ce8dade90228dadaa555b3270f7beab73b56b3d733dbd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d327cc314431796fb60d0d0bebddc1b4
SHA1 861cfb3c7317ef776b52d57164eada8a1fac3e1e
SHA256 c322f3fb440cf1b3c2b29f8106779253b816527d9c60c0e27ff5d7412aeae79e
SHA512 7a715e3990054afbc32dc44f8cf13af4ce6731cac4b4a86bcc33546c6cd989442b5e50b06ea6df28df766068a347df3e5c0e08b7db546e3032008890c03b04ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de7c3650c0928b014e3869e9c65a89f0
SHA1 ce373f3caa0b66e936902343a054f95b8ad5a34c
SHA256 f02f66b11b4273718c070c879f6ec710f03f9ec411b3e1189a5d88f1447f72e7
SHA512 b3af966a8e574b5f9559c8cc414bf4ac0eccb132821afe0e724549f459766ad258c561704234da0267fcf1d2401a8985e53a8ae2e5d0ebfb260e6d3f90b26e69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca1c2002088b9eec50d5dc7b7b1434de
SHA1 9823bf9f0efab93742101d8c4df83487fa709279
SHA256 ede0db3f45ce1b516e0ea64a9092487f1369d147eb34ae0f8e201b1f7009c629
SHA512 fa14f5863bf6c05e0e37b1d0806aadac900de59c91eff7b7ae4f58a41dad039bd8415a0a87118989db91a71583975383abb186ced22ca0bc5fcfeaa92e42bd8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc317dfc09f9c3909cdab0239d6be2c3
SHA1 fba4979e6d1774ba936895ed0294e5c85e197319
SHA256 f8bda0fa790b6a277c958e26e8e34d00bcfa173353aa4f8fa418ddb859bcce46
SHA512 13a355e19414160d2a986d1eb07ce477532e25df663147be9df4b7286e706b01ed263968b68d45a3330911b04d0d41ffbc3a32a5e8d580f85ca53fa01f9a69bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d03aaa5f8fe52a6daadaf973bf84f058
SHA1 d3c474bb959be827feb2512c7a6d62894bf9291e
SHA256 fcefd3a3297a95565bae639173411e129cdf459ac7581b10a9c02e4fa67a5ae6
SHA512 07982ed4012ddc5411bd0c4171abc58232e0ab6b7d78df7d152d4f0d76669eabc6cd9498c7feb557e12d13e3127ce2ca334f04061ffbf9924b8f8c82eedbb062

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07363619e1ededc2c2cea231bd16788b
SHA1 778115e923b24fcf5574512c0254cac069b326c4
SHA256 fdb51d92ceb9fca7823d809715213ca0daec8a01f736d106f80b2ad4726e44a7
SHA512 c3689f22f656cb86ce3f2b40df058570d2947fe562ec35c4989e36f9ace63120e7edf0a006705dbbe4aaf89bbcbde0661abb5a57a3ca91da47c68944eea63d10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a6c09199695cc7021a4286e80f1c6e0
SHA1 cb30402a8b3d7b110a5ce84c6ede7d63bfd92df8
SHA256 4e14cc9a20eb31564769c8d2af024c05cb54538fbd6ec54a2ccd9414cdfc5eaf
SHA512 d37108bf99efdbadbe262256d76c05d60a3ffcd833a888b5c83fb98332d8f13f991385fd3fa3a025bb8d6dd505def054eccfdbca4e3be3fa9df95aa91bcf8c60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6160744c41e8b46e73ea17349d3d1f9
SHA1 8ce85de7a141e50d6a566fa00bee986030df1e90
SHA256 0d55d3b5625a0ab23b20cc4c2476070038c01023bcb6f8e4390c2cde0497cc59
SHA512 9606ac8499407e4e2254ee9fc96899e8d102eb93abd3a6d3d068aedbeaa6d5c9a2e35d3d341ab4038badae784b1487901ad34ecb5088ef21b1a7c9a93a5cfba2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15114521c7d06bcc3a2e37bbba5c416e
SHA1 f2d4ec9c57556efc54d2dd76c63b0b62f9783033
SHA256 723c19dd87a8ae9156123f8db67ab9a7c3656b925d0e863792a42a29186fe352
SHA512 bec5abf29d02a108e2c0e3dbd0b3e6491f932965afbe8f55162b70af22d2bd7978d9491356d7c1a3f3122afc697a274d72b738a0c9e376fbc07fa098151f646a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 678d49e0fae383c61ce84d2ce8263cf2
SHA1 c345e56e1e72a47ed330c711aa8c7ab23d357f4c
SHA256 ba55a2e3719d8f9428311f4c3a4744a3037c070d5458f501fdd02bd9bcaac057
SHA512 963b3669d99fd52797a7be86456e1e495bb4cb4e7113c8c4eb0484cb072b4761f513f680be3feca4fa3d15fe45afe4069a153471d6b0cc3545c5873842b717b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44e9d2c8ee5fe61300c5163515f99666
SHA1 757fbb588323716c8d4f4faf0749282fcbdf5aa6
SHA256 afbc400fadf143e1f1ad1b8120a92f84a335d511f08a1af22a0571dc5ceecbbf
SHA512 4514acd52318095e68353a4f101304fafeadee0c6896172bc62c40ba373d793f99f4ad8ab91d14d54e8e6c2489e86905ec9add6e53f27f186e6697e8bdbfd157

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37fbfc90815f372572e9709d11764662
SHA1 b0b2f46eaa2528e8ac6a4544cac9797c186ff757
SHA256 f3d7c90f6ace1db252a619a13695e303752c3e17df2cb500336fb2647cc5a60d
SHA512 4e43e630c97b3b2226aecf383d0b91d746025214c56c762d9963bc774390a07c34d76516a82db5b913069461cb4877ffa14268a78fcace281ae36a1dcf56b164

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8658343ed4afec4d0d9950527a22afc5
SHA1 77d53dc41a99bd18812f29b5fbbb21fff47a59e7
SHA256 5f165381495c1e11dca02e45edd187e02f86ea1749aae414a0d448a8f48567be
SHA512 b992a4c2bc1ed7de9c7ff10c9a53f188d1c64b755f87d9623b4b2251ac1ec1d48bc83d9904df5daae4593630d2a82cb902da29e8eed499335ae9b7788c699f22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a77f3dbb8514c870370c1b4a22dd79d4
SHA1 970d190843361698af10d0fc84dad47d0178d89d
SHA256 78cbf6ec5860f23b762a336c561eb7a4e0b9d147dec2589b32978119424d4009
SHA512 2cfe6d78fafae0f47c8d4d256c4505dbcf44407cbb4bb8dd84a28c65d99ce1ccb7fbc1437540c42c3db8cc6d4854bcd38b07f64723e537e0a1ffeab58a405874

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 23:44

Reported

2024-06-02 23:47

Platform

win10v2004-20240226-en

Max time kernel

140s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fd96a5c72953ca3912ee1d6c0101ac9_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8fd96a5c72953ca3912ee1d6c0101ac9_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3880 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5048 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4836 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5348 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4636 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5376 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1336 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.172:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 172.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.16.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 24.173.189.20.in-addr.arpa udp

Files

N/A