Malware Analysis Report

2025-06-16 07:20

Sample ID 240602-b1rspafa72
Target 8c7b5ff7014eb9685e9f396c072abef5_JaffaCakes118
SHA256 c5c1f8845904cfd9fd55132d8a3d5849dda25626413aa1e7c2c3ed602b5b8177
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

c5c1f8845904cfd9fd55132d8a3d5849dda25626413aa1e7c2c3ed602b5b8177

Threat Level: No (potentially) malicious behavior was detected

The file 8c7b5ff7014eb9685e9f396c072abef5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 01:36

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 01:36

Reported

2024-06-02 01:39

Platform

win7-20240220-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c7b5ff7014eb9685e9f396c072abef5_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a77bc11c96bc624caa13c5b723162be200000000020000000000106600000001000020000000071d59cf9a07227fa497654a21f1c6445012c08b9c19354cf02ac7e3f4afc946000000000e80000000020000200000004e93bb51cc8ecf6c88dc87242c032daaa07e7f6a573929d8cbd5488b810052d29000000000dde59cd84fd921aefcd0e3a642341e390597a52daa599be1c78a291e17a11c2e3cd1f873146991c3355ef24def9e40ba343e15e6411badaf0d8f7829f672754b1e16c6de6f936fa41a12910d512b698ea8a98778290e782ce754da0c70d154e53cbd2f430cd974e5b54337f41a7c7aa61f9dbcf6153fd5c8b4f0d05b99a96085d30140018e8795a246004281e9158c40000000f9b3b9340a1730a46ae2141397165cd03193309cad329dfde7eb5a6d7d685fc1908b8681686654528be7bb2f9149a7b6391c58e683ed4b4d36507f7c6e61d04b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423454087" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10a6206f8db4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9A9017E1-2080-11EF-85B9-4A8427BA3DB8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a77bc11c96bc624caa13c5b723162be20000000002000000000010660000000100002000000000e237a8088ce6cfce0783e31b9857572549ebcf615c0fc8183abe7b1be91e8a000000000e800000000200002000000007d0ff242684c74c28113d2a0b021b684dbbd70727c6681a5e4623daa32491f520000000a818c39200fca70f45ec341ffba146a35311285dc37d731d9cbe955cab26ff9a400000003acd2b8e79ec964d14369d5de65cd1d7059620c36f87fa6c6b4a05009bfe59318583c29a427d4e6a8a38eb18facb407c0c57cff9504ebdfed5fdcd7c1c2f62de C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c7b5ff7014eb9685e9f396c072abef5_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 evrim-teorisi.net udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab260A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar26FB.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d34f3f70dc4279c50572f85287d0c55
SHA1 14607531bed923523228018f03026417f28c7660
SHA256 46be1b6208bbf66579b3f19c237f342f892fed94bf413d2dc880f06e4cc82ebd
SHA512 93bb3d2afe7a3452bf1b2e40cc2df4eaa244625a6a7c4df9115bc8d74699ad7d9489d668b147087562346ef373da4404614f10ba5d745adcaf11726a22dc821b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1528771cc8400970add8563ae293e9e
SHA1 5596a0b5899abea7d5f6fd0622ab682eaaf1b09d
SHA256 a26133c4be4043458e81247d4f7070075472254c41699ccdc75732f8efd37603
SHA512 d8047b8b1a58cb8035f69ea78fa4e66ec79f5b98f235cef51184f27fbaa6e284e49fa8709bcdb8da8c1191c3a84ce7b8699dcd623c12c163e27cc24cd95ce139

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94e0ecaee8aef291ab61b5f36e70e718
SHA1 9b36353616b3c6c91e8246fc30c17d764df85eae
SHA256 2ee06c72db7c25d705782cce6e131bca684d4514a12bd69d144f5ba1e13771c1
SHA512 d127a3cc79e944c7730fd6de0612e8d8b0aabf98bb802a5f46402826cf837421b86600e5c4ec4be2fd8fd14e61304fe13e13932c672e9efde6ce0adbd67f07d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11992ae7f6a037a17afee3b70c6586fd
SHA1 9de88c65b30776832a423a4f6f764af76140955a
SHA256 8301628b3945baa8fc786bf5f14101400baafb371669cf408716327b39ae6aa7
SHA512 23839b17adfe77d275680c86acd0008e6f978889fdb42da23db80b66131b64498fd0e699b3d2a8f0d922a320b87eef791b8ca249637629f7464b0e6f5932af41

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2e0d7a35d27aaf1a68865d44ac0ab6c
SHA1 628e0a363c26d0455905f9ee32806c5dddc22292
SHA256 13ea14df083fbe96689e9f9ad3f24f0b41d92c5b45a0825bebb59b670e9fff27
SHA512 85b42a0dc58c9015c8ddb16a298b466a8cefd7c8ee6f306e5f65848a5e3e61a6eb50b56d2c75df6269cddb9dc1f5529f11ca23bf0a67201e7529c9f55014630f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf07f2c8b6739c6988a930a5cbc8a233
SHA1 c476073e59ddce2066a19bd21a986251b15bb9b1
SHA256 6d60c8340bcfc07787fc2b38c6197b8c1aecf475508a3cb97f38d164d6d5b8d7
SHA512 9f9b611befb423441ec737acfe32ecf5287aecd50aac6d39483c9c9055d2d0adeb64e1f359070ab5779fecacf4608f3cb9f341806febe745f0f7518e94892deb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90bfb6ddce632f7865ac740f3aa57199
SHA1 fe8d32e9ee9951bf12250bd47f1b3d217bd21375
SHA256 895577443e5f13ccd011ab3da50bef1e6b1fde95cf6e13d4a9e236f4d7d6b5a6
SHA512 b1e2d27bc6d253f11e03c2660b2bc9b7ea9f5d9420a63dda85f05aa2a24d89a98b63475b28d04f5a8d55040cf0f94324cbdb3a9258536a1b26c2863171626adc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c961107464a37c5dadd85cfb9801a0f
SHA1 d7bcf77cf7f8e82ccc3df96f74e5d3cd175f2b3f
SHA256 9ce506e0f5c836caa7048a1c5056537fe7970eba268d6ce8136b3c811eac5c97
SHA512 625b63284c8183a632dd1a01049a8382dc04203d66609298731d156c76e75705bef01e918afebf2bca9c95a67cbbfa42019d709eec3a2269f798627e2f092866

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5eaa9a59d10c8a188584c3e6a242267c
SHA1 446d9c41a58b93feb6624289e0fa2688ef9abd10
SHA256 740e7370f5148c00f448c1ed9f606f57b362bcdc6ea366d28fe53e577390b4f2
SHA512 023b2746bf2a401cf4cb17ba964965b0c19daac3613d92957a5d9a27879d6dff448539e7d91447ac0b2c64a75a54ff511dbf30bf5775e7181947a4281576af30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abda695c5e985c14f7cc8425fb49b789
SHA1 7e7ca0ad06e9068f4f030a9eb85c80fbc94fa8de
SHA256 538930849b6fa6d9be5c19077876c68c57bb6691641bb06c029b44384e307293
SHA512 b01c51e612fdcb25fa036fcb82f86210533dce9e8a48e76696b8343de958699e1216daa48f72e1c042ff4a77aff50b169bd4e0e84526868ee7b97b1432bb6d78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04a13fe8ed9c71710e52e201de3143fa
SHA1 6d8b8aba6955c2eaa50750866d6a1f9671a08add
SHA256 dcd6bf9e82f0036525f020fd2c38a508db70727bba870a931622b43d34b3ec7b
SHA512 9105b18dca0ae22f107bfe649c4fad6e7d145908b5fd2f9bc001f63dccfa2d188d20c3c39441486c72fdcc971ac7ba1ea5729b8836a8048b0ad2468ddcc7bec2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca1dbf59ae518e8ad7d8513c27716875
SHA1 105f1c6e80c38df375ca142edae5a65c8f3438d8
SHA256 5c35e051e3b5da1db29ad9838d1dc47e2aa9c7c11f0649e6500a1e468ce63c4f
SHA512 73730c2e3718132f729ba5fe71c23a4b2b6507c775eb2ae8092a7944b0615017cd441998329f80d0d24f3449c0d8ff82b75eed131a51df43f6a4017c260ebe49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98a5f094256fa2c05c52011a47d2f89e
SHA1 92ad0130b67b0b5e1abfc8205bc3752b3b8456e4
SHA256 019928daf075f630cf057526b85644eaea7fc1dd38316ec9ad097aa2e181c7d7
SHA512 c253949bd62a8caad7d1cbb93acbaf1dcb72567cd90b6befb7f47b1bd79f46afdb586f0dac312798fce71a2b58a467b62d386be2d9acac78f65a76bc41f07e29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14063b8d8b7c2ba65afbf7d6a87fe908
SHA1 89a66ec55504dd203e79e93eefb3453ac2f1b995
SHA256 49284647efe555a436208da908ef673a76f25d1155fb2fdf75ec046f1a40939a
SHA512 bc9175ed9eaa9a726c40f1ef047e79991eccf80a46d7816bd5fda5e72ef521a44d4a2ff5b449bfc713f6b82cd9e9c4cd3cdfc4062659fed646d25127f0dd8adb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fb9f6213eedc3a43a9e69de6eee10d3
SHA1 c3692fa02917d8195bbf9d2f017955af6e00db55
SHA256 93aefdc865cf49db0164e2795426b47b6acfd6612ea63078eab4817b32404037
SHA512 3beca5704bc17aaaa7264d6f13e23b4fc62de36ac86793a694887bbe5ff2d1b107ee59cf6a06ac10370d67b9af9b1cd1b2bf6f64baca93f86c03e606a9b56f8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3307e1adbd7bcbd96cd59252e46f8f35
SHA1 93e0ae8fc980c1883a202c2e657886efd7df6cae
SHA256 6b5705b26cff3492740a7fef3745fafcc496f60e6a6b85cbcd77d9742ebea5aa
SHA512 3c7141bd7db508f20b6f349da603553065b9236c6d4dea8a0de4130009c9b5e903c753e172b28d4d6fbe6ddb6e98102a056e81b425284b525c753b55a4b716c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c6a83c372044a74ea1266a9bb69760a
SHA1 cd11216d9f3d3597cda25364d34260549fa22f53
SHA256 ba5fbed9e2b9b59191a30d684746a7196faa059dc707d4d9a1b54bf1077a519f
SHA512 70740d5926e68740bbe5fa6978c82d67d67487dee7f1425055c7b1a592283400ab0c2018babeb4ef134709254b88898c803c280973b616d568fa2451c0644aea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99ef9a174ad635eba7a21b055d70d948
SHA1 d848fae89610c4fcc1027d09d776de0061cc060a
SHA256 e52e3db62d7dd3c780f30aaa8156eece9c1ed0d114f284e4f1293f09e07dd720
SHA512 85479550d9e8af27d9358e7e736ebcaf680f58277b4d81a63e07bfc977c7a242417970fbc9def5d14ce9a5c80838a5751cb4c3eef84a1ea4a184745c54dde09a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 297477c2a7412259337bb01b459ac8a6
SHA1 54896ba1b8f000e002e0d3702a65a99ea494d958
SHA256 e62f4405931521c3edfc3396e1cf12627b43c36c760e12fb5f66ab0d1bf1007a
SHA512 66c22fbcfd87d69c7a7eec9022ceac4b82302f26c82a999b09326f62c4e9d29664cdbb0f8d068ec0e49390646f4fed358d629b6fd7778ade8e58795e675e754b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8532f07df1a88e5a6b7d9d02e1e15118
SHA1 fc6c1537cf948fcc1e47e8ae4dbef778b96b9fbc
SHA256 e524d0f9576324271b6496dfe4fab545f2b7366e80ee7762b02b36559ab7f0a1
SHA512 2d13450598ae2eba64b09f3b0d017c6a1a9d323e181d63e14046ee4fa295840c0446cf9eeed964af808bd55f5f2c5f1488be31e02965bfef2c950498c315ee60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8fa3f6f85b64c2ac93c3548701eec56
SHA1 11e7059a32b5876a4c1e3e81fcb88df66a1d0569
SHA256 2de110fd3cec60d645432338abddb7b52b53c62673cc0db5883570fcb83e09dc
SHA512 74d6e85a791cbe95d2aee3984aec85e8f79adda6d1e2e3e7aa7eabc06580f16d31620275db6e1728321b310b53ef4b4417fb3906e51cad4c82fc496de996645b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 01:36

Reported

2024-06-02 01:39

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7b5ff7014eb9685e9f396c072abef5_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c7b5ff7014eb9685e9f396c072abef5_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3668 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5300 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=744 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5824 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5352 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6052 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5376 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5772 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 evrim-teorisi.net udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.212.202:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 31.73.42.20.in-addr.arpa udp

Files

N/A