Malware Analysis Report

2025-06-16 07:09

Sample ID 240602-bfhdhsea42
Target 8c678410cd7c90a4ef893a9702ff555a_JaffaCakes118
SHA256 904c043e00c61bd32b7d93d0100e7856dbdac870f0b99e19e5c12830a7f6f779
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

904c043e00c61bd32b7d93d0100e7856dbdac870f0b99e19e5c12830a7f6f779

Threat Level: No (potentially) malicious behavior was detected

The file 8c678410cd7c90a4ef893a9702ff555a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 01:05

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 01:05

Reported

2024-06-02 01:07

Platform

win7-20240215-en

Max time kernel

119s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c678410cd7c90a4ef893a9702ff555a_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023567436b477fe42bbed4deb7c64e08e00000000020000000000106600000001000020000000bb209c239df7cf1184a8bdac4047b6dca88c636b1ff09fe613d1d31e1c0945f5000000000e8000000002000020000000f241838a2decbea7af1c3f6c0030b34e09ea072a10e3f5f3f2e1b936a40b94129000000006336140cbd01efec1be9fc13d19018ae1c9395284f87a959e0e3938c554b41f42be760bb27e8e9d9b59fa5e1ab3da64ad0d57b39545bd1bb8905b856975f75ce57c17ef37a0488fe29d21fde21277e42bb7c946dfb011fa0050786278bdcd0df79ba7d4a0cec41705d27d694fa6dcdf2c77a689c222901e045b8e77df5a347016766a7041d4c17da94c0ab1d1f60b4740000000faea1e32853695a1a8166be0e842283b1f7e03f5f1d94910ecc8d004d57ce1caa705b4ef2e2d5abfc0bf3a560c6fdbf0f02c3c890d77535c42fb472fd4acc646 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000023567436b477fe42bbed4deb7c64e08e000000000200000000001066000000010000200000001b1e1cd90fabdcb454e5e6a33a51a30f302df20b8ab3af086be259ee93bfff6a000000000e80000000020000200000009b786af64898cab09951884a55b13c029722278b9c2041492dcb8e5b3bdb949f20000000d92df4ab70285e3c0c39668f0b78db0b108670805ef06bbdf6187e274584a084400000007d6a15d4345dfd2724e3ed3f5ca288e7e9d6e5236220570dfbb4ff70b03221aa9d907c610da208f6035ab9d707412fe609c4889bcbea307c91e01d79915dfcbe C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423452180" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{265263F1-207C-11EF-A4A3-CE86F81DDAFE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0df81fd88b4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8c678410cd7c90a4ef893a9702ff555a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1540 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5db8778c49988cfc45a800fd63cbceb7
SHA1 9677358aa29cdf1038f7a68ba2abfcc4da80abe8
SHA256 fd07fd2a42be95d4020d556921f21d107eae56862bd4f7a78a8b052d6f7397c2
SHA512 7ed7720f32aa2ab8acd1e9ec8e04927a0ad77c8331e7964436dbef5f024b9a923eb260ccced15aacd8c904b020cff9bec8a9518690889daa37c78636589ce355

C:\Users\Admin\AppData\Local\Temp\Cab4490.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar44A2.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar4718.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b2c4b3ebc1c1be1c02aae1dea5ef465
SHA1 d08f20d74a4b85dea5106fd6d39c7e6cf4b95d0e
SHA256 35b97772f85120f7390fe7d449cc5d7bf5875428c0c5ed8ea42c69d45380b2b9
SHA512 bcdf34b8c5f9f2a408f37a01089e7b74fbe0b34e07c7b53ae6e880260f853bc066e131b8034cb91327976c4382951fcbbd7be1e1defb4dbeab3ef8615b420f96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49ebe41bdd687c8f99b98d65f1d10d5b
SHA1 be7a9a9fca83330dd940ea42a9a2ef9ae8a0b2d5
SHA256 f30392368dbf6d2a5f3e785fe60482423e9346e53c237c2748b5b1811aded85f
SHA512 9a6fe5f0ade9f4fd1c29058053dbd9d5a25fb8075406c76fa9c56021c5d5bb73d5926b96147ca09f8169843f8c8105c0c42326d70bb6434b4a8cbd56955917e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d0c765aabfd53b9ce3b1e5ba3396037
SHA1 ee1139364f3b394c9bc5b8f8d52937392e077884
SHA256 e687a41e932d17024ad2e7f7641ad277fb09a7724a9e5c54e91974d973b3742e
SHA512 29b4244cecc97d642b77f5341103599c8169648a38e953cfcc1d82e0b576ecdd9e1e2f0a7364ef02246dc596fef1bff372de1e00f0793e0219c792d04f685fbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06d2f9435f0c22a04904eed193fb17b9
SHA1 8b4eff6345da70a5c5f083bc4d9d592fcf76c979
SHA256 e67cf0478224da1f127cbe0d1e3b9a7589c293469059df7080296e519b7b2651
SHA512 f0b32f8e4473cc2a8c582a593d1e78f282b64877b98113e219f1f382a9006bc5553ee8d6e1467c0d3bfa57603abe04ba8a0b20c711fd304bec534c3e3a0117b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b90a3299ba66cca7335bb7d1cb60eb6
SHA1 d63cb593381b161394ab1f77209465d462110f07
SHA256 3863bd42c3fa038b681549a9e362467a7e4656353f858ed210d3d07074b879f4
SHA512 b4f4d8caac376a82aa1f8f5f9e547c2e2ce12eb741a66cfc0fd7dd47d84b1f6c847a1a0d6b8584df1fec11cc6bef151fc20c5e77aa880d6f4aff1290feec61bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc1087e747a0c1f6c5d197626c53d5b2
SHA1 39032c3db711c80f367b323e18f80456845cc346
SHA256 6c1b25b72b37bac44f5e3379412a1eebdcf984e5779b3e04bed6b77438900777
SHA512 8588b7c5a5e7294ee72876154689684f4082bed7bf6d14a40bcab1eb919b0a8d56186416c2395be296bc419a43fbdc349dc790eb2fb4bc0a98d0c10fa3378f3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b32a979095ac8876da14bbbf2a239c4b
SHA1 5c83a234646bee1cf8b48a80ab03cc144bef18dd
SHA256 847c03f12ab6154404df516e3f9ce85f88904d5b02949f33d6ce5511366811aa
SHA512 710c299de2c9c7c7dbe78e85a5c5f171f162fbdcab7d68ea902e6d1ca74525646bf62047f07c7e572febd0e8f743a0db6f2769874e665adfdf0deab3f9f5ea75

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d00f6d002ae6851b12a9bb08d2776bf3
SHA1 18ec1d2b6ba14cd549afbd13425f84790104d4ce
SHA256 6229e7bd6f2de261169828178f2710fb6f6a4d1df93d584249864d5f9c6336d5
SHA512 cd3d5ac95f2c11e1c9842b0c4dc2fd84af3617d2d799022c9a2e96f5880e06c502e451ccd0ce99376f401788922081d501d0c2701234584151f2deaf3afd2727

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cb9adf6f6571c5ed216a558d318d691
SHA1 a5b7c378347e9524181824589bde1cfb82453f86
SHA256 0fdf66ac2c173f390c14261c13be42bf020f833a0f28140b1960ec0f93ff1c40
SHA512 b3d86bebaf7b2865a4e6ba9b35f21dcf29568bd4c0aea6f134f4db6aa8c2d75726c438acfe82120ca1efbf74cb71d583b95ec32f397a1c6692c0f43c3f79557e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 400de09e6bdb2d84c434cbe3c89c1bff
SHA1 d5f21f86000a96e91d402268776d19a610fe1856
SHA256 265d22c1aafe01ee16f21f40f57de21e5b430af9f4548edc46463acd40ce9208
SHA512 436264a1b2b85cfcda574fa6c76433d94b268df47342498d70d185a0c98a0dd53925b181a1cf721f0553b8878e7b1acd122e0c8156f411418e5a3d744a9b0dea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34648f5840e8f83a0f75134c601f5966
SHA1 567027bd0d733d05fa8e1b3d1ce6bcf12003c900
SHA256 fc6e4e689d4a5605e98e46a71aca5f5d6df9d28b6f2f73ee32b292187dc794be
SHA512 207b3275920f7085589e5130f1656d3fd752b385b71fc76858f6e2d069256c2c0dfaccb9f9db8efffa67d7b315c96dabd503c952b7d623cf12d3ab8821ac65b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc45668cfedddf38d306564431e942b1
SHA1 fce1d47251504c03622ea15584531ac284b1e9e5
SHA256 4cbcb8ae18c53e6184beda83be84d9709e718bc08808080eb695c413f4d97f7c
SHA512 d69d86f09725667feca56942cf47c88da088ea4bfac6e00b5658ebf75764d8050fa681e12c5c42160f70722e67177834f20d09f346aa2530060c51b52ebdd61e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51fa4c45d95f9dcd7a49f898d8d0d612
SHA1 71718984f0e4e8bd38d31269d4a16af7a955c272
SHA256 6a8281d912e2ed3a62980e8e2c5be69fbc7f2940c94df9f598486ad92d391f94
SHA512 161f4c1f0a20b0d0c24b0ed313af6a749efb629d6cc6e6fb1274b6b2ac35d2464c131f9ab0fe1aca42af0ae0101ae8911efeb3ec62a49c6b9220172673f54397

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 b298208f54fd48b2945ff103df3d077c
SHA1 fbb11e3ab5811f5d2dc0074c08a095b0cccc0237
SHA256 50db086c47bcdc68f3e07795c77583e881252fc17e0f1ee8c3840ee8f43e472b
SHA512 8a2e0b64cac4cd3f173847908d944703ad1858092318d8891ff7d3fdddf1961702302ae5d7c2ca9dc07c45e88d5008c77ccc559a992f26b09fb5920a975495a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 310a3bfcbcc37f9fbf0aaef8ba881caa
SHA1 c09ffec47042b25337940770ef421eebe27c26f6
SHA256 9ced5635c12d8c69a593928b2eef757c2fb3af6c75a5765d4c6cff67f5550cfd
SHA512 5234a257123b4981d7e2576bf37bd87f9880d7514492a443828c644dd6da1c2b609f35c1490d2f5ec2faddc319fe68b1cbfc499135a6e72eea2a75c54486b574

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51cbf56a238f9ea182e6efc985fc6228
SHA1 b43c00ae76b5644d25536635d5bb2feadd9cd9c2
SHA256 b9ceae959a3e4593e0d3535f8c83ae43593f802d3c0ed2d147aa07ec5a442c5b
SHA512 732aa17441b144055785ba9befcf471203be4c3aa1bc01739972ea25abc25ba8ac165fb4d2cfb444d3cee0bf1c4bcae29a45d1dba5f957eedd599c900c88d994

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 01:05

Reported

2024-06-02 01:07

Platform

win10v2004-20240508-en

Max time kernel

140s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c678410cd7c90a4ef893a9702ff555a_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c678410cd7c90a4ef893a9702ff555a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3880,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3836,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=3868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5260,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5292,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5436,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5840,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5876,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5612,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3164,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 13.107.6.158:443 business.bing.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 www.lunipi.com udp
US 8.8.8.8:53 www.lunipi.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
DE 91.195.240.19:80 www.lunipi.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 19.240.195.91.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

N/A