Malware Analysis Report

2025-06-16 07:12

Sample ID 240602-fh358abf9s
Target 8cf0278b8149f2085ac0c7665fe3b56e_JaffaCakes118
SHA256 2a89f408a48aa1e07b6dca0140cd726fb0f8e563be7e5e9e060649445bb645af
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

2a89f408a48aa1e07b6dca0140cd726fb0f8e563be7e5e9e060649445bb645af

Threat Level: No (potentially) malicious behavior was detected

The file 8cf0278b8149f2085ac0c7665fe3b56e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 04:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 04:53

Reported

2024-06-02 04:55

Platform

win7-20240221-en

Max time kernel

139s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8cf0278b8149f2085ac0c7665fe3b56e_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b08a35dda8b4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ed1e287e2e72a4fb3a8a96f865a9669000000000200000000001066000000010000200000007722fc9b0e4ad10d8c70d8e0726e80529949a360335750e0399e1339887296e0000000000e8000000002000020000000a3deb960572f58fcea5aed3e2b0e7073d073a86ef2729fb841d49021239fe6b6200000006d013450098dbdd49655fbf1185fcbda1c5ee29ac01130c0cc4da5be077485ea4000000028ea508ab40fc78d464ec2f47b99d5c4512b6bc17d166fc3ea49b66219f3dcce7194cf0346b302c9c8ff12e1b9ab535b8add0291976d10bc8b352dcc443c980f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008ed1e287e2e72a4fb3a8a96f865a966900000000020000000000106600000001000020000000420ac4251eac9f940fa52077ebc4437e8dd8675552e81a3a562408508881f83a000000000e800000000200002000000079daeffd41c1051c81722904ea7e47c8c5dd16d1873c1c56f4234b4666489a13900000003d8ff1cc322a8b03523c5cff974b339beaedfcb3228f4e3b4d857e75187d7f32b9db18d9fddcc4dabeb26f5644a944ebe4661a4647e23a7a7610542ebb27ae44636e2d30dd8948004bb8a2e3781403d445e8dc9082c34ed91d9128f5680cbec2855915c386096878dea8bebc982e99d8709d2ea7e7087d4eab297682a86e342a3dace3cff7b12b423c96be1b2fe72e7f40000000a1395a85ff210472b9e3ca33145e37774bd61e4c807a0f7cd58fda9a22a6af90fb846bddc41418bbe1ea6f16a36b30f74ae45b3365ce910d5ddb8534f732609b C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{08045781-209C-11EF-9C17-5E73522EB9B5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3452737119-3959686427-228443150-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423465867" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8cf0278b8149f2085ac0c7665fe3b56e_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 parking.parklogic.com udp
US 67.225.218.50:80 parking.parklogic.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 67.225.218.50:80 parking.parklogic.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.178.2:443 partner.googleadservices.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 ww1.aloporn.net udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 9a8a605e2534545ee9a2d49f16655f30
SHA1 5eafca24cd6a268bd669a9e14bcaa0c01b0b8be0
SHA256 a659633fc9c58e7ae41bbfd5012b9e3d8735c587cc48841099554b5eed6e3ea7
SHA512 2f6d9c0525a7873c7e6e84493cff4311ef679d62f841b70d3b2b41b3d7057cf6a7d25e7fbab1316a6d9d226034d5bb0ed2f14a8fa9a81262462ef1eaeade8f51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 859561ac96cd732fbbb4abf6956b8294
SHA1 2299116d685a98daaf345044e602244269a9f47a
SHA256 311c814f6f741eebe3ac5f99ced1fe760a955ebf9eb7bdcea04f0c60fc9881c0
SHA512 c808af64c7d1c6a8ccc514204a22cafa32f1795cb82ae60153c371b04c47f9570058d9dfe0fd3f210e1f0ff5808a6d0540d0fb78f0405a24ed733d311a1e420f

C:\Users\Admin\AppData\Local\Temp\Cab1A37.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5cd79288df945654346529eca5d044b6
SHA1 b196c43169eab1cf6bc2c8900481f46c964d7e05
SHA256 88a1be15fad946a1254f9e18e6a49fdbfa9b065f32c665e80b5c67f6e52e0dc8
SHA512 5792ad5541c5ad20a946ae4f8428a8d77fa87556ba7473782a9d37a6eaab348bac5798fdae8a82712ba231716d0c018997a54baf655eeb7a8211dbfe1d4e25fb

C:\Users\Admin\AppData\Local\Temp\Tar3268.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3377.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52100dee5bfacd24742ffe22d57fd037
SHA1 beff15cd361dca861d36b6fcc1fcbd9b4dc6fd84
SHA256 135d5a2e779aa94635b047043e7dccf3efdef3c52612b4400cbd97660dc808c3
SHA512 29246d6daf8456c80d7beaac519ebeaafa0255d26537c85f54495f94402b05082030e41adc6915a8bd5149ae957bbd9afcd7d19078d08014ec99ab0b08ea14b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7573357d2cb2a53fc0526c3e8a135d60
SHA1 e6520f229c95a23f78dcfc8a74fe4980d953ac54
SHA256 3fe7c074bc46b354eb69b82091facd04d4b7a707e475871794b3e1616257ba57
SHA512 7bad4f0d05199f008d6d59d58b2eaa0d90b7deaf00c73124624a28bbe8d9d6fe70a260136a9cc923fac9a9352f06a81970d951a6f8a40b43bf2c6f4450e92f73

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 feeaf8ca9372bf2fcb9f351378133f93
SHA1 52b055ea6ed6d71440afae45e477245b030245bb
SHA256 60167cad889b167b038c1a24fbfc23ab7620d2bb32694dd09facd39964b7b17b
SHA512 0e99590a5b9dfa6ad2d146435293c3899127c8f57de30bcba012e7291a0d1a3cc8b37b877b26f06c88c281f9e2bdbf71097bcabd0686f6f1cef43c9b6a47ccb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 304a2a9fd1da44003901b0a5340cb899
SHA1 345489aff1ff99a32f84bcee0f3b950b88e20eef
SHA256 10149300e6fcb14d657adb60e86fa1edc85d9fd30c11a7586e81157b453890f8
SHA512 f3269d8c32997acc3e7dc730194a096e913fabca658bead528e67c776a854eb0a9b7c6668f947ff55705ea4c157e52253dbd1f4be1daf5985cfe56fde59b8997

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 caaeb6f55a0b5518a6f86cce024d11ff
SHA1 cc0f0cf16d7ed93cf2497e602b2ca2332175d739
SHA256 1d29280a7a90f5ae31e3056dc86386c1ab848aced9c7f2dbbcabf32563026ccb
SHA512 5f6ca819b07412a97aaf0ec5428f1c9ed553487f944fcc04d98fad435a1540a12686e3924525d809c3eb88203b14cc8afbd623e025cdb6005d4ba1c739486787

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b79691fc65b0776371476a1980238ae6
SHA1 2dca314e8f9e4645b6030d391babf487241da5c6
SHA256 b7226788e2c5b828f06f2b47cdb3595ba461dacb01ff0e41d6a414aa81977c3e
SHA512 a2885fe86d85dfa776d1d1f24ba59642d882bde7ad329cfdc42b79926990d07762d39e65c9c9e49b51a5880335191f81303c328e62457b67fa13d0147b237609

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1763cda3fa6a26873460bc8235eed52e
SHA1 9b86c2471a38394fcfb7a47c5ca70576a73400c2
SHA256 518a69799c75d02b058fdfed82880fe62d6560267de939388205b3ebcca3c2cd
SHA512 dfc4cff247c8f6cc7d0c107054ad739940c8c6819838e69cb60e93424a1e58a4b0d51a8ae73b308f4647d9adc3efee472a9444005059509c26a98b211f7d5188

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20184b711724765de196284e04da61e5
SHA1 66e46dcebae4f3c2b94c4a3bf2bb5b1b85022dd9
SHA256 6bccfc9728bf8aca3f2c4f6bfe4b03a328033b8315a68dbb2daf41544d4f98fa
SHA512 37ef598e5fb6b2c98baa80c21318329891a5eb70d935416634dc93e16551a48bce1a98c55020c01e3709c32c5756ca6e1fe108842a04dbd40c51e0187545b929

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14ece26ebf3bce76fd072af56b2185dc
SHA1 1ddb4644c1867991477cec7b71e1c7a9c457c7e7
SHA256 5ce59a2aaf5e1871e8342e02b26a971265575c779d7ac5cb569bdc09028c9a10
SHA512 fe7abcc19b5a1f31dd3369e6dceafcb8fa1f31b070b956c97953739970cb473c4755cfd1b91949a04c017c937503dd3d400d2bc3261f46f5f4a2da4f40154b09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 2245f662036059c5372f9f002a6cdd8b
SHA1 b9dfff3d06a96da997b7164572fad314cbdbff6d
SHA256 c2d8d8a175d389b72b6b85154ddf53d9489dc860f03febb869ff33407f3711e5
SHA512 e83468593d49d77ef64c4313dbc0b3028e86ff257f5f95dc8c598b3f8f3e7ae29483edf2301353b1e7c636224d71156663204b9253f7c2ae3ecff9d194c7c6a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 573650726a5e45d0777242eec6b972b6
SHA1 8d5c994981af05808c71e7edc52c492d7981276a
SHA256 8fd356437e7fa3bd35c2f5af20919b1e03db0dd50288948acacc78b0cbe00abe
SHA512 87fb678b7a6ef7939e700ca2a31908ea88c8e5e0b36198f908e188eacba42298509e7edf4bac55633901bfbbea0e9ea573b936dad4d457786d59b73ddcecbf35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 978b78830cb5d06eac39a0dafb2117e8
SHA1 2b1cd953c0d1ed94aa01b4124ff71b1ef0c0635d
SHA256 12019b49c959a216445d1935f658c0c43379b077a81c9f4a7bd576b0f5e55a19
SHA512 b6bcb02949334e985602fd38c7228dcda6e33a54c4b693be1f8e5154df7b14e0a43940db9f9897a7f183443d3c76ba807305a2cd8705bf96b48644ef9e219742

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f11b4c310f5a6dba699d5a4c4be233b6
SHA1 181be55816f0b3ff91917d73c846c68861a49b5e
SHA256 5376bef434e92295c5208026ae0b4795cea7c008176fb1edbfeff230d0b93574
SHA512 86004ff0f700a41e9c1716a922c684512854dae9180bf1275637dd9d9d3f619b438c305ae89878803aece7abf1834a4b84e9df7316bc27124d1d15d001675946

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f855c9f2ffb96026ff661ee43b80d20
SHA1 150420c3a47b6814e9f7b8aa76be14d4f49c38ad
SHA256 e10c766b72d426b2398bc96692b8b3b329e90ad9101c0a6b0f6ff0cb78e85001
SHA512 a8baf2e8638aed701d4a8620301e868493d1a60cd347a72aa540c9e6feca2f20261bb04ed41e2e4ce0ec42298006ee09e4f8105baa24f16bb1f550e1dd086fcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7194ebaad2514d1cbbcd33cdd1ba1fb3
SHA1 5e1f6e8990909a606118b575819033392eb2f9bf
SHA256 32e20fcf8d9d561a273591d0e75d5b560a32af240c01b3662a743bb8a54426ed
SHA512 7eeb35ee4d98e4081e9a5f4fe71a2c0cf0e0726df0b754332f0b4604eac687b90f8af6bf5f90c32f2f0331af00a3a207c02a4a3622675ea53092977997c74ec7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 886ed124cd7a4e4bafc24afb875a3be8
SHA1 23529153279fc3e143dbecbc91a4979f35791383
SHA256 e526d45b8dad46dff976b4d411b63d773123f78ce1c1bb490c60324058e7b1a6
SHA512 0b173c55f24ab4d791e8837ee316e77e53eb01e56a1d0575cd1099c9d9827e457847a531f20baceb11743a920db57a7031e8f63089abcd1261791a4742409f14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 2caa7d211c27029c102f67932149b523
SHA1 0b096ea6841638434e6f1808ad196e905bd4f989
SHA256 68fbc30a6601610ca6d311c497a181bfd5a4727c4baa5be9460fe3556ba28525
SHA512 6c1c3464e9fda3f442882804091c4a359c0a31e3e25a1bb1a5154484a5e970abba82a7bab59fa66b16ece2030bbb0b583a2255a649e730bca736346fbc9334d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ae9de25c160cca75e7604c9822253b7
SHA1 614388a85cac7fe72463d6a207b0ad6973e78d3a
SHA256 99c25a6144516f0816d6dae813eabe3ee89d6191169bfebf5db8f3198df0e3e9
SHA512 cd0cdeac88566b8a9eb5a4b3b7a42aa8af70dfa36222e5f37eb83289405759377f73215329e8ea3b86e2c96d6a440d2df3d9d67e59914421e37f5236544a6758

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66350e6e7d4ec6f16ece7f5d6a25a5c6
SHA1 935d6891d2bb9e4e9474018f8f7752dea7769316
SHA256 d580a46f368114b695d88d3845a07103c607ac2b29f7159fa53a6a94ac89de71
SHA512 2391a8d194ee223a0cab56cd534b95e8fa1c8fb5dbc8b7a784da32a8aebfdb9cdcddd9bbf98c25f7baae806b903722e13470fffc7b2138b614bef72fcdc9ff15

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 04:53

Reported

2024-06-02 04:55

Platform

win10v2004-20240226-en

Max time kernel

145s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8cf0278b8149f2085ac0c7665fe3b56e_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8cf0278b8149f2085ac0c7665fe3b56e_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4620 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5760 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5368 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5532 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4116 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6004 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 parking.parklogic.com udp
US 8.8.8.8:53 parking.parklogic.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
BE 23.55.97.181:443 www.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 parking.parklogic.com udp
US 8.8.8.8:53 parking.parklogic.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 67.225.218.50:80 parking.parklogic.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 50.218.225.67.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 ww1.aloporn.net udp
US 8.8.8.8:53 ww1.aloporn.net udp
US 8.8.8.8:53 ww1.aloporn.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 ww1.aloporn.net udp
US 8.8.8.8:53 ww1.aloporn.net udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.21:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 13.107.253.64:443 tcp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 25.140.123.92.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.179.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 205.201.50.20.in-addr.arpa udp

Files

N/A