Malware Analysis Report

2025-04-14 00:16

Sample ID 240602-hh68zsea4z
Target 8d333a1dc2d98e8b95129e52daa3c22b_JaffaCakes118
SHA256 85588d38c80970411fefe40e21834cacd700bb6a234c8b74f45aeb2505666d92
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

85588d38c80970411fefe40e21834cacd700bb6a234c8b74f45aeb2505666d92

Threat Level: Shows suspicious behavior

The file 8d333a1dc2d98e8b95129e52daa3c22b_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary


Legitimate hosting services abused for malware hosting/C2

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-02 06:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-02 06:45

Reported

2024-06-02 06:47

Platform

win7-20240220-en

Max time kernel

121s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8d333a1dc2d98e8b95129e52daa3c22b_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f75f543046760640bd3a8be955c7a89700000000020000000000106600000001000020000000bfa669c1867a1eb08ecf0f463bb95f78e1173cfdff134dbdbf471a9b4d2232ef000000000e8000000002000020000000ede274e1692d62c61bd2070a1c5826ea5959a1f20600b0e5f71e2b3b34500606200000007665a07af7cde71842b4346ff6b2b6ad3c705473bb2e3dfe16fd4d97bac6a16c40000000a24c88d6b61c51e4f76103137c1d8111573e5a8c8a5719f35231bf9d32e77db4c834216bb05ead3e4ecc445c2389bc915d7111c2f767c880f2e385fc76883149 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0d79d84b8b4da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AD6FABC1-20AB-11EF-AAE3-46DB0C2B2B48} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423472587" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f75f543046760640bd3a8be955c7a897000000000200000000001066000000010000200000006ad8f904ada4f718d1ee0fdc75b2b6852ab8cfd61c54999b98755af4f624f33d000000000e8000000002000020000000de72a6fe6a411e06baea88ec51a4be02eab85dd1118a2703b14a9e7e20a3352c900000008440089ec65b0001faedfd774935d29deca9a4ce475f9466c136b4d2fb38e1cce964f49a80001b0dfce958c9850ce5ebcc0b872b75ba4f9dde4125eb66b03db04ae5297f5d838d4e4c2362e40f73e38cf1998024ffba822d3bc9b4d6cbbd8182a3b62ad03cf49c65a73e349bce975753a159dda357443f828fe5ba7a35ec17b0bb7b9de71a53e456a1f1f97f67fc324440000000cb6d38eac2fb706e62bc28bd1b460dd9bda92bed83cbfc2d37ce758853948e2de6c8f4a68923a3abddacf0385c8f7698ce09b392530fbac1daf5b0c0788c413c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\8d333a1dc2d98e8b95129e52daa3c22b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 quangphu.info udp
US 8.8.8.8:53 graph.facebook.com udp
GB 142.250.179.238:443 sites.google.com tcp
GB 163.70.151.23:443 graph.facebook.com tcp
GB 163.70.151.23:443 graph.facebook.com tcp
GB 142.250.179.238:443 sites.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab24D1.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar25B3.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd8830852137177c065aa3247aa89c77
SHA1 6bf4e91b5b5bcfd4cb91c87f329dfd6a702e2c89
SHA256 c02a01b01879e1ce3c588f9dde8f58027aa6ace97bfac343563f4855f9a7b92c
SHA512 9db44b7a361f1eb924090e4108421b8530be1557fbdf62869f189f24451a034380f404ab14e767313ef46965d08fed24a1745b6e2af3ddf6d31415b5cfda2524

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04e65c30b1005fd11a55de99a4e6eedf
SHA1 32e198e64d6a976f124ff4dfac06acd30482f893
SHA256 29577a64a6928f0cab1948b3c73ae2f3341a503d7853ef076d86307ed23a553e
SHA512 4e86c7ac344f923f8d6c442461816f6d23584cd1fc627030141b485e9e004a1cb6045a4573fd27f804d5cc9542d417339f1e01ede75d806b88fee6b610a98739

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c24c4de1e8c2f711acc849bdcb20ad58
SHA1 54e445d933ac30d9de2b7eaff3d0cb27339e7ee7
SHA256 7a4421bb567c6d22836df8e97c9ebc495013dff790da3e56f72377d38687c1ce
SHA512 df4e02dbc9814721bc896c7c9b782555b36bd8423aecb8c0fb29820db4bb54334a8493ca23863e56e47c4967fc4bb9a9f55141449085fe308c538bd408b61f25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 222d96621fd3b2f7caf9b9a9ba804be8
SHA1 68fff68d5862d1a22ed47da5c1ba7b6e4ceee8bd
SHA256 dd72270a20ced103e4b74b5ea8257ab52db970e739787dda5000b10de9b96685
SHA512 89eb5fc8d910c1cd6a359af582a4bb43abc11d4cb7b2f0fa4f5eb62f62df34c6c7748319286b40aeed30f755eb03dfccb20c6622e45d7e6dc75f398082c12cf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 edee2c69d0e920f79ec756c02ca152d0
SHA1 0d181486380862a14135dd910cd5a26cc97dfc65
SHA256 2224a7bc14addf081333355f4f1d95b6afc2369fcd0187b15403ab911e07e311
SHA512 fb409cb992f64513d30fa450b461307af6edf13a2d357af37148ef8198768bf5651b91f4bed673e8588ae904bb33f9893f210f4044324c5930a5cde64c896a54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6a2c878cc4f30bc1d7ced1e755b9100
SHA1 4a81927b561367f8e80210ee9b6a0edbb6384d3c
SHA256 2648a299c3295ba590facf4ad7d66d4e7cd03cf2d0434fe7e1d9babc0b759a3f
SHA512 05fd55773bd629576635c304a946fbda7b5f6aac2683633829d3aada0d6ca1b1e3b82a1b112529d118993567ac92f61c74b4cee4a2cc9a5dd3f7af745d901871

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22fc36ec767ff51726b0ef90cf983226
SHA1 2f00931ed272841fcb97d3ce62ecd5c7544f5df2
SHA256 a699ced3259146d0b5a7aefbf21284540d9c3fa0b301253dc0595d67dee54dac
SHA512 5e8aaab7e973cedf67b5ed116dd8418af6e59261d847f297edf44ca12113ee05c2243003919b9dd835d8e0c260451583ff936d05b703d9922babd93fbce7fcc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be1f9dead88c8042a29e9adeb09bc3d3
SHA1 9ed6fd469c85d2a4e659a77b397c800e166af7fd
SHA256 c8e65f775388f149b313fc83ae4b8553d182fabcff765da6eb6e6b84eec3835a
SHA512 4c47c37d059c5726eb944cd8bcd57b315e8100874b2c5b11c0c5481ebc1d4728341ddfad1fa3a0373a4a5c877571817c4e92b4258db6ee02681afb2d2c003ade

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c55569c3f41ceb46c0075734a9d877d
SHA1 fecba775fffd0406683f9dcc1f12ce8daca21b06
SHA256 da5b0e0faa2f2ac87d998e4f17594ec5521f7b91d42e0024dfa4f0723d272878
SHA512 d0ca540053f4d24951fd90ff58839d9dfe0d7a3b7e0a930663c3e8e56af71ea5a5a29ba9c3255ebc8116c8c55f40851bd722d176671941bf00b987f77675a6c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfbd1f326a956dde9c03fff96e3b2517
SHA1 c6b6818fa0c0e0c0cd05be9be0b13cd3055d5ad3
SHA256 e53875648445a26fb3bd5881676c55d871fab7ab7302a474c82f8904d71ab2b9
SHA512 c547e198fe3918baa2aa3dc12bf4bf68321a22a37a239329eb06a5070091d410cfc143a18d43b2e835d5922e7928b4a217c3256bf9c5bcc9e3a3fe67101ba5fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ad4430c918f4d2da070d337cd3708ab
SHA1 7be286bb30639e80b8b7652e78b3bab613e5de4a
SHA256 38166720881ed6d6c0c2d991d1b8486695ea1940952252467a0e56ba82563074
SHA512 3c93c69ccb3dc15a1971aac4c90c0a3eca8dd63a7b3a082f683b635a3287feeca92418ba5e4d9f9e23fe429061f26aa79cefefe3d0cc00dada4a5ef7b09b9c2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c86b8ef225352d98c538389d34e0dd6
SHA1 32c129c4773e40dfc4b09ef24933ba81d36be963
SHA256 78f2b085def2f3108070deae618dcb3357da3ded3d3f08f3b6605b450cd0f057
SHA512 f3a07233a5d1657a8b7c927bcb7f53f31600d4547f3d38671cd55e0a63c60ed3999d965c4e33357a0c3e92930e8b12a2d5f2dfaaf665062ca05b766cb8e8d449

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58595513882ed1910e86b207e887da68
SHA1 72e098edd5882d11781466e63c9bec4d568e9720
SHA256 c97d26fa8340298efca045fcc24c1418a3a43547eefbbc1d5d3e7aaa2eb5c535
SHA512 0e0f15c175c1458a0fd36ba2f806a077beaaae3748fed872a64d9baefded250ecd070b643479652c966c94c02a8126692957654b93a02eba89644f0df68ebad9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ccad3f10e2eb51bf15a3d63f987ff1c
SHA1 bc27c50b929fc9c7f1fe51d5cfc623ad6e01b642
SHA256 c33eb78bd48f5e52e72f98be17cc4db0098fa928d15ad76243d75c2889c94dbd
SHA512 c9f3b3bf9c0d07ae8314926a07f4fd632a41f9a74ace1f8fbecf7095a440bab44cd0e3ed1bf66f97df074545fe807ebf8a62360937d16e1c6a5be332044c55a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 5e80ef52dd7f190e76c256f96230a5da
SHA1 2b57564d188c672b45a1c754edbc5619594840d4
SHA256 b6456e16afa9e29144a535e460ce574184bd7d73411a494c27a4b14b0f369f92
SHA512 4e83a95400eafcb3fd5351e92aaad6605eba33481b63f7e18eb18844ded4ab80caad7a75d2ceeb9c117ff31a356e0c9545b943d4372975d8768a6f005ee54092

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7304dae9778aac0b0d93ce9484f8bd0
SHA1 f39d78c4456a6c47cfda58ae08ef44ab0f780413
SHA256 7df3c86c9f0edf6e8febaa33d5b657a0473dddcb047dae777b3721efeb812fb0
SHA512 ea36e0e859fb576e3538bc05d3515c237ea3136c4dfeef056f244eea528b91e31147da8526b11dc444471d1eb04b5eb22658e96c91212f7cdee6fe70604c51cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbd964ea4bcacf63333dd1cee384e18f
SHA1 22daa66e9643d11b9e136045145c532ac3dbd21b
SHA256 d53cca36e5aac02a156d255c795ace25aa6dd37505281adcef87a431f9d8a6c3
SHA512 d5be57b5a8617eed6ba560f90c76c9c449d00d409973f980a2403ebcbe1284413dafcb4094adca0bd7e5fb79312f8d6d038fdc253350e06d4b28da1fbf10072c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 011b3c77799932c55b656f40edb92728
SHA1 2af7d316308f14206236ab9a9c756f16312e5fd1
SHA256 d1a1b1dd1273ebe8528e710ea1a294d7cf40e92d711d086db156bdf31154afdd
SHA512 ea8ec04cd1d1db988548e3d1624b68ebb85d13e0fca75509d9dba2a189da5f9c8fb3ce30dce3aab9e5d3488a50f887828ca85da99240fbac554b36c52850c437

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 712ac40e62ba4859052793d74b132ce4
SHA1 decf1944cb3fc45d00156ef9775a451c80458c7c
SHA256 5e210b102eef91411b814f69760884c1ab0ed6500041197ba599b197fe593012
SHA512 60e30fee67380e77db3934b1d27853838631baf3d722c51b2312ad08661cf1468cf5601ee8d9c43a17fe9d13dab93f4bc6ef771c2f6e7a5683075de771054ec7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8459de73072f8fa9fbdefbb986a175a
SHA1 bc81eef58ead70b29cc656006cca4a699436546e
SHA256 aa8b8b7114d4900b1274f9ce89200616fe29a2f09fdc26bbed44288e0879d451
SHA512 07bd720dbdb7e42ad8481536f62807da70880a672e4d72ddf2d1aff6c6f88030698c2bcb4dc37fa3edbf8265ac8d9d2366879cea4245617c7851eecdbbe77a82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 55ff032e1c12ce7c5a988f3d4bf3df7b
SHA1 89f0324f078ee780e235e37b5452ae40aa7337dc
SHA256 eca1c4ab91630bec5a1b78312afc360748d37fe117899af19dbc7cb09d3c67cc
SHA512 390b8e8e9504fa585b37bedd8aaafceedbf42aa97a73a8fd0bbabca7e1bddb7c71e6a8f77494f127d09a5955c1b2a088a2071dd5b59e1d70aac774c285ac231d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32606ef69becab28d326e0fdc6d16fb3
SHA1 8556e245d9faa967a2d20989ae1318c94d96432b
SHA256 51651dd5fd12d7d8fd7099b4375c580bccf173dc8499b13b9d55e9b094220ccc
SHA512 ea75cf97d6261d87997341ff50e424f0a959bf7ff2e52f571c68fc2dfde2e67023f04fb4f8a7d7068c74967884ff8485609ac164a37956e0de6c47bac05c958c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3feefd39fae31582a5c8d0df2911426f
SHA1 604a9f0b7077349b41e8d9706a17cf76d82e8a17
SHA256 5235c2caaac487304c4b30887109f428ef0ce41389ed6f9ad0ae3864cae56ee1
SHA512 784c418f858e7aa66be5d381ba560368a101010a691bfdc63a4126f12ac4c19ad37392797d19b0fc0a084b84a757033147398c3cd432bdc26d72104ad303d7e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e02c198d02a256044e057093296fb5a
SHA1 f7c130ca980e1a69d2f5a433dcb2a7dbb573358c
SHA256 963063b43c7ca91ab692b0b53ee24d6ac562b3dec7c6d02ec3c43b0bc3517237
SHA512 e984b406e636a8c8e931a4b79a88a6451f9df37c315514eeef426f757189491c4325935dee368ef7bd2118083213d46c4c1052bf482e2f849737fd1340803741

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-02 06:45

Reported

2024-06-02 06:47

Platform

win10v2004-20240508-en

Max time kernel

134s

Max time network

138s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8d333a1dc2d98e8b95129e52daa3c22b_JaffaCakes118.html

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8d333a1dc2d98e8b95129e52daa3c22b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4140,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4112,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5288,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5448,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5468,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5300,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5724,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.140:443 bzib.nelreports.net tcp
US 8.8.8.8:53 graph.facebook.com udp
US 8.8.8.8:53 graph.facebook.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 sites.google.com udp
US 8.8.8.8:53 quangphu.info udp
US 8.8.8.8:53 quangphu.info udp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.151.23:443 graph.facebook.com udp
US 8.8.8.8:53 quangphu.info udp
GB 142.250.179.238:443 sites.google.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
GB 142.250.179.238:443 sites.google.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 23.151.70.163.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 163.70.151.21:445 connect.facebook.net tcp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
GB 163.70.151.21:139 connect.facebook.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 209.80.50.20.in-addr.arpa udp

Files

N/A