Malware Analysis Report

2025-04-14 02:36

Sample ID 240603-j12xnaaa64
Target 91104c8c055814025febc82ee5539357_JaffaCakes118
SHA256 b8f0eff623b203f6c8fa507e2baf856e7c66fd2de98e805e2d6a98f53f73e39b
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b8f0eff623b203f6c8fa507e2baf856e7c66fd2de98e805e2d6a98f53f73e39b

Threat Level: No (potentially) malicious behavior was detected

The file 91104c8c055814025febc82ee5539357_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:08

Reported

2024-06-03 08:11

Platform

win7-20240508-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91104c8c055814025febc82ee5539357_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000002e09edcbce119d5ddb5c55d32e86afce3792560faea9c473a0b74df78b51e092000000000e80000000020000200000003e27d36602e0f8bcad608cbdc6f5f6dc283ebff3f2026ce13a31ad9f92b125f120000000a5af15169ebe49d9ae8d343a3bba8c8ee1be54ad1d9622520aa98a2c89652a0440000000beed46407bb159a85ac470e66b129ead48f97b6e1dd0b5e23db6fb6502e0a16891ba5aebe1b06be4c9b09b3bbd88e679cc65c2a8a956fa43fcd27c0fd8d2311e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8803ED81-2180-11EF-B0DE-E64BF8A7A69F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423564006" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a23000000000200000000001066000000010000200000009dbc2f2e425baf93599e015c21177829951ebad8a5461d0f8f330a0d12569e84000000000e8000000002000020000000edd79b4dabd6d4bbd201f2fb0a11eb0a143d14173f554743d3964941ad811fab90000000cfbdc9689e2c2d50a3fc23ec117d4d201b81837bf2643eb266c2ee3ea7886a537e707b2d8d70982d3dd5bb789209ed67e7ed30c1c7d78941fc68621c2a7eb36552bbec58f909e4bbeb052e4ae9bf167ede5ab6a51cf2edd6022e6923b606b55b18ea55fc7dfcc5f50a5f41474927fb681c3644811001a245e95fc18d2c89e4b48e90dc14da7735e7721068efda4b3366400000009c52b5b84559afff3b539c4f9cbea7bb8929be936507a0fccac69791ead45851dc728abb5a087083a287135cdd296efb7d351f29253f29631292840a128df749 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d044b95d8db5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91104c8c055814025febc82ee5539357_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1780 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 f1.as.readspeaker.com udp
US 8.8.8.8:53 www.paaet.edu.kw udp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 185.78.175.253:80 f1.as.readspeaker.com tcp
US 185.78.175.253:80 f1.as.readspeaker.com tcp
KW 196.1.70.163:80 www.paaet.edu.kw tcp
KW 196.1.70.163:80 www.paaet.edu.kw tcp
US 185.78.175.253:80 f1.as.readspeaker.com tcp
US 185.78.175.253:80 f1.as.readspeaker.com tcp
US 8.8.8.8:53 e.paaet.edu.kw udp
KW 196.1.70.124:443 e.paaet.edu.kw tcp
KW 196.1.70.124:443 e.paaet.edu.kw tcp
US 185.78.175.253:80 f1.as.readspeaker.com tcp
US 185.78.175.253:80 f1.as.readspeaker.com tcp
US 8.8.8.8:53 cacerts.geotrust.com udp
US 8.8.8.8:53 cacerts.geotrust.com udp
SE 192.229.221.95:80 cacerts.geotrust.com tcp
SE 192.229.221.95:80 cacerts.geotrust.com tcp
KW 196.1.70.124:443 e.paaet.edu.kw tcp
KW 196.1.70.124:443 e.paaet.edu.kw tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1C48.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6168e53398c0744759e2f07095cf60b
SHA1 ffceb3cb0edacf3d0df60d42a4ad9508c52716e0
SHA256 e4f7e25362d28ead6274b12f44bab8bd8673ac8d4375c56e3558a2d369fcffec
SHA512 b2f49044da73cf3f658e19a45c30a195b87eb8525ab46a36fa1bfef94bb8f3225f5db9f39d8c7da697a5b9adcc3d68c07b49f5fcec1a9cf658662a3cbc4fd237

C:\Users\Admin\AppData\Local\Temp\Tar1E7E.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\Cab1EEE.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1F03.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c747436f83f669343b1f9e902898ed7
SHA1 c38f5b0328b470c69aff3402176a36971e6f90ba
SHA256 5be7405d71a92eb9961e628589cf8c60a328f2a65c41fc0ad56f13c73a7fda80
SHA512 eccb5c95e3938a2e0c84cde830dc7da9ff844cd2ee3a8121d7c214710dbac3d7c4be229f509281fb1309091c05f8aabf9633cc2691265676f975ced1b247213b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c52503b2c92e70a82e17a839299ffcab
SHA1 dbedb7793862aefb7d986242593097f7c2810929
SHA256 b6274ffa91a88e121986fb6146a5f757b6faf0859ae827916e68d40a0826b302
SHA512 14ac6712181c0185e24c3c9979e75777e23f126913f4d3c9047c628ddc93f6952e00eb1e24e59d42d32d42302691209cec117910e426a38e9be1860d09f49db8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8e133db3704391286c21e12d26c91d5
SHA1 642a0c887982e617764b628323fe8f45410ff3fb
SHA256 a1a5fd0db4aafef2e401a84e8f36982fd51b09235b5582c3d37754620001dc6b
SHA512 1cf2e6ceca05c6ffb5da5e00edabef08be71232a1a956981390009f8ec277a793fe27f88e69c72eee62606f6105e900981d11d2a77ec6c72a62ee5e9035c2503

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 069aa575cd4fbb0cb960e8f544a9db56
SHA1 262855b779e6d9eb28399bacc373f751dc762f62
SHA256 94ef299e1b34f61ac4e39153d8e281080d86dc693efbc41cf7118badfff6ca82
SHA512 e8e6a491200b69b8f51c2122c03c05a4faa1f77548c3180d6d9107b7f1ad34d072a1a665a103c0dab62938b56a5e2a399080e3146a1bb22b7201f4e74296350c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9239D53CD30E1801AC20F5E85AC9D519

MD5 05ee9c2ac66f75d964ac5f1a3c7de75d
SHA1 8b3c5b9b867d4be46d1cb5a01d45d67dc8e94082
SHA256 c06e307f7cfc1d32fa72a4c033c87b90019af216f0775d64978a2eca6c8a230e
SHA512 5d58f8efeeb6e87ed161a10ede36f1842642f362566f2a7687cd69ad0f586c43790cef444ba71a1f37eac234b728d956aa094f3033abd34839600652b5f48978

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a04aaa6a2a259ba5ddd96e5796337f73
SHA1 8d1186c2ddce8a6a9e59ce24f7669844f536ec1f
SHA256 ff9ffce352386cdbf64763d663cc8aebd4a2c60e9935e4c8e1258fd0297128ae
SHA512 f5e0994eae5b8615948159d8ba29da08b738a0830175d264fdbbb0d84ec449500852be16bb46418fa85d455c5fe48bdfc1c67a148f8011b83c3e9d060197af56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9239D53CD30E1801AC20F5E85AC9D519

MD5 c9c752e496072f7c0ab0684f7f28078e
SHA1 439b9f139e5eb3fe33fd715ab0443c8130c26f17
SHA256 de6d7a7e02373f2191a1c7b25c3b6bfc0acd49fc727901558057ff40b341f187
SHA512 1b30f601ae347411d334cf0f6c2e649a81d0e985f6d6205f5a894e51414fcf33bb9a6982424aca9aa5a80f07bb094b83e6b6f89d0c8f0b05be59e4196869a804

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32cf89df23b9bf5445bace53e82e22b1
SHA1 089a721eaec1bb781190f1a5a80f676944360753
SHA256 baec2e19612189e85c0adf4d4321547de2859947a9077ae443ff5203b5d9de20
SHA512 407f3dcdf08da01dbc69fedd0d628dd33d0c678a036b73ccfff1722e20e79fa383ecb4afc84694c6dc65d122996285577d34a6b0218f0aab42db61e81a73c78d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99e9698276103e15b4e193bf97fd7c28
SHA1 7c2ef5341a776ba7c508b480d028572e6b46567d
SHA256 96017192d199b1ad6c10e0a0fec0036da9036d7b4dfb3f54df8ed96f9c35bcce
SHA512 67f4b4df93598eecd92f99c99c1069070cc0ae4e686691f32024e7e72bb025c307fa3c1d80a53269cab357d879cb98baec4d99d531b7c9a19eb118a6d61c0d06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfbdb6823c581ee7274b3c8100051e0b
SHA1 b1e3754cbfd853dd9306251f565dfc1548257d75
SHA256 078038e50cc00d8b091f5b1300920fdeb9abce9d5b924ba25dd293c28c0246b7
SHA512 ed5f35538e51a692db2e92767e98568f20e9e4b80d0f2124d5679b754ef4cf98025ff24de618adcf70e5e1ea2d086c08cbc222ab4b9ceb4a6825a3b2561f6ef7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8da6412aa840135ea9385e9c4420efba
SHA1 0a84dd7d9103144414e5d31f4b0c171f0cc76e67
SHA256 6877552d1aea6b3c27388dcfcc25fa3ffd511b8d497d7f2cdccbe85b468ec328
SHA512 b2e94dcd1d2d5f7abd7f693d2254145351a2f22f575c2055f275be2bd47d2ae50d0ba91332670f87ba061913fd90436d886461f04b88f3217df07290709a5312

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfea8f5f819a37a57e57a69a9cf62fea
SHA1 b16a37c2b69a8ccf3fa18331635640d641cae311
SHA256 5375ac74cebb41947a92a402fd50e6e7be2f21658481a43ab0b0737aed11c305
SHA512 aa5c57ba25a62b434df6bf7ee622e370c62f75bf6932008b4949af542df4be36846ae6381f892e2191aa6fb4f0ac560cba0e0c8ac4ecfe81b2e88cc757862d0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abfdf565ed9571c05ad47bcfb8b49a40
SHA1 bd05086d780aac4690ede28cd73744454bd1d1be
SHA256 42822612051960a10c15e9ac61193847f564e3cf27345a2bf5488e7005b391a6
SHA512 aee66574c11065766bc5e6a9489e2d491b05b11728859e4e577dd25504a5053a9b70f7f6ece3e3dcc6f004b5fa03bc6ba57a7d387bbf118df46bd41f3701e4ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4c650e3276db2438e02097725da1bee
SHA1 09585f3e84f178bd04d51010a5c0012f553ff5c4
SHA256 93fcb981962832d958d32958602642f13eb32212a142b3749d35436b9120748f
SHA512 b1006dcf24a4342a7d223e2b3ef79f9905650b2eeab6e48c42e9ec9d7e9ff28a26b28ac7ac05ccbfc6feb18637a4cc4d6d4579e702be2a20894beedaeaba9a30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d65e62e5ce2a13be1aeb0b02832c3e9b
SHA1 5075fb325a937675c18f35214345d2bd9fd1cd50
SHA256 db4c1682ebc8046ef62e0b26df0f2a0bd437edf7ec100e47b6d932fbb8858abf
SHA512 7b0ff9b287f3c440d5900c5428293f8563b73f64614979e5c2a97787c93f081c7b12c565ddf386a4c2026d83aff1c657b9d22a5f84242458aae5c60537db5243

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72f76b64129aaca311c655e0ceb72075
SHA1 8b4881e9659c423be896f959afe874254d68e92e
SHA256 ff68779e206e3177e01d432259c9f630607699022e45099ee36d106a74f79024
SHA512 b0f1eaf34472a4b1b3193ec641085b2313efa8381e4610991575583420c8250898c2aa82fab67ca7fd809ebfdd17a57105eade15175295fc5fc613b194914d4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64b71b5188ceda48ed79c10e7bbcbdfc
SHA1 611beb09882a08057694ea0ba10d6bed08e39198
SHA256 062b143a23fa3da19161ff7fe787bc2e9294af6f8c5bba1cfbba859b58bd283b
SHA512 2061195ebf9cb723e10d1f3c44f452a01d167ec7e5adb3683e73a24ba1b934b8b23762d46f4c4e488724022e59c337dddc324bcf3e6b274879154fe5242091cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bd75181b421d55101377a905654a525
SHA1 aa363e2fd6ae7ca99a3ecaff6c6e677b268c456a
SHA256 e351559e72ab08cefc86f860a4d592a5b73102dc0701493c5d2fbe504c26776c
SHA512 9a9a528968902915aa07ac57c6e5aea2660d6e2575e7578a623cf060b2cc20988b792b2e58c95d8c81d6fd487fc6a335aa692cc928ca50fad01b70ed888fa331

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1651ae22d2f9e2dea25bc05ecc662ff2
SHA1 81c06d670d6b1fe7cb7aeebe260447c53afb35d3
SHA256 6c1cf6154b32ee636a3ab257e96622c51fae3c3bda26c2a33d050dab73cbe915
SHA512 20073b6c0a6c3c69ddd6d9e3915569a114d3e52aa25f1671d3cad79b607d9b4d642178ff8b0dc1adb14b1288fe54071a96f868760efee163dbfc8e0e3b69303a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96f5b31bf59857c67b37ea4747cba042
SHA1 e9b783c4dc3ebe6011a97e367cc429ea07ece877
SHA256 902e6fb3d5776c3f865fb274094b1bdb16da268af34cb789e6fbf33bdfefd549
SHA512 a3d041d51b31a99d69c8bf5c409eadf2cf4c817a1b5fb6bbf0a083d25baccb08494c3390dc3faa01f1496d0e71056eb0b5f462881bd5f32cf753a24d02e1a6e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 37d4282e10ff9c5246bcaef4be4e9b98
SHA1 9630a910e7ef3af1d4226c7395455db6efb3c4f9
SHA256 3c4a168c27fd15ad86aaff8e7c0d6071c71bb4bb4f409949f8cc1363316b2cba
SHA512 54a33eb0604b19ed3a556ec9384714dcd64c83bcff34cb8f7fb858fafbf3f7cfd1da65f75cb23fbb29f1af622c459c4ea21233d1886a6ad6543fcb842b36f48d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e215cbb0808b2cd7d758f0f69287e6b
SHA1 3e5df530aaf0523e50213cfc6014be08f1d6010e
SHA256 5907cd7fef849919ab4bb9a2f210f63e982de1af83300a245d998a4530b2f9ca
SHA512 d4e9f740ad1e883a40f5402f5934deec5e01f141c2a734405bf70b96d8ab9940a44dcf1a4a03633c9b8d00e2a6265353b7f3969c5af1d1520327aeceaa830364

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 001e5e8f80f0e6896fc11c1eb053b9e5
SHA1 f7525705014595b310fde47d97480d5e040536ce
SHA256 474051c5170f91df7f34d56ba3cd03fd583aa50d0fcc13bafa1839f694ad4134
SHA512 770918e110b4fc84ffd8f50c4783706807254e9f1c63a0fd33d1f518fad72d1602de6a5dcbd7d9eaba250145224cfdad07507146d146112153268e1a7c12e5cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5fba2dfb8ce3afae66d2c8ac4128110
SHA1 a5b6443abe818468ea8d4f54def58671ed11ed8f
SHA256 07c6660ab23c7c4950e7aeb9fc131c2153ae4d10f1e2e1b52f374a2a55bf71eb
SHA512 04c9b2988991435a05bf7384b73924db5a318f622b87cd68da452e2d15e5a8bf853b543d2fe72f1d28fd3749833038687d74e2c1a03c9eb41440b7b0a1633e85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe08236f9e325b887bb62ffc2d6702b5
SHA1 cf20c2b2a5dffed6eb25fbc77ef783669449844c
SHA256 9bf14354db9008348172df6e1518a126b21d7c3f6ba0c5ec50f21eeb17717a71
SHA512 e837ef26eb1b85204aff7c369c12ece66aeea553828f629c4124c6f0024309e7e2ba1eec125f5dc5b6c025d34c09db80b4639e0caa8bb0fe98dc1abc42a78572

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4aafe089ddfa67008a2f734956d77674
SHA1 9d4427e414e309d484d60715dea4bcc088f5fe58
SHA256 bc32d4768acc160ff2e95fe9e28425a5160fba1c2adf006118704a832679d7f8
SHA512 a4c04253bf6566700ce07936899ea90d40e8adc860ab0a2ac041f3e5d3b451d8e3f6f82d2eb65b65dea9267710be76c8a41dafa8c99a49554243679900129540

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6422174cf8cf1d79eae0fa4a695598d1
SHA1 ec5c116c3ee4f941144f059d61d50afac957a08b
SHA256 2d2c123024053d07cbc364ecf434815be50d8665b5ce5c8a5f106f95fc3dd0dd
SHA512 0458db9d99614370c93edf2bcc7802660d3f122511bb955e092662ca896582de6db0b538a73f6539de2edb50f27a377518a8c4b7a360ac81a47594494bb6b13a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20b288227148d2e04206cbb2e1e911aa
SHA1 beab37191bbb858b211ab5edf3d2b7cceaa3192e
SHA256 61999d7d956deff7cb9cb6e5f432e2afdf38a5241bc819041f27559bfa92dc6e
SHA512 001cbff24e32f593ac96c8c5f2228e28ccc64f077719dad1c897a96e9f2ce9b37c9bc48dfec6cb703e6f2cf8fd671cb6007be9e6a0110cb47d550f078dbf95bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0aa979d244d97182d98a1b6b9e5b1677
SHA1 598aa0538eea26fb29e9e11ed34df3cd107704a1
SHA256 b547380fc19430ff106074e1493eb7119e10f3a6107ceec3d7edb6e67f7e4f36
SHA512 b5b32643783f55342ee70a9c0006efd5cf51b377b3ecbb8399a9bbcb6f1560508670b4ba44aa5efdd6481c5b19a2314b4554a01ee12ffce4775af565b5fdf37c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49df56f56eba4b6e554002c9af891a7f
SHA1 8831a8a94b40ae2c8aacf3c17d5547fe73f63a5c
SHA256 39b5f0db92679c65588e67b46de351bfd2e4af0b9da1327c6cc9a2fc38d6ed3b
SHA512 5969ab1f5c694d4b6c85cd732d3b3893b6f80472cc7ff798279db65f692f920c14927a8847f8633686d2d30337db7493be83e91f176abc26d18425cd59da751e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 525a7df2e3eb46e6573f06230ebcad9a
SHA1 a44dd5aa29726ea55430459803047039c63c9e84
SHA256 e2dfe17fe65dfcffc906b0fee71dcf5b09ad4a49b72929cae69d13ab2e67da38
SHA512 dca6791d59552bc2d704a75e34b1a0d607e63ed23a183b11699928e151e9fdaee76bc5c9a3b26e45dde2d87f97d49c51c809a8deee9237c4192b5018bf58c062

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a7c0a8048005175f80a69f327b6357a
SHA1 01483ddd8158f7d21c8db9d9e6ec34c331308cad
SHA256 e417c48d2a913cfe6f8e3fa975b652599a0c4f20ed68e609cfbdcfaaf8699702
SHA512 1208c2699dbe50db5ca2f901f13fe2f29c780c728b9abe2642bce5b5de9987de3949d12bc5325821a0176f08f9a0855f6e368a209407e2274c62ec9e506836b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e19af40fca7e0058484a902e5dfac7b
SHA1 6918c6b903e7e92773a2adc5af25dbbe63fdebc7
SHA256 8caf7ec8a64dd25cd95c815e46f074f5aca7adbf5a63ac92363d3087d4d142e1
SHA512 a07cfb4b232725e3ced08286d5c6b9b9b5034022cfd3321752fb03a9897309e5856b96bfda767709399e81f00fa182bbd05728584b7ed4f29f38b8ec0c009dd5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:08

Reported

2024-06-03 08:11

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91104c8c055814025febc82ee5539357_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91104c8c055814025febc82ee5539357_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3820 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4508 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4752 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3296 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5488 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 8.8.8.8:53 f1.as.readspeaker.com udp
US 8.8.8.8:53 f1.as.readspeaker.com udp
US 8.8.8.8:53 www.paaet.edu.kw udp
US 8.8.8.8:53 www.paaet.edu.kw udp
US 185.78.175.253:80 f1.as.readspeaker.com tcp
US 8.8.8.8:53 www.microsoft.com udp
KW 196.1.70.163:80 www.paaet.edu.kw tcp
KW 196.1.70.163:80 www.paaet.edu.kw tcp
KW 196.1.70.163:80 www.paaet.edu.kw tcp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 e.paaet.edu.kw udp
US 8.8.8.8:53 e.paaet.edu.kw udp
US 185.78.175.253:80 f1.as.readspeaker.com tcp
US 185.78.175.253:80 f1.as.readspeaker.com tcp
US 185.78.175.253:80 f1.as.readspeaker.com tcp
KW 196.1.70.124:443 e.paaet.edu.kw tcp
US 8.8.8.8:53 cacerts.geotrust.com udp
US 8.8.8.8:53 cacerts.geotrust.com udp
SE 192.229.221.95:80 cacerts.geotrust.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 253.175.78.185.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 163.70.1.196.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 124.70.1.196.in-addr.arpa udp
US 185.78.175.253:80 f1.as.readspeaker.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 185.78.175.253:80 f1.as.readspeaker.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
KW 196.1.70.124:443 e.paaet.edu.kw tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
GB 142.250.187.234:443 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
NL 23.62.61.88:443 www.bing.com tcp
US 8.8.8.8:53 88.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
NL 23.62.61.137:443 www.bing.com tcp
US 8.8.8.8:53 137.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp

Files

N/A