Malware Analysis Report

2025-04-14 02:37

Sample ID 240603-jwzlqsgf5z
Target 910a7f175dcae689d2474683924faadf_JaffaCakes118
SHA256 533ecf4dd21abaec40f703a401f6cd93e5155c85b343946cbff44966fae95fef
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

533ecf4dd21abaec40f703a401f6cd93e5155c85b343946cbff44966fae95fef

Threat Level: No (potentially) malicious behavior was detected

The file 910a7f175dcae689d2474683924faadf_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:01

Reported

2024-06-03 08:04

Platform

win7-20240221-en

Max time kernel

142s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910a7f175dcae689d2474683924faadf_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{88569EA1-217F-11EF-9DC0-D20227E6D795} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006a9820ad4987544ca8dd9549ffefe94500000000020000000000106600000001000020000000f268b102e522d616a553926607d02097fdec6fcd156c212254699fb304b4053d000000000e8000000002000020000000c2808ad10117e7e5a2c69d17c68ddb117911111adc2a102c4226cb8379a691df9000000053b4969859f9478ce8ad03c99075def1b482b7d20abcd8ef09b0bae1e63ea02463514868159c6e7c5a7297cf95f2493798872a718852a3f6723a2c7f2a610fe94713ee0488cc92639d25d412e6c43fb74a650db803904f567d4dfaa2a1c3044a66479f243e50829da852b140a25135a8ff6c9bb43d68f220233aad2e77add040c56050d3d24da7eba85634f452181590400000007b5e53ce9562999375c9cace4999745e9a34e22ab2c6e51129a9661d132d85c7cd6f24c13e2227f554e43c2785054366e2dfcab0f185d2db51c4cc4a753eb6e3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563579" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006a9820ad4987544ca8dd9549ffefe945000000000200000000001066000000010000200000004747b416fed84e7c0c3ba9354f844a44e2737dbd0f4ff3aa947496a272b751e1000000000e8000000002000020000000ddaab871a55b177d6c943cd4968742936928924f0da53e48d902a050a9083dc420000000d481a4191590f95caa5dec19a63b75506b6efa2e948217a8260a3f2ee8cac18a4000000068f52a9f4f6ac75abaa47c66bed7e7dde06ef30a47c28ab596147a9a8db0973fa58675586272cce84e0e139459e64750c688a021fa0b56519ba90075ac359a78 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f051d35d8cb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910a7f175dcae689d2474683924faadf_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2684 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 parking.parklogic.com udp
US 8.8.8.8:53 img.sedoparking.com udp
GB 142.250.187.196:80 www.google.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 67.225.218.50:80 parking.parklogic.com tcp
US 67.225.218.50:80 parking.parklogic.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 67.225.218.50:80 parking.parklogic.com tcp
US 67.225.218.50:80 parking.parklogic.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.178.2:443 partner.googleadservices.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 ww1.planetsuzyhd.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a452d2d319f5c3384248999f0c24f8a
SHA1 4243ef49d1ea255e76993169ecbb72f2ac73831f
SHA256 154a5d9469efffe2a7530f03777cb63619f3c33b235fe6a41a6db9c107b73488
SHA512 3d890a3db0bdc7e913fcdcbcdfd5d50145a2ae31327416b13b1218b42e037d94f0fc3b6e0f9cf7a1aa6a826f72036341e19c30a26a22af279703d82f0317747e

C:\Users\Admin\AppData\Local\Temp\Cab4D86.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar4D87.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar4E68.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce482673ce3fa32f9da35c889ad6fe0f
SHA1 dac5aeefed8aa7a2c65613bc1e235a08ae983c1a
SHA256 54ca2b22ff9abd60d5306e32f73eeb1c343f59fc386b60b4dc6dec72eeda564a
SHA512 2535f01c2798a02dc38279133207f96123b68d0976975fe8163a30a218b8bedb8e2c9b0f3039190aef8704fb85617704b57f56a14bd8f0ded13d09729a34a431

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ee109ca13b74fbfce36bf07696a808c
SHA1 f3c8d6c86c3eb5da9c9ceeaf5b7672fb4d068951
SHA256 29092182b42753aa896875752507dc99eb791302400a2518b736e3e8f7df4e7c
SHA512 66d1893f24eaf9cdefed85f73f5d7f30976fbf42914afaf481812b8f972f74c9abcefcdf7203ede48d9200ef03dc667faa52e718132b7ff2259938b0cb3f9afb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa90900c91ce31877615756d38b96858
SHA1 4813063ca1e40ee27b04d64de46d789b2a42f1d5
SHA256 600a049212d670bd3e67d8777e174f53c6f90b6ecae0717190a2e14ff6e33626
SHA512 931ac394e0d37183797e596d413b0acb6d4af3a5514fe3f1c968455e0e5c278bce938c176bf14d1abb890e5402edcfe5b00121cea7e1571bb872887626f97d7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d8d42793abfc226fd3d53feffd88063
SHA1 bc2a0efac019c0ffe23e7acef3ea3403c5c3a7cd
SHA256 8a8595f73291475a51a7135a96d822bd31a7da30e194bbcccf74a9b7e433e209
SHA512 84477e37523163be59828e5ea59517717d00bd73259496fa61901f558dbfe8a7861ea7c66702f26be27b38186bee1c910a007a97ec89bbe102e27962de0299bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4574f745aaacba000a96c0694c07c266
SHA1 65af50dfecce75df79f7c8e1b48c792cbf5a161f
SHA256 2da8541dba7da4c5385ab896bf997942e86606098745f517709a399151ccd460
SHA512 def6cfa374f101d69a397af9100fbf0e0a1ab4eec8badcd5fab05053576ca372fef15f380d5887a1e683a83b5651a953a4f5745b832bb97b5520990a4ab62456

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bd394aa54a170b866672c19687f5a43
SHA1 67e280cd4226fc9e9ac17dc1f1e8726e929ea203
SHA256 d575441480ff3fa08a6e330b01388e164c567f3b8797185a7427f23fa4261e4d
SHA512 c7782f0fcabf3063ceaee681c58b11e58c5fa32f5a01c84ee8c6e67cbe40e9e1422153e7da36a878586938ab5df3c86bdae3ba7f86a93879a449369120da419a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23a15420896889e0e205aad6dcc57bc2
SHA1 8deb44c02580cae1afea76f2e0a1812a16a8419d
SHA256 8b7ad1505ede638374c57c19647eeeed1aef0c57399dfd4563ddc09c412f8e2b
SHA512 7000a5943acabbb8c32bb6db4e03c388c8f972ffd6e71847ff824a1f11fcb044974321259934a468ca74ab701711d9930e3fd65b007c895228d79d08a99e75da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fafd0034be15b72452944403f19f93e2
SHA1 5cb7479f5a8c2dd9fbc1b5430a9f662c1d7ea850
SHA256 2d568a965dfcdf97f2453b4941108f15022a98c3fe1210faba6cbe8cb2bd00c3
SHA512 2e983e2426c0260a217a11513109d02f42b4ff3b295e7ff65fccb9f710cd982aa473593bf984ba08d591b6ac7521c53978f40e05924b95f4f72aa4512ecd3f02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3391e7f48217eb56b44b4494a8088770
SHA1 c97dd0165eaac09e38f8dcdfba6a799cd839f9a2
SHA256 dd3cff95dc52e466b71601bae6b63d71533008d7f321dd54bdd3b6a1dcddddbb
SHA512 89f9ad400e72c891d4a0831fd7fbdb59a77b85a2d5eda5103787a3d2eda70faf4757f3f182075d7b10c4dc90f2a232e548fdc5c6bd6225c851f2804aefad0588

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f609b3118e8979395fba1644ca940f8
SHA1 d744928f9997f6721910944197a05b2a81f77c98
SHA256 f5271b8003cfdc019548d81fb269a64895bbd7f0ba873dd0254572a4d66c0fb4
SHA512 1511519348eb087db80d06bacf499c5a5e74f69093fb4a9ff6a590d875cdeea3a3b51d55ce21bd4a47471e8537b2d62ae15ed124d1abb4311de89814cfd92bb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9fa74d1be7190dd3778147f1a28a8b2d
SHA1 bbcc23faee40d347de3806bff7a7a329d2849ded
SHA256 9bdfd6d9434505837067ce494ca87401db068f2c45f47d2035bc8654a6295b11
SHA512 be881cfab6be54e46ef680ca087815c26197979eb32c1896307ec852a3d9268b6f14fe30759a9ced78a88945f0031e55d3e1aaa5929faca7d192c17a7b296148

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d13ccb25e78b9b09e91dc09ab0f6775d
SHA1 e819a83d119227d1deec0879d402d6a73f4505fa
SHA256 334e61582a72f75980e1b64838025c698c78bd8b516612f1772bb2fd4b53f222
SHA512 5c55b5f360b0c0609026e8b663ff2efaf45ec373cc805de7c364b16e9b76ab441eb2899cbdff55eeaf047984c16c28c0122caf38c75359eeb2af8c2288e5e35e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99f7ab487368f6b9c06e563d59e68ecb
SHA1 cd87b5184db0d40b76936360bf3a1088d047fbd1
SHA256 5f21573894e53e0e799b73ae5c963ab0531a79a80fcff4350ccb845801305fc2
SHA512 506b3b1430b3f884516e41724e41a0defc5476b90e73a21109ccff940553473b5c9a937867d170909f64b9f5d4d68fa90beaa02b8a0a165a4564a3fa218ba4b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 5fd739831378a996fd8159bf9a186c6a
SHA1 f4f09824ea1d6fab44939b73ebe3e21364ccbd7e
SHA256 29c8f447c6c90d56a1903da8d0593a0020339fda6dedfe3d6539589f3273e2f2
SHA512 733e0501b3dc7342fbdb909c612e8df8b3cf1fec34d80e88c3f363fe92441e66160ffde35a6bd039a5e95b911a43a904b056c63e8c673856648767c79182819a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 708a33dca1289ef5a2f461644af83174
SHA1 ff79eb07e37a590fa52617348c650c683e238770
SHA256 a280def08dc95a2a50a3596b8237adb60caa80f276319ec8f33f3ce6f5d8ab75
SHA512 86108c44cd9d0153628bb1610a3e41cfffe58a8e1bb98e2b268c1537dbb0444e0fb7f319412cb5eea3d9d1fbfa8c856d5b1237cae1da707aeaa569798eb92a24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93559bc06b8fcd30cefae61e24aa6628
SHA1 ac89e93c3b7b5ca566587c024652c30065a5af22
SHA256 bcb05a9da59145af32e42ba05e3124414ab980c28ba5fe2a583aad14ab2ad003
SHA512 2c15e1672469cdb81b5c1fadf0384ba1cfd7b8e80baebcb58f019bae07e661fcb0e1f1a2647bb245d0482700a39939edac061667c532957ea01c80e9679b8567

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d5d6eaa06fc5d5b7c31bbd4782e33ac
SHA1 f2b60df538e0d402324d8cca05761da7a8a87ea9
SHA256 c02679749129e31ce326a1143f6d2c22739d2ea405db68676821b3b18c34194f
SHA512 206832e9466ee3ecac84b44ea6e67d89370390130cbccaa272ce915d90a763f6e8fe0ee9b1b128d0bd14e20ae4e90fb09ec6c70515e3c7e40411c927fa5aab7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 347682e1763bd3b4dd8431a754a8a9b0
SHA1 1aaf9727e069570f748bcca58589c5b9cad6e348
SHA256 7d4cb2e604dfe0dc0039fb1d30ecafc1aac1ca6b4c0d274864ac61444c3e5e9c
SHA512 e52959efe573c2995728711cdf9c02e7a134073798602aaa493dcc234ec967596faaf09517633648b1aa8b892dcd2b72cbd7f55bb05a5a03ec21e8e5e0db5fd7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00ea0147868338021dc1fafbeac831af
SHA1 0fe6602182cd5c436c0e72dbbd210a7a1183ec77
SHA256 ab0da86c29eafe1169864424b78c3f73efa23c8f0177825f60160c6a546f5f00
SHA512 231d124b83d4dc59ea651fe04cb9e51a383db6f5d191afca46b85727ed10a09999ebac0b6b58fb6122fea443a48c4e7a7de49f0bd65cf04fc04255463fcd2b43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af2ab106343ad0a316a4235f3c60b258
SHA1 5e40330cbfc839ef5088aa5f9c2a2fb71c9691bf
SHA256 54ca5c2c21963cbeba0b5793aefe5c841caceb36d947aa2edf28d4a1ddfb7ec6
SHA512 887e6e09c163c2f0616b47e0da90ce04b6c7ce12284b1652be250ad8ddfef6718674134eacd145832b00dd2f78f375f803abebf790e8351e0ac844bec28dc158

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 5e1429ff5dec7c79e482762c801a2343
SHA1 aef2bc5b056c3a2a55aa0f52368a8c01dc11953e
SHA256 955064c14c78a642bc17a30bbfd2fdf6124533d106f6d361de43cdaa887ecdbd
SHA512 6f2bc8cdc0efdae449c63ab4d6b568bf08dc1c7df238a578532c9746c4c16c642936d8cbf2ba4f37f92e9c20588ac79fc892622033615e8e09fbd3a7a85aa07d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:01

Reported

2024-06-03 08:04

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910a7f175dcae689d2474683924faadf_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910a7f175dcae689d2474683924faadf_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4828 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5348 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4480 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5492 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5836 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5888 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 parking.parklogic.com udp
US 8.8.8.8:53 parking.parklogic.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 205.234.175.175:80 img.sedoparking.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 67.225.218.50:80 parking.parklogic.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.139:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 ww1.planetsuzyhd.com udp
US 8.8.8.8:53 ww1.planetsuzyhd.com udp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 50.218.225.67.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 139.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 ww1.planetsuzyhd.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 20.231.121.79:80 tcp
NL 23.62.61.145:443 www.bing.com tcp
US 8.8.8.8:53 145.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
NL 23.62.61.137:443 www.bing.com tcp
US 8.8.8.8:53 137.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 136.71.105.51.in-addr.arpa udp

Files

N/A