Malware Analysis Report

2025-04-14 01:03

Sample ID 240603-jynx1sgf8v
Target 910d08a86e9ba0d8be83fbb6e7cdb903_JaffaCakes118
SHA256 c3998d95d3812453a2165e7bcc42c3476662730b72a741ed19dc4fdcb9b80beb
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

c3998d95d3812453a2165e7bcc42c3476662730b72a741ed19dc4fdcb9b80beb

Threat Level: No (potentially) malicious behavior was detected

The file 910d08a86e9ba0d8be83fbb6e7cdb903_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:04

Reported

2024-06-03 08:07

Platform

win7-20240508-en

Max time kernel

137s

Max time network

123s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910d08a86e9ba0d8be83fbb6e7cdb903_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423563756" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F26B82B1-217F-11EF-B21B-FA9381F5F0AB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0136f068db5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000bf7d9cef0b30d6e44f98016299639599ce52e4422c009e6acf50dd7c65573feb000000000e80000000020000200000005a31115b675da276e513e091b4d1b6ba81cfe328a9224e981b014101d408bc5620000000128c446f2ad6d8866de15f8b55a17052786bea70757076ac290fa173de48ad48400000007fe3bf979a948b2e947ab667700afe419a6dcd22c53f4db7f8413796da67a46bfaa12ec11faced6ca77ab6ca4479cf82e5cc0dc1d861915133604548f63f3701 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000c37604598f05947fd1600ee6d32a9e2416818e830c6801c054a52cf864ec4eb4000000000e80000000020000200000000d684229649fc776d18d4970d303f6ce1ec857f11e4dfd5c8caba211d539d7f6900000002b30145a5eaf8f367e43618e78b5e9a35fbf4da2a0b7d9596c84a96e1c68647ecf267a8dad0860621b06641ffc1a207487a8a40d7c8c4167aae60466e86dc628f54a1e3d6bdd4ab1f2e561c3eca68a88f1e6035f7cefb16f3f53e1ca901a05341c092309000f47a08db51954d10b48e1fc00466da1d1f92490b9bc3f3cb2bdbc557f714d4b754b2dbdb2003dd53feaeb400000005f7a4cc59e9f80d2bae2419f0f61b4e58c2a425b1b2f7230b5911da936e4fb2f0be1caf7a1a935c2f7b6da0cc9cc4633e02be6f71b179ce68ad68402b5b1ff44 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\910d08a86e9ba0d8be83fbb6e7cdb903_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2324 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 bdimg.share.baidu.com udp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab20CA.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar215F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73067c9e5409768049225991df9ea47e
SHA1 7ac3408d55b0b79d925dbfc2d2ed56a7d968c50b
SHA256 533075f989ebb8a35d15f292e2e2770e20b8b8690630be7ef1881af093d2c360
SHA512 26bf3edaf560febd2c6e581e36b2265de1d1656c3b38deb2c84bb4e7fe7d1544cc43aeb8a9a10ff7932575ebb94d0dafa2ea32ef0359ed448b211ff8a4af3ed3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 612084b9b22e3937f2b1cfddf6f679cd
SHA1 1ab44a4c2be94982f78be64f8c4e50c1e2a8bfef
SHA256 9dfd240ea92d4bbe99676ef6c3dab8b97c4cbc232fe615be9fada5552f18dc81
SHA512 65ee23bcde4a741db849707ef4a53bbecce56103b1d418e9d87b12d5ca49db03085656a3f122337055d81d0ab7615f7fae20f164bb2d647be1fe7f66cc9e15b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b1793134e428dd06641772efc3e055d
SHA1 7fe10c57abb2e638bd603124ab8a8bf671cf593a
SHA256 3d9c198f0066095e7e8506840ccee4c95cc4e95245a8e75e50ed2ce3c18398ab
SHA512 7c13e569ad256e127c6b1fa93ee43de9092b59180653baf67a8f2ea793667a2b95d2551e0ac380c739204cca2ed2a52d67dd5540997772736b6df2f7f36bf39b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ecde8024c2f56be2b6adb73e0348f1c
SHA1 63cc0005e104811ff4c4ccae0a220cb963a0a81c
SHA256 8fdb0de4052148de1ea3682e12c2155efa389c7ff91d77eed52b4464427bc5c1
SHA512 5dc2505aa5e5073db407c34ff21c45c643492096f11c019128e69c1a89fd499b5dc3bea795c08a9bb682f1c2c3d5c27082bd5bcfd16c7800123a2b6d50718abe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41cb2b79aee2318a72d93aff46c0b5d9
SHA1 40afe16bde5e47177b1b69cdae452aa4013eff5a
SHA256 0f69db5de12d1f5f9bc4db89fd2fdb5b1bf7fe3e845b1aa90d88d9c57fd885b5
SHA512 b2d7f3839f95961020b6ad399164fa94be6c5fabcdc8ed6d188da74c348b61dda67dfd492721ac09fcd0bb4516057732a79fdf6d405c43edccc32f6b51c86ac5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3c5348e451c344aa92da8e4efb0285a
SHA1 e2b43dac33dadcddf7f9954d7d44f2a654f96b1f
SHA256 57b71da69bc7c6a91c23515ec32694d89fe2a373f922bedbe4560b1edbea31a8
SHA512 2ff7eb606457e2e18dd1b15b63407ccb9f7b646ed33931fa04a35d9272c4ac710b5c9eda8383b0aeb13597b7ed8686b0367d3647418d1da07b0290876fe18062

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ba5a5a088486c81f04d5eac56aa5cfd
SHA1 f8e8431077595532268152be7b81a319fba91453
SHA256 9e95a147ef688c72ff3f64b8d08608e4b66d9998aae4c74652737184bfe73bfd
SHA512 b3ee69cadeea857514d621dd4836e337e0f07ab9fbbe284c1eb7b5a8798498cc7650cd6c186f11912fcde51c11acb8bf7f5d793d9d254b753d211d639b69dd47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0de7c0d98d8e81a79a350278ff4e4f60
SHA1 94f3d07fcb10c86e1986394752cb6836b125a403
SHA256 782c309158407899391aa8ea3a531af2ee659c55afd921055387a25142d2a08f
SHA512 cc1f2e4178ec3c1e7f64e6f2434a35aa6ae3a38d0d63fc76775eb7fb020b2f02afc439fbe9c02a4ce23a452ac1cd80db68251ef20b1db2185a69f4d519ef719b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 91daaf3673a913066ece6a49a275f472
SHA1 b2986b851054624090fbd7e57d468c243ff4e05a
SHA256 a5014c418d53a70b9943f446cb023dda88d483f93afbf29742d3a938e329da37
SHA512 0af5ef9c35b6ed2757246e73769eeb01490a9372a1d08631f16ecc197e74523d2bbb030ee53136fa036591de44166e67e2ded357064a1682827896e64d48070a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44205861eca4d8961c535cb5ae089d44
SHA1 1c91c2dc67f930abd265ff7d2c876b348f2d797a
SHA256 42fb2611ca7d732e292a7f583942b54e1f5d4848bbdb771119d05065a9b9cdd1
SHA512 f8647bac8410561d547b806ab55445024024e1500d7f9f595287f33bb61bfb10b3561c47a079e0cf8db98e62ad628e8e7455d0cde3c7ed02e629a18042163b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 658f4b8651ff781bba2b8e47f40acd23
SHA1 07ba5e12eb768917e393ae22aeaf90058d3c19fb
SHA256 6a4c24d495636e5db008994ae15aebadf54cab8adc07a7c243390531e98eb35b
SHA512 57745c97f4c4a42b13dbe50751a5ccdea0493dce24b954db8eee7f348af75280ed372f2172665a08864051370c652af956ced3cfad344a2aefff1690588e4820

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0de9debdbe425b7977f97b2723e6b65e
SHA1 e507a61fa53fa93c1cb508a488c59130a007eb43
SHA256 0a9249ccf6f6edd4a9424f59e1e037eedc7550d372e7dceb96da6bd73b3f018c
SHA512 6d25fb45f38c1946175071a1f0a1922c1b06bc021f4d710905c7cc8e6a0d10dfe18f9b4a0665623ec066bd5a524dc4c14697240aedbfa4df6a8f5487219a4bc7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46a3dfbb4c7db298e83b1b5e6274d308
SHA1 96e9fb73a169712d39604e2c529dac15a825696a
SHA256 fa21783914b2c4e68208b60ea7598f8574bbc477d53eb0773b2cdd9147e48254
SHA512 20331e2424b8bf183c55bcf3434c32c7de3d6b4f16a1227e51372f79dc7219027afd14c886d7f58e735bf04f5e66b3f50e46446b65c7f9a6334a73cb4d45d48b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7bba7d2bf6f5bd74cd9453236503ff1
SHA1 8d3b0bb9e4cfaf132f923436855aee8ae14dc09e
SHA256 0a7dfd2305b5020aab045833b1a90841b0265907518caf6bd4e2a19a824be660
SHA512 c6982bd4d5132ace4970501ae4e1acf218d824f9204f3b2a4f43aa6a793eee55a65df2a524eb94902119198781f53f457f1500d21928e2c0b3d6a2a43e7eb9d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8240b7977726042ad60544a520727599
SHA1 3f65b50d634d52532b014488cb02f4714a3c4829
SHA256 6fc9663daf9e6be2fe5fecf9e5726b44687502e675f08e550cd6484334297f97
SHA512 8592d81816f5c909cf6019edc8bfc2707f52ad1c6fcf12ef73a0db5d81e7ca2acbcbfcfa9bb1a9e1253ab62b0e3dae5acb74267f4c455264c9b1de37dbc58c53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 586bc9c1eb88d6c7629cb0edb5b3c518
SHA1 93d9a2f15423d25bc77dcab8922c635e5a4dcd35
SHA256 bf5702580b4e5038b625962084e32d0cdac8d98914eacb3a90c172666c3c24cc
SHA512 93f5633f7e2149b02237e12d7f56862e5b0481744438fc0279300210dd7cb86b6cd9b9cec5cd956fa9f3969d2addc6c55db578391eeecfcc92d623d165088cc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e34d1f4789890f5bce7c1d1d0eced93e
SHA1 0c8114a9a71a62d0984d132f0eaec8093dff7fba
SHA256 df6f84096574faceda4126dff37e93041c14916ebae63072930ce01a5f337329
SHA512 bf7e22688b25119d2f56c1c85383b6d445c05633c2c9f03ba9584f5a5c3fbaabd1ad0ba63ca7ad2345bf7942b5affa9c73b82878d19a62fbd7bf280782edca26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e4cbc452b3264bfd00ab089b9e9583f
SHA1 6d02255d9ef4506d3dcab9ba44fdf3d59f0ef089
SHA256 d93ec29fe9e3342f8f7b42ce5a77f2384b3309978b1a6a140ef61eba823fc8f4
SHA512 94ac6bea406700fe9cd62ea545049461765512c0cfdfe779e405c693748d2931599bbb7bbf0d179b2f037557f67c2de99e0a823d1e27ee34a99f300fc88112b4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:04

Reported

2024-06-03 08:07

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910d08a86e9ba0d8be83fbb6e7cdb903_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\910d08a86e9ba0d8be83fbb6e7cdb903_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5072 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4904 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5708 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5508 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5816 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.9.158:443 business.bing.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
BE 2.21.17.194:443 www.microsoft.com tcp
GB 104.91.71.140:443 bzib.nelreports.net tcp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.208.16.94:443 nw-umwatson.events.data.microsoft.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.180.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

N/A