Malware Analysis Report

2025-04-14 00:26

Sample ID 240603-ktyr4ahe7t
Target 91317fa8ee19b7bfd43dd59c95ec467f_JaffaCakes118
SHA256 d02a1cc1355f47d036c2d5c43724f923bbe2562edcaba6374fc8c8c5991db6c5
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

d02a1cc1355f47d036c2d5c43724f923bbe2562edcaba6374fc8c8c5991db6c5

Threat Level: No (potentially) malicious behavior was detected

The file 91317fa8ee19b7bfd43dd59c95ec467f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 08:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 08:54

Reported

2024-06-03 08:56

Platform

win7-20240220-en

Max time kernel

134s

Max time network

135s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DA46D481-2186-11EF-A3F8-62949D229D16} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423566722" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1976 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ui.b.toocle.com udp
US 8.8.8.8:53 china.toocle.com udp
US 8.8.8.8:53 ui.hub.toocle.com udp
US 8.8.8.8:53 lv3.nhklg.cn udp
US 8.8.8.8:53 img.album.toocle.com udp
US 8.8.8.8:53 31.toocle.com udp
US 8.8.8.8:53 china.chemnet.com udp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 ui.s.toocle.com udp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab32.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar132.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d55818fa6c76221f63fb537d0a24d1d7
SHA1 86f2195d2379e1ea67398c684bd23af1de63c9f7
SHA256 64e7b1d82968de346c8ca96845c3fdb2ca3b6a17d103bf8b2426500f49208004
SHA512 c290e6036e14875c65878ab6c0e80aa0c63fb6ee304af4de82498deab2f28d42ab678699069462e59e2f6f72b022f5b32a2d546a8f85d42fab110bc667cc67c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 238789c55f0aed9c374b7d4e2584e0a7
SHA1 f6f656da97cb4e2d35806df91521efa068561bf9
SHA256 2d60fa1b2886d63ca65182cfcaf25eac67bd06bea7e608925b10475c47bf14f6
SHA512 ca3ff81726492d4e2b1cfa83f5bb333d11608417ef75b8e563ae288c369b87e789a8891114bb209bc04f3f909d0702c29d22b8c224391affdff207f3c0c085cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2379b2608947b11c6907295f855404e7
SHA1 4ca8b34459441afb396791f0b838e3ba2d8721a3
SHA256 e5e46d23b0726ec5d79ce80ea54932bbe113e0684eee26f4fcf6307227889638
SHA512 3de1d0281d170c4f69e585f2a7ddcfb201b9ac04726f67dff3ff01f48ce34559562e46055508fa4d31a38bc7087c83d064a98c4801d8a2c39cfb1973df9923ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2ecbd79faa28fc1b2c99c8d863f889b
SHA1 90a1dbeec0fa0c51da5554504f610194f383aa16
SHA256 9289c1a996120166f3e22222264c9d856755319bd6d4b0f2f7b81cb969cf3551
SHA512 2f93ccf5847b701d49d5817de1e73ec31d61624e112ee4c5f667f4b2b6ac4b87febfe83318c8a6e403b5ec3166c76bc8b38fd583891757700738147e4cee8b95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6ff6cb98f408531cadfc4b0cecf392b
SHA1 afb6f8da0c940e17797e70fd6778251aea26f53f
SHA256 f65e019db9ddee4032cdf0f65b6aae678d7cf4d25a1b01ce3271cd377d0808f3
SHA512 e71c99607d7035407d082de9fa6cec024a5f8897e24c193d4a55a7ec880dafda70cb1169cb547f33f04c7475c3c803091fb7bca7a01b4afc28de7295a9824469

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 497e3eaaf321cdcfea38ec6e1c100e25
SHA1 83538cc4c1dbbb245f8529bef484c18f5631cadd
SHA256 8d91a9095411aabf5c58c903b31d0813b812e18e1473ab23e27fe8e36890a14a
SHA512 bc5626765450df21e879690bef71b27d072dceeaa5b9d005a6a62faf82e4c80b0fb2b8eb4efdc432d3c9c5c9abba74a65436be40a79f27689eb5516afd2af19a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d19bfff4d67bff4758bd023e2a1f350
SHA1 da18674d0ed1244a703d874f73660e9aa46398e0
SHA256 dc820d89ba4eed5a02d4e3943836d8d14574e6a191d6a8dbd7a881b9ea3e56c4
SHA512 30f3f1e28554de886cc7f2c11487f3fa90630160a5926911280ba8f95d310b71b14da0e35fe19f6260182520267a9720dfe96702b049e4a3628b770e63286db1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a56b13348e76daccbc048e0d0600184
SHA1 9d2281b5b1d5a88edad26e05609b928184e3665d
SHA256 193bb8351da5499d7efa203087246ca4dc169040e0b5edc6159b71bbb436cb7a
SHA512 e52f9fe687da6579a73ec271938bb526d710ec72f58a7fe9e6ef3a99e7fd094c3e11e21605751a6d219f6f4bb63ec0b0a7c3af0c745b36f62d3f9f186e45ba66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1af4e250add533e9d7557dc8e32aeb1
SHA1 d5e66d43ca2f122fb028a857ae3c10cdaccf7d45
SHA256 7f899fd3d3bf1fa494bc5b2912baf2acdb2d4038661772196602debf113c5c38
SHA512 528ca20b349a12b7d19e871962980da64751510614262a7771fd58e2937da33e7472afde1f8953c3631ede5edf5983ed78c71caf3e6e01d645224e7d6fdbdc81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22416b195566a8a316cc482062d9e85e
SHA1 9d5a4bd60db6b0fee8835ef06644f1a961128b33
SHA256 372ad449a841bbf8f35e1ca22ec55a3e376f1b7a8fe8266bdd2b705a24f69b2f
SHA512 77683c702040f5ee464b1b669a0886a36b3ebe1975acd68bc84a4d529e3ea463d3d3835f30a2828c7ef6075bccf92ca8366af4e4e053f5cadf83671144678db7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e8e961791dbc3b9114abc3717e3b040
SHA1 55eaa67ee2632d895b559bdf2b6f4c71779a8c35
SHA256 6d90352450a2a2e006223dd3132ca47a3ca1bc1aeb919c0340ebdf5d2ea48d21
SHA512 a9ad39972294b519a714b17d0d37d4a98ec675dfb61dc3e54eb01fe7677a8dba2359cb42a753d2e190797747c2b28ba234ff97e278b3a501630c14916c914dcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a375db39b8a325ea0fe9e2ac8e36aef
SHA1 c25c33e575f881c86196f4dfa41951aff0cf35a9
SHA256 995f2beb3507e4b8168cfab65e62a0ce19dd36add57d78bb463de71af7a875b6
SHA512 557e30e3f3f74ff255cd95ef5907f6ddfe90d63ed3ee85843a6952e8815819de59d811faaa0f09889153f308d0846e106a8c289e47a8e438a99ef284aa7dde14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 abbd869320f1be61074c42d6d1bda08a
SHA1 e2d58ea3d57c25c393ea4b1a09cc6c37e140f79a
SHA256 d1c94aa2005059f5ac90f4598229334ba6db8c9396bd785d0fc8dfca3a292d65
SHA512 29ab4afe6e4528ef2f8fafa5315a821b1558df9827d36bcdf75e9161f40c1ddacbc5d632905b627b0df37bd4c303f72820bdf3d0d8c8d58457fb07e9d97fbb05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f47fb363a477f9f10878619314f3d21a
SHA1 9bdf83b601bb4fa5fa443b5f85eb3d97b744afbe
SHA256 3b18844f28f0a87e1f4b4274ad21b09e2d726f366537ff3ab48455bf3677cb39
SHA512 cfec24778ace289a58dab912e3f51010a9b4526ad647caa753737f2e3e2994049205cc50a2471409ac9f1eca032f7d421820db476753447ce26f2c44a7a8306d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b995a472b56ac6882adf76eeb1b0bd4
SHA1 e6643a669a3ae0ef9f71082806c1ada13eeb07bf
SHA256 c733ce0f4d12f0132ef0d78ffbd53cfae33edda8ac1ec13066426cb713ace56d
SHA512 89de4996b693494329f89536cab6fdb486e7e3727aca97ab8ffff890b7790bc00a4655d77ea9506c4436f0145d9ae4da4aa3f323798f88c1d140477c1ca7aac8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 913ec1e480a0f3be05f039e4bb5b779c
SHA1 e9710ef550a7c604a6f33ddbb3a196e600190d0f
SHA256 e6bc35160a65fa19756917e7f55dbce99aab0b6fcb9686fa3494e7c91816d40b
SHA512 e02a860720762ccafc1ca19ab8817dd4e549d9225f9a07d5b5b550de616b64160b18c30a04eb1724b09d2fd12a5beff5f6590d03f601d84d8317c3204d8c29d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 322e357ecde2f244777ce009f95de3df
SHA1 e07bd8d160e0028a5a2da91301d8fd8ddd4c4f62
SHA256 eaf249de3b49da8dd51e84ae18062ea75eb017802a87c4b10b866c4e3bb7fbbc
SHA512 81b19f685f8e1ab22a8621e6da2d9078f8b2ea58441e4514c91d93cdacccadc743e4e437ae11d5cc6437a0e3cfbb026bcdc67e7441cacb6134ebcf2e211cb44b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51291ab12f18508482c36872000319f4
SHA1 ebbec7d43337fffae42aace6311bf9d6e659aef8
SHA256 e77073eeedae28a995843b3e7165ba585e884f8d1db5590e88a98b2aed9542b4
SHA512 895c2e63857d5df00703652083a1c995c8f87e3b28908f7222d19bfacff84499c083ef6c0cd8fbadb4818f1931c5b0db6cec1534cc69f44ffa71459510252693

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eecdb85f749588f670dd3eaf4b2fd5ba
SHA1 1a7cb8ad0f446c0f5f6c4423899d9fdd91e1e3d0
SHA256 c6a688aecff69c5e39e007f5f0c177c1f0956ba9955200aea0c6a4949cb59802
SHA512 03b94a1bfd340384479284bdabe520ba77a33a2ce267f7f8dd4b31e7e3ec072541f4c23c783e99fe1851edf49cf4f2d63f2720a1e43858db8bac7153edfb59a2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 08:54

Reported

2024-06-03 08:56

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3240,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4196,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=3896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4812,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5304,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5440,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5260,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6272,i,4686244434963378549,11462511444150484980,262144 --variations-seed-version --mojo-platform-channel-handle=1040 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 lv3.nhklg.cn udp
US 8.8.8.8:53 lv3.nhklg.cn udp
US 8.8.8.8:53 ui.hub.toocle.com udp
US 8.8.8.8:53 ui.hub.toocle.com udp
US 8.8.8.8:53 china.toocle.com udp
US 8.8.8.8:53 china.toocle.com udp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 lv3.nhklg.cn udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
CN 222.73.8.88:80 china.toocle.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 ui.s.toocle.com udp
US 8.8.8.8:53 ui.s.toocle.com udp
CN 222.73.8.88:80 ui.s.toocle.com tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 1.242.123.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 56.94.73.104.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 91.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
CN 222.73.8.88:80 ui.s.toocle.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 ui.hub.toocle.com udp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
US 8.8.8.8:53 www.microsoft.com udp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 ui.b.toocle.com udp
US 8.8.8.8:53 ui.b.toocle.com udp
US 8.8.8.8:53 img.album.toocle.com udp
US 8.8.8.8:53 img.album.toocle.com udp
US 8.8.8.8:53 31.toocle.com udp
US 8.8.8.8:53 31.toocle.com udp
US 8.8.8.8:53 china.chemnet.com udp
US 8.8.8.8:53 china.chemnet.com udp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.48:80 china.chemnet.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.82:80 img.album.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
CN 222.73.8.88:80 ui.b.toocle.com tcp
US 8.8.8.8:53 31.toocle.com udp
CN 180.235.65.12:80 31.toocle.com tcp
CN 180.235.65.12:80 31.toocle.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 222.73.8.91:80 ui.hub.toocle.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 14.173.189.20.in-addr.arpa udp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp

Files

N/A