Malware Analysis Report

2025-01-17 21:20

Sample ID 240603-n6hs7adg2z
Target 91b5ed7e9b0da416670e152e184a4f27_JaffaCakes118
SHA256 8c8f502b01265cfea0e97480cff9166231e143bba2c409aa8ddcedd93aaa51b8
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

8c8f502b01265cfea0e97480cff9166231e143bba2c409aa8ddcedd93aaa51b8

Threat Level: No (potentially) malicious behavior was detected

The file 91b5ed7e9b0da416670e152e184a4f27_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:00

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:00

Reported

2024-06-03 12:03

Platform

win7-20240221-en

Max time kernel

134s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b5ed7e9b0da416670e152e184a4f27_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ddc1b5a2dbb814da8cb3dca0af12af00000000002000000000010660000000100002000000059e78558c4ceb8ef40ff4ba09b1a22884e28f7d641020a11500507a49b55a584000000000e80000000020000200000005c103d8c55673951a30ec83a9688919586c315bfc3ea8ab58940c2eae6856ae720000000c7a9bead18912cad59a3208f1204a554d5468a3b0a82feedbcec93a5b2e69a5740000000eba1cc3f7c08cc188e21768f52e9c82affa4402a5d000ee52356ac4dafd98bfe21b5108e9b3a449ea1d57db7775a5f1a99ff4f2fb05eb9421767c05c19801bd5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ddc1b5a2dbb814da8cb3dca0af12af00000000002000000000010660000000100002000000062ef7393f9e45cdef2f07bdf25a7a3b29cc7e579cc2eaa4750b82de5fec6f70d000000000e8000000002000020000000150d1a4910b608805131b2e532195c147152bb2ff6ff8efeb7c1bbcd17678514900000004404e7520c3a5f0e6b309858ceeb0f874542692cfea07247398e3e659f88ccb233f1f2e7ebc14fbfff462d1e4dd4447c5a0927c5ba4a512ac8618e203e6e98036b781f4fe464c9614d8f75047734c08737be8c2bc960e5cfe27f88f3b46155ab7187ebe2c5ff4350656d923cf0d078e9b63c59e9e26029c3a708cab10564b3f755f80b88c00deed105b1b857c4047d264000000078f7b6840d0fb641bbde025e84f1dc38beaa943982670a1a5b6c1e6c7d323d7cbe932545e23a1956d396427fbcfb67c18f7b70f0c332b9d2b0ff40b9d8d48404 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423577896" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3062b3b6adb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DE846021-21A0-11EF-9988-CEEE273A2359} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b5ed7e9b0da416670e152e184a4f27_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 rykfirir.ru udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5794.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar58C4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f181046256e67903e33cc3622cd738c
SHA1 c6dd4b358826180ec93a515aa26ea11e5126d76d
SHA256 df728cf6619625234fc4f545a2eedebfa42c9c379153b5ce11ec6f726abbe563
SHA512 6a3f16619e838ccb5ff3e79bb2aac329284d9e95f85239f5096c414f1519f5a5cb1638cdf9018e3e92f64c2059621d1d2b365c92c393149648e0c81df9d591c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be88c6691ceae8ed60e9182c4e3c76af
SHA1 e1823dd2dcf2e6f23cebc0db98a2b4776757ddd8
SHA256 c2ef13de76410b226e1a8acd9edde51b9be0918437808c623eb1cf9edacdfce5
SHA512 ae25c6b34ba14f263f3fb876f3f0a82d884d9b88cd26f86af1cdbb0f6ef7b98dba790b741b6630c6512b507ef76794f410af5bb68ff46b0573d7e1771438ddc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7f2975a23d23b1a02c90bccf9e4a62e
SHA1 e5b204689867d3df057a7b851b2473a58e0145b7
SHA256 4f9453373a46b42df528a5ef91e0a8f09825c7c6ece96518fe800a86c7608d2b
SHA512 3d9d1087c5c5f7cd36eb4cf480845fad27dc300ae135d7aa1adf34ff7d08ca0f7f541aed07ce6bd7017143e781d947262652b0675638679b3fa5da209f30bffd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e7935bfa92146a0b6dd0b166b1fa886
SHA1 184e5f634d17230dc7e28f9762ef76b454d8ffbe
SHA256 18999a56938058a44cdfbfa2a5029b4f4216736dd8824c6889daa05ae6212931
SHA512 1eb2fa0b4c19ed80d1e401caa24d07ae0518a40114a95b9c7db1477beddc040c405c43dbbb4ddd66647fe4773cec8f9c399ab54675d976634edb86c07279771c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 878cb88dcb4b26ba2d1e0e067b72cc2e
SHA1 d669052bf931c9ecd62c0660e652bce36063850a
SHA256 c54917b0278b1faa5f7a4c9effb8c1db65776baa58eb3bb54a9df8be0a23583a
SHA512 5b514145a8a495ef5102b30bf284028455ffd1822f3ae13c85186a9bb9282ef2317f6c885bd8e3b0926327a658cc164a2208dfc68395375e2d2047c14c9e2629

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d963c56d65bead9e85a47fdf1029a176
SHA1 dd56e5acd260c2e537dd757bdf6ed99c9c97fb0c
SHA256 16b689020469ca03d7f2fd6bfa91fdd3e680b4537e6a0e162f1af4651ba410e6
SHA512 950b30bd62d2a3d4a95c908591a2a795db9ed514a5d964f4ad22fe56b447ed6d5d70db443c3d823ebd4879690ec9868ad0dc9752150d757536221a1f8ddc25fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e41cfb75694a55b32302094a9522eed
SHA1 6cca0c8bfaf372487f65b3cd9f3e2ab8c937d967
SHA256 21fdd3fc0399fa405b594504d91dbd099c14b33cee057d591561ad80b9673622
SHA512 41eb6fec3df52c2b4a35093ab3cc1927a27b7e7318cc193f69781e27a9688723905a7acc3652eb56b996b7978226ad92bd4944eff919f470c146f375261a6624

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1b75ea800f55d5b8b1fc6721d9301cc
SHA1 f82b4618f605d1f6e648a4f07bcb4577142cce98
SHA256 0ab862542578dcdb26368e56d3634ed98a32f85cab5154b02c025b1ca8444267
SHA512 09a7be6b115ad52fb5c6ca3452b0ca707a35f6abca36a4b9ce8399e723e7636df39ef2f9fe37fe71567f673d3a2d7d3b899e773daeab1afdd854c620b1cbb21e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94b508b32c05b8f921567efa877c01ce
SHA1 90bf5b5705af773b50151c84e9717b37c0d85f97
SHA256 4a9346e2cd7217d80c3c22443178e3f08ab7dcf0aa4d35c7ae7cca90fb656420
SHA512 be6f53c5efa5b159bddee0f93f479a9723c8ff9d11337bee916361580e05dffe4581621db229806949eabf986c0e2a7a8ae656e2e242a672573ff0233c3c222d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc7eb4d55174ba0a6f4cbf44934d7928
SHA1 afd2dd8aa08c25a3ff1ae4a6affe2e386d8b82d8
SHA256 f7c651fd638effcef0f06d983d27ac839f20f83fafc2fb1b3c2edc6c9de03364
SHA512 36f132d023d2be158f2baacc3dc3759ccecd3343670d619e6bc62676f0952675981e302baf878c1f9b941131e32a1b00677148044d6eeadc6f00cae3db636098

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 282a1a0a42dbc824f46a7ca180da9e5b
SHA1 5d1bb8c04b5c0f4c576ba534d9ce673b1d226d7c
SHA256 e27658218152efdb67c96145acf65537d2719e14b5148f3320c5ee3b17bda5d0
SHA512 7d1a2926ea772eefd769e71a8d2574be66c1997d153f105ae9bd5de3f34f08b0734acd3c98db6f4a52244b6806cb90dd79010779728423b0f50318d3ba723fa8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f69dcb643f3011bccde036d84b2ea9e
SHA1 3620a3cb7b15ff1e053d73dd10ddb50662ec41cc
SHA256 91e70fde82f73aa1e549544347a874ce91c69497f28f812514ca01aabb9e5a07
SHA512 559f5277aa9005a496e009519cd7930f5b3716787bdbe905e97b198aaa66d18c08d16266d273982fd45dded73e02a0284598160977f1802042aed5511b30a4cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac5443b923476cdec6f453d5d45068ff
SHA1 71d77982e073922e01b73e4855f6902e4d5baf62
SHA256 21997f49bf610b73cdf94abc24998b619506b4e1fb964134ec5d69387df26e4f
SHA512 5fa964cf82e626cb708ed8b8ae21b791556878c645a76ceebe1d6cc902be3f7df5d9e291ec4e999fe8f1712f89ddd3ca567d1e2b82cc9a8c4e8fa4f66022c479

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54f1834bcc02e65871e70e3ceceb8936
SHA1 d2b1f251d0e1318ca69b58bf28cab95dfdde4ff7
SHA256 8517829c6a32738b0e186d636c3b70a58d25ea4014373bdbb866767a2071ee37
SHA512 fb9523ea45e50b86c2135eb2354f3e22e9a7f8305b046d9b9a97cdca5d9435f01ee714aedc01784d88ec4a7b16801c8ede37085d84bf3b3edff54c655e6da5f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0477c22ab4dbaa0710da623c40521ab6
SHA1 90064b39dec5b432acab7b6fdc55e35d496c305e
SHA256 38bde161c13dde4d418ab635673fbcb97655c830346870a0997edb1cd464e065
SHA512 18f927be081c35b0c76596e495a4425754baa27a38a4f7d1ada068f5e71c1e39aa5ff66ef785b611463f475a172283e035d5e48857e42799eacc5c8da386103d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1163289f08c65093c6ae7a5c85df7543
SHA1 6a85177d21cd17910788ec79c86a986dc7643c08
SHA256 6dd58a5663e124dfb4953085a4dbd8c0b0af3279175453feaad653916d8a0905
SHA512 5eddfe8b87028aab836e3b48f6ef0749c30a3665691d717865dce7b3c926fee5c1d4b62c47d39baae8bc556a22ee246f3482fd8cc7a25a1db46c66b616356794

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13ae4f617c638edff65f470b63100533
SHA1 968044003e397dd2aa25cc7fd637cc4c7d4a4e06
SHA256 f07eaec31aada631e7501d0c7283ae719c70137176c36e1f04f8b4e2dc144568
SHA512 6033f37ba145cc1197f2b2d2d0b9dbac2eb4e36c61cb3543799976d57aec41de32b0ab1249197d35c3c5945c8ec6f5f7c9e7a8ef98ecc7b489258df81c29197a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7129b6587b1dd115c9444828b692d03
SHA1 beec3c9eb4dbbab760ac98f47577f29482f2f84b
SHA256 4de89e27e862f51a03bdaff6c53600160c27f235880523c7ea73e560ba4fa7bc
SHA512 13bceb1c1e8e98507875187166a77fe78c13b9d6ae53a280a8187b0af29d60954af9118fa2d5bd0163820d68bcd51716da9d824ad95db0631eb9843cf46e50da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93c1d408e010fcb6bbd579e518ba5736
SHA1 3cacb23b230ee913b984ed79c7db37ca78f7a586
SHA256 cd19fbeb6351fd5170c743a8cadf69061ad3fe034eeef7e46e2d64e4dcd2b78d
SHA512 fab99fc1c4ea7b4a89c68cd926066841390038e22407df6f5905abfbc5a184265987652d7e1a536c16ea79d18231f7edb7fc4232bbe476b16aeaa10afd27515c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:00

Reported

2024-06-03 12:03

Platform

win10v2004-20240226-en

Max time kernel

147s

Max time network

154s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b5ed7e9b0da416670e152e184a4f27_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b5ed7e9b0da416670e152e184a4f27_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4108 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5076 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5376 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4668 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5516 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5568 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2088 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 rykfirir.ru udp
US 8.8.8.8:53 rykfirir.ru udp
US 8.8.8.8:53 rykfirir.ru udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 rykfirir.ru udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
BE 23.55.97.181:443 www.microsoft.com tcp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.202.52:445 counter.yadro.ru tcp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
RU 88.212.201.198:445 counter.yadro.ru tcp
RU 88.212.201.204:445 counter.yadro.ru tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 148.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 142.250.200.42:443 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
NL 23.62.61.99:443 www.bing.com tcp
US 8.8.8.8:53 99.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 169.253.116.51.in-addr.arpa udp

Files

N/A