Malware Analysis Report

2025-01-17 21:09

Sample ID 240603-n8pphsfa76
Target 91b804c0e700cb26b219ac3ff40fa22f_JaffaCakes118
SHA256 4f9e37a46ec2c12cd0340a3c88a0302fda5f5db9d96a3e6084ed95a9d26ba9a6
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4f9e37a46ec2c12cd0340a3c88a0302fda5f5db9d96a3e6084ed95a9d26ba9a6

Threat Level: No (potentially) malicious behavior was detected

The file 91b804c0e700cb26b219ac3ff40fa22f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:04

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:04

Reported

2024-06-03 12:06

Platform

win7-20240508-en

Max time kernel

117s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b804c0e700cb26b219ac3ff40fa22f_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000fd492d982c2902a2eedf53df90d39b83f3018f8976401f59bba59e55bb342b1a000000000e80000000020000200000002c360d469ae24f495483e079a204211c4addb1af3d3238497bfab0be5f02367a200000004760f7d114c8dac26b0e62438d860df60b40ac507c22e785263a82b6cd5ccbca4000000052e8924e2536d2a1fe556eb26aa104bb10856403f094df7d107ec6ba954d0f211c815f8d006ec2204778ceb6b64ebe35b9bb4d4be00e0f1b96246eaeb04349da C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423578124" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e9361000000000200000000001066000000010000200000002b3785dd2f1e3471e52fc515f0e67e8193eda0ed0cf79b47347308d1e6861743000000000e80000000020000200000000d43d6bd1b6801386545f6da652c474aeb89cf74921df46dc8021e64886a797e900000008211aa098bcf15eef42094f29b03c8ca1bddc7bb0eefc51f93db7f40faddbe0cf4cfedff07c37ba7a628430fe9945564b73f9982b80a706aa3420bf8df119d27e984e7a288a5db3c1ce6169b89a43b2ea5c1b88d20df5a65eafc6d17085405e406a47358f882d6740a8467f1be12ebec6a76c9ce47a8467421ef2ecaa084375c8476a7efba66336b02dfa09d8434616e4000000075e2f4dd25ad581e35f641195aa9fc0e9afc2ae5b59f1569c2c9ca221cc3cf51d9f33de64b6eef46af695a0b951a29beb3718145b6765a26dc8e497fd3d5e2a6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 508b9666aeb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{666C65F1-21A1-11EF-A649-4E87F544447C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91b804c0e700cb26b219ac3ff40fa22f_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 demo.rocknrolladesigns.com udp
GB 142.250.187.202:80 ajax.googleapis.com tcp
GB 142.250.187.202:80 ajax.googleapis.com tcp
GB 142.250.187.202:80 ajax.googleapis.com tcp
GB 142.250.187.202:80 ajax.googleapis.com tcp
US 8.8.8.8:53 demo.rocknrolladesigns.com udp
US 8.8.8.8:53 demo.rocknrolladesigns.com udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1DFE.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1E91.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85bcd97f35d49a4ff7fc906ea81dd710
SHA1 c0474b09a7f8f16bfa1f2b0971d89bbddadabe8c
SHA256 2838b6ae81282e48214604be43d8b3cf10d1ee0a3be18ac79c7d09da09d1a104
SHA512 55f810b2a3013ca49504cbe62b5df9449fccdf07c83a0187d9e30f17b177fe4a24921bfea92bf407decbc53e6666e0d3d09fb6bba12bc30eb6a23fb5a8c15af5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6ceb1ee1c179eac789f8d73a7464fff
SHA1 6eb9f814aac83e1a0a98356d7fb60e3542482980
SHA256 f755527fd292c17289c29192fd7fb62383f7edd32d610a893ae8f64d78361b51
SHA512 18c7bfe5820c0d59ed72d4d1756d5aa5b426d4fd51a18a324dd44170cf3fe3a560bb1fb8596e9ac3e006f7727cd02d1f39a4d177ce89e0573065373061224b0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b53431e4e4714cc6e20d459baffda26
SHA1 1e2a6601fe10b5277875ac17b4e6da548508a75b
SHA256 3a729b504f54c7123edfb2fd2fbbf7d00c6df198fc49b56500ffcdfca11589c1
SHA512 ddc5d72b87352a1127ecb9999db7e5b20fb55bc2517a26e6209291dae84c18f3f4a2fbde0a3b8ed4629dd477648dc969185adb6bf91bcb3e3dbbb17868b43230

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a53693bb66224e2b2e0e2b3c0d4f04c0
SHA1 6c277e023875498b2c40403a729578b3936e6e47
SHA256 6a62bd0c2a4fa7b7ba39c40e86c26999637da9138872c160ce5661272fdd274a
SHA512 6647889516bcd52fb3b05fe3b1185de615fc1894120538c2a2095e85fdf0984926174fd32b9735206f16096e3b5216aab580d8a339c3750625f335e4fbb982a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b17542051ce67ca52bdb47adcd2a95f8
SHA1 073536d63391f6b71c5439a73ebd94a3cd2e052a
SHA256 f762fd1b6cc03e176eae0baa0b032314d8d4f531c59683fa6637ad5ca7079d7c
SHA512 896a81cba7c98b2e3879a5927d4feee5b1375774ebf1ee47653b7a41fccd2be3c82e1f81f685578b40d59bce5789de7dbdab1a5c2b019396d7418c5092ce9630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 419daa44d036fcfd1956fe635613522b
SHA1 a32476a1b6db2ea8e648010acda85a2e76c3f494
SHA256 c7ef92867a3a6600fb304cbbb6c6a63f28c1cdb64d3fa35b86da3b3de5033283
SHA512 226fa148f7f12fe12fcb1ee03b5e5d02266baf931fad21add65cdfd4ef2b61bb6f0ba8e3627e60e2d8f43d0922f3d421c1395e43cf575764cc92332ebd11815d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aede037998ca76794d3e4388ef0b203a
SHA1 b36cea2c7304c2cb1d7d3e84fba41eb07dab9ac7
SHA256 75bf6669f710d2851597352b7006da3180cf38d7c141e4a13bcd5f0cb49005ec
SHA512 a55434e0fa81ce250c717d6b3e21af730bb45a6049f6c61a3c0d0103d09209022a05f2a3365a5e4405a765f5e18cafec0ec52f96e8cc79ad208695f07e0187c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5dd81cb2c375157990e0737bc22fbf8e
SHA1 79bb360744d036238e8cab38da895f1afa10d2f3
SHA256 011e4650e64aa120ec79cd4ced70d83a51c6ad411853970482f0e13e152b3ed3
SHA512 958c506f63b0fb2a56cba251b7cefd4818222f472cc4a235a373cb8ef9d38f582b34c4e38bfdaeb546087e54ff195f4f11c0d616fd644c0fd13db03fbcfcf8b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56176ea3d14e9c748b25776e31ab3354
SHA1 45bc816f16af721fdbd62bc603a1526644abbde5
SHA256 a38314d2d5e0d00017dc308d357b2688899935e76755ce9f0387fec8ce453f52
SHA512 3ce87825acc893e97cb70819bd722383d679c7a6b3fd7e43005fb1fe8fa541905807b3c4adc5c46a1fd70a5cd93c189fd21e55a8a331941d14f595dd40328890

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76e0c07d816d63efcc800b394f9633de
SHA1 9ec184dadffd7300e827dabd2e6e53f6c2f5ccec
SHA256 6a598c9945b20ef39288d3e899ebfb482d04a96f394d62daf44e3c89c7090777
SHA512 35b7295abd008f21cc924a9810035bf62414e657ff3e709776308d98c4259c5ef70166ad57700ccc3426ce4c0be364df2b94e8c1a98b85d750ebe61e1f6db1d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba0d8b2d1befbaed23ab2b98fafd49fa
SHA1 016f31e99252600ffbd672bfc0769be3c0dd611e
SHA256 3944ec4aa5b08f41a91914aae8e60bb9032363b6e35013556d3015e6877e45e4
SHA512 c22cfcc03c31363ef00c55aa0c1763e6504e14a72060832d79b0143377a2ddc74d7a54f2049fea3d26a0b41cadf0caeb111119a9a4048ad21b741a373d265798

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 af99c48b92de6c93315aaafc13a5210e
SHA1 cb8875fbcaf617d457d577c8b9fc8f5a9c404b54
SHA256 879734502c06e8d5cb04c6900595b28a14311720f2d6ea82f037f26f29639fee
SHA512 37c0534de2e608917a1c9574f0e3ca76e641b9d29768cbb8385fd3f2e8ba75380d1bcf4e033e35ad6f48b95c94dca872c98dd28fe1f8e22aa0f77136193a9c2c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 049abf5cc18490aee9960ab2f88431d1
SHA1 183125c3ea6108600554db0bd0b1269fcd812a1b
SHA256 9d92d32ebdf566bc4f50c91f02c7477c763be78ea63898bebd55c7dca9fdb58b
SHA512 489ea1d15c9c308419069e74bb89896df3bc5c78c9d4fef7002f99a46bdc1ef24f84c58153ff37e3d320157d53d69c9c47f09346ea0137836499674eeaaf15cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96b0e214d5587a37ca62d842782a38ff
SHA1 0a2a02d43f9491fa2530ff6cd19cc65133518df4
SHA256 bc0980a09b2a2c7395d3ce74f708d92c70d963f663b67f2e358fb04e7c6d77ee
SHA512 26a6761fa0211aa2c2f68ed8fc96c096726e7a8afb2115bf92545b9343d7bb40fd82f84fbb572d22ff0abc91da28eef488a818f80f0fd3d48e9e8d7d841af36e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6aecc7ee17719d088f8f6a326b0429a
SHA1 fbfb986bed24f9caeed9206abed5229c1959b788
SHA256 afc2f558375413be48df3ba7f6d4a532893ceac7ebda2e66f1b39700bdb4f123
SHA512 6d8913a5b5a4ae7616ead10fe5f09937e6bd4827ce708d8e94124e119a66bb0699020301f4c19d908897b637f13f6272edb9a0ae872126a085a7bff3ddda32e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1dafaa7484344be75f40e102271d6988
SHA1 98c57d74bd5311b98dc5a4ed4213fb1b2dd422e3
SHA256 69f6cab7e7ee0a9e6b730e31f8d883e5091a081bea571f2af2a17028a9bc25fc
SHA512 76ea4b1b4d843878fb654accc35c00f793bd3011b4373bdcad3787f3959140892dcefd11a951a2f9fbae59b1d00c9553288a1380bc33aec06c7ff6b6fa587833

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab57bdb3ff6addcad39ae36f0eec7ab0
SHA1 9aa230e4b96f1db063cb2c613b0eb337bf92d0c7
SHA256 34101f3e201a9522bfc4258f17dc02a78f69762fd17250b3910ea5d41e352cb8
SHA512 a45282244a2450767458453824a2627c488ce3227b53a333401b6e134e0e084d91ed74a27f4de395a774068537db7e6b37a304e74451c757429c8555b80fa7ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92440cfde060d869252af858a6351bee
SHA1 d75d5cd27f480e8a744de8e8aa0aad9777ce6871
SHA256 ddc9d8ef923c54277b8f786fa4da9e6bff03029ca7fec085558e1b52ce3bebb4
SHA512 e5c585f73e66865ad868ad9cb16d7a786010e25335b5b926274cee2e8fabc13ea87d8468ccf8389e4aaae9c37cb0d98a522b3b52e2153f1951823ed73f596dcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77cc2873bbd8fcdca0cf0e0a93b87ccc
SHA1 a4b158d6cc808e190ff83653258934230d98a607
SHA256 ecb6aa9713d454b7112419023bfc294bb4da6d54bec3fade450e6076ef0341c5
SHA512 dd089c559619d4caf91ec5d21d5e33eef037b682acd30e5b845da29a84608c46eabaae1c5744a115b6ae0fb73e97a01b77b6b5baf2c7b73af9c6809fac9c2eef

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:04

Reported

2024-06-03 12:06

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b804c0e700cb26b219ac3ff40fa22f_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91b804c0e700cb26b219ac3ff40fa22f_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3996 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5068 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5252 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5556 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=1032 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3304 --field-trial-handle=1928,i,13242902252791919845,10377620236057253993,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 104.91.71.139:443 bzib.nelreports.net tcp
BE 23.55.97.181:443 www.microsoft.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 216.58.201.106:80 ajax.googleapis.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 demo.rocknrolladesigns.com udp
US 8.8.8.8:53 demo.rocknrolladesigns.com udp
US 8.8.8.8:53 demo.rocknrolladesigns.com udp
US 8.8.8.8:53 demo.rocknrolladesigns.com udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 demo.rocknrolladesigns.com udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 139.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 swapnathalla.me udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 swapnathalla.me udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 100.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.179.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A