Malware Analysis Report

2025-01-17 23:16

Sample ID 240603-p6w69agf28
Target 91ddeb344b01e7c9f8f603ac441780c9_JaffaCakes118
SHA256 58156d168041ad359f923505b63dc321d261187a82b62c65b8fd86a8e1009ed9
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

58156d168041ad359f923505b63dc321d261187a82b62c65b8fd86a8e1009ed9

Threat Level: No (potentially) malicious behavior was detected

The file 91ddeb344b01e7c9f8f603ac441780c9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 12:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 12:57

Reported

2024-06-03 12:59

Platform

win7-20240508-en

Max time kernel

138s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ddeb344b01e7c9f8f603ac441780c9_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000c2200bc75ea57e17fd188da517b9c28ed7f5e12296986f0ee17504d5c053f5f3000000000e80000000020000200000000f00c7267d4eb9b4f9f664a8dc834a855059b681779120b941c9fd4737f847a120000000d6c4c16342d13902253f4859a3aa3fc3511389d785a7206d53b7de088fa237a04000000040ec8d247c72712174e7e6ce0e444614c9b46256f2a1e4c5eedcffdda9042b2c9bb192d59ee0150e087b2127c2b3410fd249f8e05cc1cfff893bc21e38c06ae5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581293" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60a734dbb5b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000575ec224c12e1ce4b90a49b4e6c6af1a1574c14ef453c7306b1c3170e7c8ee59000000000e8000000002000020000000511fb19d9194a47b4f5c227c537202aae01945fc50305c4409ae84e2964e669390000000eba5e44ed99648b58d608319883ec2dd9ca768641691253bc8f022ec2aa9088007c1017f4593289d627c0aed7ef8e4e9f7df33aea427e439fcc196a6c28000f972703c36ebe863a3be0c35b0010150b6c4db3c276b2acde8797b5c6152481983bb6df402c15bdb13a581b109703cac050da8125bc1c9e7f79b7655c5fe67004dc2e7e2324bfb49b1b562686f6086a87740000000b3b39847d2a56d2aabf01c8d08b74288f8a145bbf4ddf178df65e8e1fb2c0ff99d3416b03a94f64d2b402d2a350b1b0d55986e123d6314c61052d8864af9c93f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C7498FE1-21A8-11EF-A9A6-4658C477BD5D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ddeb344b01e7c9f8f603ac441780c9_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.ihow.cn udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.204.74:80 ajax.googleapis.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 216.58.204.74:80 ajax.googleapis.com tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 8.8.8.8:53 service.t.sina.com.cn udp
US 8.8.8.8:53 hm.baidu.com udp
HK 36.51.224.126:80 service.t.sina.com.cn tcp
HK 36.51.224.126:80 service.t.sina.com.cn tcp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 111.45.11.83:80 hm.baidu.com tcp
US 8.8.8.8:53 widget.weibo.com udp
HK 36.51.224.126:443 widget.weibo.com tcp
HK 36.51.224.126:443 widget.weibo.com tcp
US 8.8.8.8:53 ocsp.dcocsp.cn udp
US 8.8.8.8:53 ocsp.dcocsp.cn udp
GB 79.133.176.166:80 ocsp.dcocsp.cn tcp
GB 79.133.176.211:80 ocsp.dcocsp.cn tcp
CN 183.240.98.228:80 hm.baidu.com tcp
CN 183.240.98.228:80 hm.baidu.com tcp
CN 14.215.182.140:80 hm.baidu.com tcp
CN 14.215.182.140:80 hm.baidu.com tcp
CN 14.215.183.79:80 hm.baidu.com tcp
CN 14.215.183.79:80 hm.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 111.45.3.198:80 hm.baidu.com tcp
CN 111.45.3.198:80 hm.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\ga[1].js

MD5 e9372f0ebbcf71f851e3d321ef2a8e5a
SHA1 2c7d19d1af7d97085c977d1b69dcb8b84483d87c
SHA256 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
SHA512 c3a1c74ac968fc2fa366d9c25442162773db9af1289adfb165fc71e7750a7e62bd22f424f241730f3c2427afff8a540c214b3b97219a360a231d4875e6ddee6f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H09CVCL3\WeiboShow[3].htm

MD5 f5ba896d004fc2ad25e2efb56b129b57
SHA1 f4f586a75c24d595aebac0d105fbf989b7f723fe
SHA256 5551cf9ff3d42d87dcd453c15951f650effe152236573faf7e3fa6813343bb7e
SHA512 7431e23775359b0a0d7cad2990b3890d14ff203a8113e404b0439ca9f5019021ed395b5f2c9e4b5ba59a398659578205bcb5c92ebd3f8629b70ab8d97f5713fe

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\WeiboShow[3].htm

MD5 7029066c27ac6f5ef18d660d5741979a
SHA1 46c6643f07aa7f6bfe7118de926b86defc5087c4
SHA256 59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
SHA512 7e8e93f4a89ce7fae011403e14a1d53544c6e6f6b6010d61129dc27937806d2b03802610d7999eab33a4c36b0f9e001d9d76001b8354087634c1aa9c740c536f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bd4a0d54c0e6abeba77a17f533addcb
SHA1 b648a4f7dd82bd4d90aae09af13b0c7336dd08c4
SHA256 008f05e60901eca814bc2945a9a5d5a607d9fae9c65ca38ff3dd8803f79babca
SHA512 aa9028bcee8ffd2f294580efa82de56e2d85d365177e44debfb2d121f3fb74c22fc524b025c04c6b8f27378ae931357434f4416233dca724b1841dc729d51fd5

C:\Users\Admin\AppData\Local\Temp\Tar1F37.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\Cab1F34.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1FC9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 36375876d1e95c9d30851409890d6f4e
SHA1 dd6bcabc1cd81cd8bd8f0bee195e39887f269207
SHA256 96ed3d5155846e8c28f51e463c0332d3e905e8dd3c3e8be44903cd237c560cc2
SHA512 46dce2f2a2a318762f9d1369860bf8595a7ee66bfaa19d323eae0a7b1dbf65da4b6bb2b2f4edf04d2f1249b6ad020a78983e7efd1ef160967625cb2305b0bf32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d66f69eb7b170bf1905d1a1ae75c6a8
SHA1 c4ff6bccd44a30deff9de80a2d4e30955e01a569
SHA256 f9f0c9dd01305a65c44629082c8922912dfc9d39ece5ac0a5d957664f01c719b
SHA512 f477391240581b81a9278087629bdcfe482484d400506c1d87705585e05a55b1b64d364cd1b29f6801abd3e2824590291477c93961b9f0c45b96c27f6c37d84c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6728e397350836f9ac6f12cee200ff25
SHA1 229303aabb15bdfa3b0a2f9e2af486a28bbb7aa3
SHA256 efb0385ee08841ac20f7197d772650e96b58bc9a4935bcf6431c7b104daf4c25
SHA512 082aa9c561cbfdc306bc82722b3689465f5a7c229121a108fafe48fbb4bacef007d8783df9c1b31db2ffe24d35e8e0a616c5c79d708940d76da06909a1c7f16f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92bdccf9269f06c9fe05f2919aece11a
SHA1 3b8245b51f4b6d3d9ec2172b25192c7ca8b2fa56
SHA256 8d6dab5a30cfe0e192ff998b11d06aec792fc50dfd9211e4b25fd22a1dea006f
SHA512 33f9d1ebdfa3df6b7922e96a734aac1267fb03e670586749a2f896d575205d9f46ac2388cbe142e21c5185496c513d7a1753c4b0ee754ad1dd9ca0fb76c97197

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31c1fe2ebf458fe381344107d6898249
SHA1 531c509d05d4448c37af6db6c0c64e5f7bdf28af
SHA256 381ac3b0312f8d33ccdf18c904f915b6a0a7405af8c5219e380ad882eba61567
SHA512 05f125ca1400ec1bc0911412b93780ac0ded9d90a21466532e4cc715777215c00c860ec4835e8dd522adec52bf420ad88f9004d08cb0e46cf2c6406570dd23b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe0da48627c0409003bc28e8119044cb
SHA1 bb45c7832f641acc432e683fd179b79038b04dd6
SHA256 5221a02c5f953d753364845686541ac663a670ed96b26af8b5ac5700731011e5
SHA512 f5c3498c7479960f3723f5c6529627ff94cfa6c103e86c13f44e13000cf3f8a35c77dc417865e94a8b1b9a8d1077f8b2611082e4052debf125484b082e5351c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99840ce97495b4d03139e2bb6f49b687
SHA1 c2aef2fe39af25623c7c5088c3c6b0da8b454f9e
SHA256 e408ad3e5366bc700250701645f7d143173a38bcab63a492d218b95e35bf6f14
SHA512 5e23dfed9a4378da0e35ad51ce4b0fec1228dbac49f6c1352c7e07db278620e8be486bf9fd7fa51efcf63b72995ddc10f0f58b2aeb19968b18f7cc1eb02b290c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccfa0296627fd3c94ea9a258ef02ee44
SHA1 c229115b7fa3d09702dfe6c179a9810c954fbfbd
SHA256 e56c00e6bc9989345976deae463a7c401682d6773b1ff985aa5f75a4dfff2a42
SHA512 0b53694d60919183ecd43af5ab1f48e2783b215c4607794e9284ece4d8533de985a50e0f2fde44211630a60b122b629aaf10e0815451f4a4e4f2c6001518705c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f15fc18c227a725ed0567af8f43b4d4d
SHA1 2d9d325849a3a47e43a6a7c8b2986a6c3f9ba6d8
SHA256 8b50f159de70bb8a1498dc0843467c5e3aafe9f244a1fb29eb14485500adcade
SHA512 180e576872e7fc74c854245c07bda9c67f7135930bea71ecabe11dbc3718fba78f8f831010acc318e906ba5fdc8bdcc2bf9b4b0f2426b91c1901847b7e554ccf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e5dcaa7c8e7ab7e1da8c1690bbcd8b4d
SHA1 5edafbd89ffc5d7903ceea042121acb512d268d5
SHA256 07f03bb9b259fc684c6a4f993b7efe32b7f5e06fb6bf359c0d2c260a0bfa3443
SHA512 39555237878c6293faacba6de29e9ca63143590ffad418ad2cbfd3486bce2a4c3b04c733a8657aeba33dec6731805ec3caafd6a6e03626711ff4cb9871f66796

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77ec804f83d1e1b1ab8699b932c0cb06
SHA1 26a58bb1acc707e21ac09130a25852a960a71a81
SHA256 b84c2c51fb3ba9013d9dabe637c1b4598ed9572491521d677c2a24f4eca373b7
SHA512 e72d5c85eda089a16690137bccc71a0e29f8b58bc826c7839ac16eb6189d251f1b5ceccd2ac41ceec3e682f8870abde589b6202eb46595d063a88c4bd5a4830d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 688f59994bf151fcc650effec6ce8c1a
SHA1 1c2239452f492bb0d8524e8a06e06e137330e4ee
SHA256 2971cd09208b53deb00021d3d7f956aaa4e760399e9635a7389f134db25e1bf3
SHA512 98cffbab153eeb9d76223bd84f1fae5422338aa27d82444473fc01c7a05e73b21f6290057db051c9a70cb06197b7ff49fdc0c142575d498b3233e0fc0fd7d24f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8461e079d010b556536357f5f585d386
SHA1 552a312d6f5cab1ecd894002054ec013b371f906
SHA256 a65b1f8428cf8468ccb3058764c9365da80603f178a31493a6761aa3eb2438bb
SHA512 90b8e5cf094ed45b23edc27a84c2f419799da2d42557ff4053df103297f3036b3f76acf81a749916909a956f56f5afd5159987378dd44bfaab1d5d2718db817c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4af069407578de04f85a791a6d2a7b50
SHA1 09ab55c101d3dd868e8dc288ccdb420c6fcc61f4
SHA256 ac4d0db78693fc2936cc7ff8029c01d7d8a0706857e6f0c4d8c246e179975b15
SHA512 86a2d64310245db13c7f34c4cbe3a07381349c97a9bdb4ab4a891a59a6ee38a07c4fd562dae8f88e7da10cdcf0fe14a296e2e3c4a34946b6d022228a96ed162c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 984719dcd41f17d99d37c11f56878358
SHA1 c8fdd87f17772f545be4d3ecc44f81553864a0f6
SHA256 64af1a8384107fe39e8bed4e9b0dad625b922822fe2c0706a58617bc3aad23f6
SHA512 16ff6b4cfdf0e50c9e0fece6edaf8808c01d488d9d5a92aeaa6eee11c80b6736c57b6fb5af181ca282efbfd77dca7448bb9fe625c829d282e4fdb71f48be788f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e28a3607f4d492d6390511957374ee94
SHA1 fbfddecfa4ab9181fee83b8bc348fc2f372f9606
SHA256 af9632f4b325ddeb62a2d4608903a51ae02b71570cc27c425c9c77b91e5de27a
SHA512 eb0246e46703e70ec96ece6a1c95d4e4cbecfc74273a96d0dc778d4e8f08a180acacf8b88b081bca803ea9b198eb302dc2f2f4fc598fd9610165a0f24d042a95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42c31b0714ddea92eb5f7e3b57239255
SHA1 63e139c15dea0e62f7d344b1512557c8da44e7b8
SHA256 eaaf1bee904c6418200cd3bba758955f0f86e360942a5b4825007fc70089c56c
SHA512 7971e3d2d48c89126244019af9064f1215561415dd3f7ab4ef2e52ac7feec52df81840888538d85798a91759e594f5a07b43ec0183f2c02044e1b72d951c8137

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1fc77d9535ed855c15c0f10ba423642a
SHA1 4af2a87b64ec8a75d3fb01b713e2ee7e1258dbee
SHA256 5e62ca471aed86495331af03850a5abc13489568fb50bf9bfda60f3b175ebb32
SHA512 e68aed3c11db2e296c9218860c82fbdd01be6eabd272a7a8b0aaf63d4e91cdd8a9fd682f5d20c64ed6e1e0f05b0290177ebfc46037b69cec79c08ac00927aa22

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 12:57

Reported

2024-06-03 12:59

Platform

win10v2004-20240508-en

Max time kernel

134s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ddeb344b01e7c9f8f603ac441780c9_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ddeb344b01e7c9f8f603ac441780c9_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4160,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4148,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=3816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5308,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5448,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5476,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=4072,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6168,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6340,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5548,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.ihow.cn udp
US 8.8.8.8:53 www.ihow.cn udp
GB 142.250.187.234:80 ajax.googleapis.com tcp
GB 142.250.187.234:80 ajax.googleapis.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 8.8.8.8:53 123.44.233.46.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
US 46.233.44.123:80 www.ihow.cn tcp
GB 142.250.200.14:443 apis.google.com udp
US 8.8.8.8:53 service.t.sina.com.cn udp
US 8.8.8.8:53 service.t.sina.com.cn udp
US 8.8.8.8:53 service.t.sina.com.cn udp
US 46.233.44.123:80 www.ihow.cn tcp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 8.8.8.8:53 csi.gstatic.com udp
US 64.233.185.120:80 csi.gstatic.com tcp
US 64.233.185.120:80 csi.gstatic.com tcp
HK 36.51.224.123:80 service.t.sina.com.cn tcp
CN 111.45.3.198:80 hm.baidu.com tcp
HK 36.51.224.123:80 service.t.sina.com.cn tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 120.185.233.64.in-addr.arpa udp
CN 111.45.3.198:80 hm.baidu.com tcp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
HK 36.51.224.126:443 widget.weibo.com tcp
HK 36.51.224.126:443 widget.weibo.com tcp
US 8.8.8.8:53 123.224.51.36.in-addr.arpa udp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 service.t.sina.com.cn udp
US 8.8.8.8:53 126.224.51.36.in-addr.arpa udp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 service.t.sina.com.cn udp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 service.t.sina.com.cn udp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 service.t.sina.com.cn udp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 service.t.sina.com.cn udp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 service.t.sina.com.cn udp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 service.t.sina.com.cn udp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 service.t.sina.com.cn udp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 service.t.sina.com.cn udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 widget.weibo.com udp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
CN 111.45.11.83:80 hm.baidu.com tcp
CN 111.45.11.83:80 hm.baidu.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
CN 183.240.98.228:80 hm.baidu.com tcp
CN 183.240.98.228:80 hm.baidu.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
CN 14.215.182.140:80 hm.baidu.com tcp
CN 14.215.182.140:80 hm.baidu.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
CN 14.215.183.79:80 hm.baidu.com tcp
CN 14.215.183.79:80 hm.baidu.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp

Files

N/A