Malware Analysis Report

2025-01-17 23:19

Sample ID 240603-p9cxsafc4v
Target 91e0d83ff544a4e49628e3475a771985_JaffaCakes118
SHA256 c997f8403bfbab0425c06fc6097ac8964e949726bb723c9aabd2243c0ca17594
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

c997f8403bfbab0425c06fc6097ac8964e949726bb723c9aabd2243c0ca17594

Threat Level: No (potentially) malicious behavior was detected

The file 91e0d83ff544a4e49628e3475a771985_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:01

Reported

2024-06-03 13:03

Platform

win7-20240215-en

Max time kernel

146s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e0d83ff544a4e49628e3475a771985_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c14bf166f1a9348b63e55a68c5e388b0000000002000000000010660000000100002000000077eadaa9dcbadc398b0d9be40cebe18521a84ee8c48a65ccc5d3edbd0ad19725000000000e8000000002000020000000c2758a184458e42a2449d7a5515f47fda41365711a1c256268757d274d333461200000006bf1a37ee29a8873c438c714976d70ca340b02f8dad87703c9e83ef693c5ac69400000000049ce1c9afdc82e1f3d264e2a51cc39d610d3b1d394065ae0af269e1bb58aa01689bb7dfa444b16f7da028c6caf0285afd1680a67aea02b39b20918b0f9d091 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70d0464eb6b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c14bf166f1a9348b63e55a68c5e388b00000000020000000000106600000001000020000000b1f08cb89ce83262e95a320cf33122eb5342a0d57033f35dc6db07e8427b5879000000000e8000000002000020000000e8445f7d7c9006a3c2bf0d471a1e81571ac4f818e15645f7472bbd22532c79569000000041f05e82249e599726c246e951e6c3db0e04bfe6780064bf359371f9ebe473a276a7101e327d03fe7d546e99b68d04a23cb321c68eb8c0b26ec5f79b857ca1410fc77f5a99fdaa68813d5d633fd3f436e5711fe5bbefc63e9e15b46a50eece70d73e9832b50327b79310f9e750b315e17618eede2dea5fed539335d7166f5eb61dac072b60a5894274a67d1338661a9c40000000e03113ab815623108f73fd1513d36b29403095e851642d818176d6f3a62a633e828f8664593b1b5a989f70833bf12640b6d007d4eda7101fb8d658b837caefc4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{60787781-21A9-11EF-AF55-CE46FB5C4681} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581550" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e0d83ff544a4e49628e3475a771985_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 razgovorchik.ru udp
US 8.8.8.8:53 masterhost.ru udp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
US 8.8.8.8:53 ads.serveuser.com udp
RU 90.156.132.125:443 masterhost.ru tcp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
MU 41.212.227.208:80 ads.serveuser.com tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
RU 88.212.201.204:80 counter.yadro.ru tcp
RU 88.212.201.204:80 counter.yadro.ru tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 88.212.201.204:443 counter.yadro.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 90.156.132.125:443 masterhost.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1019.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar107C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 785e184c8391ba92ef994c47935505b7
SHA1 6a4952058b11ed2e8f7bcce97c8669ab1bf92f46
SHA256 61809885b02f4fe4c3ed195f8b5dfd5c74359629d2dcca0d8d073afd4c9b0662
SHA512 6a400d7cf4dfac078f09c5fb6a8c631429065150a4acc76fcf532b2c54c1a7e8855d7c490babb3435ca4a8eb2be443a16acd6b18b99bde2d6ac74ddc24836da5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a726ccd6f484acd7e567764d5832cba2
SHA1 6c7f72f55b392191d77106caf80d4ae50d2d994f
SHA256 6185b48579aa0bb908352c5ba7ac0f0933d78400c5db751e8c91836e7d07ba98
SHA512 7f1f736e55a9f97c61016b50699fe8602720137ea827a1cfbe16f320473d55e76b422b1711eb4d873b1a714010a3d126ba6918ce5404fd5c46067a2811591960

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8d3647bbc9e815930b608d42b278446d
SHA1 5383c2b6090d4054fcec087f46a8df3f6d1e5eba
SHA256 f5dfac10e8de26aaff09297a4d7bd5aa30a9e55b81101a82e0fbee2631e8b154
SHA512 d5d848cf1359481d3bc84f30b64b9728a3acc2d5701600d49bac5ada18c99376883edca7aa9307f16d5b50f5a427f14dfac7e40f9c1838f01741285af53abba6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 844477d274f7d3746b2f4503f542e664
SHA1 3fbc07fe0e953faa30187aa3a884e54261a3ae5e
SHA256 deec2b41a5834fde61f3815f3699e5fb643e8ac33b925d87d0f48ec4af83cf5b
SHA512 45a295f448bdaf2262f8d41767f1bd9d6029c9696ae48ecc9b663d6f913c71c6361329beb6070e5cdfd62fa9bc09aec2c949edf4e794b1800f95d92c0e88da3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bc369f6272a5764f18ed40b093d6db3
SHA1 07b261dff60acbbe25b418c9600034206b31d620
SHA256 6d0eb73874c6a928a2de0e71714d3b4910784e1a485fadd00a02cb766053e84d
SHA512 952d882d827426bac1296412dd8572466f7bc8a7c75db3233b416f82484282cfab1ddbc0461c134f241e229c576211618cb5f319d9f7dbbf9ededb0d87576632

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 003684f3765177278964834092bcb8a2
SHA1 cbeca055c21820cf5f1e88403cad11dc955a28b6
SHA256 236d0226a95cd359aea00fa3127f63f50c611b551d4b2f66823b861f22fa9ceb
SHA512 611dc52249d99ba85ec8a74aa4f1577173cca49c69cb6f1aee44fa57953ea538ef04b02d4efd86dee03e1c0f592e2220af727264826b56ef47463dae6aee8081

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 deb7941179397ac5c69dead444698f7c
SHA1 4d5a8f62df3e87b16f4516a5b416060694901fcf
SHA256 25c7b53b979b026256ec43adc8f808691862ef3daa351bdb1238905d75e2bd64
SHA512 a804530204a7442d13a891a47723efb3e78a283b3568ff223d155cb2ca65cefd5b5d8f51d939b686f1387a54b144449d5c4797378392b49d654e60b29cb29985

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4296817e2b0d2de7b321158a4de1de7
SHA1 bda5dca0e3ba79f1c4d89a2bbca9463cb10b5489
SHA256 cee9a6f39451f160877f834526c03127d74714a5fced8a7f510a23252249f504
SHA512 f56da3061bf6c9ac682d7631e7362cb8e89c3554781846b1c214e0f9b0f2e806d99d70e4241eb6dd93287fc47526a8257400c84be098867bed5c49146103266b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2e6a76f1a1c525bed58188e413b3960
SHA1 a749701c318fa608f525cc25c50edb086beebc51
SHA256 e23d8b72d5c2e234fda4e18da17f246a94ebb7efe8571a90657c5ecffee9d98d
SHA512 e068486e916471567b8fe4c7cdc6dc089806a6664d658e2cdec8bcee1d6c0bcb1a8b931f177358b70f891cd9f1f6e4e9826f3caa3e44d69c2e7ee6189114f86d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 5d786f65158a3582ec8bc08ee63d71a3
SHA1 626479df93dc5522bfcb5c6e3cd88f70cf3d18d8
SHA256 172b2e8d816aac78ff5a823594a8db81ed5b28a5d4313b7aeb5a7cab7d08d1b9
SHA512 8a9daebbc50ccc098c75438c9c10856d10740f0ad27ee04e68b6707a661a3053ee19eda83b9a6d804f2bdfa25a6bd98c5b2971488c6220f0463cf72583addcdc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e045d8442e0b816d160776411c7e5dc8
SHA1 e53434cd2c5c9f88c344b4c635192e66c098b1ef
SHA256 2eaf5d6fe2b3aa5bfde6d5d9b8f304eb23300a61c72c0307104c409017df6b6b
SHA512 858fece3d73a17fa63405fad85f4a08e71554fe47093bcfe86b70e86052d84fd98adf66652e46f16100054f200bd5deaf3b4c89994897b7c5a9fc0e00282095e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ddbda36ce1bbe2287ee4f594aa4bbb02
SHA1 662bebd128525b340c8389b97a54102029830434
SHA256 16fd3689ed958d81f0b7b2b3b5901b309b061a2daf67a55fb55fadba9a4cda93
SHA512 8535a1e4665db4d15924e9e6c9778cedfff45d2e51b4b18521096b8480c8e15cf38143ef955af8a49bdb21ad485bd07dd68d7cdf864e4f7b4f86e92148a4c729

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc23600a37759f551e7da126416b331a
SHA1 8cae07895ead3d23f70f16c42e2875744b896c51
SHA256 dbfe086bf95b6f73e75a0acfc287be14bd8ee8e7487262a6a973250927f61758
SHA512 0bcd0cb6f86f601e82909fe5f37d999cece3c4d017f13657a0e8e647258988a43068ca49545612a96518b791e99a8571c6897b4e7f0918f612622ef7b73f2fc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 609a8bf8c9957a6eeafe3f785a843254
SHA1 4749e0680d4ef023a8edc834d36786a6c262b5a9
SHA256 50f6134bbeef99b12c1e7bc69fa9748869cd35a27c41171fedf92f053f247786
SHA512 474cc29fe938681e261fae178cc7e270ca530bed019083bd4ca1a617b7ed8c057ac727da25d81ad5dba83a58636c49895d6302ecbcf74927caf01148dc2fdb4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec8857a48d04b4e753fbfa0fec997007
SHA1 f6cebbe64284201542417ad2aa42fa579399871e
SHA256 29e4afde3b0bb1141320e81b82490aac70b88b01e71741973431fbd32e547af8
SHA512 8a7defd1f17f7ad76371ccffb0c17db35f30d09638ee0c162d0bc6477b47f04112c9da480cd72f320465dc5fa6a65e022bdf311692180ca504d30ca6c7b09bb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 925d7ee2e3134b6ef6c3f5ce656a7692
SHA1 098af7b93e1c172d6aec399f829fac45918ae7c7
SHA256 57b24e791a60427bb918f2feaaa6bc0955d5feff8a7b12a5c71f6940e81dc49a
SHA512 9d59a9895da0048a8d700557cb38588b16a301a84a54fe59027233715ca3ee37baad619cdf57dee7afeea2cf6390a9bca15498f2e804c782f90d953b09dd8b8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed774525a279924f1477d5bec168b306
SHA1 089d1125242912b256ec43e1f3496f55eade42a2
SHA256 c89f105bb1c581f5983f13887907199e6c159fb1d31be37f9d4762e5a761e95f
SHA512 b311b38b396ca68414eed74d706046fe6875b6b90f79ad04ed373ebf331c57f0f0b1690900029adadec627471db27d10d2e495f04b6d07028294086c407a4ae6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9adeb97bedee591e2477502a59b3c083
SHA1 21b55d2d9221262f79890a612a53bf7a8111ced5
SHA256 750314adba2a4029e47ae54121b9678ffa0cf3b17149d9387a0789394d148062
SHA512 ae4b34a4973e9de29daea817754f51a5622577a1a7be0a0e69e2d6f0dc011a1e3a4ab9f0ba2b2b12bdcd637c5cf81e6772c20630b80d378a629d73539103a749

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c7e46434e7d947e9f2c55a89f2e24ac
SHA1 808b9373c6804e7518a234c84a57e8af0db51ff0
SHA256 a3afc22e9791d126ce2af5e16243276020be1855bf1e93342a8f98d5d3222d41
SHA512 13ae4715b6ca15d5fa5a05e883d5b7f6aa9903b3f8a2f540fcb6a5240d2cd92524a5d205b62d47b512c707139b90251e4c0d1d39e0eb3c694c5e5fce6afef0b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9572eb5fbad134f628e23182ce1a08fd
SHA1 33b991bf373e46abd2e291bd9d9da5eb3d0d85f3
SHA256 5cda2b0d0f3456ec9805d7ade393013fbb89057306d2171f0027c2480fee965d
SHA512 7a4a7b6dc44e036c07d38b9767ac904e453fa00de499ad9b300f724774741d297fc4e2518045befd84d52573304be66d3fbfd4a46d2bafea07c0da1cfa8cf97a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b948010f6650797fa4d6885590cfe7a
SHA1 6cf147cb4780bc69c7be3876043b1bb3ce8a723f
SHA256 bd63973636bc15e64568f0c51c2b6ef82de85a0a79902ab9c247783b85638ab2
SHA512 c1b4818172f3fb7bfb5bb3e223496bd4f3f06843557816ed375b9762ce5c782546347784788b5a4176524b80aa56ddc206a0ba876a54ee591b6dba7766c76b5e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54f65544bd76bdb5314b1130703e21de
SHA1 718234046fdae0cf16eb650e54b54f6f2a0fd61a
SHA256 8a04b6a92b77444fc7eae6a2f4b3847bf90280e209938913547d1f779a47633a
SHA512 ac5cd732511b8f236c444a17aa0cdb4098901fedf0720deffe3e1539d1d70499134f048179a1892ffe08e3a3e5e501fbc9600878982709390e5ea1e9eddcf91d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:01

Reported

2024-06-03 13:03

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e0d83ff544a4e49628e3475a771985_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e0d83ff544a4e49628e3475a771985_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5304 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3792 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1960 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5584 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4532 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4568 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 razgovorchik.ru udp
US 8.8.8.8:53 razgovorchik.ru udp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
BE 2.21.17.194:443 www.microsoft.com tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 bs.yandex.ru udp
MU 41.212.227.208:80 ads.serveuser.com tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 77.88.21.90:445 bs.yandex.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.198:80 counter.yadro.ru tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
US 8.8.8.8:53 www.microsoft.com udp
RU 90.156.132.125:443 masterhost.ru tcp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 88.212.201.198:443 counter.yadro.ru tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 163.205.31.31.in-addr.arpa udp
US 8.8.8.8:53 125.132.156.90.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
RU 93.158.134.90:445 bs.yandex.ru tcp
RU 87.250.250.90:445 bs.yandex.ru tcp
RU 213.180.204.90:445 bs.yandex.ru tcp
RU 213.180.193.90:445 bs.yandex.ru tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 198.201.212.88.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 bs.yandex.ru udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.21:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 77.88.21.119:445 mc.yandex.ru tcp
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
RU 87.250.250.119:445 mc.yandex.ru tcp
RU 87.250.251.119:445 mc.yandex.ru tcp
RU 93.158.134.119:445 mc.yandex.ru tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
NL 23.62.61.168:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 168.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp

Files

N/A