Malware Analysis Report

2025-01-17 23:18

Sample ID 240603-qalajsfc8y
Target 91e1fb85c6e09151f6b67fd650cdde38_JaffaCakes118
SHA256 bfbe2936bbf5e7a431ce5d85066e41b26028568464546f91c547f4176a0b37fc
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

bfbe2936bbf5e7a431ce5d85066e41b26028568464546f91c547f4176a0b37fc

Threat Level: No (potentially) malicious behavior was detected

The file 91e1fb85c6e09151f6b67fd650cdde38_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:03

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:03

Reported

2024-06-03 13:06

Platform

win7-20231129-en

Max time kernel

143s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e1fb85c6e09151f6b67fd650cdde38_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e00cdc84b6b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c1787d0b224f0643a4380c0b0f3107a7000000000200000000001066000000010000200000008906add622fa8b42807e922ffb8889d851e41a16e1e150a504455d978c024ae5000000000e80000000020000200000009859652fc4bfbc24222fc170e939afc3a8dcb9e4a6089eb84d298551a093bbd490000000212cfcec5a65cce9c11e07ecec13df662bb8c45bc823546116899909e641851e8cbfeec6a333ec81cd8cbad7d34bc59770c303e943dcae04c55df5556235556358c14029c5c03d57977d4d900ff26e0cc0e27152a0033fa3d08deb315bb5eef8f652f4a7b4e079966d937dcce415bb182d3fde4913158930edfa0fd1ba636f2f461649c182ea600954fe9e0e53e0aa52400000001d706041df5ffe80b16fbc5d862560f3cf951aba68da708196732293023b57b9f6fe4ccc7785d8420001ee83cf93a9cf15ebd912888704c9f92b0df8054b2585 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c1787d0b224f0643a4380c0b0f3107a7000000000200000000001066000000010000200000004ff56dccc6b1f0742a8efb02d762579f17c9001b2f764eb891e60a35c105a58c000000000e80000000020000200000003cf713ee3c43df443b95c3aef776b496a310dcc51564069b5ad4bed17391aa8a20000000b5a850beeb0178e66a5677c1662a124f37f8064ab2d2e63f2ec4e959052575cb4000000092a6b59de8cf82087a9ab00aeb23c69be801542b3532fd62feb752ebc5d5dd8a410ba14a2f9a3a7c4b6126cfd11436f87711bd08183d3fd0e3992340d97be309 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581679" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AD582781-21A9-11EF-9E06-5628A0CAC84B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e1fb85c6e09151f6b67fd650cdde38_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2364 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 seattlepeach.com udp
US 8.8.8.8:53 www.seattlepeach.com udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.8.8.8:53 www.blogcatalog.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 3.33.130.190:80 www.blogcatalog.com tcp
GB 199.232.56.157:80 platform.twitter.com tcp
US 15.197.142.173:80 www.seattlepeach.com tcp
US 15.197.142.173:80 www.seattlepeach.com tcp
US 15.197.142.173:80 www.seattlepeach.com tcp
US 15.197.142.173:80 www.seattlepeach.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 15.197.142.173:80 www.seattlepeach.com tcp
US 15.197.142.173:80 www.seattlepeach.com tcp
US 15.197.142.173:80 www.seattlepeach.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 15.197.142.173:80 www.seattlepeach.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 15.197.142.173:80 www.seattlepeach.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
GB 199.232.56.157:80 platform.twitter.com tcp
US 3.33.130.190:80 www.blogcatalog.com tcp
US 8.8.8.8:53 usa.desigo.eu udp
US 8.12.18.87:443 www.ontoplist.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.185:80 www.bing.com tcp
NL 23.62.61.185:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar323D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fb05af7b8331c487857e3f143ca661b
SHA1 bfedffd8ee0026ae0c1d913d83b4cc2056fe7358
SHA256 fcc02bdd9674bbce6a07d1fe9074a5d01074e12c7e9b2f9befe54c83f0eba285
SHA512 1bae86af95ef3833455d2b9916b73595e548bd69867ef5635cd1207b1604f8b2329c7271445b1f50ac38366d0340dbb07b7dfa62b877f5802f70ba4b80141922

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 f2be2549d6f84982902d4fd397b8956e
SHA1 fc94a858e4667f9abe517e4ce4dfab638e0c1251
SHA256 e6e04cec0b6402c8bc62a31fadbcf60851e2954d4453f6536a4cb0705a923dd4
SHA512 b41579c7e34d49d1f2b474160344363caa5fed6ea0decbca4796f1d1cc386b2e65ba91c94beb2c267931ea43712e94f019a1a5e7be4eb16527820d6a5adcdb02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2b9706ff4cd02e9543a0983c1e43601
SHA1 3597fddb8aa8b96b96723f7c76b8749091496163
SHA256 b3779755876b71965f9867013615a5da1e56f86c3007c16f12ea993a14fa9e22
SHA512 73831308243387fddd79ae898223d72842638a78cc24c0dd1de06aabbf856e0c0d49e1ca21a5c0b85d5cde26e91996d3c7f22d6768503c64ac46db69c950d30a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2bba6776f7117f72434f15a13ba439f6
SHA1 07e60a511c9e11f27e963d7d74e11d52203f3693
SHA256 1ad082c784ee244bd0edf867a60a87353262b9095f3c64e57c49744ceabb91cd
SHA512 f6f92fb7b87175c629e3a28317c2c31495a33305a5d02f8a9d773a5ec4acb1f7dac0e8ff347143e2f61ff4972b85528dae225ce178bb1f0464e3272f4f987b54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4704b4d81af91879190aa4b195342607
SHA1 13fec2cf3d3e6af7a222950ab261256118b8ce2f
SHA256 042d620c6bd8d391e96ef451a61a98e7cb14f8ff0b939128c572f178c5cad87b
SHA512 0f01a13c7db8b9a5ebecb72dd2c85362c3b7f943d8a78805e707a815d1e105d64f256628337bc07ac44c34e6e455bddf1757c7fc3717622a761a9577986fb35e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc4abf04efd5bc8d3a634d8d7af3bef9
SHA1 a0ed3f69c6fa488eb0ffdac9e314e0e2bd71f049
SHA256 94ef7ff696883ab266e869a0ba0b756f3feb11ddc5982856c85f280d51655091
SHA512 4acdf6cfeda8c82814bc67b03ddb16e3d9fb8bd8be28d119a7da7aaf9aa8c3bacb386ebb740976a2a9faa18232ecf02c48962917589217f7d7233474a91a8f71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f35e7f20d08a84c099c8b9566849b91
SHA1 1170742c67fec572cecf4f975a833b6e1cb42d73
SHA256 7983b676727de782aeac09d549902e027fde2645e88ba9cd697ff0ef1f7e17f4
SHA512 a5f35dd287ad7aae6a9113cb2b8009c1e4d69ec404f3d474ecacc07ee39f044a9c709a1eeb74aae969037462cb21371e46b861631b8773f258b25776c25fdd67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 8b0f10679b8b120c8182b9c7a28b471a
SHA1 de4a2655f15fa99aaeca40ef36597d5d6316334c
SHA256 97e79af521860b53b2154b667aef589c74d5a2c5223b062438b16d0635c4d105
SHA512 de1f0bcc3344cf02cf7ba4d0e7d890b50a315359b4d1cd6f51f63c56c642acdaee194245c69ba77072cfc0bb3162671361f32fce7fb963bc2e897565e02c3a1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c67075b7355e4efc50962bb95e8663b
SHA1 56c75fc84fb371b2d043a1f01094e3398ea2e936
SHA256 86d8cea5a4cbb7e177999fdfda2a1359bc80901ec85492b524c6cc4e2ac21f6d
SHA512 6bd147ba1d1082ceb7997834e3d750960fcbef89afdb584875d0997df9ad3f59361a5d23f590a7afe922a616f7314581fd9a4f3ab2e1ed1da5ac48ac7a66d359

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfba32d0dd9e30b66c64fe687dc4fe94
SHA1 8302fa913b57de71a77465abf62b6105d439d9a1
SHA256 81e182a7b8ae1f3956e038c2800be8c814c8fac77651c861509a6982f4abca62
SHA512 e123d81d589c13063e09df6d43362ae20ce7cb49200a5a699201a429dd70793877ced0b675c50f2b1da4d3fcb2d6e93178996479942db69d5077c88fffc37875

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b94102bd6d8f55ab101975bfa1081627
SHA1 2cb28ce8abd1c53238ee49504cd66214e708714b
SHA256 38c120261aca82a92d3a905bd4a4db9fbc6ac654cd0b6e073d555bf86aafa0c8
SHA512 11e5504058dacad3ef22716109d407bbaac2a6344f85903a3458c1f0af7207342e955bc69a27a02a2fa1fa0d978d8b161369aab73fcbde8bfe21a252e2f202cc

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14ae62183db3a91cedbb3d6fc799c0b4
SHA1 c885ad6ef4a88d7f33986206a460a6beb27f2eb9
SHA256 67ef23e14eda2e624f2e941e24238d40ee7af0ba9573ba4941ced7ea14fe3e2b
SHA512 c14788b3be78e8edd5b1c1fbd9db45a9a507445d0658a9c684cb76875da7c7c7cef9fd777abf3532f029522ccf300964cd225c1f5a3839daf1643ba85f2b1b9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef368edb0aa45125b6415f0f3c1bd725
SHA1 4c7facac3c5ea6b3a05d777f3925a64a45f2fbb4
SHA256 3e5b41ea751c8eeae6b5613e1e6cd789ee01db3716b435296947fc570129330d
SHA512 dbcc5d2370430d468ab0f0f06704a0b61a878a8dd6ee5c2874e1b62a30fbf734d7843b7e3d284dd075264180ed95a86741647d59924e6a6795b0806130e75001

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cee85e11f0c54a0b85dc573c69c33bbd
SHA1 5842ba02bcbbe44332c358b6a5540c8bb22f992a
SHA256 acd1ee31b3e5c124b6e689ef9732c06ce615d7532141da9bca9d44320f6d7391
SHA512 7f59d2e51f4b65abebea9bb17eaee05523307a0b8fbf523312578534d5696040b15597f7561ef51e16c2f4132f07936b0051695503876926ae5dcce6acf2d2b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7caf910d8be368d0ff10735bd85d2fe6
SHA1 5147532044a5bdebf580ba33cd2bc7a288104f59
SHA256 d88d94aa3684be7249625b7febaac224ce7e162a13c3438c9e44d4cc50601ec8
SHA512 674e3efba74946d4521aebefe024fff44a2a2b7fe414bc61f18cc48ac454c5bbd559477d5f325f6911ad8da55e854ef044e33d94e230c1c5ad47f39fa95675bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b34971fc5e28fefe6d877274dfe60f21
SHA1 188f9d04dcf6b4ce204274bb390a1931b2a8fff7
SHA256 18121f96b92ac299478f80d24ca2f4521268af4b60e674727a001f795dff156d
SHA512 efc3e6c5421d7119a54b735ce6110f2993eb89cbb7456435be7e8d2e673c573bf096b571898fa81e5fac777854cbb835ffe87833953378e2f0dfc518f80369a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93bd0f9d0d3658954304082928eb943d
SHA1 058cbddddc43e7c737ecc4bd9d590450eabf6a4b
SHA256 8496688409225710778123310ad61d20bb04b262f9bc04796a7626e83edd415f
SHA512 5f6cb0a8cd67fe98e12b3b12a4882744c5958a07df824fddfa2afa49a2c2370221297b379c0accd2cd6e56c3faab28202f0224607b67a3b97a2700e367747def

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 782ae754ff00ad171423f4cb9c37e33e
SHA1 37376d33793be670bf14022219c487e22fec21c3
SHA256 2ea9c791bd7af49502b3ea229274223a73df45a693b7d82109faa8d0508dcd66
SHA512 ffc0b508aade5b7e9cb4883eac621ce57ad5d45247fa8e81d9b77a8fd6eef37f44afc2cd2e5a2afc756ff3f162722b08ecd06a1626aa5990df1e4af9bf4c23e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 903b2114458fdfb87526ee7176d80d1b
SHA1 747b45bfcf00d76463bd7829c8f63f034c2b9c06
SHA256 030c651d52b6ce92e189f7cb97bbf5d228f1c0b1b2ed7c902cce3567483499af
SHA512 8b2b54b5e79eca0088deccfc6eb30c977d0522162c1cb0f5eaff3bf82e330c67231cd526932b4c503a704ce9692ffe51e8eadd590a3aaf69e7f88b0abdd5f675

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8f378621d7d8047c70bed06d069e7ec
SHA1 04381ea1cb85c45f52d199bd7a776068b8861ced
SHA256 cd0447ac503e6168c1a06fca539d42b913479ed855281657b63cc9de4363dacb
SHA512 9a50845c3d2474d7cabd812fab2e1ba5dbbe4e06c0e8a4c3966a5a4efb9d0c74da3a2154ff7c39bf9b8f4e5cc6336ac59f2d9c878596695a952f0fed98ab38b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2d47c4451ab93cd83c939b7346ce29c
SHA1 493faa2290e4225f7c5cc19418dda4d9a4b59dbd
SHA256 a9af6a75e6d340eadb58a0e13f2e7b6a385dd5454598eb7db5a70a077d91a73a
SHA512 8481e428850820aff1a1d5d1c857f169888b6818009167ebc3202aa2ce92bd6ce65fc2e48c2713feaf66ffca1f3f9b162f39d4a22933680ac38e8d8a80eb63f0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:03

Reported

2024-06-03 13:06

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e1fb85c6e09151f6b67fd650cdde38_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e1fb85c6e09151f6b67fd650cdde38_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3788 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4228 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5344 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5460 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5232 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4176 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 seattlepeach.com udp
US 8.8.8.8:53 seattlepeach.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 15.197.142.173:80 seattlepeach.com tcp
GB 104.91.71.134:443 bzib.nelreports.net tcp
GB 216.58.212.226:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 173.142.197.15.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
GB 142.250.200.2:139 pagead2.googlesyndication.com tcp
US 15.197.142.173:80 seattlepeach.com tcp
US 15.197.142.173:80 seattlepeach.com tcp
US 15.197.142.173:80 seattlepeach.com tcp
US 15.197.142.173:80 seattlepeach.com tcp
US 15.197.142.173:80 seattlepeach.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.22:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 usa.desigo.eu udp
US 8.8.8.8:53 usa.desigo.eu udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 www.seattlepeach.com udp
US 8.8.8.8:53 www.seattlepeach.com udp
US 8.8.8.8:53 usa.desigo.eu udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 platform.twitter.com udp
PL 93.184.220.66:80 platform.twitter.com tcp
US 15.197.142.173:80 www.seattlepeach.com tcp
US 15.197.142.173:80 www.seattlepeach.com tcp
US 15.197.142.173:80 www.seattlepeach.com tcp
US 8.8.8.8:53 www.blogcatalog.com udp
US 8.8.8.8:53 www.blogcatalog.com udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.8.8.8:53 www.ontoplist.com udp
US 3.33.130.190:80 www.blogcatalog.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 8.12.18.87:80 www.ontoplist.com tcp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 66.220.184.93.in-addr.arpa udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 87.18.12.8.in-addr.arpa udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.8.8.8:53 www.ontoplist.com udp
US 8.12.18.87:443 www.ontoplist.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.200.42:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
NL 23.62.61.75:443 www.bing.com tcp
US 8.8.8.8:53 75.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A