Malware Analysis Report

2025-01-17 21:37

Sample ID 240603-qctppsfd7y
Target 91e4619d2b6bc8d6de1119186526bde0_JaffaCakes118
SHA256 4dfed58ec59c9e1ad506fc267f991e8f630a30897d99e9ebf7b48427319c417d
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4dfed58ec59c9e1ad506fc267f991e8f630a30897d99e9ebf7b48427319c417d

Threat Level: No (potentially) malicious behavior was detected

The file 91e4619d2b6bc8d6de1119186526bde0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:07

Reported

2024-06-03 13:09

Platform

win7-20240220-en

Max time kernel

121s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e4619d2b6bc8d6de1119186526bde0_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0475238b7b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581914" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c68c7acd37044a41beb250e252777dc50000000002000000000010660000000100002000000080b5fc290aaa3485b96e71ed08f6e7297d5b245e63f98f3f3674935260ff7688000000000e800000000200002000000099b728b8136e1ac1229c1f660b12f4c8362fa969145b962420f796295981409d200000000f037c9a40b915bfa3a813ae1e1bada4ccc0d19a586c79c6f8f1cf55f803625c40000000f72462b451f93099afab8b35f88a3b422b098fcaa4b9e648185e9e46fe5bf05211df18096d38efd7b6d195af8ecad00bf9dc39272351be7c62ae099af51ef9c0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c68c7acd37044a41beb250e252777dc5000000000200000000001066000000010000200000008404a00a0742b4a5d9fcbe7050e99b72985a7ef24cbf5ddf6069b20176d518f1000000000e8000000002000020000000fa280789fae1316a44e6194417fd791f0a283baab32c90c8705795ce64d6b53b900000007e3fa01300057f28e2613f1be82cd0898024860c994d8a8b52c0324121b6841a12ac45e8908b59da3c241160c394abe9661830fb4f6fe68e39611c31c079f9f29b34288c815763ccc19df5d3aa823dd0062b4418ad1aa9a24ac289ed4f51dce7a89b2d306fbfe71877964852422050332e7b21cecb4951c0c49cc3289bb09d0be05596e37ca5b9e48dfc2d17c8f8b806400000004f33c872a1120aaf433c9115941fb1a01f25d01be9b9fc169986897f523650c6cd92b649e138dad60619177c4e2130c0b9d5ee56f62d98c8201ccc2707ec4a8b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{397320D1-21AA-11EF-85B9-4A8427BA3DB8} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e4619d2b6bc8d6de1119186526bde0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.g2rburn.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabEF1.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarFD2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad28099b16d1fff91e036c78eeb7ec83
SHA1 f904a29fbbe065d45aeb09b735d886b0b66e9593
SHA256 193ac17a9193c2aa25bd37ae33d643fc0a97a8a5997ca814553f897bff0335fb
SHA512 ad429fbc375e09f15e3dedb04c9df94bb6724d0b872c64ed747d977307d31f9e90d07c5658bb66c5efe59a2c055564706815b95ad32d61ed7fe55b80268a910e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4a737fe4489261062abe28fb9cfae1a
SHA1 8ae04391ee96999fd11219129276b7099af906aa
SHA256 40c03936d035de9be56f3b9a35d7fd184d85005816940abefcda8284b2517652
SHA512 dd79feb797ac8e31f3985c4310d9a9d4d438bfd0fe1e31ffe878c65459f46a999bb7dbfe81a6d8736de476397f2d89938cf493188fe4e7758312b47b55862dff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 910f3dafd78063bd5ddad4300a4738ab
SHA1 ef3709b7f02b5786e26a605e795998440a3e048b
SHA256 c57eec15796217bf60e8e401b1d426abfb0c5eae3bca425921cba0391dc5f7ec
SHA512 d16214ebfe90dbf6185c04e6a51aff7c37e93f3c667bc730142304b25d4c36aabbc43a6bf2432321bae2a3bb1f630a0e4f0ffec77e54557a62c3927efeecbfcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89ea5faaddb199995df22616b5781c0a
SHA1 bbfb6858e1e4cc7562aeb4b526e3bef6bbbe4096
SHA256 5cb6d82576d1b9a10916c02ee200de3c180114c179cd92cde8d21d5d8c2721b8
SHA512 2eb5065454a11d64d79dee9c622c8b7ad59f04e914937f774764fe5831d84b5b8f69fdc3db72fde688730092260f01fc11b3fa3e9e3e74c76f85ec83b57d2294

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be4bae0210866833f53f4acef3d2ff3a
SHA1 6006d330cec16c509f8215d0269ad55c10fce0ea
SHA256 7acf380cc22ed70ee79382ea4dd336e530d92435906b3ea36f1b0b8d8495970f
SHA512 e28c2fa30a02a60a1d97a535d5c2787cfceb36c38ba07553de44ec312b47be5beb55aaddf6b2a3c82e3cd318c8de94c482f02f4338758fa4778c5b268dd29a6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bbee514a9071fd3c52f71d0734b32d3
SHA1 087e8b067daf7029dea1fcb461e879c6a5d57070
SHA256 f312fac958eede9fcb5335dea059fc01ec62d086b114afdff4f8afde3ccf62f5
SHA512 6cdd9a3655e73e86298aacb50799e5f424c4671433d2d0917dd1d58640ee2fa2d1f9cfc3404e97f95199074f1df6be6cd80bc3517cbc9bb641cb6df7c3757e4a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 76f08e903b1e971b118c96ce24cb8a27
SHA1 fee8bc62c4c5ea8760adf300480ea9cecf2c666e
SHA256 714ef18c98ce27d8d9c5e6295c5e231208867cf3192cee8d3141d4a7cdbaba20
SHA512 7d24a826b175b04f775c3fc14d6d905af505513e4c6cfa93c3ae9b1794aefa6949b86a872c93f2c4e35087fbff4b6d5e111f38cd49319192bd771b9d33a0cf71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2072b26841fcce4eeed7401f0af31853
SHA1 2be7cda6346e82311fc2075213b8af78519c6340
SHA256 338b69ec289cf501d2af400b3f60f4d73ea11e198c3e2b7f1bbc0c2e8af41d45
SHA512 837b55f1de42aab659b40b52e57de6c2932626fa19af34a008e03245d3bdd69a48c73d75742138a34292e7b59e9839b6fbfdfd19b37418d6f6821b4af71e1f8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f40f4fad0e14d5a6a8262ac4cc84dda
SHA1 e9ea023921a37a6296531813d7aea69ab8bf05a9
SHA256 5f7064e295212047db1a3af28ebcefddd62f49957a03d18edb196e0908b9c3f6
SHA512 9635dd9b7b02b7b1344d16ee83ea911260457f7afda0793bbd7f26ae2519b51029dfe6db520d802def17eb7eb6bdfb6ce8ea25f833ec94c38be13cc11aa368ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c900d75fe9f55c8e8e2338e6e2c82dba
SHA1 786f47b0f55c24f0d41de87bf32a26e99b54c809
SHA256 aaab59917cedab4cff762882bac3446c47cb14ec531d488c4d352380d7df32c1
SHA512 3443a7dded59daee558cb435698a3fce15621c043fdf2eb021c35829cdbfd02f24d5b75ec8adc2139d07b266e860e8b9a1fdf2abdcbc55fc83434a497d1196a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 908454e0cfb2082442bd6392317a2936
SHA1 6a5c66128f0ac7b1680fc91ea50eca673a4ee198
SHA256 861e2a19be4c409870540489ffc76e54e92621e7800d67d178298edc9cbb4590
SHA512 41c6d43c3a9a4e7dcfe5a3a63bd25f002fdb4aef26da14a383bf9ddd612e91a09d4bf47f874fd1c00cac296633f0f254d5898beb47acaed4d1dbaf936b1f39f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d1e88dee995718f2133a6b25a8d01a7
SHA1 b8924ee588e73b062fb9e6be039d183915310716
SHA256 279cd52ffdf76dfb794a0a3c4b56ab69941a00b0d6717f2d1f45cd11598c7470
SHA512 2b4a28143e9008bde09b344d0b0e9f89b3e0d42c64a80286545ed512bad93774433e5adedb0f1424abf7accd267a72d6fb3288657abd1cfa1489722c88f442ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1176f3a2eff8e0b125dc2e7d43a48382
SHA1 05ebe435f2c962b80d3882d38277da9db66cdb9d
SHA256 2c1513480170c2ea3fdaf942b671abde22e78b1ec79cee668f3e03b5d43d1309
SHA512 2f1c7016ae38a371bdf77b2c2540cd5bbdd7f88c74ba5ebb98fce83fba6cdb05d6b8c10e9c6e315ca4aecc86f3130a6973e8fad7df8aba3561c9ac19b9781ebc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09ee3d75007b0aeb671860041158a04a
SHA1 20dbf46911be54ad9c9221ba570aaef06de01085
SHA256 24042818883217c0fee380dcc782b6af96d4c39b5524faad075e97d9efe0d06c
SHA512 6b2e7d11052c4a0707d5f7a02077431aac042f3642b4ac466ba20751ba694b91710534d4dc327b3540efe7dde1911a40d1e4b9f0bcc8592aa81f80e572e5f174

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8006259d98a667c7abf446482175b6e
SHA1 ac83b5d372914911dd9fcbeb10c588d9ea54b6bd
SHA256 c3bba74c2e1abbb8c241d4e01901ed9c7601bae9854589c670d4e1233f8efb22
SHA512 c4e228adec6609ac2274c6f112e9beeb3209ac9c3167604be0093dc206976711a8eb670aa9b3c792f82bdea15942c9f474342578026894da615991ca03424b2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b694249bb881e5153edf06f8ce80a53a
SHA1 2325be3e42cf18ad818b893e5d1f5c5528801bd8
SHA256 19b36121aadf941747ae6f71c64f2c87a53fbd8ccc8819820677749fbad73ef1
SHA512 1ddaadabc210c3bd45ffd24e4880b0840e3c1d73e6d217f8b694b0059b04db434890b2bdd335ca70ced174f1497c13d4ef3293ff06dcf62c626a4e63cc13f54a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd509cb242b89b63513f346b01d25b51
SHA1 f8f6f2b2b27ddf5ccaf1d0bb8297d3b2ec93aa8c
SHA256 d086de29d2ce3cdb150496ebdd7769a7c9c590793f926e198d714d42fea2f015
SHA512 e2839479718946781c923f073504195fbf8fb1181042cc45aa10dd908c9755da0d0bd4e74b978b92f2554538684157aeab9927fc861585dfc81763b1ee35d15e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d57c7409bdce9bdca0f6e4ffb7b8f7a
SHA1 23383648e1d3b0b1ab53c0463bf4523e7151ceb9
SHA256 0ee582c4574d412357567693d72730799148555e65f56490407fbb5bb03627a8
SHA512 495ab21debe3ccd9ee60daa1c6e275df8d0d423b4f689ebadbfc4ca8d7ceae5e6afd8568846f393cf3457fc82db845fc795b2a4d46253faf0787c4e0b53f1bd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac8929814236bfa84d2dce83ca05479e
SHA1 f53896abfd0bd4f6dc34fb0542541499ef5305d5
SHA256 701c3dd9dc58c0eb19e5811e8234c9fecec30c8021a5649eae8ca08aadd07d5e
SHA512 ad0387366294ea42d7c91ec8a32f1233d20da8391ec62a1eeb8bab26e82ce6081e8466a3e2b38ef297970e03a4f1cf5d2aaebd9fb24589069595aa226c61a12e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:07

Reported

2024-06-03 13:10

Platform

win10v2004-20240226-en

Max time kernel

146s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e4619d2b6bc8d6de1119186526bde0_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e4619d2b6bc8d6de1119186526bde0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3740 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5720 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5864 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4812 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3868 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4412 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5932 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.g2rburn.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.g2rburn.com udp
GB 104.91.71.134:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 134.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 www.g2rburn.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 28.173.189.20.in-addr.arpa udp

Files

N/A