Malware Analysis Report

2025-01-17 21:56

Sample ID 240603-qext5sfe5x
Target 91e74b29b9eba11751a56519160f962f_JaffaCakes118
SHA256 147d6c958f459a05ee651a5df2a01f6a7c3c1731b2ec45884f3891f609b61933
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

147d6c958f459a05ee651a5df2a01f6a7c3c1731b2ec45884f3891f609b61933

Threat Level: No (potentially) malicious behavior was detected

The file 91e74b29b9eba11751a56519160f962f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:11

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:11

Reported

2024-06-03 13:13

Platform

win7-20240508-en

Max time kernel

141s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e74b29b9eba11751a56519160f962f_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000fefb5488d6129ccdd8b656682d03aeb11f012159795839b875b2b08612fbfb59000000000e80000000020000200000007342b5b9e16d7cf9ab58f23b16e1a9ed600fbdc3148c207035fc479268df9b7c20000000671d0193b29bba22a57191cdd91f74ee4874a2a3f4b9260afa33bd45de74545f4000000078de6d7d758b60ae171561c5a8d58beda060c8acfd5bd7dbd2ae2f98748386007c2b7300010b7e82c48305931f5534dc7609787442eb92d2ada3b7f9b5155510 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40764191b7b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000587104b0d2f7da409208cf3ae9e77a2300000000020000000000106600000001000020000000e9b766fc97290e05178acc82638fa54e406dc5beaa36ba8f08fdd74ff9da0704000000000e80000000020000200000007b2f38e7163453e19dd2d9ba654da27b79d40c0fdd890a3b0d9fd65f38c4338e900000003340827f01e5b818c1a20eff7744e3ad57875b9ca82d43a6afd9a2b7a5e3ecb8ab9b86bd55380451918c6fab1d9e74a4dbbb9475ed21475741e1421e307237676d35dc4c2af3a4e93704ac389e91ef9e21045b97033a4ccd4844b21aba57710da61b0a999959e9412a4c2433c942b51a060582613204639d9347547ad8061e67eb74b761f6048f4c946c9c9640c4989640000000642a6136f94c947eaa475c46db4802feda03f855a97f616c24ff52028b7573354320986ebaf9d10b1593e86de2eb18c1c7f23cf773176c45e0a5b0e5f50e10a3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582131" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BB62BD31-21AA-11EF-B21B-FA9381F5F0AB} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-268080393-3149932598-1824759070-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e74b29b9eba11751a56519160f962f_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 doylend.com udp
US 198.49.23.144:80 doylend.com tcp
US 198.49.23.144:80 doylend.com tcp
US 8.8.8.8:53 www.doylend.com udp
GB 216.58.201.115:80 www.doylend.com tcp
GB 216.58.201.115:80 www.doylend.com tcp
GB 216.58.201.115:443 www.doylend.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfe4fa311fe52792e9489eb61dcd3875
SHA1 af4c93a23515a9d17d646c22d5d66385e059db11
SHA256 ea5c8887e3fc22d9268f44737f0f8120be435e654e8178565376ef0b68ac922f
SHA512 e33b100b6dddea8d8c3280b81f7b294a58258e37458742d530d289f1d96d73cd86ffeb446bee2d98e734709d8370e5d90902471641e3f1b7741b49478aa5aab0

C:\Users\Admin\AppData\Local\Temp\Cab40F9.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar40FA.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar41CB.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c943712a04b55e8484be323cd80f02e0
SHA1 50093f3d4421a9be326c0ac59948e367087cddc3
SHA256 f6a2da0900ec1e6e1be9fb3724003a8ebe09ec1ad37ffb5daa7be585f67dea8d
SHA512 5fa744ad9e5cd1bbdd046668c8ca6be01d583b34f6734f08f66a589aca6ac6a4be4a105b0587b48f0f42040b32f90d0e5e1d3a8e418653f335a6f45adc81610b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c91f042769fb06a714683f14844b5c8a
SHA1 ebbff07674a7090295fbf2001bd7293b1549de13
SHA256 752bb4c132c923befae2ca5763a3c105af91a31ffc5a137206a92e29b3ff207c
SHA512 f0c19d926335a023098d5b795eb0d97f6775348725af1fc17d26f222b3b7324c3599f8a5798be4746e1f298d54035c4b1dd49ae224220ea41540435b000f4159

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f93287829430fb82396f2389081bf74
SHA1 b8955b26bd639d4d54c82dbb4155e82a0af81a42
SHA256 7918d6624c9ba4421e8004eead3fe81de2fdee313f2227b8b16f863d1a8289b0
SHA512 460e2dd32e63a949b4f2972eef1f3d817b32eafb44351ee918e8429e2d255249d300fdc9dbb900c732d11541901e826a2ffe4a886b83630b7b072244eeeee86a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c6855193994fa5e05893591e0cee878
SHA1 ca31d3905ca889d69c35bef4b39399c6f5accb72
SHA256 b4df64c403f4987a719e5fc360818d15a0a5fd406e8be70472946c60066c4c5d
SHA512 bcd5f325c63f587cfe8b11210874d825cd7f6ab194f061b235a693d22550e78a11d24f1d2bd7d0f8ee4aa464a1646f6ad3a4805a579312826e11a36b625f04c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b2ebb9e39175573f2fbb70a87eaa3a9
SHA1 98c5de1ec67e4c333e15ee3ec599b31ffae81f8b
SHA256 309e17f7f27513c93b87cda9ba476ffb5bd2664c807f58f064243a64b38c31d5
SHA512 78ef34607348d55a1ed9cc7b3a5b91b1b4d7e610853a84bea9af1ec026b9fdd25534440fe6cb194e486c8d22341087fc8d8994c54914a50319b66d96661bed64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 692bca21f81a6a28ec4e61be25fab4cd
SHA1 8f2896b8c7253ed1e10d53b7dd8469a4ded96653
SHA256 d9b310e893a63b289385330c7a4dfd3467200d5815447475bd651b8932d44fc7
SHA512 a5e8891f982994043ac92bf5e9c6bed967af0d946e457828f7db5be67bde98529b4081db2191b51dcd9d030e1bbbf280a076e9b8f2fca6e2efb4a7729c0e3fef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b766820314bc4daab8d1e6d45d10b24
SHA1 004535a384caadc7fb1a13e2d6591f85573f3c0b
SHA256 933733db4b59bb2e3d0c997d247b31de5de894d02d7c203f8e8428cbfc0b0c6d
SHA512 3ceb6e4098d0716c761bd7290d4d3096eb8dc6047d4c81683985d325c88586dcfdf284d92846f7028fef68fc41a89a4910ce10a58a846b65d0532364565f41b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21148bc608e26ae6671ab6184c079796
SHA1 2919289d08ec5ccce17114f90865f2d12156bca9
SHA256 dc8883a34f424b037275f5c239e3549ed5164c8ab17ad0fa24575ab5117a0e93
SHA512 ea72ab00495b357ba896be2630c80200a9816fd7573aea89bb312311c5dd71860d2562af40029deae10c40ab04142c84a05e21de7fe459fe3c1f46304cf6dbba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bba27fa326c8a06af9ffec9a614deed4
SHA1 177670e020d9be00f08e424ecd5c33471208e96d
SHA256 eca259a29fdd9166631403b09feb68efb19036614cd8ac64412d5ed1cbb75dc1
SHA512 f94490455ac5ee3715bb07d4fa84b9e80364c4f9f2e5f9b80e62b4334e4221bfd6fb463a9a2c52346a84fe7e55eb82a205ea08c75c51a9cbee2cc0055344b6db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a74fe3611dc9bc2b5e5a447321a01053
SHA1 16672be0e89688599554165b9aafb0925ece36f3
SHA256 c5a6d3a0845e3f2d7881d5d3f8697a6ec66a54c3bc4c4fc35368ca396b9cd7b5
SHA512 43929bd3e43fd95276fa6dc97971c900e052e212ed54c133c8f514efa91de9c3b7ee335311b108d7052e74b6e5ecd4c38473910b5a7e221ee33f078bbe4b2105

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f24269618307464d166d74d71665cdcf
SHA1 63bc338e4c52fdd9ed42d61bc111518df7f12eda
SHA256 aed502901235ab5afe2535abdb4a25ee319e7b0e57a003dfaa9d971f08c8064a
SHA512 bd15bc6a86a8dc786634cbd92c051a62d7f3fee3fec77a6a48073965d99a73aefd6fc987388b6e8d62870ae812e0fb4545eaa89bbc64290d8925ed063d9d74b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ca2772996327d890f0044cf023c1207
SHA1 7859910cd5c9cb462c385f514bc4cf1250c6ff48
SHA256 b753190b2b6e5f841bef184a744f7d96615b7811d3fe9ca0d4fff956a0847603
SHA512 25aba8eacf9635acd8a10faa058f15c247d98d9a111d30563358232ca1a531c12713f3bd8b6f5de6228e0ebeb5d1b5c558524ee20cac0bebcbf3cb8f17e29b65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 388bde916a80d85a4f2009ff6659d8b0
SHA1 2cf46e2368a25399cf2c5098ca278d5af6dd9b6d
SHA256 3750f5fb802ee7b98472d39a345e47edf72a0cc48a8290d0dd102d6a66538735
SHA512 5f64956b2b1a54ebd87063c9f93779346b2336443a5d2db8e10b0ea999f5ea5ecdc5780547e82ca417cb56c2d55854237aea95aa6a924e4ef23e12a666d95778

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9e7e25b915eb01e75f1cc19f4f339a3
SHA1 f2ebf52cbe641bc1ab33b234a49198241b2de491
SHA256 0149fe01f88cf3834f83d3642a1886d295e7773c1397b94db9afd0da3d496170
SHA512 0f5effe17187d8f497a0a4ae0c94e34bd96d11527a6ee0d374c4f022dbbc7994d46b8e6cbd58f3ad7d387e3b051a75078e3c0ad4f75978729b92717da9254d47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ddf4d6668738ed07514f13df7e452a0
SHA1 4190e100ae14078e1ce45a0dc60938de963402e6
SHA256 e4eb7efd95496961e3ae25337a21ea8389be4a9033386177bfe819b7dbeab8f9
SHA512 02c68ef041bfcb5eee6120da1f3b3fe70e9751f3e000892ee96b131e259a57b84e64d4dcf3043681e561029bfb3a329486725b54ee0de528d35cb98744615b72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42c81f84e5572165f60778139873a150
SHA1 12d0617fcaab73f1cbc8c0dc5faca4667c98ae96
SHA256 5d1d1a01964746395603ba70dc0a2ecfba845203b4ddd33f14e3219e9ec83c35
SHA512 8ff34995416400ee5a7e20aa288c7d8ac960fe09b10d1929270c0cb97315cdf0acdc15f2cf6f751b248013eaddcd8a288a70118cb88e062270eccaa6e2dead1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58bf23ede81cd9fa943047ef0d8f7cf7
SHA1 4ee4d95ad36110cf4475272e8953e4bc3742ef6b
SHA256 6c72a1fa45132fed6d572932138b1e96b36b9e4eed06c2bcfadfeb41234be92b
SHA512 6285b182de3dedcdcb4cbe2f990766dd8c984dea6751ddad4e59dc81b58c3d0576b74ca0f9095449cf9c35296b094f9f44653bcb1168523e7b6135b7c833aaba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed2a90171877bce85027901293f20322
SHA1 31a0e93ae42e90dc614c8a50a73fdfb6316f0166
SHA256 89a5bf6620bb8fbc232688b985c73edd478bda492f56878e0271bd56b9277a71
SHA512 cf088b529403698d234b26ce1f28db1bd68851f0eaea4205bb31953eb20266b42e85d8df1792ea2a1c937cf56b152e4f150b9568d21309c0e0c7d6f3a9672575

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9a87b1f50899f6d167a008ba5736ed1
SHA1 a0bfbc428b91e04bb0f15eb6c1826a270b791646
SHA256 5dc760c6657ccaad7a52f43172beeab4a8b0f0170141cf0c4f1c35421638296b
SHA512 708c18351e7a7452fb2116633eb848c7b42bc29b9ac60500f67413d9f02b3d8339d1f0a0b38ac9bba2574bdb6878aa42de8f86fd9585d9df31641fa5002522cb

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:11

Reported

2024-06-03 13:13

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e74b29b9eba11751a56519160f962f_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91e74b29b9eba11751a56519160f962f_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4124 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4628 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4656 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5720 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4668 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4536 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 104.91.71.133:443 bzib.nelreports.net tcp
GB 142.250.187.202:445 fonts.googleapis.com tcp
US 8.8.8.8:53 133.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 19.177.190.20.in-addr.arpa udp
GB 142.250.187.202:139 fonts.googleapis.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.208.16.94:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 maps.googleapis.com udp
US 8.8.8.8:53 doylend.com udp
US 8.8.8.8:53 doylend.com udp
US 198.49.23.144:80 doylend.com tcp
US 8.8.8.8:53 www.doylend.com udp
US 8.8.8.8:53 www.doylend.com udp
GB 216.58.201.115:80 www.doylend.com tcp
US 8.8.8.8:53 www.doylend.com udp
US 8.8.8.8:53 www.doylend.com udp
GB 216.58.201.115:443 www.doylend.com tcp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 144.23.49.198.in-addr.arpa udp
US 8.8.8.8:53 115.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
GB 216.58.212.202:445 maps.googleapis.com tcp
GB 216.58.212.234:445 maps.googleapis.com tcp
GB 172.217.169.74:445 maps.googleapis.com tcp
GB 172.217.169.42:445 maps.googleapis.com tcp
GB 142.250.179.234:445 maps.googleapis.com tcp
GB 142.250.180.10:445 maps.googleapis.com tcp
GB 142.250.187.202:445 maps.googleapis.com tcp
GB 142.250.187.234:445 maps.googleapis.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
GB 142.250.178.10:445 maps.googleapis.com tcp
GB 172.217.16.234:445 maps.googleapis.com tcp
GB 142.250.200.10:445 maps.googleapis.com tcp
GB 142.250.200.42:445 maps.googleapis.com tcp
GB 216.58.201.106:445 maps.googleapis.com tcp
GB 216.58.204.74:445 maps.googleapis.com tcp
GB 216.58.213.10:445 maps.googleapis.com tcp
US 8.8.8.8:53 maps.googleapis.com udp
GB 172.217.169.10:139 maps.googleapis.com tcp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 topremeselnici.sk udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp

Files

N/A