Malware Analysis Report

2025-01-17 23:55

Sample ID 240603-qkr6vahb57
Target 91ee10c75defeff2955f1b36ec41c0a9_JaffaCakes118
SHA256 73e31011966fc0d58bc1f13420a149bc580ae23a8365847cbad753795c6649a4
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

73e31011966fc0d58bc1f13420a149bc580ae23a8365847cbad753795c6649a4

Threat Level: No (potentially) malicious behavior was detected

The file 91ee10c75defeff2955f1b36ec41c0a9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:19

Reported

2024-06-03 13:22

Platform

win7-20240419-en

Max time kernel

118s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ee10c75defeff2955f1b36ec41c0a9_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d1000000000200000000001066000000010000200000006d63aefedc33c6eea76219b04c41d84a388517f0221eea9da50291e037049c09000000000e8000000002000020000000413fe9545344569c6a2ea9bad4f9ff2e12ad9db0604e1b51b7a8ea549e08254920000000d366209c3f1346977358c690be76022f2557c21bf397c7ffc88fd8b258f96590400000008583526e37fdf789fa6ae5918c86b0c2af17f8fbb7a756a4250fe301291cda1302ceb1774b19fead5421825a799a02b5252cf23f0f63ba796b81acbe1d88cca5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e099d0bfb8b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EAC78051-21AB-11EF-9A67-52FD63057C4C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000ea2dd34c43840db42da1c70ab5d2fec8543104d2184ccd99b51c2827efa3706c000000000e8000000002000020000000466633bcdb7ab7500907ec5c085a704b10a91c0c9ec9eca64f425e835e02da019000000014500d5429c9d7354941316f4093f12c493adff2720849c69e1a6fe1d1b57b71e5cb3d6bfd3f0c5a80419728377d8bd0821d672e13ad402fc0b434746696d19c295ba1856d8b8d2139411bcd2931a3c75361538553f34c22873d319d04032036a0d08f2a631d9234585089b31459bb1f56e81226a878a19bfe37bd72f93e9db97a1172b99b771df924f55cc1cc3d61be4000000081369a670017d87e4ad059fc4984cdbbc49f7486222c4ba3cf34eb735443139d0e8ade05e71b895554513f8408135b951f37bd7c5454785da89b012365d49e73 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582641" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91ee10c75defeff2955f1b36ec41c0a9_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 img.sedoparking.com udp
GB 142.250.187.196:80 www.google.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.178.2:443 partner.googleadservices.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab4579614ae3b3bf98e68b82112783cc
SHA1 69bb75f128888d1aec1671eea200a4fcb4bcc926
SHA256 ffcd6782736d15fb4982c38299b33a8ec3119671bd05822ea3e834ea3d35c4da
SHA512 8d05f6752e5d8bcf747cdae8c9b415f87476a81e8a806d86473b1003723f69e0d5c8287ab05af4a8fddf8bca0ebc3b09b36f057f50f0347278027afabac43e95

C:\Users\Admin\AppData\Local\Temp\Cab1E6A.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar1E6D.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\Cab1EFB.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1F0F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb16073222c261b033ba8959fd484542
SHA1 532e0ea8c4cb3cb2c56a0a06b52a8a9cec181283
SHA256 5370b7758d77d1a236eaa23e249b9e0c9852b575a112b0b67a70fa83a795b7f4
SHA512 12ff566b2286eb3d2ce11a39025df62e52245a005b93112ec2844c8f615f1995b40a061ce20a929bf237f67e549bbb64c09b5d21306eb533865b20f747a1a759

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b64875daa76b6472781041241070059
SHA1 99b1582e4fb24b9da64df2c30f9fcc5d46d50c71
SHA256 074bd5ff489a15c0ea21b2ff6f46d6677462f21f80d7d2187b1fb7bfb3f0b7e9
SHA512 dcdf4cf565db03d41c1602770663b1c5ed2ecd4ba7f5cf624842501506f51f87c287e8b465f36f713cf62cc14bff8e069de425684176ab87692a9c311fdd0ff6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a62cc81082e5c6d9757688ab491c9201
SHA1 c1ba03cd1f1032e8384b7f7c4b56a8afe2c2d322
SHA256 c391e59070cbebd45e717f2594f01913046052e040193d78f9b28198585a0028
SHA512 1d3a68b53c778d10518e6a8e49a5af0d69925832de3fca0b42eed9831e65426f99ac8f8d1d5c6f046e8dfe312400d0cd1b5e4a55e0dce03285110a54ce3aea61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c37f75a5f05f3499283e0b10ced7b69c
SHA1 8ef49a4bc2dc15ea5dafef6e8191eecc9a7ea392
SHA256 e079051f521a5ef61063a60a8b39d5d7db89b7ec1fc7096bfad48e3d48846b25
SHA512 79aba4ab14664f77f93501f96f0481284adab95da054eea62c9a30ecd07181dd33635324e4c5b1055fdd8dc6c22c1a6319fc0db4196425ec628f610499afcc87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fc279035db94ca61325749f5071e26e
SHA1 60af8d526772cf89ac56deaee68054add9c42e2e
SHA256 f3d15259226a919732f25bd5313405d50671640759b441287e72ab4e529e6091
SHA512 2782da432534986d9df3a58115202a228f8c96fc97969ae1a5d9d160deb7d793d0dd86be617cfaa3eb64042094673f10157032d41ab40d90149b77a5a87fadc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 211f5383bda7c1867d184fc6ee84705b
SHA1 057010f86092a26e1ca38d20cfdaa12ac49e5d0c
SHA256 5c0f7dd883da847e65276c0e0551fe1362a3d9a292b80f8d4d02231ee56e8863
SHA512 34b71c41a9a8a4ec7de56777f58f821ba007a2677c0880125690fe8c87c0968576f567d8964ca57e753d12591a57c9995b529effae44837c814e9ed1fbe3689f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c50cdb5a5996143fa5a47b26b8fb4cf
SHA1 fd6a959c93c9a923317624699cdac7f40160c9fc
SHA256 7221bcd41fc11de2a5d21cc0700f11aab75bac9b00f651eed872227790e397ad
SHA512 1033337374d06fda9a719e4dcd8fd3df0cc74775bf62d83d8ff15adaf90aed7b20724ba83b8217e5c0d425abff30bacf701904e458785879e8c686aaaba33fc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4ce3be6e51224856fc7a73291066143
SHA1 5682ab57ba5402969a30ed760e125863acb5227d
SHA256 2d4c1200dd9f3cb5abd7fd8083fc6b3c1f5055a4a1e2c24b5eafa615ccf5857a
SHA512 da05672ba73df2287d42efdadd1c852e33aa224aa993f80d068555ebcedae807cc1764dcb5dd0882b2234b45d64273021602914b5104402906d25bfce1252b6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 92d21407821ae0edf005a87fbb81a95d
SHA1 01ac0283e64c1a3163657cd2ddd74bfe3c766cd5
SHA256 39c8b47a976e7a1d712e08a60f2ff317fefdd8fbb6fadb0d19698cf43c0ccd98
SHA512 5d16587f7fc11d86a2823aa3a76f87910ccadb214c4d04802c3275c07e3f0cae207db09dc0c3ad2f8dcf15930a83047f482d9f7ff91771c4ae1b919dead040a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f43324a9abbf3b66d6eb2891e17c320
SHA1 b709b358b363b4cc3e2e61b935d7f53caa09cf9d
SHA256 da1ec60fd8333ab43715661b8eaba980f9b9a27b7e66ea8697e3fa75964db6b9
SHA512 504f350eb07b157f677d1ade6d56a31eac434f106c9c090678d21f7226d063df38926e7e206d0c302293003e935ce0e1d889cbebdea1cc87f2587a3cce827977

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c81f036d5975b537477c3145fbfac635
SHA1 7f61ef34962ffddba898c7752540d2e5e214e522
SHA256 2200be498545d35f84f605c75ddf69ac3c4b5c55dac6ef9e4f8f3f8389f61a0e
SHA512 55ee929254e61fef469e48ed8b33181b02d9b26faaf113364af1b0f5d87993bedc39a187e0a68fff9e3a1bdf8b115cd260187e44f2d21e6cd7aecda8de5fba96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 832e67ace7b3200b54ae2b9510970043
SHA1 daed42c6f6c0a58e1b062e49dce23ad7a2cd2b83
SHA256 af8d342467747487ee427bc7193268f5672fd6234edb330d3ec638d75928ebf0
SHA512 e1d7ad0e8bf87d4ca5f4348c6197efaae49bd4ff3e60d083db6983e4d8e2dd49b6ce7984512695eb24ef18a199945e99409f7b96d820585a01a93a4d2f4c1d9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74df1b14345a6d71b92b1e5cf44865a1
SHA1 5772adb7c4caa8184f47b1c5b3422719726ee78e
SHA256 9117ad630bff2e635be536194eb19192cc2eb779d4f452e94b2c62b8dbcba4e1
SHA512 fe07823c2462a6c332d8d40914eaf59c093008cd58bc7b9488d3bf661267d69c035689e396717a1763d52bf22aba082d4c9104db439472c2b01ca65b54ebaff1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4b1f194a7cb6e4c2818efe5ad65480aa
SHA1 70c8f364d45f3db8d6a2053514d321094ac322ee
SHA256 471cc91efb2996726256a1c74253829097749037ebcf3cbaf0d0dbe9b1dfdd73
SHA512 125c5f8e89e9cff3788ee866f973e597c75ec2e6c0bb8cab19ae7770043d2747bd11abf6028bd54d76658520de8c94fa6103b68ea7c0cf2b499c9a4887503767

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a796cc12fdad6715b45a71eaa0055217
SHA1 c71a255ce0608f0869931032ef1a0130e94a885c
SHA256 70ab50e3995c2c5ba8aa9e1d6d7b04ace0cab9173ff4a80144dbd243cbc83cb8
SHA512 072c86c056e85150adb33008b7784862344c4a35e8ea8bb9687e2741849bb5370e610bebc55c6e840ced28d67c81f9ee8c2dbd42b5d88575cbb7e64ceae8c878

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89680c09783f4c08c5d0c359bc5a587d
SHA1 2eb28d79503d81221e074c94f86077d9d58910bf
SHA256 19c307cd32d1bfc6f7134a4fd17315b8f11b29e96749746cfba35b95bfde8f66
SHA512 38535c59012e8d617d784f1afe742b9ae583452f6cc5cff7715ff72469f76f92c609f2c89870e9da9369bd23c8f74879017dda689fd6c62f4c7bc194fad5e211

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 961c63409dd9649dd7f2905db08c4b3e
SHA1 ec9433644acefa7910b28b05f31e5ea2074efca0
SHA256 7dc3b3f6c11d69d9b237a843c9adee4a3705939e92a618b40bc4cd7af76b7ff3
SHA512 01b8fc2b8920da74791628b75d61ebe03a526820d2a40cd769d6bf5140d96f4ed639b59499495afb70a1e1f73cffc5b776b217563f70043a68882608c2cf4047

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4784229a7fbd7b457ede075e91f07386
SHA1 c1ddf85e97bffba2ce127839692c3cdfcba76943
SHA256 925ca0a5cba4958f6156c5a0728f2466036a725df065fc9e6ed2af83a21d1bcd
SHA512 6b4fea9e31cedcf7396d98c54ddc3453deb21e8cb0ad41786f2aedb49d11f2a4c74a63fa1364c6fdd2e1bd12f0d89cd397fd1bd73f1097fd81163b49bd5b661f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1635a30928d99b57c38331d062fca3e3
SHA1 eea564ef3fcb27d5c7721d148de6b3b0e522b573
SHA256 8e6961e797989e0ad54edf96ceecf402b1010cf15ac1085b61ca8e3c6c736b8c
SHA512 738cd4c576c2006f3e5bd993ca11d4e619ed7f17caaf1cbf7c14639f68d11bbe3a492771f9c19df68f5aa44c1c9598a36580dffbc6529eb1cd18c43383d7a1e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2eaf8913213abf64f08f06dc4695b6b8
SHA1 d49400221ee44bb909db2e9871abb2c63894ab7f
SHA256 d54926bc5798e7b8faed08ac103918ca33543d4e5186e6aeedcf5a49fa49a9dd
SHA512 314d89e50a0e2f19d6247188554f3dd4bc06c47bde1348d866d24d888775a99df2ff5a11b7305f2a98dae979ab672dfc6e655631da7f2e4eb5a6bd953aa07a76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b61f5487a2f52f8bea5b1d2d22ebd94
SHA1 545eb901e6ea6047ba9377c25a1f60ec734c3460
SHA256 0c306d0dc8d10bd0c4ebb58cb95a59dbb7493b3e746a89de286fd509b1d38548
SHA512 ef9a2a5eafd9740cefda92d3a33bc2f0722cbf76756225e0337ba1d8566dd2ae0529da5be93a8aa1eca3ea4906dc89c36efb0095f5a055e6bac01c75c6c67dd4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:19

Reported

2024-06-03 13:22

Platform

win10v2004-20240508-en

Max time kernel

135s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ee10c75defeff2955f1b36ec41c0a9_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91ee10c75defeff2955f1b36ec41c0a9_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1320,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3956,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5152,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5344,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5460,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5900,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6164,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5644,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 im-journal.com udp
US 8.8.8.8:53 im-journal.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 im-journal.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 im-journal.com udp
US 8.8.8.8:53 im-journal.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp

Files

N/A