Malware Analysis Report

2025-01-17 23:48

Sample ID 240603-qmyfmshc26
Target 91f09d8aa97668619648134fa4d3e8da_JaffaCakes118
SHA256 2b0ad427132a66428d8b19218c60d5922f7be46011f6556a0360586aafc5fd75
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

2b0ad427132a66428d8b19218c60d5922f7be46011f6556a0360586aafc5fd75

Threat Level: No (potentially) malicious behavior was detected

The file 91f09d8aa97668619648134fa4d3e8da_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:23

Reported

2024-06-03 13:25

Platform

win7-20240419-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f09d8aa97668619648134fa4d3e8da_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423582867" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 306f9246b9b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{720B85C1-21AC-11EF-B837-5AD7C7D11D06} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d10000000002000000000010660000000100002000000020b70f2a66549c4b721c7361a5b702508787695cf79188ec75bc921be0f04d44000000000e8000000002000020000000dd2b5516a4180bb582a99a39d2699b9c6fbedb0709c4de18034b660c7edd08272000000045c567497ed6f15a1e20f2d63e821b6f60fe09df05401574315bf1f1e742e24040000000c040d7185f85f63f4773136b9624dc46c78cbb2863c2ea6ce8a64d2474c7cd03d82ae1571cea1d40dfc67af3923531e03e01674f06feec7fd8738e5947fabb13 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d7c7e73b934388418857a0db8be9c1d100000000020000000000106600000001000020000000554f911b1ab54a4a5a6d17ffde611b6b9c4756a59714768e157aff06a991a66c000000000e80000000020000200000003beb77c6301370885e130c962d0f6a603430c687e4e274a34f0470ad6e3bccd190000000fe96c8f0358cefaa8dddbf187dee3fd44ce49a46d19a1f81371450cec0092283027fb246e701398675d8e73be30d83ffa3d3a429b47a0c0a4c99529ec84447466d371f6078ed84cc6e6e1551ad11ead631a0e783b8621c0e3acde43722a0f754666a5ccc73236ae8076f7094600ef9912725421ae0a314f23c3bc63398d334735b23ad6f61c92d78d9020bec024ac44e40000000382998d2ffa898e6a1c8161f0c28c587e834a02df4c2bd43805e080994779687ab2963bc8af448e5424b3afd7c92ffd06344a2924f91edc4fa20e3609c5ff85f C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f09d8aa97668619648134fa4d3e8da_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2440 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2427.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar24AA.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1310830036c4fb69c401377c2fef7a3d
SHA1 8baf4de38a809ca5a8fa26f1e1efbf0d10680fbe
SHA256 1e913d161f6908fed4bfebd3ffe9d45dafab90b84a04cf00755b5e3d4cd46793
SHA512 9faf4c95d448b9592370ed8f1b737fc3af1bcfee43ffae4bae2ca2731d6ee96111143b3419d121cd20b8245be2082a451e2d2197dbd2d879d0ca596ab4336ee3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72afbf42c7e79c54605ef058c361ddc6
SHA1 441af8e428b5d8211892dab7ee2cf2cdeb5fe3ea
SHA256 378a1c6252ce54e66638555d186da03ec0d56249900c5b74b4b23c8130104f8e
SHA512 3e755e43e5bdbcf65415ab1855bf34e3e58388f95ed2df7a12a66de7bf6baea5c81c2ddbb46a4c108f1caf47bf58990e8afc93ca69b77a023665f85702f99057

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9e411aa14fc5396880ae1081af79016
SHA1 0f72801c8e002ce5e115601d43345bf3aa0e8680
SHA256 0fa86c96c6db1fd11844476bcbe633735cbb7fbed4eb4b5de57583e567cb5433
SHA512 e4865ae5c0e903ea2a377095defd70e4f05a155578b92cec0c97199f07530d7819e5cdc6c98f6fc6ad5ac923438578fe3fa599bc735cce1e5d1fcee179cbdc0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2357338e203e412a0938fb6c74583919
SHA1 4e3f4702a8d6b1be5032a20ada1c1fab59f44529
SHA256 27ccb58a4f96b2122692392fa9495a53499541a953c9fa7dacefc0808c0bf20b
SHA512 a9a6b41e539bcef50862a4169f2e3f3fc262120bb8c55292564ee0e4df695989416cac16cfb2f5fbcd520fb76c56eff747583501b093f4dd6718c0af5fd40959

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b96d2650251c07666c250eae532fc1b0
SHA1 748396c80d47f357f76a1eb8d6df30ff7c892e91
SHA256 b865d307dc307fa8f7697d06775b37bf2a50a59d09b103f85f254ad5c20921a8
SHA512 da962f01d68596d7131569e103df69e589e12e762cb0abc377cc06ce590519afd9445a847bd590e25f4e33b75a51e07a6949553ea59ba7f1ee0394a58406f5a9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66a8897df35b1292bd2bbd7b3bf8efb4
SHA1 b8a6f0015fedabccede358491c215d25526a2f20
SHA256 67588ddb13ca11d8fdaf2fab59af846c1fcbd2e7a1d06c784e1efe99a6bdf35b
SHA512 bbeddcdba518936a662b4a838247e48fda7f95c0dbe8dd3ebcd86aa6251d7278cadff6d8254613137e5e68e9b3c01c671b22aab1f56c28df5e953344837baf0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc123d91a2950121eeec006fd89efd21
SHA1 e1d1d7ad184b2e6d49d3a4891fc08e1aaad761c4
SHA256 acb6afef1aac4638d5057850a518b5f74bfed6fdbdddb18ef0e1fc2139517ef2
SHA512 9454c2c081dedb46d9558d548f4447d12b59bb0bd6a13b1bd93f613f0dcc98f3d37c6c6df3b231ea064c1b52b1bbfe3bdcada61a84eaf97aa2966ec456b51cce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99ec098d555300b9b4b7b77600b7408d
SHA1 f4fbf4db92d1469e7427f8ecf4cbc6ab4f643a12
SHA256 285500d9716057a922b9532c3040f602e31230c4b511e1abe49bf058edd0f794
SHA512 94ee4e9a88e956428cc35365b2ab87f9359da51a777320c9a0b3e82c98529a19a392ef4741bc94b0e445e5801c0d88ecd60fa60e7cc8affdd0442597d147ae82

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 112a7fe0c7603b93f43d22e19e49f963
SHA1 a4d442558eb90b433a5fdeb1e9cd1909c6dcaba6
SHA256 2da3274cb383a586805334f1b8a9ec572c1b50c8ab7248d10535972960a92f27
SHA512 257763f8bf68bb7d7a4bffd6fc1fd1e33a8f4d62a4e119003162ea8a06f98ffaa1a1ec1dbc52ca0bd4025bd84450371b99566f4aa178869f8c63e6501ca82743

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3395d536464daa2298b39e049e92ff8c
SHA1 deb9dc422d153fc3e2b802b0d99b7e91d6719199
SHA256 d4cb3957722558b600f5ccf8b4b056823235af67e52533721253ebe03384918f
SHA512 ca0dd66b2e1f3fd05bf24dd74d53d7697e70cef862d64f4e06726a9654664eeffe9d6b887bbc2b27c347329fca41a2bb5f92fe7abbd783b93ef2a8950a22b644

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5109dfaabdc7beb349e0aff6360598b1
SHA1 ca6305e72a5e68b67741b0d33c1b39b6a29f958d
SHA256 b6965eb5fcf48415ba6c5f381d1433699f80bb11d3da8384895f5d33810979c7
SHA512 ff25e2999430d7312ba583b9894e9cd9abecf89ee3a860a671be3fe6ff8ecca8a52c705c17cfd964a7199e16cb9df46e914df0226746a74805ce81c18458d036

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 790547587b9534f9e945e30f2227b6f9
SHA1 8306a39bd0c9ff0bdab241d2dacd769219004938
SHA256 0fb1affd1807329da118dbac3dd15661b6d4b6a4027c3c2f8b0107dd0814c6ec
SHA512 9183781b345953aea28a2dc2e0e697df7435c0b0eadfc5d838e87d00be39a0818a483989197126535bca4dda74b7efe13edb87673dcece639db61af59d77c484

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46355d36be178ce137a1421b89faf5c2
SHA1 0af4b8f3588bec4c6c6d216ed1a401496aca02ea
SHA256 2e1181c0a1218b1b27558c84f250868428cff3384b1b185debb8a8dd755c41f2
SHA512 6a740f65f921e0337a1bf8056b7c9e98e4f1301641c69174a6ffdb5c7ceb743629a2ecad49ba92180b63d4cba4e4c7264bc7b9ad96e155724e2fde77b2fc7f7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a79d0a51d8b1de73c7e1f33229268fd
SHA1 fb5d429e03d08c79048194556f608b1236afa106
SHA256 90d2555c8b4803d7b24e8bc43a6527a6cef010967e24b6b0733a98d4c43a41cc
SHA512 e07b79a9c10a65ae1838955ab947f7b2d3a904792200a3cbde01c176457145bad4afb83435d2ec1722bfa136736631f50aa7c93a65727a93047a7f2834d21fbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0109909c1d89215d433542095cc79683
SHA1 278442f8f89011a3ce23b90d502509629571f007
SHA256 3e22091a84d3f8e67f2f276736456bce4045f337f18d4c0a08ced564b072813e
SHA512 f7b7477fb98a7e6febdcb6515624d28d1fbb60b3b5ff3ffb46f496df53cded6158cf1f00705ad1b333f252d0d5cfaa6e5e32fe13eb8194243757c0d53046b1c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46c42b3e276437c6322d851ef8556740
SHA1 57263992380f6d53efe9c6821b76d6ec2caf61e4
SHA256 9e66b65c8627d124666c86f579168063a742911df5373e2992d464ad88fd8704
SHA512 fc7c6beca5f2ee99258d657434eef65bf246635a6e8c4c0bd9233b8062b3e6c85749530a1fb16910a8113b35b1f8a73ac48aa7fb434b142f184a068d95279c1e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9dd6f01c59fc447321a2d37cbe60c613
SHA1 6f8d99cae9a9985cf3632b5627245b18f79ce1b1
SHA256 710e1caac238d5b3184a871ebc873dd10ea7c97287881822cbf91cc7c4de1a48
SHA512 13c782e628d7f262cb4594a808d23d4adff90bea91c69399167bdd97059515ea56035d551ac5aa80f1af5084983d3c301b62dd04e1222f43b5822db350bd72e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbaf53fb6757ffdde89e4cee7395821f
SHA1 de0de16f543370b8ab8fb0a82bffb28304a95f3b
SHA256 c65c2a38256f37462505a69368c4074cc12b9e226699eec6650257bf1d57a9d2
SHA512 1f0dc2f4f4bc0f84ad178e1266a0e025e948200ae758cda322d4bf123867d2b099d2fc778557f831633d7c63aa60344a742a56871efa49e786a83c18cc715475

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b701b6b8bb3a241f2f45cfc29f00d9da
SHA1 21953be5c8f36cd19956e61bfb05e853c450681e
SHA256 1d2d67aa753adbab2c3aa73e79fdbdeac480963c5d34b8d44843b8ca4e7563c5
SHA512 30572c21cb359d7c8b30ea65557981529d9eff1faccc173ed98b6adf370dded43fb7457d6f38065f616d41700539113e4c2da710ce239a30feba7e12058e19ca

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:23

Reported

2024-06-03 13:26

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f09d8aa97668619648134fa4d3e8da_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f09d8aa97668619648134fa4d3e8da_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3636 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3836 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5628 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5560 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5504 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5748 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 13.107.6.158:443 business.bing.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 2.17.251.40:443 cdn-adef.akamaized.net tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 40.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 149.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 216.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.22:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 22.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.212.202:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 13.107.246.64:443 tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp

Files

N/A