Malware Analysis Report

2025-01-17 23:21

Sample ID 240603-qn57wafh41
Target 91f1b2b6d49454a5ccfe4a882b41595b_JaffaCakes118
SHA256 9795ff8529cfd90228c8af673eb7002b14d5d465e4bf1f49f602cba2bc2077df
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

9795ff8529cfd90228c8af673eb7002b14d5d465e4bf1f49f602cba2bc2077df

Threat Level: No (potentially) malicious behavior was detected

The file 91f1b2b6d49454a5ccfe4a882b41595b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:25

Reported

2024-06-03 13:28

Platform

win7-20240221-en

Max time kernel

122s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f1b2b6d49454a5ccfe4a882b41595b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C0AC2771-21AC-11EF-97FB-6A55B5C6A64E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd0581a7698ce2469a474b103f0e624900000000020000000000106600000001000020000000dca7bfa2d204c829027d23ce2790d34f7f640d089385392e004bce54596448f4000000000e800000000200002000000073fcdfc8ae664e6148e16325deed9878935f9ba3ea9888c0e032614c8b63aed820000000d571007b1a0e3e874b92b75ea2cc9a1c14893a8903a6f16132452f7071d4b2e340000000490cde78b81527a02637f6ef866754962b4ab99a618af5cb5fc3a79ba57509dc31e3ec7659a406a39e84a6c58fd670be4d901cea6ee72e2d5b077f99811ce0a1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd0581a7698ce2469a474b103f0e624900000000020000000000106600000001000020000000821fdd0ed9a16f1b34cbb50ec304469a4e9a26f5dbb31395e9853912cc3c3b08000000000e8000000002000020000000d7f3ebaa90252717fa7bd642f6437a51f5e665da471157675d71422e55e31fe9900000004b1e56691606476b48f6bca5fb3892bc1dbf150ba2eda5f600780280d75ed5938676863dd21411ff9684febfc56e220966a428c5a48c058692c6cea5ffea634281ec8eb5e72e0d601221b667cc18cf9c1203ef3693c9e9185f9abf718dd415664227202d7a768e5bdd8aec25b84bfd259374edaaf6828b60b359310ff9ca9e24b275c5b65b34c8f6c0c6cdf5ed25b869400000004872c87676704edec3e4acba0df17f92a3928a396e3a1b919401fbe53c8aa2d91f13c71216af95890a2c8ec0fa70267db90427b164e138f61c84630984020f35 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583001" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 309bf296b9b5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f1b2b6d49454a5ccfe4a882b41595b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.178.2:443 partner.googleadservices.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 13ed5e0369cedc64c8437eb9a493a981
SHA1 880053c91809fef7b2a3d688143f554d5a05c0bd
SHA256 3560614f2f62c19498d2ad6c3b9fa8f232883167479de05e924a5a3ab19a8454
SHA512 18b3c940a3b722b58c476af4141ab987ed9f7557c1e52f3f20548b2c209abd67c943761d22e20ed59c36d69f8cd911285aff7efdf2d20f51c35cad62932aefa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 6d7254ff5ab0398ae939517aac804913
SHA1 5ddc7c291314cec08099701051cc3edc66c8fa16
SHA256 714d43164d84bc93735d8929882d91e3a0ba726341ec4a52aa2a41840fdf3d7c
SHA512 62fc0aa31b0eb416a98486059f81cbcca8b94ecdf67f85a1c043a99a213534ec650b42799e891bd4018a39f3e5b2ca129661259d7972c5c74439346415595ba1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\Local\Temp\CabA5E0.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\TarA5E4.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa256759ee32dcda588dc006029a1e81
SHA1 b315a5c5522c108adeab06d24d17e2d2197b84b8
SHA256 dcd4390c5708d3f0e9d2e6042dc6733659b04e12d4c9dac82705e756af1dc885
SHA512 7cd6e65ca3019dda16a31fbb3d8851e7f15779c5f4bf8968dac5499a8b919b1f069f669aed8421a240a153b4bb5efa9598228bf40c987770ff1b2ed8b5488ba9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarBDDD.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b890e2b465a413d5c71b16ea6f71b02c
SHA1 b2dec50a53a89d11c74a9ba7b3cc21a55f5bfcb6
SHA256 898aab0b025a30ab297a7e473c84a19e52b92bacb9b52c8803a6ed7d458d2b94
SHA512 99c57f0f706d2c8c70e9f52e20c826f8fb460bbaf6f7e274ea91008e57f2880b39b948bbb514976ded9b9e207defb83e952bc83a8d9782cdaa1a39e91a349824

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 392992aa65ea7c29b1c4a6e5709e2ee3
SHA1 f95375b3c33a2a0ebd867be32d4896c9011080a5
SHA256 5697dad9c0077cc7f6b388b29f591e9c3d4ad30c2da429a61ef0d6df0ba5d214
SHA512 af84f172685c4aa7956e78d4ac9266eef8b1ef1e879c77a3217cf901db79a0675442354356422eba40445f25297a967101408ec981d3b697ae882bf7683476fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9d397e2986c442109fdd4f092228d97
SHA1 3d154d62105a64b4bffd619e72600089f882328c
SHA256 995cbefc872ddc51c434f9043a01246fc49cc54b77d96648cc9fc0a492723615
SHA512 6a57853b280ce7d507ba52430b878ac134b99e69b3f111e071d237465b0e8d678456db558147aa5ab655ef5d2d56cf4ed8084c2f536da8c488b4aa000045bc37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7450a3c55fd2bf791e852a624e6b441d
SHA1 631c178a7a7e64ec1196dd60dfd182695066f54f
SHA256 cb20aac8d05253c49c1e636900086d220b488bf8964e8c78d545b8dfddf3ee12
SHA512 781a8d354235fd308e89294d2a2fdf416ddc2703e1bc4e491e444f8c4cb71a319bea1667f887f104f9f42db1c129ee0fdf83573fa12321571747c8ef8390de5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d9005d5b4287c381e7d8628c535945e
SHA1 cf5837cd7d739b83ead4eb22a65ba9dacbaab9cc
SHA256 2fdadd1edae7a2468520fd8cf1ac606a59b2ebe7092a4eba0af6f48fba8b01ab
SHA512 ea8731aba9d0679dd98639137837d14b048ceadddb90a477e40931cfaf5264070df351a8b143c570703ec5ea92bac279a281d365f9f5ada42c69b94185bc5fbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05a1e4ab329576a5da1fc6f78423aedb
SHA1 0fde5921d3fa7c92c5b2b8b40c5859335068f7a7
SHA256 02cc5f4847ec4352463050450488d393bb935ca375e9c087cafb85eba4e7464c
SHA512 4bbeb7a974e120848b324719f3b7988f2979cad7feaef98faf5c3699540bfab8ef519883af74f5b2110c83f0144fad1ac2c53dad8423061a09e573f03baf22ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d25a073a754fa40a33ece4931f1c5d76
SHA1 cac60927b6817d1a54439e752d53382fbad1d240
SHA256 6ed59991ac3ce2cf25c826fbd1b6dc81e1b5ad5ee1097037049fce71dd51f145
SHA512 da08009f41e755c79aaa28541ad399ff515ca8363e01061fedcd85f2a1f6be0bdf7107440156982eb599b6af59d5217ae671a5b736004b2c0a2c2c1d160ea988

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 78cbcc2585f9f2df3393021db2203101
SHA1 46b5de5997751269795381f70eae087bb2856cdb
SHA256 789a49adcf339e272547d1838afdf70e48fec4199a559ee75b7dd343d12ae5f5
SHA512 c1b6293b6c738683f6b15939d0772369e784cc2601aed59d514d52ab33323f6306e724fe262a2f91e201ab25802de6495b15aaee6ff5f88b008451e8bef1100f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d0572a97d9d9c00426bcc73db94fb67
SHA1 138b5793341f12761cf0418f3404e0c3d532874c
SHA256 c64371993e36766b7dff298642b219839d36bfcd089fcbb632db9b581e59c9d7
SHA512 668f436d8389497baa62327b996ad5e6843c038d356d450e1c9f5087fc973a26ce5a98d644a74ceed17512350eef34219f45d6b40e2c6bd3d594f9dda47c7786

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 d5f984ee3a8fbe7cef7f9f2316092440
SHA1 3c827cf963b7dd312434eb99d1e7e0c226575a12
SHA256 fb4e07a278d97627ad10fcb84553c8ad407bd7c918073dc1ad73baf163525ef4
SHA512 8a0e0edc7d6a808452ca4870b7d3a49f5ecc1182cf29a42ae9682c2a590f342a31e6cd9788fb052ffe15f3257233c550e672c6a9335a05fe5b8091d92c199e9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d6bfcfc996a5a06a89ba279f45808cd
SHA1 6f7e0accd4041257f1ac6fd6f7d8135a2179fb57
SHA256 a5f158270021f353e7c7ef9bb6802e8485408b24dff52c939ffc2195ed59196c
SHA512 050bcd812d7437aee34408e68819c74179abca55e5230a61f7d76e93ef0238d745f0a980432daaddf4bb35f5716bca8de22dd3b128c5c60268443b060228e170

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3709fd73064015b8134a76d3a6b42a4e
SHA1 ee4ce3670720a92057839515a2ef0728057c274a
SHA256 df4d4a96dfaea236abb243a0c490c5945b8b9a1187d895a54e09b6506c89aa3e
SHA512 d15e8ef1f2f64e6c6f7b159e50d29ff827e9cbcdce1964dabe289ac0e358c39dcd54f994e78d6aa4d307f416456d6b344a040faa7bd6dd7a838e3f4347d052b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea197259f35758558c1b94b63b1684b4
SHA1 afb991ef2b6479f39cbfd4253573f63008b4a843
SHA256 d2a5a6ccf908b9404cd20085e4a436d393e0236ffb431990ba69b523e6826f96
SHA512 e7042768413d2dae23ee82d41b23231866e2a542c23873978694bfd2a73245f94aac5515754c38f300efe1a61aefd61c8b7086f7bea5e6142e9a78ec468b885a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 f7522ebd265c8a26a42559ae55cd92e3
SHA1 71c5d34a73800f314e349bf3b905c04358806df5
SHA256 6761424afca6e06a098902e6c7e9c14512e5f85dbde4ef2b11181f1d19d06604
SHA512 30de37814cb0176812fa108ea3c53b0a3a499457a7b04406dffd4c481ca6abc8ba4c93d722893e5ee6e441bbacc4efc7ca87a7e517f65b795f07b220bfc47606

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d41ccec5e16ffc704422c4e44ba219d8
SHA1 72af7295f45a3644388071617c254875e0d2dc4d
SHA256 262bbadfc6311c36c261c5d0a2d8a68878ac17aceac3b421603860566958157c
SHA512 72a689c2b2353aa5efff5df0b9131f84a0ea86f5a6f9a4d9fc8eaf113fac0826e5123287d72b063e002b14f50f43d7c4da5b5fd9a674d852160bde12e7ff3ab3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6ae012222270602c6b7f8109568a531
SHA1 d1b1b6982dca41c0e26307b5b8ad43fc929f9f92
SHA256 414284bf0e4ac2b54e43ed2994d1778711cce03672a44efb4ffb8a9a228eb748
SHA512 4e8aef42d492511354e28d66dd5365ad9db42426aeebab02188b1af0a6b3397df595e413303d96053b95bfeb64f310c4733b2731a9009393e75b5ccc3f9c2b80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 313a8afded0da7130855946f563fd07e
SHA1 18429e7439a1786a6a09e914106cfb3d40a91813
SHA256 3eea2c6a826067c922e9cfda9827b530851264b46114569e9300efb808883abe
SHA512 2db260d8446b54a7274cf572f0a7112b59895584d2e0b1c35123b163fbe177bd8c160af611a437dd9e67e40762c0df2323d4ee72431bbc8be965ac1c200df19c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:25

Reported

2024-06-03 13:28

Platform

win10v2004-20240226-en

Max time kernel

140s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f1b2b6d49454a5ccfe4a882b41595b_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f1b2b6d49454a5ccfe4a882b41595b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3800 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3824 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5368 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5516 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5772 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 ww1.olszyna.info udp
US 8.8.8.8:53 ww1.olszyna.info udp
US 8.8.8.8:53 ww1.olszyna.info udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 ww1.olszyna.info udp
US 8.8.8.8:53 ww1.olszyna.info udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 149.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.21:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
GB 142.250.187.234:443 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 45.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

N/A