Malware Analysis Report

2025-01-17 22:48

Sample ID 240603-qr2nvsga6x
Target 91f4dceba7908fbb5d3cba0fdd060c03_JaffaCakes118
SHA256 ad2c824209bb9d31ba699720eb654c674407fb3a1c3f75ec7591bd1013daf7bf
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ad2c824209bb9d31ba699720eb654c674407fb3a1c3f75ec7591bd1013daf7bf

Threat Level: No (potentially) malicious behavior was detected

The file 91f4dceba7908fbb5d3cba0fdd060c03_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:30

Reported

2024-06-03 13:33

Platform

win7-20240508-en

Max time kernel

144s

Max time network

148s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f4dceba7908fbb5d3cba0fdd060c03_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20e9d349bab5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7421D5C1-21AD-11EF-B393-E64BF8A7A69F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000ca347328ea21e747755bdde70123e0768f7c72dbd573d935ceb11c853e76a074000000000e8000000002000020000000312fbef4fd2318316664b78ec7578deaa94c83af1ede23f8aa5c7af71c9fc1ba9000000064740a98b4cff16469af579e9ed7fca37683615c3727c8cc0e0d38241feee1ab3dc80371905af8fbdee2fb89826d366d57e5894a8c98c752d9549de6353385156007485d11d2c363bf2d7feb7021f34e28bbb96bd48599aed9eaffe3f0d96b87011c461ecfed646bf6c1bd14b93831e3ae8276e7b9f3814456e8bc215aae285322e2783ccd34435136ef7198e2f5cbec40000000c3be3d1f295876348032ddc7025b3f68a805f897bfe8be1241e4e20a68d299ebacf05a1590dcbfa24ec28e47a1a682c97dbad9742847cfd5ddf2e3dfc3065cb0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583300" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bd2a7708e9798e4fa0b20f3efd8e936100000000020000000000106600000001000020000000d70c0039e6f66b5dd4db1c4e7bc4aa316a1b274084b9aa6d8592324301fc2af1000000000e8000000002000020000000967d69441cb3e9b72b6ba3eebb8a337fb4fec04b952e8e8158b5aa033439537020000000cbb38fcd3d72aad7f24757781091b214b9a83413ade56466235fd2837c5ebe5640000000fb63d6894589dd6b94e7559f5001d912458a68e569500927c45c91ffb21cedbed8c39379eeba026c1152193f04ce2952d113be982cdaca7f2d245aa19a3d7a5c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3691908287-3775019229-3534252667-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f4dceba7908fbb5d3cba0fdd060c03_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1444 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 christianbates.com udp
US 15.197.142.173:80 christianbates.com tcp
US 15.197.142.173:80 christianbates.com tcp
US 15.197.142.173:80 christianbates.com tcp
US 15.197.142.173:80 christianbates.com tcp
US 15.197.142.173:80 christianbates.com tcp
US 15.197.142.173:80 christianbates.com tcp
US 8.8.8.8:53 longevitypower.com udp
US 8.8.8.8:53 www.is1.clixgalore.com udp
US 8.8.8.8:53 www.mcssl.com udp
US 8.8.8.8:53 www.mountainroseherbs.com udp
US 8.8.8.8:53 ediblegoddess.com udp
US 8.8.8.8:53 www.1shoppingcart.com udp
US 8.8.8.8:53 stats.wordpress.com udp
AU 124.47.143.183:80 www.is1.clixgalore.com tcp
AU 124.47.143.183:80 www.is1.clixgalore.com tcp
CA 23.227.38.32:80 longevitypower.com tcp
CA 23.227.38.32:80 longevitypower.com tcp
US 192.0.78.27:80 stats.wordpress.com tcp
US 192.0.78.27:80 stats.wordpress.com tcp
US 162.159.134.37:80 www.mcssl.com tcp
US 162.159.134.37:443 www.mcssl.com tcp
US 162.159.134.37:443 www.mcssl.com tcp
US 3.33.130.190:80 ediblegoddess.com tcp
US 3.33.130.190:80 ediblegoddess.com tcp
US 192.0.78.27:443 stats.wordpress.com tcp
AU 63.141.128.18:80 www.mountainroseherbs.com tcp
AU 63.141.128.18:80 www.mountainroseherbs.com tcp
CA 23.227.38.32:443 longevitypower.com tcp
US 162.159.137.34:80 www.1shoppingcart.com tcp
US 162.159.137.34:80 www.1shoppingcart.com tcp
CA 23.227.38.32:443 longevitypower.com tcp
US 162.159.137.34:443 www.1shoppingcart.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.152:80 apps.identrust.com tcp
US 162.159.137.34:443 www.1shoppingcart.com tcp
NL 23.63.101.152:80 apps.identrust.com tcp
US 162.159.137.34:443 www.1shoppingcart.com tcp
AU 63.141.128.18:443 www.mountainroseherbs.com tcp
US 162.159.137.34:443 www.1shoppingcart.com tcp
US 8.8.8.8:53 www.cliximages.com udp
US 8.8.8.8:53 www.cliximages.com udp
AU 63.141.128.18:443 www.mountainroseherbs.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2933.tmp

MD5 29f65ba8e88c063813cc50a4ea544e93
SHA1 05a7040d5c127e68c25d81cc51271ffb8bef3568
SHA256 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512 e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

C:\Users\Admin\AppData\Local\Temp\Tar2957.tmp

MD5 435a9ac180383f9fa094131b173a2f7b
SHA1 76944ea657a9db94f9a4bef38f88c46ed4166983
SHA256 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA512 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

C:\Users\Admin\AppData\Local\Temp\Cab29D4.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar29E9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 118d51b09e2584643c3d23dcc836e0eb
SHA1 59d12bdf4460dedae19cd2662ca1bf819082244a
SHA256 209c38516ab354ca5935fd975924c92f78bd0f0e0660990a17731afa5fdf6cb1
SHA512 d2966772375044494ca3fcf6b915c5e1f962a50ce452e169a0e938e394adb0bce3f5ac7a0772a15e6985d26ba4caa6c7e86ccfaeae06a5bdc103f03546393f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fed540a762a7314d48a340f8ddc7bba
SHA1 acc88ee821e3bd1d0b6d48a62f27ecc9c3599775
SHA256 95f0c2bb41b93adca51fbdc87ccbd675bb4b022217eff59e411575aa33b98da4
SHA512 fa989a01bfd640b32fdb1cd1c69ec1cf431167fb357dfa333232eb782b05ec3e8c6f4b8a12103e23623b49b3fdd10c53b13d611bac781f11b7eedd3db1dcf66d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5dc40bdaa5f7dcc73092c87ae2691490
SHA1 4e0071bfb3b21becf3096045da40bad489f27eda
SHA256 47a45e6e34b48ba3f35104c77791ca803203c9c37014c49309bfbc94b17c7b3a
SHA512 38d6cb661f14a7e0636a6b31d035a28084e66474e2cfd37ec24da40247b09393309c2ff396d0ae819bfde6ee31597820b0914a7d28d82dc88d1cabfd8787f750

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 604c46ac982271cbe23fa864438db35f
SHA1 84d756708ec7f1b68fe7d04f564dac9344e9a781
SHA256 7aa4f0a53fc9f0895f10ee33184350f243de3b7b8b6016f63a31411b0d9e12b9
SHA512 c11dc819653bf4c62bb442eb7dcec529b49c738968af9a8ce3c35d8a101571cd70782ada5a9be33fa31d88b23ac96b540040a4bbf26f41e4c06209174d4975dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

MD5 d7c2f6a63e97bb0ae2ec3150e52bcdd5
SHA1 43bb7a0c6331039f2cf4717962e8d2fb2988b7db
SHA256 b5a357e03a8a91448fc1e2ccedaf7d97099f02dde1e8cb02d1838f56ff3adae5
SHA512 2a60524ddb0fd676fa162b0e19f3da57d12be86005b3c858a89b9a0dd72ed712f267cf1c4c43e30f4854210778efccc22fdc121c3e135f3da74c3f1cb32768a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

MD5 f55da450a5fb287e1e0f0dcc965756ca
SHA1 7e04de896a3e666d00e687d33ffad93be83d349e
SHA256 31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0
SHA512 19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 666c656122ae42f1a60474a11984c96c
SHA1 dc72a0bfe7a8b0e1f07cad38d4da69cc1f7ce92a
SHA256 e3f0627922f60f1f00f9e9138737302d280a7e1bc49b93ee29ad0a05c1f72400
SHA512 965b19f2759179b3a37b6754c415cccee0bc33e09a2e95485081b53e6f2824e7f011ed928d9eacdac000866d241bb3f5f842c104868d25b2a4f6416935e56028

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8957affc7d2d1847cdbf3fa3713bdaad
SHA1 368b0d92b2f71726755139bb35f0a20ea5e0be83
SHA256 15e90184b0cfd277739cde28d9f8175de5c4a00fb1547621331db614d39e9fe1
SHA512 d702cfb1b34988b5831c983f1ad019f51843baa70709784858dc8ab8d4dd29786a06cb4853075fb318f428ab71f6e7858adb80cdbef161cb7044b46591edd92c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dc5977f8d45eaf9c90a8df799d98361
SHA1 3e02a8c5cb3dfbb681c9d4224cb714f322410fea
SHA256 ff29829404aa7b4fda9129c45cfce00eb1ffe23712c434b1aec4e257e7b850fe
SHA512 9b108ebe6e8f71ee006f1fd07a501d93596d6f8b6fa643855ee87e3f0101c8364cc0cc7b1bd493894463a65261e6cbd191c32da0bf580fd5c43306d54ab2915c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb6236765ed85da88262320ec253fc63
SHA1 1db86d439f017fd681b94505bbab0c757d7e26b3
SHA256 6c69e6ef19dee88b2407446174d46fddfc2c85b2fa3f28800bc9058736d45e98
SHA512 7bea249f0b9c91e9dd524ae5680c5ee825f6d36d96f928c511952a07b85988812fe5a943e748ede841085df4140a0b18a745ea858284b14a338c694bd4972f05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 613e15f392e830ffd604a2fdb346dc4e
SHA1 7ba4c484bd9d1e0c1c5deba9b6a102facdf67212
SHA256 c1c0a92bd6e8aec2830c7e7a0fd15a5952d3a2a156910c3fcd9d6ca3f6bf598a
SHA512 4d558cda675fba110f4802cf81e3d99d4f284ae987986d2cd10e5503a47aa750c95460c648ed0f54fda6da416f6b3503013d163d15b421bbd391bc84c9940637

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff2a1e6a781ca7aeda6a2c6d8ab70a24
SHA1 771f0de6b206a2932f594a5517fdfef4d5463792
SHA256 68c3ca3a866c6f941e6b93372c1fb4ecea246565bedad3961c133605e581373b
SHA512 a4aa222983b04a38857be5301469dc5188a4b8fda5d8f540a9a31e7a6ccf4c6d7093ebe083ec1870ff98145fb22b0e10bbbcc021d53e51d3a7ca6eea340dca96

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d4ada32576c0d825c576700560057ec
SHA1 33cd847f72b736a48533fd6d1eac34686af74b0b
SHA256 b88d330d4f6c4657798f26db51659781769fe61fdfed20cb0c419e66e4140395
SHA512 f90c14344abb2b240da762a726adab247efe5f91de95a8b349d051cbc7be5e0ff03c5a387d12fcd23aa044221e1fb7d9df37c4677f34ff1622b8726d5a659fc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd77a743b3527d441a4b0f4f301de121
SHA1 cb13cf7469f37e9776c7df28a4b53ca4ad81d001
SHA256 8b5fbb6ac920867472299724483be07456d490113cffa7294f479ae0e2dc76cc
SHA512 f214b6871a84bccc01a5006ffc95dc5f0a7a4526df0b493fdf245f50cfe4a78ca887c167cb484b76b1b50d7f6907282aa9a67516956c59732183777562cff45a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4690a1ff56a76a510364f75d359a0451
SHA1 eedd635429e0db1cec9123591d61c3ecceddc959
SHA256 53013f81719040e7509548b5e66b5e15e65af5a536fb084ba34edd3b1937247c
SHA512 c4d7de7c91e924553fc0782676a516b712c182d6d0ca31bbaa18f4bb5bfc32191fad792ec1f7801a3c889a2a40cd31fe0c090f02a2702be38aa057753a0a6a7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6612b919f773306315eea7b75e6d002
SHA1 eb3d4dbdb5a7774a87cf0d5ca328d1f20cc67ca7
SHA256 7c7c1b499ba2073a1b8906409addf5a6d1886f7ee5a9c4103c54d9e94ffccb5f
SHA512 c24229de7f805188bad8ceaf4113f8848b8de3d49f848a7de7392b7eaf4b079cfb52a010c737b0a8d504527f73a5a5e72731af78b4c2988d06d1bca0377fc2ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f38e575c49d23a6cd4458f21e160e1bf
SHA1 49dcd4f4573e3027782ec9b275d88e8077f823a1
SHA256 24621f3c68e544d80ca86ca713fb0d4b2318bb368e18e392944601a7d3716e4d
SHA512 b5bac8e90957c8b2d9549eec8c2f635f9973eae304872ed9868814ed77d5c1f92e23dcc92dfc7d7b8eed47495370b5589b83fe3c531fbcebf526523e364cdc34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cf03d84d05cdea960b1bb96b9b58738
SHA1 77aaf2241402b5316858d2df5658bf029ae6f730
SHA256 ce02738024583f9788f06bceeaae5fe0d18282f1e815bcf5f08b4cd85701f25e
SHA512 1e31a8c3dbc1cd8f303d3517fdf3e09305cd403abe35147d020e5c8a0847ef5b0e24e5cbca70b20f51a5b77c768d94934474279bcb1f5d08bced9e9722b1b1ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5359212517f6b9dafc3aecd93a322773
SHA1 15386472ea6b1ce6c29410f4ed85ac2d4ee85731
SHA256 6a2d95a81fd3640d576038cc7b4bf19550d28d8b593e3eb07dcb842f97465a30
SHA512 dcb3ba5a7f6d61cac4f91cfe9628555e6bf3a12c556933d20b313e73b3da08c3cbf7244d13d036d6d3d6fcde7e6db71596696c5384bdeed0212a17f9afc6e38e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f43b1911e8ed80318566ec1ef693df13
SHA1 e2bd079e082c51c96390e15922a765983cb7833b
SHA256 cb267641ed2c3de92ccfc4cbd7662621af63e998ed9590ca6a7e01d931c70c3c
SHA512 ebe307772a8c0e8ee59e82e7758ae66f1bd7e665bef5724fd88a6b4a7b30b0d2157a887e5f8c36c5c626d53462cb5acb8c0600831ade533d1385a3394372cb68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8502bd9ffa7b732d86c80dab6f13800
SHA1 2699f616b7d7776742942ce59091c7fcc1e30a52
SHA256 76fa212ec6496aa51cb215abb16d2dc1499e464b5bcdf14fa6ed9feb2fdcacba
SHA512 903d7a8f104c5d353be742163dc8c734a714695b4f4f9ee2d59c9b549e4ae6aa176d316a9ad33b8f96c084f7f78b4641fb6029be836493bcd20d070dd97fd1e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fe5e7db8748aa052b428e6dd36f0c62
SHA1 0fbacac70696c0b5703ec7667b13eff8862c33c2
SHA256 33a0dd291ae49f3135cdcb662974c211c60a31ea695a915a3c271862d6b4fa8d
SHA512 511a4aa03f0e11df1414c7b8bb7c87b3e84cbf224ccc7807ce74134bd963124cbc72ed05f2191dc5101c38cff5988fec8cfff963c0fdd9e2abe379d935acf5c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89d35488d0c39d0532178d09d2a7fbca
SHA1 34a54eeb77addf7c436c17f02b4bee4ed5b5c314
SHA256 3455e63af9c0473e9b95bacb7a12bbfcd44cd851789790df70b107f6760d1816
SHA512 ee4869c7ec9d94122059b0e91770f35379547dc44cb810072a3e0a3e92c29e248bc531e1cac58dc55ace21be0ca198f59ec03474a0b3bb14a9191478328dc6cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 439734e517294f2dda5249d9019b3937
SHA1 dcd7fe3cd979af7b6c3793db167271a968a20d6c
SHA256 0ea8cd90a1ad1b0e19b403da48894b6b386a0fea9a4d0e8ee225f5bb5064ad05
SHA512 bf6caf40036150a457b473bbec426381d4d11f3775a1a440fff708fc2b6a5577a496036c5a28c80213f27a2795932c33cccccf53c7e51e5b74389c3c4a6ba433

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9ae3dd23da99fcbb3e69b5fee347efe
SHA1 ebc85f5c88e868bba9d5efd3e556c64fb3f15afe
SHA256 a53edb67e4540251b44da544d7127da7f1448bebabca458ae30a8b2b11d375c0
SHA512 dbea892d24577b4a66d01d049c3c00ea68c6e52a55d7bc6f8ab1f747ead384a5195616eb2ccf04a9693323f6b4278117fb5a89a2c809fb48d1c5de469c90593c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2220f5ea17cc5c8a71f90359899a6f83
SHA1 155c74f862e6419c2544cd393269f57070a279cf
SHA256 d9f336e0b35d53cfc1bc77e780b3b496851d2d6791fabf3f97978b9f8617c346
SHA512 ae24cb9d35b4887bf2d21e12d2f8998fce3d2a5dab8a8fa1eb0bdeb98565766ad47aa1974ba14e3d41edcc7f1272314fd1217da889d4970f299b134e49f7887e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dbec2c7c62a3232f5fd733957ff789b2
SHA1 284c19cf6496a9579e6e8d36fedd38f894e2526b
SHA256 5ba6ff80f2683741344dffc154aed08f5d34dadaffbbeeb9df8e52cb10ba3d99
SHA512 4297d15b17aac5f7ee84f6284408a7bace5a5049406c165989d861c6d3762f61aa8aea3a0e2d10661bbf82930e3d937a80b628c54e3100380c93621326286d54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8b302fda140eef2463b42c16060c7ac
SHA1 a350093341df3798378e80be0b65136d8847fa7b
SHA256 3bf5941dbd84f4fb44d4648eddd9a0d23e0bd5b5ec73b7db8fea980a535c82c3
SHA512 c0c4d84f7237b1108e8a1f632c65ead0546dec3a5d715716cd0cbcf2da4416b38d2e72a0a644212dd7329c6cecb32c18690c37d292e369dc716bbdeb18ec57fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86b865b1574e7aa293c77202dceac151
SHA1 a6f5d8e5b53ee3fb903ba16602516525259d3bbc
SHA256 e6009bc61ffcab990f3cbb6328b8f1a469234283b9a05acbc478c2424c6a21fd
SHA512 4b74e0571ca430373214d9cff78e6dcdebc67c33550c1a830b096c040cde7ff769118d308ccef9ddf4adac38491b6d92a4adf69c57b45d73ba50daea80afb6a6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:30

Reported

2024-06-03 13:33

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f4dceba7908fbb5d3cba0fdd060c03_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f4dceba7908fbb5d3cba0fdd060c03_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3688 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4944 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5396 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5516 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3532 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5864 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 christianbates.com udp
US 8.8.8.8:53 christianbates.com udp
US 8.8.8.8:53 longevitypower.com udp
US 8.8.8.8:53 longevitypower.com udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 15.197.142.173:80 christianbates.com tcp
US 15.197.142.173:80 christianbates.com tcp
US 15.197.142.173:80 christianbates.com tcp
US 15.197.142.173:80 christianbates.com tcp
US 15.197.142.173:80 christianbates.com tcp
US 15.197.142.173:80 christianbates.com tcp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 2.17.251.4:443 bzib.nelreports.net tcp
CA 23.227.38.32:80 longevitypower.com tcp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 static.ak.fbcdn.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 longevitypower.com udp
US 8.8.8.8:53 longevitypower.com udp
US 8.8.8.8:53 www.mcssl.com udp
US 8.8.8.8:53 www.mcssl.com udp
US 8.8.8.8:53 www.is1.clixgalore.com udp
US 8.8.8.8:53 www.is1.clixgalore.com udp
AU 124.47.143.183:80 www.is1.clixgalore.com tcp
CA 23.227.38.32:443 longevitypower.com tcp
US 8.8.8.8:53 173.142.197.15.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 32.38.227.23.in-addr.arpa udp
US 162.159.133.37:443 www.mcssl.com tcp
US 8.8.8.8:53 stats.wordpress.com udp
US 8.8.8.8:53 stats.wordpress.com udp
US 8.8.8.8:53 www.mcssl.com udp
US 8.8.8.8:53 www.mcssl.com udp
US 192.0.78.26:80 stats.wordpress.com tcp
US 8.8.8.8:53 www.mountainroseherbs.com udp
US 8.8.8.8:53 www.mountainroseherbs.com udp
US 8.8.8.8:53 ediblegoddess.com udp
US 8.8.8.8:53 ediblegoddess.com udp
US 8.8.8.8:53 www.1shoppingcart.com udp
US 8.8.8.8:53 www.1shoppingcart.com udp
US 3.33.130.190:80 ediblegoddess.com tcp
AU 124.47.143.183:80 www.is1.clixgalore.com tcp
AU 63.141.128.18:80 www.mountainroseherbs.com tcp
US 162.159.136.34:80 www.1shoppingcart.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 www.1shoppingcart.com udp
US 8.8.8.8:53 www.1shoppingcart.com udp
US 8.8.8.8:53 www.mountainroseherbs.com udp
US 8.8.8.8:53 www.mountainroseherbs.com udp
US 8.8.8.8:53 stats.wordpress.com udp
US 8.8.8.8:53 stats.wordpress.com udp
US 192.0.78.26:443 stats.wordpress.com tcp
AU 63.141.128.18:443 www.mountainroseherbs.com tcp
US 162.159.137.34:443 www.1shoppingcart.com tcp
NL 192.229.233.25:445 platform.twitter.com tcp
US 8.8.8.8:53 26.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 37.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 190.130.33.3.in-addr.arpa udp
US 8.8.8.8:53 18.128.141.63.in-addr.arpa udp
US 8.8.8.8:53 34.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 183.143.47.124.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
US 8.8.8.8:53 mountainroseherbs.com udp
US 8.8.8.8:53 mountainroseherbs.com udp
US 8.8.8.8:53 34.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
NL 192.229.233.25:139 platform.twitter.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 www.cliximages.com udp
US 8.8.8.8:53 www.cliximages.com udp
US 8.8.8.8:53 www.cliximages.com udp
US 8.8.8.8:53 www.cliximages.com udp
US 8.8.8.8:53 www.cliximages.com udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:445 pixel.wp.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 213.80.50.20.in-addr.arpa udp

Files

N/A