Malware Analysis Report

2025-01-17 22:13

Sample ID 240603-qrt9saga5z
Target 91f4a30bac965d7c0741d683006091e0_JaffaCakes118
SHA256 bc01f3142730aa55b3e5435bd728d2da4c45bed9751f6d81cb45cfcb77f60392
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

bc01f3142730aa55b3e5435bd728d2da4c45bed9751f6d81cb45cfcb77f60392

Threat Level: No (potentially) malicious behavior was detected

The file 91f4a30bac965d7c0741d683006091e0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 13:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 13:30

Reported

2024-06-03 13:32

Platform

win7-20240215-en

Max time kernel

141s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f4a30bac965d7c0741d683006091e0_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{65CE9941-21AD-11EF-8ECF-42D431E39B11} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b017c93bbab5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423583277" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f34c9305f14e34f823c71fe5af3e36e0000000002000000000010660000000100002000000072fc9827e170a17869fc3f421eb30b526137c464f4ade94de34f910ec3cf2837000000000e8000000002000020000000c54ec241182a131300f998f53e17e5327e88cf343d147700f9a9992fa3c29b22200000001d0e14832b22d90e1fd9a96cd5c932921ce2cf0603b7a69a01df0f19e5819cde4000000067ba106b07b436d4adecb3832445b7a655687e2ffb1ed2624bb82c31daaf524c18fb2c763df7c63a824d6d70a326df4ef5c9e4b2e5a3346c97f2582e6d0e9d28 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002f34c9305f14e34f823c71fe5af3e36e00000000020000000000106600000001000020000000f297326e3318c5596a917210100e38824db0bc25f5faced6a14847c71f44f831000000000e80000000020000200000009430ccafc09081b1dcd650e1975cfc2df86af786dce4780b0858fe77a7137d6c900000009e1688514ed414df31f611f43cb55d19da9be51953d1470c35f9aa103e01395e1dd46bb8fae0aebc5686b5ca3f04b77a25eaf9a67e1e9b4f334d9c3902c0002f213793952edbc0414c459a0b19ea357e7227572daeb837f9737d5af59a6262cd3fbe65a8d3268af3231fb8de58469ad94da31dc62fe8440ad0c7cf584995ded77aa894d87d0d6056d0b2c7e9e21c62bc400000003247c25160ea8b6dad358c4c0d598958bfb595d2bf94886ec1f3246441f1ebebaf442678b11bb69f47ecb8766a0ff753f7ea1ce9e2c4bc4acf496f33dc6b015a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91f4a30bac965d7c0741d683006091e0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1664 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 new.bestoffers.vip udp
US 162.210.196.167:80 new.bestoffers.vip tcp
US 162.210.196.167:80 new.bestoffers.vip tcp
US 8.8.8.8:53 ww1.bestoffers.vip udp
DE 64.190.63.136:80 ww1.bestoffers.vip tcp
DE 64.190.63.136:80 ww1.bestoffers.vip tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 img.sedoparking.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 142.250.178.2:443 partner.googleadservices.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
GB 172.217.16.238:443 syndicatedsearch.goog tcp
GB 172.217.16.238:443 syndicatedsearch.goog tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 a7edcf31890926810f0adeacf17a6d76
SHA1 c16a89aec6ddbb5ebfe85b9e7235b45fa04c7001
SHA256 4b2577e698339a2b4b052346917281b5c5a6014d880693d132f5703a32882605
SHA512 ae26d9fe03d806a7311412d9f6e0376be1317465fce5d3fa9fdb9eaaddcb5bce82aa7a5178a97fbf6524f04af00bbd06bb9d0543c61b75437ea50bdcad56e9bf

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\caf[1].js

MD5 37d818f8417138f9f99241f7c1eca482
SHA1 1295e31a71f6067fdc9c93e4b8cffcda16633aa7
SHA256 c6ebf27e8808bf120e96ef6e27317a7c3febbbbb7e60e21946292f174cbb6a3c
SHA512 cec9c842e4c5d854007aae8f7c776dac4559ed29ac4725e5191014a7922029b775fc37b4e533c06a051044f2dfbc58ca02dd41766acb40c18834edbe73e33b5c

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\sedo_logo[1].png

MD5 def00c11b1596db4efee6a9fbe64fc27
SHA1 bd298981e6d8d7e4ffa18abcf687041f4246672d
SHA256 95c427fa3143b1896faf42a6406686ce7602cb39052081bb32d12b51c9e047e4
SHA512 c056e95dbfa1aab3a50dff18c6d577dbffea72c93316ffc53b6b7aa41dcc7707a810d563894589a7305de0b76610f88150b2034670de368773b2b356f14ad30f

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92bocja\imagestore.dat

MD5 15a93a76660630c327650bf334b41c6d
SHA1 cf023d3e8324c59ead052370b7e79dcd75a91bca
SHA256 0b6f6523bda3a9ea0c4ae07994cc93ea7f3f7e3679a733dcd7545be05cae6952
SHA512 72ee2133c3ea1b1eb3a9889e01245e858b8f26ffa7451fac2fe3656f1d7e85745b4cea7ae8782e213b29e5129fcecc3e48a77bc821672d7890a2df31d216d220

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66cd8d5cf1ad7b30b0bcb8ebc6dbb962
SHA1 e661ccf02e8c4cc1587cbd3b21488207ee44b374
SHA256 7a423e1d2c30f6465f237d999229ac53b87290a700aa984a982e0021c526033e
SHA512 45bca92ac1fc5eccd84b74f4e7d1dff17719237f4af1d43eabd2a564300578f7f2390c11d0d4ba306e9ca1b7e01f6809ca95cd4263bf4d55b27278334ad928ad

C:\Users\Admin\AppData\Local\Temp\Cab2ACB.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar2ACC.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2BDC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47105a6b5b2ed3ecaaac4ef4ef600a23
SHA1 32865bc28a00bc170b54680f82b42c57bb56546a
SHA256 8eb8a7eafc4d586e03e71938a5931fddfb370dde350ad43b872f77d40604b64a
SHA512 7439beb94df52b9fb45c74807793611ba68a5ee54ac82fe5161fe5ed72bd946e1914f67b812fd981c9e8f09f6380b1fbc7b7c67270845c2e84bf709528f36ed0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 340a69264d293485cd6df4ec96ce2a3c
SHA1 e796775c1c31c7a8d596935bcaa9c10d9bb6d0fa
SHA256 8bf5f4719e1143804d86c368d39260a8868c73c85feff525b9596049bb5a53dd
SHA512 59990b14b0e7756271f21a155ea6afac59ea3162c737c1f4108067a06a5dde156e604015374a4db3f2feb3ad0ec3a0353473ec7357155c5d86b5f7f8f063eadd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f92d1a88a9e842b2bf514511f8f38041
SHA1 e038120a289426eed4e40544fdebdc2039b9edda
SHA256 4099b6a1144ee4d0006820c20cddadd0dfc582e4df6c1baa56b256ecb92cf6d4
SHA512 bffe24b14c82feaf066a0901a529a49e12d5d61f51dd9e1bfa915507c15231f8f33bc454077ec4ef258fe7decd3e6ed9826c5be8f6b40c40335331ed3f91ade0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96b65eb00bc1cef697b31aa817cabbaf
SHA1 c2d5c2c8942da720625d73257fc3385262e7638e
SHA256 f733df741e0cdbcdbf142054b01a334487408db57c8d14ca51862eef81c9f202
SHA512 1273e28789c50585ccf8a6b3a6e130a8732cf336e7f576bce8eb9f6d1a88646cda7457893b9ce3ebcbe820dd3fd5def1cbb07da183f73018a491432ee8fe9233

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05d6c0df920039ee0809acfdf27a295b
SHA1 663ac287a769bf0b61914dc345fdb1fe1cfc7905
SHA256 1c6995cd940b013479cef45080beda37d7e2035bfe618f4aebac8dd4f94c3907
SHA512 340178e66f7fe2de9e1cf30845dbca20d362433aa10272900ff20078364c802de6473315cd9453fecab70fb5300f3c5897ba425a3012f06231eff4dfd8563cd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0559ef15f9b4b8d63f9d7a2d650faee4
SHA1 45207edf09bf0257637ed6436386338b8126ee71
SHA256 b4895ff84ce949536f50df627d97c8f44d799877a2e4c6997aed172a53013ec8
SHA512 c9749fe1e71182fa4bb8aef7ae318c91912f5c843405a61d604244c0c497ca881611cfa020686871aff1f3eb86ef5c0f98b97a4f09a5d3a1938285a2f3838a02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72d5d0978fea4f814f96f6cbe7644040
SHA1 4ab7ebdf147bcec952da86f0b502566098a8dd83
SHA256 73b6757ddfc04327a967dc9353455ac18f0ec170c07888d79de9bfcb02824081
SHA512 b0bd067eefcaaed690d96fdd2ea5e4347be0a8937df6d90a95fda5d4b4a0729803837cb720cfce6fe40c2841848db2c316c775a3ed42c355e5d0571c9360ba4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b771f14571d048d929691688c88571d
SHA1 d1e76acb9ae57093451eabbf5ee3129c49ca350b
SHA256 f3209e72cc1026a9300d562e9ec02e29e079e09981accedf074b4bab60e16538
SHA512 29d3a989cead72d4e3d5a3c9f308fdf69bcbb66b32b31a3cfb22cffd319e17aa7147763e839c283b495ddcc09331de80f02b01ec7d18f28140bbed9aa679722f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae45e5cf5cd9fe497bca7cd9f238c704
SHA1 72ce77f534ba00cb645a76b77bc8489cf332f9d0
SHA256 6190b1376a56c86a70dc94b562336c8c6e8e9c21bcfeda3a6c59ff9c5db201f6
SHA512 c2711f7ab53638ac2db032ec93a1a021ba3b176390dd58d948fbb07c52500c269da8672a8946878758f52c6e9caefe5628af54404288d556b18ec77a73ec832e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bee55cc787dd6318532c047ef5b275ce
SHA1 9496fba15da5f0a7ff226920a3c28b2e68862b79
SHA256 3b079b2008c022e1c6a7cfe3cd9c368b9e0863a9b0c6585dd0d2d46bbebd475b
SHA512 89fa549663d138e2493b92cc51975a2ab5ef81a5aa75e07fd7c21fbc66f281a9ee6781ad3db2a8a1cf23921b11d22b41ca4b9ade497f6fd758014d04fd0a6d84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c7f3dc5210221b36d32189d35a1e6b2
SHA1 cac572e9e05834487fe3963bad277257a14fcc4a
SHA256 6e87e5b275d08f443124951ac00804b2bea6cf4b5391df251143ef8e8a865833
SHA512 7d46424f9818dc30e63740c57c9cf9f93b196f6430dab169546b6470d9fc2b5fb12a09dc6deb7d9c3d6765bebae45d6fc342625ea43f21471c48333924b39d2a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8a02ab98566485383118928e6868c045
SHA1 cf06e9c6e87b55b93f7ff2b010efce96428f3181
SHA256 d96601d52959c7bfb3505e1feae8de6f98b11b089761d463f9c35dc49b993e3c
SHA512 f8790179dae91fb4aa137f50af989f1b60a115533c2a6c20a91a109c166a75db658992c0bc99f6c76ebf0a1dc6f75e19aa5c433ae841a1bccbe03dcfac087676

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa4e70b93bb4197e9947ae76c79737bf
SHA1 3788c0cad8c5c32ce34e26074728bc737db292dd
SHA256 d4505d11a149cb6a4c8ca9d6fc08bd02798309f5195738c55dc3addaaf067f66
SHA512 df26755837a8979ff5ff906d192367644cd00064bf3456db67bce9d96a7a1c0836ea829107276fa1c337223af1a750c193ba285b2a05bf4e13b6b6dd0dd96d39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d86abba2a5c54741c013a881d32f0b3f
SHA1 2fa240daf34afe25fe739407bb5a5ab02df7b136
SHA256 346387a28013a9d9b65acc488530dbb4cdecd3aaba6e404c0daa54418881b2de
SHA512 050e4462c693a8bb931b7ad439734123f10c96e05c1ca773187e389a25354d3522104f61a596e787e587e012de32c9b6c36f15ab3a342ff98c96e641ccd22436

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 630781f324e63552ecde844ad16ce5d9
SHA1 26b37fade28e6b36da4b2bd5645bbab80f372d24
SHA256 1a69e160f5148c974b9d90d190634b40d8faf1fa241ff53b1a06525dc96b3b80
SHA512 19b0a9e2f6b7b727040dabe66e619abc64172ee03ff8d93796a6d188a1605f41ce56bc3ee357c2287c7f4c5d9b2a715849b08b401671ab001a5a170a2d27c2f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf5272f99cf432678a9bc08223a1915e
SHA1 5ddd5b8b0b8651869187da331e2914f014805b55
SHA256 5df3ea4db734e595fcce4c84179286002fe462dca2a5faf7413b2ab6b1f28495
SHA512 54464db3acb52dbb445c73ac241ddcdb68164b5aec49320a8b4d9b54811824271d75c91c02df4979114b961e37265eb4e78e6284834419434549f4d9a65453fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9509b829786a9f66b906792252af2779
SHA1 1c85a80a32ca68ca6b4694eefcbef1518d72d625
SHA256 79f0c0308a14a27ba300078af90365186e36ca48e6822068d7c6d03e4f7e2fda
SHA512 49f1570f2bd5011bf2f832fa312251ca981c00aaa255eda76fcf89121d5ef7a62e0b1dd5cf25f42ea269f1fc4308802c05caeaf6866e3022d1fb72e73c5a6ec7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 a4c607078f6008c278a1195b93000044
SHA1 80904b76a3f2f48fed8bb20f56f3c6936523071d
SHA256 0033851add779547e4f6611470d8b2096c3fd49c9ad72c0dd87f1cab8de05c6f
SHA512 e779d54d1431d6a5bb07929c9547d942d189549e4b48705ef3be872d963eaa55a5450aa8a7ac377d43e8329548b8a9f348d64236bae549a46c081cfa15b746e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c329776d163fdaae3ee4d15f059d70a
SHA1 7743180ff79f4edbcb0deeba926f2f8455b54a3a
SHA256 2639f79ac8205bff37876074b42e7bd7c9ad5c4726104c7a42eef67e0f38fbff
SHA512 38424030ccd1f44c4ffc142e21b2dfc0ec3548b4de1330825cf5ce4978f9197ad000a15e684ffcbe251f44a97a04c8b9a3b1681d62a48115b1367f4b5556897b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d93c5ee2f69977ac75669a3ed35ba80f
SHA1 5060f987bba36184ccc7d69ecd49205637010d55
SHA256 1ab8b8c6d92b1af912e9e910dd1f2f51784e84d0f46aad90180332bb45b6d688
SHA512 538f86ea1243932695b93cb9784d262e6728b4f897b7555a8ade3fc817e508b77eceec203cb2ac9c9a4715342278652316e9a5a4f0ba2e75d760c06b93607a94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06a4a1623c78082ad671d4c0aa944951
SHA1 219b9ba91f907a4a1ab616229827dfc712ee98b2
SHA256 0a723748679e0979f75b9df8406a5394d8fc98bdcb662fd8bfcea3e8b9b6ed48
SHA512 6d9bba310e9a7d64b03cafb2bd93d5932f3c5760a89a6d7de0e0b57302673130fd29daa0c6c3a27f60611e5a5c1ea38c934054d7133cc15adc0a7b3ce2f91ffb

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 13:30

Reported

2024-06-03 13:32

Platform

win10v2004-20240508-en

Max time kernel

135s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f4a30bac965d7c0741d683006091e0_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\91f4a30bac965d7c0741d683006091e0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=3768,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=1636,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5196,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5236,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5372,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5752,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=5764,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5104,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=6028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=6240,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5560,i,1697479186275492802,18058102846092193784,262144 --variations-seed-version --mojo-platform-channel-handle=5944 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 new.bestoffers.vip udp
US 8.8.8.8:53 new.bestoffers.vip udp
US 8.8.8.8:53 new.bestoffers.vip udp
US 8.8.8.8:53 new.bestoffers.vip udp
US 8.8.8.8:53 new.bestoffers.vip udp
US 8.8.8.8:53 new.bestoffers.vip udp
NL 37.48.65.155:80 new.bestoffers.vip tcp
NL 37.48.65.155:80 new.bestoffers.vip tcp
NL 82.192.82.225:443 new.bestoffers.vip tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 2.17.251.4:443 bzib.nelreports.net tcp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 ww1.bestoffers.vip udp
US 8.8.8.8:53 ww1.bestoffers.vip udp
US 8.8.8.8:53 ww1.bestoffers.vip udp
US 8.8.8.8:53 ww1.bestoffers.vip udp
DE 64.190.63.136:443 ww1.bestoffers.vip tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 20.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 155.65.48.37.in-addr.arpa udp
US 8.8.8.8:53 225.82.192.82.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 136.63.190.64.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 ww1.bestoffers.vip udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 ww1.bestoffers.vip udp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
NL 23.62.61.97:443 www.bing.com tcp
GB 142.250.178.2:443 partner.googleadservices.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 afs.googleusercontent.com udp
US 8.8.8.8:53 afs.googleusercontent.com udp
US 205.234.175.175:443 img.sedoparking.com tcp
GB 172.217.16.225:443 afs.googleusercontent.com tcp
GB 172.217.16.225:443 afs.googleusercontent.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
DE 64.190.63.136:443 ww1.bestoffers.vip tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp
DE 64.190.63.136:443 ww1.bestoffers.vip tcp

Files

N/A