Malware Analysis Report

2025-01-17 23:28

Sample ID 240603-sxtxbaah5t
Target 9245e58f9bda149748bc5f949300344e_JaffaCakes118
SHA256 55778738af1d0eef7fbf4c9342d410c0c0d4251e99e9fe7758f996e8a36f3ce6
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

55778738af1d0eef7fbf4c9342d410c0c0d4251e99e9fe7758f996e8a36f3ce6

Threat Level: No (potentially) malicious behavior was detected

The file 9245e58f9bda149748bc5f949300344e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 15:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 15:30

Reported

2024-06-03 15:33

Platform

win7-20240220-en

Max time kernel

121s

Max time network

131s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9245e58f9bda149748bc5f949300344e_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423590515" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 403d8f18cbb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045041e866bfae14d8b02d0266f1be3e500000000020000000000106600000001000020000000cb2c66218ca4fabc4dc005d7962be4e549b51ab2c3bf10bb5ba6d0e8345ae15b000000000e8000000002000020000000dd5657138d39e9149d4d9b652e5a469f84cd68b0befb68102c7860135a4b825420000000f5076660e6248852d1f0ed20ebfd200981a1342fb113c49402a2d5e8f96e14804000000076af1fa0766e5dc7551842b07c6cd7dc36dd50fc37f0a61ef5de044de3377a98a1b42dc6d7213791b9b2a53e9a435780c08255c23c123e9b5044e2b377d3c7d9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000045041e866bfae14d8b02d0266f1be3e50000000002000000000010660000000100002000000070ab93cee0dfb02b303a5c775fa8b24aea2fc72a460c7b448efd694c1d1758cf000000000e80000000020000200000008baf9f1b122e05deff58c295f5ae587bc91503a5b851c8dbc1a4c6c86f0d0c569000000019e1ba70210974b3ede84e46bfb54dfcf156787577babbc80ce15449fbcfefd5591d3d8bdc7874afc5df787a2d151ee56c8348346cedc9c961da6f09684a847f1e78485ff7e5cb9cf98f2856deb8791ad3adce3368057f3887e0ff1625fa6ddfe929129a9745a7d66ab8b4808b13c6899b82232cc5220108a8f30071a249d852e5ca8383fb77c20e92fd29b7ad7fadfa40000000da0f59ccf808344a98b15b2e9c63f4293350b06bc2e65a451e4a25b659bc3358b5f5a190a6cdb62b1e0717c436be667bce83e06089480343dde87f4982e37e79 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{40006FC1-21BE-11EF-9ED8-52FE85537310} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9245e58f9bda149748bc5f949300344e_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ag8aq.cn udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5D5F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5E50.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05b2f44c5a4fa1dfbb9d5d7f82036dcf
SHA1 467e1b138f4634051019ee8e00aec641b2756528
SHA256 2a2e679fb1495004d0b44571d3cdd5c1b1f6ee31d82ae32371367a84137c7aeb
SHA512 388e4b2d409f14bfc2360745c937eef49678721a6db8aa6abe130288235768821af25b7d4ed01db5e275ab40dbb9a41afb0e807013a7c60fb8ca6d01ebcff678

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f60e36d25a48cf6ed7379317c16d81e1
SHA1 c72ee13bb3b23903cd692f4582eebbd046a7c8ba
SHA256 be8e96254a266dfb8a06411abba66327e78aa84cdecd40aedb7fc8af133253a1
SHA512 5ab27a3b4f39d8548e0cf10e30dd92599189d334b4094bc470a49cde16065077b6b115b9f3532dab08c344660914c79d703b51023f3e52bae503a2af431c4f76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6c0d437a20a2f5dff99dc0f5137a6a6
SHA1 2e4a316f0921d9c33868ad0cce4c1ba84eb42ff0
SHA256 79a1fbf92507fc2348c39587d1ba7a86e121aa4705a8947fcc11caafc2cd5b3c
SHA512 c3626d4d51920f857d061c880eee27025ee5110a9978f6f327504d7c14dd5acd644a3fda247444acfa2070bdb17c54b58da29ea2bfa602bf5af78b936c7c45f8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c829d117a788ff8877f6229fd8abe7ca
SHA1 e0cd68d284cda94dde80be84ad7ea6e411dce55a
SHA256 bc2d82d898415cd82fbaf7f51940b68b2b865a7c07e4a71d58b4f863c255d9fa
SHA512 9b17194b9172773db7b26c02b31ce28bc7636c23e6bd1f1f80648c4de6b28ec80c127e75c40aa8e76cffb59716634942d8b45f18e0d74a122630348ad4a9f190

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad48ad15c6b72a7b50567aa4f592b7a9
SHA1 84411bcee6d266ec486c3f58d97fe131c8e76f25
SHA256 c63191b321c080aeffd71d0d08482dc632c765c5151afcbd9f4817825f2283f7
SHA512 9a9bdebf9562dc73c97e975dca1969115d83214827fd4a3a9bddde2dcb85c45ef01fd4691ef13366d46d92a0e8353b55686df1c7f93354e14d2f246f7fc36c9b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebf8cdc76228e26a64555794da949a1b
SHA1 3463a6480605bc4f33d161b0eca92f35d53409ff
SHA256 9588cc8fa9b60f3c06f25728bd7c2c42f1ae3b57e3b73d44912bd743b17e268f
SHA512 4a5fd3a809bf458a0578ce36ae2e7e7b0f215006d9e3215ce4169101b19c4f2fcf662d6d9c9209731ff1f4be972b46cea63e0157cad9628a6f6d7c268dacf9fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9da21951d0698a8d9d3cbfb9ced6fecd
SHA1 00233e82906ab28e473d52cf7f1b588ce620244c
SHA256 0f57820fcce673cdd1aa6f579146f48380392f1c4f613c4082a4c9a3e2b660e2
SHA512 817f00773406d59c2516e93c98fd4949df9c7e366ad7932c119df6ed3f246c4c39cfdb83d3c33ce027b46606ea128051876144585cee6845d6fa45c15277e401

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69ee64396c352d8799f114553307b26b
SHA1 387a7eb1e8524661540194c1d979dce746d14d9f
SHA256 d0eceaaa9d4c91b7e66fa646556508f408e1ed573505ea335a6de5b9f32a3665
SHA512 7680bc893d0fd2fd20cc57af237c5f9e95d27b7918d3025aa5c040e54a0a5572b740e6ed5980d8f138a278ef371dd1dd1b242ee9b650c0143c88d949e9fe65b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3db93db50e86c419dfadbc0e2f437b03
SHA1 e32534c82e743718cf5f7a4e3b151b359c96c2ef
SHA256 8eeede0d09eeec78688c795d12683ad907381ec8e214c390468794101df3c25f
SHA512 20e32b3ba0a225ff52c76765b5a22da87706902477a0762c8b985c3498bd188b0f1fe6a2f5fb162ef04dfd9bcb8e5489b177106b9c12b6784202a46315e24492

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fb4dad332137e6443516ffc1ff5abd9
SHA1 9396962627260343eed38dcab8fac67e8f0f2947
SHA256 9dccf7b65435562066d961c043624677c3a42a56701f97a3920359c017f41c37
SHA512 065071e5a02484d2bd7dd4f874cd6ece5ff18327001c4039dff6d0c49f16403140adae46b7574565e81af392eb8302d0e78cebfe0b98e26ce230d8fdbdb8f6bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bdb09e2ea5cc576053fd7fcaf1a49a3
SHA1 d9ce903ee657c2c414cee3f0c53e3397d17f36ed
SHA256 f93e1cf1d34cf6f4b79b4f7d7b7234993eb876b2cd5fc511a373ce32d3fc224a
SHA512 b6b2ddd586d10bb1f6b693a727a82ececc57ffe3a1374088193868a25a11b5209501ad056833761e20161e31997c93877f63cf3d1963550296ba75c41617d84c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2217a3054eccf8b81929f7e59d48e47b
SHA1 b5e9dd2da13eefeff6fcb1550726d8ef6c3f1dae
SHA256 38eedba16fcdfb3f3055ba8bb3c9186a8654dbd594a6ac56e2befa239ef3baa7
SHA512 d90aa8116c1c51288e95a040a9a9495cac58540d2f7b1f5fceda4888aafd34843f47c4307f69e1d1b66305d1121d6d635aafe4090352fe7ed0a74e72a1ba4f72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 116475a1aa6db60109bad290806672eb
SHA1 f1ae1a64361021055a5f429bf4c3772a29315247
SHA256 ede2b03ce122af91ed572e6d21c19d785f99e918dc0ba6a6d960d12aab084860
SHA512 f969e097fb91c298d5bcbe6d8b3aba6e23d4ee1ea46166c92e22e7b0c7def0091cdd781729209fddc36ae2f82e2179d924d46db88db0356f563d84ff2d03b5bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f30aaff1529a406acb9769aa969b4cbb
SHA1 9fa301bd7bb9cc8b30409cdbcd5cf27b43e1171e
SHA256 a60e14554026104ef9b722865901bc8b67d98c97aebe5f23e1a0f321241e4746
SHA512 d96bc06ae0c1b7b8a6fc50a3811336eaf5b8bc8c8a3c1f0b725076760031eab9257920a367492da3f86b9b80c946c9a6cd983f3d10bf2462b53778f52751b660

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d46480e00239aef1f1bdd5feaa7b0042
SHA1 5f7481ccb2d009d6fd0c886ce28471b56f126cbb
SHA256 65839012108101fbe6192eea51291ad1457189103506d3b99491e9a6680c6125
SHA512 3e62a06678bdadf59009cd7968c9ab4ff0a2413fb2ec24d9635ace32ceebffd14e132a9d515452b44401ddaaad422c70c9558865073a5a45d5452c0102f66b05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27ac4579b725d82dce4d54a4a29b49b2
SHA1 90d2de644e483a5c0553b27aedda454c1e9e74ed
SHA256 88995f289ad336ac1cf2e8630a3975bc581d4b87369bc787e21b14c08e40cda8
SHA512 cb16bbbba1a7353504d5fdea09e0064ef2f0110198410b26f9760447a2045c57f8680538096b8177cec26dc3454fe6dfcaa10fab2bf826ac3748ce5b56ff6c81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bab0b18323fe5be06abf2ee681cf689d
SHA1 86f6dcf3966ac0e35115c0f741ba2ac9938afb04
SHA256 608deaee600dc4ae21f539870ed5d5dad20ef7defd7bee052eceb2d241b2eecb
SHA512 d72d0af0319e96817841d80a8f44dfc2b8dd4f29e4d34955e3efc6fa515196d4868e16038535332eb89706061f2f01537918c021087a60cc5291c7486bd7fe13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1724c8c4eff765e68c06d1ab9baaf052
SHA1 a5e4f2dccca443ca22494624df3d5c980277f0bc
SHA256 bd4cddf4ffb3363d1f879738b59f4be887dc356112b99a66f8de51006639fa1d
SHA512 c6928bc09059cd49c63b7027405111cbf5c441ce74e1c37aeb6025c7c4d575976c03f5c2d72c0bd4a4805c48378a4a45a5799760dc1b3c6c8a9493f38e5ccf18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee339f602216c28c036ab6567265703c
SHA1 d672112c881116bad2c1fa1a9ebe23fcd7f65019
SHA256 817f30b593d5d9bf8d4ff44c449df6f19d71280716b4b003289eb192fedf926c
SHA512 2bdd20431b1a832c0818fb1e2a6808a3b35c09eaee8ddea8c87e95b25e7db7d727d74f35ca6428cbd3732c5b9d436d564a315a5f47dfc28b342abbd61f3b8018

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 15:30

Reported

2024-06-03 15:33

Platform

win10v2004-20240508-en

Max time kernel

136s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9245e58f9bda149748bc5f949300344e_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9245e58f9bda149748bc5f949300344e_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3824,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3856,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=3980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5280,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5432,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5440,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6360,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5988,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4144,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 ag8aq.cn udp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
N/A 224.0.0.251:5353 udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 152.107.17.2.in-addr.arpa udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp

Files

N/A