Malware Analysis Report

2025-01-18 00:03

Sample ID 240603-tc4rfsbe6y
Target 92592750188d53233ec4842315c4501a_JaffaCakes118
SHA256 30fb455a0427c08bf682e1045cff725659940889541901f6aeb210bd1c080125
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

30fb455a0427c08bf682e1045cff725659940889541901f6aeb210bd1c080125

Threat Level: No (potentially) malicious behavior was detected

The file 92592750188d53233ec4842315c4501a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 15:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 15:55

Reported

2024-06-03 15:58

Platform

win7-20240221-en

Max time kernel

118s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\92592750188d53233ec4842315c4501a_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000038a323c2ad014d4aa5f4e9a4732f803600000000020000000000106600000001000020000000b1448f3368bfaac7e1e615797090dfd831a22dbe65e2e1a3282d6776494fc0a1000000000e8000000002000020000000627969dc49f6c7cad80b16db446550c720df3267180a1e59df4d55a1fa495c1a90000000a8c5e746641404fa3825cad7e6b93ad7fa42e138ea157c28540c2668f06d1476548af6e666b0fc0106ed47cefafeae5ef0a1cbef4384cccf57cfac74ea11d2e4add6937faae97f54715511c38103bf20ee4a97fe872c391e76d1653c31b99b3c20c89b58dc8dd7192be50a8ce99a28420f2106145c68f7bc72a136ec9ce00cad319a24bad63fbb388767c43324f00b7d400000003adb7a00c504a975715c264545d36a9296cfdb584c93e9a8652449d535942be6ec38f8409a54e3272df6f02e31e29879309930a7afaeaa6925535d7eac352791 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000038a323c2ad014d4aa5f4e9a4732f803600000000020000000000106600000001000020000000610767c6860f01cb8c4c1d6441e95decd859622147c56a9685d331d5a6532d56000000000e80000000020000200000002c1586898132436030fd53abc99f08d0497446451e5da41c59db081b68d607c220000000fbedc37da2b5314875d43f7525a542881960b02473f13430e40559e54086118340000000c4e145923b6bad526cd6917970ad0616cf0acd11e3afd0c7ea7e83da658e704de96242073f336755bb28907dcd10ac624bca19196ee140fdfb043998d7f7868f C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20e85091ceb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423592009" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BA897CC1-21C1-11EF-A8CB-6EAD7206CC74} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\92592750188d53233ec4842315c4501a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2020 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.178.2:443 partner.googleadservices.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0784c3b7526a0714767f3cf61c7448e6
SHA1 68e362072581dfd62a1ecccd8754e730698234c0
SHA256 175898e1beeb10913ffacf1e3a3e20dc50a0b6a5925ac417f0e896497ad0b540
SHA512 4001cffdedefe3512d408d1b6ee731de29651f3c13f5fe3e4a722d8c04951ba31fecb33f51af99547855e112adae5d84bf295b64a6167e64305660d72c2cf6e6

C:\Users\Admin\AppData\Local\Temp\Tar452F.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab451C.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar462E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7ab41369509ad9c9fa20bd14a0b25428
SHA1 d3674238591fed8b63bac0619f04031492ec6c30
SHA256 f41f52f6a16c67ebaa8fb27235402a7c60650f9b6ec5729fcaee1cca34668b18
SHA512 e3f1687ca6d9979c37f9dd3bddd2bc843da89ccc3f014de0d0ac449484bf134139a340c1d3051270c8ce66c4ba2e98e49bb043dd0de125b8d2b0c2c46af5efcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cbc1a1f10a1f6a9feda1242fa1124d45
SHA1 f8f360a0858ffe2f51a75b3332975435203e49b7
SHA256 77160b6d0d58221a5a68024f942c9b40236395f99b071ef9fa3956428a92e985
SHA512 86a9339811f041b86d6390f37fa3b41ee4507d44cb7a53b70ac43a78624fff8e19df3e385f0a40dfd7433ffcebcc0b4669174917c7370697409637a039d873ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1b59df83f2faff67c63c5ec31f3b1062
SHA1 734f477464c7af50c8486350f47617d082ab43da
SHA256 13c9197fe805aed5d307c2d7a938431c53dc73f629cc1e80a14c0541b9be8a76
SHA512 a6f2a4c1371aafb9f5257915fdd7835a1060df0b920b902bafd828be23d17d17d990e3779fc5b3cc0d2f40faa2b0a71340d4c6ad6a515c0e3008bb46bd27ee70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b808550c8603d6a5a4e62172492142c2
SHA1 abd58367e649af7e20b7eec0b435ae7bb1533c39
SHA256 276a768e0af4219075c4c1e3b0b65df4b503370ef4fa878eb21d63b9aaa121ba
SHA512 2b64fdbe5af7bb0316827a1c8fdc17f55e57ea064e820c4078473591fc3bbcd4461ab05c81bb972f4bd4194454939a49039233231bbcfd7da8095b2635caaad3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b02fbfc7371b3f851553819a3266c93
SHA1 d92411f426d01d1ea528e028a324c85ae5afa0d8
SHA256 3ec628223b1ba19d35c43873ceacb8128b4bc206d69f85632184c2b22c5892b9
SHA512 6ec9e303b09b496b7b0875b119471343170697f5d6cd5023df4a5ce7d445c36a56a00f0adeb72da9fe9527e5b29de49bf52b7f7bbdbe8e2db15f4464074777c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9b9fde35d8b6bde20f89b35285037ddf
SHA1 21cf41dd3a0587f04d49b37299fc61012d940c03
SHA256 921fbf2f8ba431ba7d8d5ec9c785a65599e2d38f12589c9eedee7ba3ef23d221
SHA512 6cea85971eb4d31c3b507b7e91d01326e73fce0472e208c137d3fa461258c647971376ea7851589e9e75bd9e61e545c0edf8568a96b88c791f6acdad0f76afe2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b6d1eb6359c97bd08e4a1d2a027c3384
SHA1 a07f83b606bc185929089d65b037abbe04e1cf30
SHA256 376f0fc1e2b963236b1878ff2db84469f3ee41dbed00db24ccee32c35bd87e8b
SHA512 34a948c28788ef9adf4e2e184fb43de317993b968d36b322702b527b7ccc5d3596be0e9c8dcf26f48b34be0d218acd7598acac5ffb4d5967aab717ace652aa5d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 277ca688a184d6eaec1a286eb064ad8c
SHA1 2f10cdfc6cd9431b5d61f8a228fdfbc0b57c22c4
SHA256 aeae206b16150b7e508d36ac93a41c3ccae7beefae8d836df0e09fe2f790ed46
SHA512 a87295a719ffe21b5c93f207f3696f3c2eb87cdebd1f35513cca751dad3e5f5e889fd0cbe4c837a9c693b989f7adf9171218b870d295886c6a585e9ad1734de6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a7026b9065bcd7cf740602d01666037
SHA1 b6ee00850afc4d5ca695fff2849f8d6995e4323f
SHA256 77cbf8439dffccef0c45d2f88d198288dbfaa81a885cf6341ad89c0207fa2119
SHA512 195cf77eabbee4d8f165a23188adeee0a4551eeea7c14e4239ad47f1e5e23f4b61a9af288484bfb65677abfdc417dbb375df89dc5ed065fd535638a2ce02fd27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83d702efc796ddac4bb9f4d799c80f2f
SHA1 032f94cfb9fab9afcc5604af1b0075333ea6b9a2
SHA256 c41da64ede143124ab2a085fd193f8aab00a685c8bacfe62fb1f741b727dd6da
SHA512 edd14d0499031805aa461b151bae6d035492690d5b927a3433d23adac9becb414bc1e21efa8bd0d5f600159dc2411bf9634f949af71c4c41bc2017b381a0a8ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 9f71ebd0aa094955d5e7f129a5d935c3
SHA1 5dcbb5ce2fb0137637bce88c7d6250358bdfab6d
SHA256 2bcbf4407463e3239af44f739a9298e35419f81b22e66e4360589b99370da11d
SHA512 5bb377cf517ce62ee862c0990cebb931b11949e895b49892a31584a4669d3f51533d9493f7711da0d53bc1ab7630b94ceb802fb09bf9d660216e235c8eb58a2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c36f6076af0aef416d1ab2fdcc4fce6f
SHA1 2670b584f51b99fa6e11337db779aa06d72f1967
SHA256 084f59ed6f0e69127a52aed42aed3945b125cf6ca78a9767e8c55e5e96ca6e97
SHA512 14b6ba4af2e400e5f3ccb3df7397d0b723ea23f863f96aa0b48d725d220a755af6232806c2654a824bf36f94484d642fdad43d3a0cb3d44a910727c71105b163

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07dcf865fbc7f8e03f8d394647cbeacf
SHA1 2c4ec8de3374c50154d002ee19dfbd2151cd1608
SHA256 4e513fd4ef1a4d42aa990f6b20c1c53015d1ff763e7e6d1feee51aae7628cdd8
SHA512 f672355b044282fb83274a54896fab454339751da684def6d26dbe6c7ab32083c0478bbef42b1b0adc1f24d6e34bac66c236425d6a1c168dff6a0df79912488d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b595aeba1fd321ab9cfabcf16409a137
SHA1 0b1dfd4bf77d0f52ef611beeecf88142f2189402
SHA256 9726d1fb4f94cdaf274311ffff1c55fbfd697f73e1244cdb18317c149c518fd0
SHA512 e68408fe08ea82b249e9f156da423815c7c7c172072be8e8a4278677e75567a60847889068ad83d7049c72e6afac408b833f919b326c8d8d3f15af88706a887e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 54dd7cc2acf681cff1998fe3c0bf692d
SHA1 ba8ff144a93c643ee8ff811668f6932a3470893e
SHA256 c4cd15d2d72fbeba62e682442f1218779ab45ce5157b8e7d85d2b5ad0dcc7bee
SHA512 d3e0cf9c74f84ed6372292f45559beceead16a9ba999e9986b927960717ecbe17d3fb6652a6724779ddf5e902aa1b48820ff1f24a6d8a4143a4167f6a996352c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b343b3b42228f4ca54d90bf0cb0601f
SHA1 9640251f732e31357f4514ea5409af349f1195ff
SHA256 18f7bbe534bbdb00945d9d40bc5cb12b80fe81c3360404e4fe166196ed589be5
SHA512 29359c278611010fbca0e2d028d3ce69cc5dc37c1ecb4a375f45f6d734f0cd4bf6329a75c11dd112c3a0637e25bfb4e4afba1ea55fb05a9b391f899021458ef0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9483f3a4da0cfabc4cda6dfe3e26ff7d
SHA1 2c75d4cfd4c592c30400e437bd51c12c9dcbd429
SHA256 304844d19adcc54f25f4339c3095edb7ffcdca077431b81b9776d2a0a2a58c3f
SHA512 d2280feb571880fc0ac96baa3815f805e60ef02cff4fd2dd7044346974fcb687fe0f74777f137cc42075cb594ef61098eac040ff20283667efd9709be6ed7227

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89258a91e523e80355d1f88a2c6cf613
SHA1 d1fd59c3636b3804068e26ab735fa8a7bdddee52
SHA256 b479e4cb3dbe691a1dd7dd4e8bc780f216621e9ccf16ec154cc10db25fd0c969
SHA512 47b3101bd63f472d7acb9532019ec463d816ba99fe42aaa9c1a0e6304d50b629211c46ca20f48c8e83eacd5dfd43e6bcb03ebac661fb7a9d074d7b7a531bfd22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b05adc6184618bd01cd1efffe2cf8bc6
SHA1 f83872b92a9a3be0db8218efee071c7e236960e9
SHA256 1647341c8f569c425d3d142fc4b000841ae766bee5ca23c8b1496d6c4f682271
SHA512 904d9b5c3d835c18c845108370723b2676e1616b32054fb539cd2747d6e942fe84c6c737747d8eda1795e83513293d1df43ffa4d2cb9b43040674112d9fabb63

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 15:55

Reported

2024-06-03 15:58

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\92592750188d53233ec4842315c4501a_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\92592750188d53233ec4842315c4501a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3780 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3720 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4976 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5736 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5516 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6244 --field-trial-handle=2280,i,11703952675008463361,17436195144517971517,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 2.17.251.4:443 bzib.nelreports.net tcp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 ww1.fmuteam.com udp
US 8.8.8.8:53 ww1.fmuteam.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 ww1.fmuteam.com udp
GB 142.250.187.238:443 www.adsensecustomsearchads.com udp
US 8.8.8.8:53 ww1.fmuteam.com udp
US 8.8.8.8:53 ww1.fmuteam.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 23.177.190.20.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp

Files

N/A