Malware Analysis Report

2025-01-18 00:03

Sample ID 240603-tdetqacg56
Target 9259adc0f1731b788beb3ef1237ecd85_JaffaCakes118
SHA256 b734166461a57a9c72689ea294b8d266c79f082871af11abcb58dc13ef6b61d2
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b734166461a57a9c72689ea294b8d266c79f082871af11abcb58dc13ef6b61d2

Threat Level: No (potentially) malicious behavior was detected

The file 9259adc0f1731b788beb3ef1237ecd85_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 15:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 15:56

Reported

2024-06-03 15:58

Platform

win7-20240221-en

Max time kernel

117s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9259adc0f1731b788beb3ef1237ecd85_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 6017eea7ceb5da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f1aecdcde40c5d40b4094c328066fa930000000002000000000010660000000100002000000025f85d9d6a65a5872fdc19b8e946061b8f58c4b9907b254aafddf2a44c5469cf000000000e8000000002000020000000cde1f6e2aea9c2bc566372f0a03426ca0b0f21b6b5d4ea37641c1ca1fe48a9d090000000588e7d9c2ca3ef4ac28371be84670351a8b9d21d2ff7ab7425d643c18827450c0709d6cd75cf438267eef15f783d90f5490994ea8e70b0f17ae4c837fc76364fcc0e7036f37f466d60d286c89444858919f2e8c5a1f4b6c366db86d157e307eff7e941b2aa40fa832b53fca11596cfd703f9a23a9df0c4f5f0b0726cc33c9c14fb6518c9fdaa0534fbefef5034de8c1840000000fb0f2aa4ba1a1a1235e2dbbb27e75cc6a28a6e3be8a06aa255013dc68ee0536bcff721740e50e89ef2ec334f42aac3d7b0dc54af5c0f88c3f9ed41d6c80b0bcc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CECAD211-21C1-11EF-AB07-4AE872E97954} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000f1aecdcde40c5d40b4094c328066fa9300000000020000000000106600000001000020000000052cbe65d19b36906e20762a3a1040de10a5a30b3e50bd0dac4b6aa3c8972c66000000000e80000000020000200000006676ac2846fc89e97b19300f38798b7c0c8dd14e85bcdd5a9cc0cd468595b543200000001220bbf7ef82d2c36eb329e9e80bdde00a96a37ec168df814827ec73c15b0ba940000000cd0fd562cff62b2e556a277870a46c8518310b08f998ce0ddfd91e055d5467f85e19b2ec089236c77b593c830889263370dfccb5e924c45e961b2ffaa0cbcc48 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423592043" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\9259adc0f1731b788beb3ef1237ecd85_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2056 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ag8aq.cn udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5D8E.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 28afe86b83b259a0374754531381ae1b
SHA1 fb052a63c145debd74e37b54a2310c5b45879217
SHA256 863dfbb89fdd5a4d71f7a6335b3492808dfe81b5cdae055b90f08f16816ac80b
SHA512 d7fa74bc065c26ac96b13ceb505291a6e42c1b661e766e9ccf4e688b9639ee0caee223cee1641f9400d92272a2c569537d6409ce930f916875fb1a955ecb2b72

C:\Users\Admin\AppData\Local\Temp\Tar5E7F.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4647439d83307ab5e1f454610587d118
SHA1 934f3c31c66e28598fedf3286e95537998667b10
SHA256 a463af7442fccc61fc9791424fd5bdd775da00864709c8e5b1c367caa6553139
SHA512 40816b445c0c672a32025c1456f3b858674c05624c58e94a3e576108a386d13d4593285f68619fe6522d012684608aecfc800efd125008530d37c43c94ef0b9d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bdb5c0819cd0beb903d2dada07be3581
SHA1 d983a541013d729842d79b90d57dcd7b4f1fb03c
SHA256 1bcc5ca6bea12d3f815dc5fd8c4bfd2c090595d4e60d4c345036151dbdf6745c
SHA512 8b19934e60891c5beb2862a07e0ac7640554181ddf317f8f1405d250a07655b96da2e2c8a38779b94c2dade28dbe3ee257e526e58738acbdaa7d5ae994fb986e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1611aba628437f090d219fd868667db0
SHA1 ea69d7c1aa281c3851444790733007260ceccd3e
SHA256 c8ca44e2b2d14c2fb8772a3a7feeb91d5b9ed98dfe3603be481bdfc3476d252e
SHA512 8f8e005dcf0ee11fe381b73be704efea0074a7ed6973993907f4e25db094d25f721e075081da9ee6418b406db84050d3f3de526c9fc7d398382004188aa5c3c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1df6cc1a3b203f89b1adbf3e214cfab7
SHA1 b525d1e8e61d2f93c4b6620db770460b32f243b1
SHA256 b66331e3f9b48d16d57ba3d852796194b35f5c18c82b341f878702d1b65afb8b
SHA512 d575f233c4b324311879b636648aa655ae1eea8bb0ed21261dc976bfabea922d9d9ff1afa142a4b8bbf4044b95ace211861f46eb61b6174400fbd5be4ca31853

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a33b3fb7bea9ac2ebd405324e0856e10
SHA1 b07b8e5eb31db7e9890b42e34104200e329448dd
SHA256 3d716e7bb6dda2e81896bb37c8c32f3cd51392cc910e924185c417dc371a47a6
SHA512 960273816ad452754a8a24f6a51c29cd57aac07d5837a8e68e6dfd24abed3979d9346c1a611b404d7f916d001fac5035d1a2ba7a82d02f46f6bb1f31cad93f64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab78aeaa26000871a53b5781cf023f29
SHA1 5c5be5a77861d50820898ae2dead043e2a702bab
SHA256 02451bbe32b4f252a8b81c8fc8d029b4b47ec59cbd2d6c2e980a6c16695e73fd
SHA512 691933a84224ea28b39096c053cb4b6f03acc13c90f666b00be7d03b50f737af7fd8a7e75657d6175a82114db55eb1f6afabfc842751bfe138164c56679113c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96bda854514841b784d43d3509027fb8
SHA1 2b0eeb9a98e04cf9e398602fd33f5a7c0cca77c4
SHA256 1a0f8ef58f3c244e20aa4c4c46e523243977548e1977e0072bda713857fe2695
SHA512 8e5b61162b9cceb01a44aad7289de3f779c45c92f6e76c58815aa92e6267127175793561ccf3816c38274a1c2df69a7fd0af52d9f9a7b0633f2d638418df9544

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4747b61334f2a7a306aeb31561740799
SHA1 94e8f80fb723af54b91426b6348103c01a9f871d
SHA256 edd90cd4052c446c9e9451b007e3f7de84dab67169db71b14797d7f75a9c18af
SHA512 634f22be638a9e3c479f14db7fd48882889e192b67f2ffc546c5d268983660d9aec1b6970b53d6c9e51f6ee46bf219745bb6c86225969184944ff7708f2af1be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 763e78eee7a4bdc4cfac4064668e2c96
SHA1 7640608565fb6442161afa01f0106ac418d3bb66
SHA256 84f470a3c8930624d2803e1c97ef52b8e665f2cf656cccc87a1a439a7e652667
SHA512 cc23d0ce42aa0d6c7ae0abfd06a1b27c2825aea79c7093a331d21d12157dce87b3faea6c89d0037ad78de79399241df1f40ff40a3c48e66b8a0c745d41cd0da0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88e2fb647bbacaf871774c765704fb58
SHA1 936d8cabdf3329b1b41c5f480d5fffd38c2a1cfc
SHA256 bcef1e039f16f889c05e092318a283d91f547c076f5e0cfaba64afc32fc8210c
SHA512 d2609f8dcd3b410f29a89c3193e5d141b9ebbf2f8c4ab8e3ac4035be0c7168ef4e854cc48fab492dce39f4a4298f925e244290e474eb54fa279775e3cb7bebcf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad40341b4ebf61e2c380049b62fef526
SHA1 3ac5112fdff94727ca7d53726ff96d2ce60d41ca
SHA256 81d541169e9b1d7f9c1a11a2a3c7e105f5d9687523abdceade035170b2bb1899
SHA512 93c095e29899dc97817193ba57ffeeb463658646eae7efdee015258eeee85f58f5061b8c95c292a1b5337c2eeb16fe2975894c1dbc4c8da17bceda867bbeed7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83772040904e4568856614184b6c77ea
SHA1 587efc6d5eb5b1698f80af4292d28814a7529cfa
SHA256 3402bb8c96faa26cf12890cbb15b8565201f2e126abad284fe8bacf4fe2f9440
SHA512 52b532f294e16d606fb56962361bced759ecb68e49d9c707e0def1bbe5b837ee3d76e1f5fddd25e3f0d779f8e12c81639724f3e6360c2b9d4af47564b1cc3a45

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95182a17c39fc27ac7e6cb7f89c836f5
SHA1 bfe013125b40756efabeaaadfbc1b195c308084c
SHA256 447d5a9217a548f915827978dd9bf5666c17f25c61352ba264c63443e9ecc624
SHA512 c6fc6f1f8d4daaa07c5cc9e8bd4fc969d00cf5c7742caae62bb54217631b66192f8d83a66a6f387a7b7b5a06f860714b8654836d63a2ec56b6b2a3dc247edde2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f898afd361b8b11282ea0e94463698cb
SHA1 9938c86d71251c23be448558f75acf55c57c29ad
SHA256 74aa28236e16ea2838043c37787f7493a4ce8794a6f29551b570a590f69470ba
SHA512 cd2386ca9ffdce788602bd6719dbbbfa3332dd064415aa3b66c0f108e237d5dd75a76066c796c755251e2e263a464a9d796d2d3f5f6b10b0fef8191f32236646

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cccff823b247709ca51bed281234c5c1
SHA1 fc7b475f88e370532a8a12565e6fc3e08e49295a
SHA256 90b2f91acf202338e0346b2e963d082cedf87820dfe1cea2458e612a22b50a45
SHA512 a1975c2d1fe741f8ca02b26ff0b32144b8eeafe53c69273805b771b267ed943b1f5f2140a7f20e0740539130d00981dfc6a49952a97db7079ed39a85bde18573

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38d624c972fd3c3a49f6a94487bb0136
SHA1 7fb8fc93f408c1f0eda111bb42547b967bce2aa6
SHA256 21d8e2a13c9628dc1320c7f2dd15f3523fd87489570f993d6dfae8b2720c2693
SHA512 9d3d47e48538b140bc09d3dab4f8a69114fe3dc0e7c4a7de91ee841b99a64aa9f5b252aa22ecfa9b0bc63022f22601442b8560bf8ffaec55c979a7739a4da380

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32fdd439b26d6ada7990e97b388380c7
SHA1 da3b39f7cfd3c0a84b9457e78ff4d3caec7ea65b
SHA256 e17dc8ff10b568f4f88311dd65c1376b986b47f38880b0b8a75b48864f36b472
SHA512 a53ba71d80b8c8acb9a9e7eb4165583b69f1937ee9c49b082b930f71ff6cc6217a06f8045c9ea5837de32113cb868fbcee33e9777e96b6463873449aa863aec1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc5bc7f55cbd92fb5b6c2e62260a7cc9
SHA1 da88075ecf544c1be32f9c98abe71264d4dfd92d
SHA256 0147758a837ed073d29af5adc0a53fa9df3b1c6654606a51b566adcdb77446ca
SHA512 bf93aefdf6e87b9de66c3fb9dc24acf468b1b67c2d59409f34cfe6471af8e3dad520a5b056412d4320d3437603baabdd867fc026e6919c7bc9c212933f850d46

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 15:56

Reported

2024-06-03 15:58

Platform

win10v2004-20240508-en

Max time kernel

135s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9259adc0f1731b788beb3ef1237ecd85_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9259adc0f1731b788beb3ef1237ecd85_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1300,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4292,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5276,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5328,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5348,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5856,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5812,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=6332,i,14486271492189381216,15799931579469722648,262144 --variations-seed-version --mojo-platform-channel-handle=3280 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.21.17.194:443 www.microsoft.com tcp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 16.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 194.17.21.2.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp

Files

N/A