Malware Analysis Report

2025-04-14 04:40

Sample ID 240612-3r38xawaqg
Target a2fdaba2bb59a51597ccd7c8f8aac8f9_JaffaCakes118
SHA256 85f16f09b87cebec2421dae87dea31504c8206a9b178d56c0035464eff14e657
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

85f16f09b87cebec2421dae87dea31504c8206a9b178d56c0035464eff14e657

Threat Level: No (potentially) malicious behavior was detected

The file a2fdaba2bb59a51597ccd7c8f8aac8f9_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 23:45

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 23:45

Reported

2024-06-12 23:48

Platform

win7-20231129-en

Max time kernel

140s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fdaba2bb59a51597ccd7c8f8aac8f9_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2061a7d108cc14ea35d44cd68f803e5000000000200000000001066000000010000200000006c241fbde3ad8a26b6aaf1251fe9fb97ddf77e76da0243ea1b6f419cc7b0a3f9000000000e8000000002000020000000675a2cd7676bdbc4cec67e0f7eb47ae5d6466bb402331ddec19c32e7622caf282000000079411be6b116e5898f4e51a4282f2dd75374b02bdb1df9632603bb7f7f12a1c340000000a0f70f9efdd71ce3989f716ea7df78feb69ac3d25d0b92db606655767ac3afad84c8d5665fed9e9338fbf9f1505a41e151c00ffa6a4002e784e3af619ceb8c71 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e2061a7d108cc14ea35d44cd68f803e5000000000200000000001066000000010000200000006f7769d10d757e8ee18485b76f36a56bacd2509587d579da4dc36c74f1f1f457000000000e80000000020000200000001547b9937cd4ed4ee622434ef25b31b509e5b89d2a0e8e7f5a8a33fdbf3bce69900000001b639d542048383b3d862bd312d8d0a15227139f1258f10a604b370ede611b8bc8b43d994c15cfadd7296044e9def25687e6f3a2066615be6b3742fc7d0e65b93a09b82cbb7746eb262f960b82edefd7591f79a979c4f052c8c833a9faa5cb48c87e7238d2bfcb9c1910cdc392459e42bae83c56234ccf8ce448844214b462e0360d6e00ad04cde45403f95127ab62dd40000000e078c30df366967d9f13774246bd046c3b1ea7531a2fdaa8a0cb95adbb0cd3697ce6a93ce6fdacd04cc9ef33a10fe72eb98d50ff0acf22e783d25e05a33e9709 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E3B7F2B1-2915-11EF-B69B-6AA5205CD920} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 903704b922bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424397813" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a2fdaba2bb59a51597ccd7c8f8aac8f9_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1368 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 js.saleslimhk.com udp
US 8.8.8.8:53 www.expression20-20.com udp
US 8.8.8.8:53 www.heatwiseplumbing.com udp
GB 5.134.14.38:80 www.heatwiseplumbing.com tcp
GB 5.134.14.38:80 www.heatwiseplumbing.com tcp
GB 5.134.14.38:443 www.heatwiseplumbing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.97:80 www.bing.com tcp
NL 23.62.61.97:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2C30.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2D6D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f3a99a2eb18c4acb8534671b8a2adc2
SHA1 fca4adc759fee8a4be1091f069289c725a0b7523
SHA256 ea9432b5a7cf831e22b3e7190b795c6594d7a2f6d1ede3804c57ad96804d5706
SHA512 a66dc9d897afcd8c3d0978366d1cbb61341ab52b5e216d78e08e8b2219d65ff4be080ed2f7dbb9fcd576e9d423dfa322ab1b9dda19113a88d41912e720c211cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8509b7fc077c914460f382c32710733c
SHA1 9656ebcd763509a0c58629d4ca31414cd995b055
SHA256 6c8f3c428576630ccace6ef289296a225d03d1ad9dbc328e1093cbd69c10f20d
SHA512 fc5ce8dad9ea11c54fb08ac8076e50ea118934f92ab9fbc87668b200b25a17de2934317d4a2fc41022fac64b9a38b6e03a48082a2fce4248c14d1514b4a91dbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6036ed609627f3b4f34199d5ed70ba7b
SHA1 b9eaf237079ff1e727ed843d64bf225d35ab452a
SHA256 27be9bf5538e5e5c02a29afd22c3e4a8a5fec8668f29a21df2a60f45cc89b65f
SHA512 f4da958389cbe49a6e67802dce4896718cdcad64d7bdaedea196f4efca482f5705badd277d37dcb816aafe4bc4b5c9aa6e104b797ad8444003acc55b9c0c7450

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 befc68c85effe248c15f5033ccef13c8
SHA1 b9a54eaeaa73fce12e2c8aae92cd01bc4d8c6a0c
SHA256 bb4fe3f13fff57da199c203f0c47c243e16cdb8ca9f7ead42cb5737f8e2220e2
SHA512 530ebd4cbfd1f3bd80698351bb02d50c0fe87bcd4d176168a6c1218c7eef74acb2f8dc5a8930317b6c32df4523a5d058bc68b3daa7226586ad7b86de52f38ca8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 499fcac606156194d45efe2b79d7cde3
SHA1 1bd68a6dbd33c52482620c8d27df2fc8403a2f60
SHA256 ab1ad0620cec64f522e072bb97499e26306ed6f52fa91dd76ac55f3dbf7aefec
SHA512 7073ab9330c9cf6ad95922da77125b26ce63796405564ed26f0174a70633a02c5a737012132a7f96711fe12fca8c98a64746fc7d171f4d4a65923f9f3b334c8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 beb4467d58e8f3de5d5d4306ab36945c
SHA1 5c935e3e92abf752a9068120874c374665b60790
SHA256 ddb527cd5bc7de33374dbfc6f5a2f9e56b8e7dbcda229f21ab92c74e1ea495ba
SHA512 ee6b9fd92d5876728c4ee7f30541be9dbbc02f6821d05f5cccab29b79d5ebbb45e0a4b466d9abdf6374b6d32037d1cb0c313b02a8ca0d4b79258c5fa785a8b05

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8295cf16c183531b79cefe12a9761a12
SHA1 b4a5fa207949c92b73dd8bde5d111d70ecb76a71
SHA256 89e0173de64bca50d47f5b350d439354c5d06648ae879afeccaa97d32eadc2b5
SHA512 c405b893935b6b73ecfd197d2daed5445ed23c9ff5508a2d45c4d7843a54ade78ebc02fc8b22859f5bf8a65cce69ffadc4f0921665c4bbb4c6e6223bbbd7bdb5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 fc165d136eb2b8a6eaecbd60487e9eaf
SHA1 dc730ba309ed41af7bc40db8cad7f3b12f04f796
SHA256 e147dcc54d6e074b1ce6fe989ebbe6d07addfa478987c7d50e95a3b4ca6a84e3
SHA512 02f165103900943667aea30b9d06a81e57c9b6cc153bbe86b07820cd3a13a43727195b1c6310667ac1fa8b28f50c32ecab814a6642d39cc60668a04847ee4e3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b6d062680c2458b99b46e1e92460a6b
SHA1 f4b5f46f619f8eeb89102c3e2deff0f37694bdb7
SHA256 0935e3b848366166aefcbb6b55fb466dec64c467e0b5bff59c6c73461995f660
SHA512 091049fa7e0903078024c2ae5b63c7056ce67ed6bfdc4daf381b134027ecc2ef7226c722181b03bcffb0f3b5719b2fa5475fb6d6d2f8ee6156c872f84f066cf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf04174b58f1f7069e0fd47d2788eb0d
SHA1 06db4b18251b0335314d6313aa3220026decc843
SHA256 7531807c08168942204f87d804ceed75e8ab8e851b28ac3199e624ffd294dd5f
SHA512 917c5e8e0f7ea526ca1a65b86c0dcec54ad1253a722fddf08400ca283de24a92bf9d09366efe97ef043132049a0bda4b5bd07f9e6b60d9f75979b620d2ff2295

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60fe4461b070a598e7b9685e3882418f
SHA1 8bb5a8e8101f3a0c6909d387e7744abe45d330de
SHA256 915978c76559987366ec809cb424cdacfeb38c27b8248c4d57b150e87963f4ed
SHA512 aad3c8919573b9cf0f7b95be29bf05dea5114316c565594ec867ed6a4aceb9d0012bba32911bba05768c923891ca3ee036e611a4c94eee8ef5ce2953f293d138

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b6db2c7cebb36a07c3762a3ab16b623
SHA1 17efd9b79805c16f55d157ddac012d3ecd2a3218
SHA256 229deeba6a23cfdf6f922b39625c483a1f8601e5f3aefdeb41b42b916f7716b7
SHA512 c31557ad7d1bc8f62bb94ee43b76aeafb6fbcfcc0725fce9d2dbfd981535a1fc9112246dd0ae5057f76e73c3fd5222f4e5732fb42181545cf5d9cd0d11355ffb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e159c126092043558a75121b3fcbb6da
SHA1 1c98c0949cec615131939c2508b6ab643cffc752
SHA256 ffde7049a95dc0309c7ed8f531c3a13553ffbcd391c4ad1e50ce5aeeb85e9db6
SHA512 5c49d0030a34342f687a2fbce5d6ff8ae2e280134092bb055c4effabacc66cf9f8ddba63d19b1d0423d3c33c7b87ecfbd8b61331a84c9cb985ac29f9b546703c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b135d72c18b6d98a3d7fd0e724cc3011
SHA1 78c0bc96c7df68b349af73d950950c53ae28b782
SHA256 28c6a56965dfbef602de6495ccd1f195e4afefee7938131bcdbda727dff544c0
SHA512 57fc6b5e0a0853c2ad52626755482b5edf46651cbdecc9fc0ba9b90a3882d334069fea93214c600465f001e4874d9aa0c211f77e0bbc9bee98ea6eb228af54b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 caf937482b2bef707f008a7456e4127f
SHA1 b60d078b91ae42caec445dea61f86ab516ef60f2
SHA256 e40fe95a365822100944f2e4d69a216c2fcc629193b2eb5890cbb531e73d09ae
SHA512 063831f113288ea6c91d931dadc21266e67c29b851e2f677fc61383c3d11e00ed8bac5a985f133244c11b64be976b795029ee1c9145516f05df000e290ff1628

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fd29c9ead3902c75110680d218b3868
SHA1 149065e9dc2c718de48d7aa35cdd153b8fd53b85
SHA256 084bbcef25c921b07f408b8744c087881f67ff5462702210438e2c24c26d8aaa
SHA512 efcbbd633806a3361f80801a75530b4208e63ca169384a239ea1de4a9db8e4b1da31f42ea614f5717a1c6f687a852c4953f6a4752af4078187eb4f796ef9eaad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7ce9d0730d546c54f355846171b9902
SHA1 7c162d29dbb02c34ac6a2df92434736cbc7004ce
SHA256 9985cf2ee745ee6a0c38d2c57b3373bb0166cdab2d5b78eb46ccae1b73f3916d
SHA512 80be5aa7956661f7e9baa82e91dce107268e14395335cdd756d942e012546ede42ade16cf3b3acf53a22f94e2630f789d8c78ce6131f120caadd2552e097c463

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f60468ea66720a4c298410b3fbccfe31
SHA1 7f217a95b2203887ddc4875dbcea1a7d47f25ebc
SHA256 a53a9ed2465ea3c277373a3894f46bcc93072a35b205c0041ca1bafd47ce65a3
SHA512 9e24c24c16a02991fe2b4bf87850752616045d16c7552fc8168cd7a65d48b8e1b5ced6a81693897e61f487eaf5d2f0655763c56303543207db07b1b0717096b2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 710daaa80c09751c9cb7d39b43faeb18
SHA1 6e6032e419d7af5433e2fbcd849c7f326e7a86c0
SHA256 4af8dd1f8455be4b926479e539a1dc819080220bb7be8236880ef66d0833f214
SHA512 0109d5b9d9c9a836645b9ff0bcbef8ef926598ebd120c0abf1529d9ff1f39ec5f0fdcc7eba6d943299d446a9637a9280f8b1304ac938dfc8821f1866d1b32392

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3044d48ccf628db0ee006404f8337c1f
SHA1 89e657642e3c19414bf4f5d00f9afba48dc4633d
SHA256 af47a4e20398d3aab0069e3d16cd126f4bae0d9eaae392e281c51d7c39016e85
SHA512 5d2d6ec8ab860c549537b464899ffb811cd099fb033d02f849834074765185aff548ff36f0e9bebfa228ed7fb85ea6e60d3a318af011269515623387a095e204

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9161f1df7d63d786b9353d09bb530fec
SHA1 1b0cf85f6940ec4c452652a915a154f89cda7e23
SHA256 e3c445b8db34396bd87fcc18fe71a2ceb7c305160507a6605b4f262550121874
SHA512 caf342dce98ba89f3f65cb7e6e39a984d4cd372e4269b4e70f285eaf888b9879ced621c012c17e3deb0720b1b209540756a40ab234a5b05f9df4ba3bdf74a361

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 23:45

Reported

2024-06-12 23:48

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fdaba2bb59a51597ccd7c8f8aac8f9_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2fdaba2bb59a51597ccd7c8f8aac8f9_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3980,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4132,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4236,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5452,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5472,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5908,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5652,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4144,i,1067197275908310731,12785105794523264014,262144 --variations-seed-version --mojo-platform-channel-handle=3864 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 js.saleslimhk.com udp
US 8.8.8.8:53 js.saleslimhk.com udp
US 8.8.8.8:53 www.expression20-20.com udp
US 8.8.8.8:53 www.expression20-20.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 js.saleslimhk.com udp
US 8.8.8.8:53 js.saleslimhk.com udp
US 8.8.8.8:53 www.expression20-20.com udp
US 8.8.8.8:53 www.expression20-20.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 js.saleslimhk.com udp
US 8.8.8.8:53 www.expression20-20.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.expression20-20.com udp
US 8.8.8.8:53 www.expression20-20.com udp
US 8.8.8.8:53 js.saleslimhk.com udp
US 8.8.8.8:53 js.saleslimhk.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.expression20-20.com udp
US 8.8.8.8:53 www.expression20-20.com udp
US 8.8.8.8:53 js.saleslimhk.com udp
US 8.8.8.8:53 js.saleslimhk.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.expression20-20.com udp
US 8.8.8.8:53 js.saleslimhk.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A