Malware Analysis Report

2025-04-14 03:48

Sample ID 240612-sy4g5szfja
Target a12af99b372b9c08c12689534c9b2e4c_JaffaCakes118
SHA256 e9cff5ae1c2d7488d5bdeb2117909b25863ccf5d1b16dfa786b5809711d4b684
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e9cff5ae1c2d7488d5bdeb2117909b25863ccf5d1b16dfa786b5809711d4b684

Threat Level: No (potentially) malicious behavior was detected

The file a12af99b372b9c08c12689534c9b2e4c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 15:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 15:32

Reported

2024-06-12 15:35

Platform

win7-20240611-en

Max time kernel

120s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a12af99b372b9c08c12689534c9b2e4c_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0B369891-28D1-11EF-A5CD-D671A15513D2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424368245" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000dc2c81dd33fb06b13a7d731e24974ace0b39988fcdb297250122b375a1c9eaa6000000000e800000000200002000000022904b7f9e70f666d1f392a26b019f94567773561c93aa498730d88352080800900000005c0a9c3a3b6d08fddb3542db6251adc05d260407f4d139b6a74561fe7ac39fc351d07dc420074113a64214f9860a99b0dea574e8c6bccb7a09419417574e62640c707b3c63c068679edea64c25f64e41e40813dbc331ded5acd744282560f7a7c1b8e2e55023cd202f11d5875d40dee4ede01bd9db06eccaa25005af5030020b3ac22826e70ae8e31baffbeba725626e400000005abdd992f9433559aaed19ef8887cdb05dd2ed3ec9a6c423f9f31ee3607aaaa505fed249c48155d88b110db9a846065042a3f0bbc3b28bdded7404115ed4531c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 707bc2dfddbcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000084810b95bb76928ffff10a660d938202a6692125ae3c90b65f35b25c97d0947f000000000e8000000002000020000000c8503a5272b439488785098423bc519fdd8de7e6f29361f8c29464da973da953200000007764fd989367f69ec093947b566b540d4ea195efedc748e4f95bd4a7fbd9dcc140000000b78081aee89164ed35ffeaf6f857c8723c3a5ee641ddabc3ad51aac49c85a89e31e6748ddcb9335e55b8771d8753751a5cc52575cd535d1790d0c3995ad331a0 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a12af99b372b9c08c12689534c9b2e4c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3A26.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3AD5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a8fba5487ed9cfd68294a72e1effeb0
SHA1 3d9496e5f22587b00a888f73402d9683a5255336
SHA256 579d695fad86d0a96f811d77c7095fd8b61af2c5af503975f3c7254bf49ba04c
SHA512 ff71eef521c09c080cc2f3ae615abfe1c9875519668f2a873ba92860cb83f592cc68331d2ecc50809986be8c7916444c4874f357c99b04bc2f95205303b18f80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c58f73bff30f52535a76fee3f6374b65
SHA1 9fe1d56c4224046b84a2d7c3d05b05b4a3820c53
SHA256 abf28b09562bf485d8b68a349c6ef11222e5dc451f25f8620357b8f091ca4fff
SHA512 385625b942f1d219fac1948b8c65344d7686a0ba23c9760600a0b292c2c2eb4726e8824db1b3ed97718f4282fc9edc058c3578419f08c8ef22d2c82cebd4b419

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a7025e915836a748cdd285cae4dff7a
SHA1 a512338f68699cc6444308f9f36dd36273616e0a
SHA256 08f3309792e479abcb2fe4efa3577686a882cf8f42bf161edbade37fc06fa5e9
SHA512 79d8dd680c0428e5f746e35a264d814914cda72079a2b593777d57ea302df48152dd8225e71318e1f68ee932017f65f861e517348ce296c40d3a45dac07657d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f2358449e55059af7e49ce708a91b25
SHA1 61a2c6abdefeb5df4191ef514de5e6afdd3bd3ca
SHA256 bb837da11a3ebbb472e5f8337eacbaa30264a603b1c304502513f80812698347
SHA512 e035f7117f1cc2973b3ec9b54b989d8f4427ec06d2541fb024c9852ad7ba5c33b301445e3e75329ee870e06a66e0d08142a46a7762d3986b32fb5dbb28a7e89f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f404b6d2fa7a58a06b1c1b014eaa2366
SHA1 b65e5e3f64661f660b1bcb3e32afa717de4cf58e
SHA256 d562224c0008b04aff0f74abbfb45eeefbb5ff1141c757e295ef932b65e7e537
SHA512 f784a98864b75b93bd8e0a09468c6c4dbbfd70077c9ef0205872b61171e4160ca6d58c63884561c9071ba0ad0b0ae9dc2534c03d1b876e42af510392ba0d1e76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5514319bc0329258952d6f3b187cf8dd
SHA1 179b43fb2c7b3adcc10167bd268ae6223beb6725
SHA256 442077c7ff32d9d3cf7a2e1fea2f6ded5857d53d6d38eb8c94a2736e52edda32
SHA512 8bfb80437ec198c741dd51ad2e189599f293f53d65b5ac561e9f80669a10e8dcbcc3edeb3e4575fa42a3021442d8095599ec9a99ec5900e85f647ce7c8605043

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 464e2a4a684656da47c3b134edaad724
SHA1 9c50c5bf624b74e7131e9bbf018309a7f367af86
SHA256 5fdb9282817d7ddcad763b914975784193134046358abc000ae028e4a1d15846
SHA512 b178f4bfa72564f3a7fec5d1478c0a56822081b3e3e90e1157fae72bb839567e877282e5d07eff1e55f0ecabb9d78c2fa3877767f15a8a046a10ff54e73bf882

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 60a69021acec25fa7dc747037cabac00
SHA1 edb3fbbe095bca62459e1cab74fef2f348654d42
SHA256 464c6e503e2615372e708d946ee4560d245ba747d70730dc3088608c492e660c
SHA512 e3c6d6007aeaa42ffb5b52bfed56258869602291d23b6f26f08896e14d8cbec93158a28c866fb42711249c1156ac294a9672a32673609020c343b173cb80125e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95d163b2e6c755ac76f1cf3fe3834b24
SHA1 e6c3d42e3cd1758b60a5602cd59246f58894859d
SHA256 66f176575b79dcb46408445175be66a23a4269e4e094a7419de9fdea24b87d55
SHA512 25190a17584651c831e820606f3213b7ae887a70fb573559e0f664d2726a7fd365b86a0017a592913d788f764d8381d702a84bf4f44f7aeed72463bbb9fe1b20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 162cc7dbb728dfa50a5fc8f076a6644d
SHA1 9d11ab8781f71cea8ab8e2c68d2aa0ceccba4c90
SHA256 28c2a1b864c0dc88877076615a419db012c44583acc653b4c932234165a69d04
SHA512 3ed8bfafd2db2c647f00ec09907337b0ca798180d94b06c489463411d0ca254d1b56d13fe265eb03e3c83110d4f33827f22cf605185ca09a22300924c895e2fb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ee669bcf0fcdfde37fe80dcceeb77f8
SHA1 c10a98f2f4104a5decc16468a2b6785423a2edba
SHA256 0149dd0f8f9e0ca6b4fcde2bca68754e98cc26d8ff3c579cd03554cd302c5d7a
SHA512 fd4015e15599ea777d22dab7d7a3a81b300382226a438387c1c89b3525e76a754cd193d8d7deeaa39cc628f48493b60612b5267a3246a4209ca8d5c9150a7697

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2b033e9ce5eca1ad137716ba13ee178
SHA1 2f12e1b120d140dccd375243c7c838173160bc0f
SHA256 9b95268742d40e04ce10c916936c4f5af39c7a149d713fe1f2a8e39922b9c641
SHA512 7c7d5ccbd44f66ff46356ffcecc993ab853e174422f14ba461198b0749e8640701b51b8d05a18cde0b98284674fd725aee5cbc6faa70c96145817f557ff0746d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d46acef5a85d5bfe92a2fa5e23ec6de0
SHA1 6d1ea3f7840cdaa20409fdc74d96c414e9433b00
SHA256 220a416f1b0bca33c423794cbd3398d9dfa51d129985c4d0fbaa71148272ab6c
SHA512 ab257780d05eb88a2b32adced3ee1590ad0e8d8a921bb08a22572e54b5ec937b58351b33d5e4d699fcea365646963d6d937c3f6738b6489333960c6dec0d64ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2adc157ddaa3382e662d9422aba7aea
SHA1 0a81c6597dc8e34f522998f7864c94ff0a05310a
SHA256 748d8b8744863a1e3f1de5d5b19913889da9f171f5476baed85e5840087774a0
SHA512 a23599ffaf0cf3d8622f8a31de1116d6e1bbf6c9f881ef8f94328e10785044c89c43c437d729d9b2337981f31982222b7283138b98897614f89ccd7db38173f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f737208d457d7d622bb5aacdac1f6bba
SHA1 bc7b03cfeea6a5343b31353765d53d280dd6ab2e
SHA256 1cc39a2b5ef935b28d8e3f93990c1e4d636af4e0d5c42e44e43c645b3d206690
SHA512 65b451b7cef69357b366e30d5692b284376bd8757c8cc20e7ceb21449ad6e83c2dd88703d3c71ad94f341d8443f747e15dd4f2231a16d92e305afc55ad4aa8fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adcb39bfe2e8844648989ae39d4eddef
SHA1 26d7c44c8761d600bceef8fe89c91898d8b905f5
SHA256 17db1b99809a3025498edc94aa47d1abb5edaa2f9cc4be0cb59bd339edcbf7ca
SHA512 42fa0904f1df6eb6d2b0141cedcce6221741923f71c0e5280a3ce38f3b02063debb089bec2bb4a98a1731453534ae318661de620c20a8f05a3daba12830c4260

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1dd3b0315cf0d78d4775a4e6dbf358a8
SHA1 53b2dbcfbdfd26eca687a457f10d2cbe5407ef90
SHA256 f3733d766a27c0bccbe657e5818f1a1db4b7d61e81ea7754aa9b9dc3a7720637
SHA512 3370ff21de2aea6ddf33b672f24a0c98cf5bf40f6b09b45d9153d1d85d0a5916255556478ec99f31f98646c3f5276e8e1f2e57ec2f3e4addb6c86a5ea77755f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8c0b91ea75ca2bc9c505044da95ed02
SHA1 ff17a4ff64c93915c8f2303981bb0b9330f35988
SHA256 ecc4f2f9d216f99f206cec17552ae3b0dc4f76f034cd7ea62565479c1354c036
SHA512 307bed7e61eb6777413f966ed8ef577f571d6508fac0c574469ab66a64533833f19b6384ad97fa4ca28d566c7b5cb92f1b7d0e3d08616e49e5127df3793fd3da

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19aa34805a121f1b4cf941af378ea0fa
SHA1 1edb1ce5c125ff8e3f92747a64a7815c2bc74e07
SHA256 af957710938085a48887973a2ebd2d5acfeb83321305ffbfc2c858b5a7ead644
SHA512 203effe128f06ab5c41599b021532ffa934782fa4fe536d7b8225fc0b5fbb40471f14a18c99f31e89a8144506788215a7bdb3ded5d862035a46d4717ee18c25b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f593a281963f74b3a943c3a8ed6dc52
SHA1 d818e8bdef13802ec6dbe1a2933e11f9290713b5
SHA256 0c277e11afe2839c0dc720156c226a8f1652b3fbbdf3e8275d7dc78bb330e33e
SHA512 9e149644a0464db7b7d78fe7db2a60d1484dac14014da312968e8a1e0704d14f26aca171694c640f6dc89580fda7c39ff156a9cc91a0d527884d36ed13ec1cf8

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 15:32

Reported

2024-06-12 15:35

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

127s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a12af99b372b9c08c12689534c9b2e4c_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a12af99b372b9c08c12689534c9b2e4c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4388,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=2748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3812,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5400,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5412 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5428,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=1032,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=3860 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
NL 96.16.53.162:443 bzib.nelreports.net tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 162.53.16.96.in-addr.arpa udp
BE 88.221.83.211:443 www.bing.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 211.83.221.88.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
BE 88.221.83.208:443 www.bing.com tcp
US 8.8.8.8:53 208.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 153.83.221.88.in-addr.arpa udp
BE 88.221.83.234:443 www.bing.com tcp
US 8.8.8.8:53 234.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 90.65.42.20.in-addr.arpa udp

Files

N/A