Malware Analysis Report

2025-04-14 03:22

Sample ID 240612-t17g9a1gpb
Target a157fcc0928f03e0009a9e6907708087_JaffaCakes118
SHA256 3110b5b844d1888f35ffd13fccd7625323f77e0de5cbf2a8dca0dbfbbf49c353
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

3110b5b844d1888f35ffd13fccd7625323f77e0de5cbf2a8dca0dbfbbf49c353

Threat Level: No (potentially) malicious behavior was detected

The file a157fcc0928f03e0009a9e6907708087_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 16:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 16:32

Reported

2024-06-12 16:35

Platform

win7-20240611-en

Max time kernel

136s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a157fcc0928f03e0009a9e6907708087_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5F2E3221-28D9-11EF-9E46-6ACBDECABE1A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f06a9d23e6bcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006e72802dc652d3bfebdf1c3a15e988cea7a087849c6db5bda2cb4215be95cf43000000000e800000000200002000000074ad99a2d95db07c0d6993a5d891cc1aa31f35d055ca45f7dce30682b7a4f1f990000000aa88eca19c088e6e154aed448547259d04ea28e5b8426ca41b2acb3bca6ad0d067a9e0c21c8494cf2cdc3755bdd98e441d00544eea1da8bfe7226602d1397dca139e5337afadeb3d18baa005a7da7f9e8a91b0e0f2fc41aa4c378929cf0380768eb786c8a82c4254ef5dceb36dd5db5784ca272f317d40f5a5244fdf480f82c4872665cdab494c698480d34f7d661897400000009ef39ad2b87391b8865f7a84fdd0662bc6a08cb79d706ff3b0293f5b32269a649e0ee7113d02662307f57a31b58e95c199e5e9fad7468548bfd88efe7fc4704c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000005f0658c8caf8784bbf953856cea5194559b7ed62b70397163d6bbe52d9eae7ef000000000e80000000020000200000003db7b1b73483bf2e661799695bbcc4e533cef8152c20a0be44daef624058c5b0200000003ce2d5cf796c5af54293d397752b09476062764663c324f7221a45eb6e3f9371400000003f318054c8975aa698f2c39930028e053e472cccfeb8a77a5c08786580b6458acaf5a769050e6c165072f9dd7efc0e4a1bcc6e24d52b179a76517c5a9f4d2a2c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424371824" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a157fcc0928f03e0009a9e6907708087_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 safefastprogram.ru udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab78BB.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar79E7.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c6669da64adb845db09aa9a6191dd24
SHA1 3f1a195b1fc172dce5c357aeefdecace7c23bcd0
SHA256 aa3b476fc6d3cc4f0ff06ff112842c0f0a47aad3140cef9ccb38da6c776a70f9
SHA512 21829d8af41ecac3d0198692d329b1016b7d269d48ce382df09d3e76eccedf08e62ccc1b0130d43e469f209ee2d48acc6542b7f18225d79ca899a2c2b16aad25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3414ca183d23706625e4576f25470a89
SHA1 b2a07bf777f42c9f61181927e0d57c2c4fe77dc8
SHA256 601260b0e091483e6a5de68ec3d051cbd5c5c92d84bcfdcadad7bbe6a13047fb
SHA512 dccec82fd653673f03d115b1f43fb241a75fffb5d0a1566ceba2914ade74c967025404f2f334678e49e4f464cafc34cb218feaf62e2aabe358df78a6251e1bf7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f92e03bc223b2715e2c4790851a6086
SHA1 58fda7939a85397d94a336b3158eb9da195236dc
SHA256 0f4a32fb1c41a53b118b95ba85d5a26c528a97ce009b2f095b7623e3c045599b
SHA512 57be0586d87502a6db24c989aa922cdc47f3060b5c8bcbc15af7e38574c66dc9ba67041d0a5d1ae3fdb8de6c62fbe1575544cd05201b3e3ca4a519690cd2b75e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d60f77fd7f2980eb9f817d3bc13a95f1
SHA1 1c16d40d4e356219bc22e906014cf105e7e4fc7a
SHA256 d207b284d0f167519932cd02726f10ccd5325177d982d31f7cc0a81da0913f01
SHA512 c97abd4c3a321cd3b030fff7009137566fae577fb811b891a5d9a2cb2607de7d81d11890228b6eadf1e2c5fb0ff8a140ba807cb557f373a7aec7c6e5ebfac5d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1c2a4afae6f6c14296266dbd4aabe7a
SHA1 3c226bb952c8a146f5e11028c58fd0e3fa10bdb4
SHA256 385d8499ccd80b0dea864369e39f8c7c961326509da1526272bf67de9cf7bdde
SHA512 05fe68581f75fad149a09504b3d6d24ccef5b20a719e6b527182f10c58c3bca214e2cf25abe201b894f22470ef38554358c261ef82ef1a0d0eacd3e238f5d025

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4cb04d5d40b1835770d21a8dd82f4077
SHA1 b7e39f21ff635978a054326467ed65adb4e70071
SHA256 0828ec66c21432f71921bfb1f1bf42ee81ff63e4e80ebac320de11b2c7d6fa99
SHA512 0855571da8d22ed204eaceee7f04c5157b9e1e9a41a82b80768c895e9d6a90ac2c127f77334a773e8c57ff4e4841bc5d45fd3e752cb04e1da32b79a5b5820bbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 693334a1219a8d10e5b84f6b80dfdbc5
SHA1 147f728cb2c2863f89ea60ede9b8079c84f76cc2
SHA256 a70a50703bf9493dd782f049b07eccb34ad061e9f0f7f0b7c2b84c07aff51734
SHA512 1b6cfd26d1089073174ab0216f7317791bb555b0b16d6e049d97b57cda824680c3b7543e6a3c17bc3f5e1e00edec6a710bf2a637ea3e8afa42439d1e6a5d66a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ec0f7cf602e9e9ede0cd6d1d6bb37cb
SHA1 73a388713ced106e7592d87c0dd24911be7ed151
SHA256 b859c0c35c2a4f49f3bdeec6f60d08de3fa0e5093b65785343cf2760a4d9f7a5
SHA512 9fe772b342a74d54cea24559fea765789badb5d8bbb2598daaba69f22ddac3b766118155de5a128aeded2fdcec5ea5cd78fb173e179ca44b1726c602ffe3677e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9698981dbdd83a5b3e3892dba40fef86
SHA1 58907240d2cc3d2aeed024b2f73f3fb821b8779c
SHA256 a935508d91cc56ecc14766f6b2d5250dbf7b2f6de394295f4e3787c91e712a57
SHA512 dc87b3f88d81ccbfa8c6b63e263443a09f9dae8f6fef242e41900ff0ae1936f1c12cccfbd6f874ffaa46b595636c01943423a299b5bb6b71b7010cb2832a93be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6be05916cf29a676c60517311e45e332
SHA1 916c2a418baf26ad0d4686e89a323a707963bbdb
SHA256 bd07d3f9de295385afb8f4fa486dbb6584dd24668e1d13d422875cec33bcbed6
SHA512 1d4d992c2af30886dad530e43f1fd419d3e530f5593801bfbe7a5ddd28232e719586104c53a6c22724db54b25287771778c4b1f93b0ef4b54d656edc9412ebdf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdfd02fec5a3642236e087bdf2b151f3
SHA1 8e7c48600e8871dba826ac6d81a9ffa634aa0bf8
SHA256 47216f9df18fb69ee6841840f54282ade2593861c8ecbfb5672ce59bde158401
SHA512 e5c7de64fdaf87c3f90a2978bf85145b568e61d2835ceb18c533a2072f73191e8cd492e5fdae4b53207fb457b766239d853dcc50cd9843f6ce7461d6ae3dc1b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b60fe25329e40aac62f1cda9dfda4929
SHA1 e3ab2617bc059c8bab9fbf580cf568ef9a5bf8d6
SHA256 6618fdd77e8e5afd7f38bbada8279dd9bb4fdbadc2a0bf38723afbe501fecdb3
SHA512 271868d256187e8aea41281bbe0dde12c32dcc533608b2ff355a94580bd1092b47097062342084fd59f9899c29d78693be7b70353a30ecbd796ed161be2fab7a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bab69b7dab98c40b10d7e683f24f8a6d
SHA1 1e6360fd4a4843508c156c33b64cf7b6a3f3c57b
SHA256 487dec0c89a0223c0a20911a86d0fb40635ba5ab5e66db9698b8661d9cb7560e
SHA512 e4c6e2a54aeff65ec674493f079745454e71f72801b32643faa68e49415a8dbcb9ccb4228a7be16bce96ebbe9bcfee308373de24a9e2b41bc1186e4845e4d187

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b1337885ccf3d9cc92a4ef8867f18f0
SHA1 7834a1807e3622dc9bbc43c18bcbba9d8cba8554
SHA256 5187ee9106a8cbcf3f3f09641d56442788a96bdc260668feb3c3956d917864b1
SHA512 b5dcf057ee92db0e1bb1bf21f4e7ab35f6271605d49c9b066c20d3c6f9ebd409228dd984d497475b8071d563ba04568f48c7ea58b52e4ea97f59f403409bf887

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a608ae10d6a7d2a8398735b0ac56985
SHA1 bbc03c14564cd96b992a77c4a64bbe451d06a239
SHA256 1e3a8b1d6c5dcfe4193d66989d9071dba40ae783d49ac24208b815787fb41636
SHA512 15d8805d832cdc86da6c6a305cb386bad2289feea2e1ce32bc5b68d50c3471d26e2f3b1cb1e91cb9220bc5126f7b6e79ae52d3eadadfe532592b9493abc2bbb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9e16891a4c7c842bc0b0e91766221f6
SHA1 2575529ec52cffbc6127d3e9a6890a38984a395f
SHA256 93391943786d20f36ac9d624caf145d0aafb2a35a7c6d914324aa3f107d9ce42
SHA512 c9dba7d3d5aaa6eddd61c1be401bc7f05f96e304270d6cf2e57577c4eb67015985cb8ad82c7d0da1083bc2a96341c3971d044e0cf28a1cc9c7dff08fe6b6c274

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88cedd366d580f188d4a3f32a73d655b
SHA1 a1cb441c51c3e5b394db0a76d7e285f77fd7aa38
SHA256 f89e45538e548558817a4dd651f7345fa2012bc1bc1b355d3f1f020751ebf035
SHA512 ce6e54fae00c91be1af738459bea68b557bbbba3ff533d6bf4cc3c8178f74b7c5a21e7f59dcf1e97c197f83e03d08d56be83df8ca4b4efe085826ace98dc7daa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c924f1b98340e86a348dddb91188fadc
SHA1 bc768a905c87d046b6c9bc69270d77fbce55d941
SHA256 28536329f5310ebb39823484cd8b47c760d49c9b7523cbb24ae77396e8fb500c
SHA512 1e2b6227d96ca83b33678e796348ea7dc62fc0c96b35273d981839cf35b05e89782d3b9349a11bec0868cf994371a1e1770e39a82e6321e10e8bd1d40bb20c3e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 16:32

Reported

2024-06-12 16:35

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a157fcc0928f03e0009a9e6907708087_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a157fcc0928f03e0009a9e6907708087_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4144,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4508,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5268,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5440,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5460,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5300,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5932,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5332,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5372,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6188,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5036,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=1032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=5656,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp
US 8.8.8.8:53 safefastprogram.ru udp

Files

N/A