Malware Analysis Report

2025-04-14 04:37

Sample ID 240612-vpsqdsself
Target a172afb658cc6b5e3feff363bddd6f0c_JaffaCakes118
SHA256 187a0b5a0bd30964199120e214ef047e1eb4694fc79b866ac35d4985194f7f08
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

187a0b5a0bd30964199120e214ef047e1eb4694fc79b866ac35d4985194f7f08

Threat Level: No (potentially) malicious behavior was detected

The file a172afb658cc6b5e3feff363bddd6f0c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 17:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 17:10

Reported

2024-06-12 17:12

Platform

win7-20240221-en

Max time kernel

121s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a172afb658cc6b5e3feff363bddd6f0c_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000009cf92ee01bc92498117f6fcac4e84370000000002000000000010660000000100002000000005bd69e5f24c5352658b9b4993e25ab14c957c757cfa809a467e0e6123c7025b000000000e8000000002000020000000520df1f76a3da3a1c9a801d578ce38d2017684641d38a134ca6750ecf41809bb90000000731e67c2136adede9152959a460b915a8c89144c900be7b5042f8b6736735c8f3ab481b7ca86b2bf34955ff54e3fca4d0a214d75fd50da6aab4f972cac7695c21878a97de690b168c5ffc5061afb935617ef5d1a664d69e9ac69e11e10e44338c580a1566ed5901e7167591087caac0d6ec283c030845bd097a25f81af98c45d84f81ae37d927cd759648a0263277ac940000000d7639c387e28cc6d42b2fb88c838d375323f862cbeff1acfc9f84f64c581e6c1c7db6308bf6dadbdf9403c57813f334b257cd5d65a796d766e40d1fb576f5426 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A38E1071-28DE-11EF-8414-4A4F109F65B0} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424374085" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000009cf92ee01bc92498117f6fcac4e843700000000020000000000106600000001000020000000912ad09e56767c00476b623c63d2767c440224e4cb26a0960a1c35b9ff43be32000000000e8000000002000020000000ba9ee6f24ca8fe8da81d2f43ce2a48f1a17ce35822b54b0562db265a8dfbeab520000000f0ca50561ade6c01c7989008d994a58dc61e1dfeb23a9a9cd2ff8412e45ef0de400000001bd119dd147e1b548cd96efa28fd62587f716cb162f126385c37f3e147fa55e8c961b23e14af2c4fcdcc8fcac4f790cb09e803dff3cc6932fb7e3d05329b6306 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e044be79ebbcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a172afb658cc6b5e3feff363bddd6f0c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2904 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 coinhive.com udp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 104.21.57.186:443 coinhive.com tcp
US 104.21.57.186:443 coinhive.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 8.8.8.8:53 gamingw.net udp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar2437.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab2433.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 e56e8a78c63bf428e8186c359188db32
SHA1 4b93123e24fd5fb6ae6cc24cd34f10edcad3c366
SHA256 923d62615b366a5efb3ecb1eb53d50aa7639815b1d6418fd44f619d810709d59
SHA512 d4d2d26ba9ce9fa36de6f0c34ee296a557fe8ca8258a003fd8df3555f3448cb26e64ab01ed89fb7888e9cc0608d6502192052a1d52d6030f192f6096353c274e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\Local\Temp\Cab2537.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar254B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18adc596caeb220572b992d79c66afea
SHA1 07cd36e3de58125546efbe15164ee673debfd021
SHA256 736180e0ed3f0ce653b43782c8ccf2bb755871fa4b925310d70f69a50b46c17f
SHA512 bf9d1440dc759873ec2b12c68346711e902170dcfa1d63d9f8defe92d982ecf45811a5299df1fdd539aaa375c51d5413607e94a8685addcb6ae5b6b3fc5cfa70

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 735cd558e85f6856b0e354756c3cd9d7
SHA1 6061dd13ccddec787ea2c6b611ae5fcd3114af2b
SHA256 fad8ee31b220e2bdea5a7cf7496c7842a1c2b9b575398d72e9bac26a208c256d
SHA512 38977a895aabc023a4cf14480ca22baad9e180a93661237ed2adbfe8ee862e518a729b9d88df5ff46f0e1641ac97c8603d6e91c103ba1665c15d6d2ad0c60ed6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 9b178df21c4382cfcb25df7bf140d808
SHA1 58e77f2c29349f4e9b0bbbcab4b7a5dcfa0750ba
SHA256 1d3317e1df84cee45da036b513381b3cbd750d64e69045193936720d6fe3a325
SHA512 e329855c98dd75a1974e30dbd76662eff0bf0d8172571c14aba64feea6a1b4538b08e82600cf48b59cf7ebc5fc5bb4d764cb4ee16aa0de1bdb210d396114716a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6925a7d9057ebb40e07465a5e3607d84
SHA1 07451c2e4ae320e52d917f20f3678ed71e23d5ee
SHA256 d868cbd577de59d37f2846d477e2fce336b66512d2de223c9d977323c1484c19
SHA512 17cd9589a7be2620b835dcdaef013090c7d8a48202036173678a42eed46f8a7ba12b54119d8ea9bc6075c51eed76003f2af5d814c46c16b332f87b458f5b0556

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d8c08156018caf025e6d82b81675b011
SHA1 9c91e79d6fa194875a62243d1053b393557897be
SHA256 ffc356b40272ee32d7f64bf656c006adb8a24df930403d44d57a035377e3c970
SHA512 9634af115900d2969518ad62250e50fd0dde2e11c84bc525f945670162975a78cdf019a2ff3c9d145228ce1182b0f7e5b6b02646f765f2e6a96c2a61739e7ec6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f2c24915603b4462e8ec8263ebd9df9
SHA1 efb05787dddfa5c73e3036207463a283d89efa5e
SHA256 688f19083a7a0d16e67642a9092d84b9899c7f78dce23b915d9621e33da5c13e
SHA512 b0ab2d78770e2dcbd4510abf4d0f35cff19e6afcc6748c7ead7d1ae577841767ef51cb757505dd5bbd5c9b6574ad5d384a358a5bdd9c4ec20a8903bbc7248870

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 935f2e955fd6589b2e2201c9ad9366e1
SHA1 0cfbdf4e42d863f15032935fec5d8242364df44e
SHA256 c7b84b80f2b657e1d4c6494c9fedd523f6049d5a48d258ad02f5e4e27af0c082
SHA512 79dbb62f0182284ed627972764de146fbf9bfc6ea7eb456ecc733aea443c50247d7ada7fb05a8ecfa61b08f94ffba908e8d4e6be3e8a25d5449cc4bf53bc4629

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d806b6ec8dfa146db1ca04438fd737d5
SHA1 e12b5c18130e9ae6e6802026e3daa3b0bfec05f6
SHA256 c4f8807a56b8164d05b5829a582142ef38518407bd93337d08d838922ed50853
SHA512 7dfcad661ce7ea8dc7ecf259bbe6c46922f02b35035f958a0a53ff99f49009ba44dd776ae0963294f9147fac3a9b28f2bcbf6cb38221dcdaed9a49cd6e4c69fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 13e8e96729c3e090e0095b0182876408
SHA1 bd0b350b33722bbf653906b53019fb2ad9435f49
SHA256 fbb4014139eb53f8bec2b05d080dd4df304d739ac74bcf6fd4982409e655d03b
SHA512 8fcc95c9e07fdf616b75b688ea392abf32cf478a4c91fef296dee5e52cca4a2ee007f485f163c683e3d01dc6cbce65fdd82fb630d2fa6a96736fa3faff54495b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7341ba812b80f86947dd55a5208c7d3a
SHA1 d1830cad9ca5c837f67593e353ac574efce72804
SHA256 81d458c8f49b5e72facd22f38bbe7d507fac31613ee7589004686a3d2d12fe7f
SHA512 6ca40dbf58e196f1841ca21e40e393d4bf0873a16c5bd809c21c626a62eb76a920c9b5012e2d937a88b3de09618999046a6fafbff0026a78c3737e83aab38d91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9968b6b3896f52078035e088db3f6f0
SHA1 558b05e32a7d4f07bec15a7d8bd495def3463194
SHA256 59af3d396d35512b22a5746a4f9e0af9adc71937ff3a9de97ae02d7b9a9352bb
SHA512 49f75ec1f9cc161ac37c9ea8b4cb722d95dbc9fc758b9772c0755f704d9c0b6515fed2ac4434873cfaaa74f827bb0c08480c9fc0f8149b64af21b41b66d37466

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 73112174ef23998b38488a1be3e6e756
SHA1 b3a9f90617ffbeeaf9780de639b52c87809f9e2b
SHA256 ae7c43370d46863e1eae781a491b14d19af65bfb52e7cff994807c516d1fd537
SHA512 b8b7d68ab03fe44eb18c713cd6d4d5d2b39ba070d9bfc4cbffc2e21c6c0109deacc3c1837c3a16d1c0b9bb4295a63e7b4ff74c3c73f85d56ad5d89b97f310bf0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4dd77a95d5d2e84d1d438b52f745ee01
SHA1 f0c0f75710e3be9ab4318b3904a5b7bd24da991b
SHA256 107d4eacefaffd45e56b73068190070e264a1d97a1a05097f4ce9cf64f352b22
SHA512 d555f7c3dae095ece23b36fa8c5c1fe22d0963b2bb5d78008dbb5456eff5bf4cee733a7ef98bc2d1b8faa44d0904264612aa70c4d67aa25c1ef96806984f0c21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 8e8233f97ae55f24342d57c22055d1bd
SHA1 a6a6795f0cc1c4f43af222800acd7ae71d38715d
SHA256 488a8bb1a84d5d73c9e21f1319bc8a52a3d956bfae405f7dc93cafb1809082f5
SHA512 47261e808159162b90ba51ebfc6f8cb595a431feaa3718d5ce26a5747da29ee2423f16ec2dff7c3817865bfe691df3638b73e4cc24980d1d0a5cabdf43c942a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2dae4892165c59f113567eff1d4ee997
SHA1 f3f8832a799ae01f777f1f07646ced58a01e271c
SHA256 81c458384e9a9b8c745aaddb49d5b4fbb4970bd8bdb22192b2e20944f34444f5
SHA512 fca3666194be05c5588a2955820d14c612fbd14fd12569555cd72779a2be33a29f21f4a9204450615ec6de5122536cd6c57e163b515534fdd39990cf20be90d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0950ac6e45f0f011e0bab7f53e47793f
SHA1 d7b65fce4dd39083682e95057fe0bb8720c87d63
SHA256 30fd48243a7a6f9ecc14da251d548b1499e9bee7fc4ebae43aac9c60a6eca7be
SHA512 8efbfea129a072512d7aa57d247a1f6ff0291c80d6b6b8f051447c2ac0695ef7c06223ffbd258ad2d4001007d66564eab7b179fdfee1a4c29d099977c08bead0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f5fc5cc00c01a1a61beb6878a71bd6d
SHA1 d145b7d534cabaaaa3c894ea96863f2b8581d089
SHA256 1d3061416974fc552a0c25b1e32666e74d81e7d58c2ae60423a1f8f215f81695
SHA512 0ee65d427421c360e5894a14b7891cd312e3a4ad0775eb35c15aa217b003d7fe60145896008970fb02f8039674a4d19822a570d89f85c3bdf657b5048058a20f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90ba6115ecc77a58ca17ca40882ef9d3
SHA1 b644f0e1bcc1c5f201afb63b50cf1c8c68859bc2
SHA256 f58d9f26aa28e95ecf479a80144f06faec3a88e6c369be94446eb20955e2c8f0
SHA512 675fe08da7efe48fc6ff92dc0c2b6750e6606f591f9d1a4977c153589263eec45773bc96c373e2c9ba00e2fc02717efd06b2ab5d5273f04333684bd99cf45f94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2b7d084233a5c543c624c51b822e526
SHA1 b8481932c8917cec4b5ef7e950c19d4f24042b9d
SHA256 afbeabc5255cdedd702cb7f3e45ad5be3b84e690fe4cb3222d9d12a170bef907
SHA512 fd45186778e16947ec86f453fcd0799f76a1233ee2d770abefa7311536516fe3707f4c7ea9f5a071ef73d2cd330547875abb26225ca18e27c5a85f0409477768

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68862273289d3cfe4b6870c9f9b7bb50
SHA1 0c65e379ea21f5523e4bfb7c1838ec2b53592626
SHA256 1a25be496fd363e0bae1e1843835768da7086066183e011ec40b78b80d0b21b6
SHA512 2bd92b2c890f775eb8cb05e680232df7f12a4adafcfa62351591c6277f300dd92257e211a546c80bf8e86b539d409b1f13d8ab268ee3e96cffac8169e9a5a3c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3714702c0292b0e6687ae3c2682897e
SHA1 58fae68cca3656ad1da8a675b2ddd55417e01c61
SHA256 78c09ee632fd94b2c6c12c84c353a7c8ba098a8aa9b5ccc04673f2ce90e91668
SHA512 6c274aaa67e87411004e7d2afde9e27db3941092fb79a28b07c37dd000722d0966a3578898af8e977302215f16b3f0c5c2f238b44b9cf88f7889d2c01e3e00fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5845995c190639b0cf447d718cf00db8
SHA1 eee3e96638446c6571be5519c90058ce4d0bce90
SHA256 3ce34eb939b2b381f1fc62bd9edf5f44a4637080c83fbbb4164aef5fedcbea66
SHA512 a18db86ddf285ae928bde7ffb920347f953ff49d2a66e9910f0f3cbc469b654612848314b3291c1237eb76e41f6ce5c8404069aa8355c1332c585ae7e1cadcaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1528e87612eaeb59bd1f94370f8bf335
SHA1 d0ddb7ee195d7c8634c1e0a2fed4c6f2208026ae
SHA256 ba8d332da0729ae6000df8f1c967557f475999791c74dd33971f2d68aab6c1d9
SHA512 03cc46c4892166a932332e9f44745d53d46e9c1313043308fa9e75feaa8adc3e3c91d052280d736f966d1df0ba7f51e1c7c80c233b15e5123ef715bee8b1ffbb

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 17:10

Reported

2024-06-12 17:12

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a172afb658cc6b5e3feff363bddd6f0c_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a172afb658cc6b5e3feff363bddd6f0c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2732 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5760 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1400 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=2432 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4888 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6000 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 13.107.6.158:443 business.bing.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 172.67.166.97:443 saltworld.net udp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 8.8.8.8:53 gamingw.net udp
US 8.8.8.8:53 gamingw.net udp
US 104.21.65.85:443 gamingw.net udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 8.8.8.8:53 97.166.67.172.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 85.65.21.104.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 i1.wp.com udp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.173:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 173.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 98.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.179.89.13.in-addr.arpa udp

Files

N/A