Malware Analysis Report

2025-04-14 04:37

Sample ID 240612-vpxpcawfpl
Target a172d780da31d0e581fc73332483ec26_JaffaCakes118
SHA256 be7999326c573fcdb0cc1aaa1d2c355fc6e1495267a52e42b85caa1b10fe5976
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

be7999326c573fcdb0cc1aaa1d2c355fc6e1495267a52e42b85caa1b10fe5976

Threat Level: No (potentially) malicious behavior was detected

The file a172d780da31d0e581fc73332483ec26_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 17:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 17:10

Reported

2024-06-12 17:13

Platform

win7-20240611-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a172d780da31d0e581fc73332483ec26_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424374097" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AB470601-28DE-11EF-91CF-DA79F2D4D836} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000fd3112bc5b11f00a065f9cfc407c95bcc0b7a20f5c207d484b3a61e88f296f08000000000e8000000002000020000000c7b635b006c0f727111842dbbf07326f0d5eb6e7f6f5108b88cfb1c8028f6942900000002d20a22d53e0eb4b564e0775054578c192aaef272b40820fee5726347f4bf1a588b6773223fa002c06cec48194b7dcf3a10c52a3cc1dd69cbd28b545204986bdb2552a65b91af3acf815dccfd3a5561a1417a1318ca028b7984273557b4aa59b018367ffb05051aed6ba30ecaf97548b9dd8d7576649dce0fe1fd747b945b361e0c29b22222abb0d5bc8b5d6bf130dc540000000ba5209d4e39648781ea0eecf7f36516af2d71ba0dcbe0c7ee27b8e6504dd3afcadf57b0bf25acc7b525be8bef5197e34405f0f7d47134c334a10eb658c2dd62c C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000059b961a11fb110cfff12de46b8c7b0b9f8fcbf95aa4003aafde56957fbf29514000000000e80000000020000200000009d1b2f4602e14e48ab513e2604bc34c23c018fc14eb787c8903109ce5ada493320000000c141cd4e18436640f443271c00da859c0e9ea53ad7f6874847cd1c91ef585324400000008f77e676a62f67e0b394fc16688dfc9991fbc6f0b5e7330e150c8053c45b22d6d3447d90d467e06647ec1843ba4fe8676f3bc45533d59b51210c84f240444ece C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a064ce7febbcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a172d780da31d0e581fc73332483ec26_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2200 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2B36.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da32f88aa0f95f63e2981214de9e30b4
SHA1 bc64b376b9a98486165386655c338814da17a73d
SHA256 b0a2a15f720abd90240b3789ec8a946075f9ae4672e36aa50c3fa70bc4b2d62d
SHA512 2cfb4f281c917ae368bb417d9eb8ff6b4bb040c5d05b926ab0885abef589560dfef5f4aedb1b5aa552cc5263d56345e51c855d480232f3bc34ecfe65c725b9d9

C:\Users\Admin\AppData\Local\Temp\Tar2BEB.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 696a1220641f83db283b2a1f7f8a43c7
SHA1 db12e7fdc0cb14e3dcb805b090f80e5e4e4dfc82
SHA256 490785768cebdf791bad3c52ffe15ee64b08189dbf2b513e4f618ba8685068bc
SHA512 15eb3de311ad8c894b3b39dfca81d294f808af470664ee1dd73a1d1229c65f8adbb3fa8f660701d66febb1fad6100038882248109b22357a3fd2eb3dd7ebdbbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a29f79c0094760e152b4b57538bd4b67
SHA1 a1f9435a08c4868718e4d7d09dad93baaa037f36
SHA256 661fb47bcdafe29409ba8b4093bce3d6bf5236f8628f8c0b06f95a376a366f20
SHA512 489b318b2598d97a4639e0a8c15755f6b757ffa44bb2cd6106c1a5f2b6f8679f0b195da446ba3fd511b924a0ea554f92ff48b8f9ab75be9a785299db5024451e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a89364c555d868852003084115d82da
SHA1 55bc14aae6e274604eab61c264d6d6efb6a121a8
SHA256 704ab503338c3fdb64125e700372875cac37b6a462bb2beb9ead4f6d5fb4c4f3
SHA512 ddb02c42c044dba6249119498cef8829d127c444b4ff6629507fc9ef19778fc481083e302acde2be1e6116b792748907339ff19335d17627ed8da68e05a75bbc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 87a9d3691a887ad5a6a45a53df5cb248
SHA1 1913ea78c7416469395753579f0a24de31032b27
SHA256 06f0a02745111132ae33f7ad95eaa66d942cf4dd2217f1f736c8fff9a9650211
SHA512 7acbdd5070c2f80bb8a7871578bcefb3a5029be3f2124acab988aea543d9225048a2af9b0bf33c0d1f73ae57d29a5ea1d5def9fece9918975e8aca15a81fd39a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a5f2cbd291f721b5c8e6e90be2fa7f8
SHA1 7f050005622abfff316ff11050a375398adfacc9
SHA256 5602f7535afbeb2819cc0add0722218fabf1b1a82c548fc7cf8d613ac64c7c1c
SHA512 ec0e8933a0fe27c60371676f503837576388cd7926123b6f38174c1cef9626758350f3fe40828a5d684e060e52be8654c71e02ea236fe6e54e3817923c420978

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e255628c90b6fcdfbee05cde147f5060
SHA1 98d6ed666e07a44eed824026f358999f9fcf250b
SHA256 89c295078d6fb5e2d3a4c7542a29aa609c4beae2d7611e152e6a5470eb02e0b6
SHA512 c24f5802ad876b10ad50d2c64eee7d15d36620718ac4b1c126d879652f24131c73d1cac74ba314f886d94af596416150aeb72466553eee3e6063fbd78bff3e83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9efce32cc3d8aee048fbf55957e566ff
SHA1 d0e0f17b1f584c28213e057c73a91b04976f44b0
SHA256 ace5979b6b5c0f4fe1000f0b5d159bccc995fba221879a3a1192db669c605fd6
SHA512 e49b80f3e4eb6f0be8be4064a5d278410138b6b3413332a52c3b1267dfc80796e2396acd7b97315d52a4d2138295ecc2cb3d1ecb3f36a011cba05b1af8de17ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c8f1f0c85e9fd08c2ff2c3902680b9b
SHA1 99af03d7bea926f5c806d44e5a1d5979f56891fc
SHA256 e4af431df90cee8e0f6b431487d09d49d5cdd8aae34f592fd93493f635e23669
SHA512 abf05d92c54005af004990a1705ef7757b5ded700dd0ed8bf9a75895de2a8c6f0168399831d7f96d47567cb6fbb9d0e35d28a43714c123159cfc1d7a780bcb44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da4d77ce1c004d95ab37a22580ff5cbc
SHA1 2ff6c9ca26dcc67a0e7fcc2286682ffa142809fe
SHA256 16475120a0db60ff0a991547e6b2b78d95bd6cbca7978fd43c0287b6dc28761f
SHA512 aa8a6505eb2802c98c06fccc15b3f9cc5993ed1a776b7de6c6c404f7f20be21156c268a64bd838d1d2ed7374074f2e0eac25eb3e76e5b0c98077c9ed47cbb3e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 132935e7ac9599228c1ab57c4d7326f1
SHA1 5743b5692e37d926986d13e2bd5dda5f63c84ee9
SHA256 e52a79162babf829f865cccda1a7a0cb6f904badea5df4a5ae051bf7923db763
SHA512 843537bd99cc782106205cae5ff343a81e7740a62e425dd6531a35cc66c5765bdf6ab0b5727f91b1074fd681c20167d2e349efaeb4b32fa19dba2b0d1567282a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd982a35cd59d5876bcdc354710a6bdd
SHA1 0ae02fff0c2f65970750460d2bc6b74ef1c17d91
SHA256 b3d35d6a46557d7677c10f3fecb8eaa34bd6b4f1e41cf87d9d1dfc8d115ef49e
SHA512 8062ced7081307b38d0fccea9dfa2e10b900ab9d33ce6a2fa4a97e71e2ac461b0ba1930c69d647565a65ac7c4ecc3c971b87ebb35a419a454ebf11b6e4130a47

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9499e1a84161031a9b58c8dc8e86e8a0
SHA1 b8cbde90f187c07ce45af120fa3841f3b804c088
SHA256 faf783896f0d977e7940944c12e65cccd7c1f604de4f679672fa543cc03b305e
SHA512 c392bed456b9bf18a41aa12871d940772169b6f133ebdb4d6f8f3f31553ab2373e728d507eb6760b4eaea71dce2894e0fba30e35b45d9a2854d3e5ab804ae8bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c6e5a31f3389757fc7524e5ab2c99e5
SHA1 9d0bedc4439c3aa569fb22f1734df9e6f2b34267
SHA256 eec714552677c32aeaec531b0f9d4822a63e9db4e00039ca902c6ff08ff55a71
SHA512 5ad44fae7273c10e2d582840db2751c15d9b5273cd1b2597298182a6fbf241c9ebb40612ef505f42902681e230ce7eee220ea6320919d3a0cc867f7cded45e92

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e62c65f3c770bfa394df97797b1b1d6
SHA1 94c8341f8734df588cb0994033a02e5a958ef7b7
SHA256 5c7e1b1a41ab77f381c36f54a324de15ac0eb8a9031c3e8627c9052b6ea04050
SHA512 53ca72e75107cbf98039e1b65574bcccfe3b14fd516a648f6fd6514872b8e1c6dcf3f9338139cf6b79b741f0a9681b3d1dc1be15434ece27ea145be688f45c3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3d4cd3c790acb5e02bb28d2cd40ff1f
SHA1 c5fdcd8d01e1950b00facb54900c8777d14042ef
SHA256 d378be16014838c9500e0c79784143c931ce9327d6eecdcb19ca83f066528ace
SHA512 5b91d3958537da99c9533d93498221f0b6dbdf96b0f93d9ca4feaf55dba942e358397c56d0a6cd1ebd5e7840731b00f53dcc273d0383529fd7c2ff620b59a542

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5aeb15562ac383cfe7ad52ce7fb52e8e
SHA1 b65507284bf4414f1267c4ac6da232e17e452d47
SHA256 5eb59bdc72e0ce4404b3e034e43168ad66e6ed0ffa86100271ab9cee2952d803
SHA512 7543117852e365afa517a3543d9dee61c740e1cefdab09b8bef2abb653258173d8101c5d36d17993c52bc48c332b1b8b4cc6b83db171509950897bb08f033fe4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98a86aae16d9721024a2d0ef9e44a1c9
SHA1 f6ef6ad9c74b78612043cdc0bf4ec0952ca61d74
SHA256 f4884a91c26982f30c7dcee4bde506bde4cac9ef9ff128f89a22e4f1dbfdd871
SHA512 bad3e83b9f197917eb907a9c62d6bf588469d842061ed05442af9ba05e6ea29d54820a693ae80e0ae7399dbe0f6f4b277d8ea5bd906a794af3e8c13a99febb96

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 17:10

Reported

2024-06-12 17:13

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

138s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a172d780da31d0e581fc73332483ec26_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a172d780da31d0e581fc73332483ec26_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4640,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4420,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4832,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5416,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5516,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=4740,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5728,i,18320353784098040629,17273168055569331828,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 2.17.251.40:443 cdn-adef.akamaized.net tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.21:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 40.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 21.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.194:443 www.bing.com udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
NL 23.62.61.72:443 www.bing.com udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp

Files

N/A