Malware Analysis Report

2025-04-14 04:34

Sample ID 240612-w4ww2ayerp
Target a1be5742a7a6687001167d3d37d9c09d_JaffaCakes118
SHA256 031e7c90ab786a4ebe41ca8daf2a8ab8c30101da7d53f9f4c24d59f39b1cabbf
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

031e7c90ab786a4ebe41ca8daf2a8ab8c30101da7d53f9f4c24d59f39b1cabbf

Threat Level: No (potentially) malicious behavior was detected

The file a1be5742a7a6687001167d3d37d9c09d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:29

Reported

2024-06-12 18:31

Platform

win7-20240220-en

Max time kernel

134s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1be5742a7a6687001167d3d37d9c09d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009a5856e6c3e7394abe4e4373eba7f9e700000000020000000000106600000001000020000000484c3f3c7e36f3f52b8b0e6d009da2f67d5c91809ceb3eefb2356d5a0d8b38c2000000000e8000000002000020000000dd8840a942edd5d913f62835bb563d7c23a069353f9cfec232233372f8d0ea9e2000000003e3864bc11a0462eb0ff865580830bcf76eb262a2a2b278d2239f7d1d74271840000000ae75f73f1005577a71e019973b23f62b76a10cebfa26476b513d6a0ec056d5ae623587fc677d70ebbe9b23ada1e78e004fd512b74455fd5211a8caad23ad0d2e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f096fe7bf6bcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009a5856e6c3e7394abe4e4373eba7f9e7000000000200000000001066000000010000200000003a9508407fcd77984781915ee7b7dde7d735dd4472f1f2a88a58f43c9c7b7806000000000e8000000002000020000000d277948b77e3a08495f7a196dbb5c6afa43e2d2ba57d4364e23636be043e22989000000003130b9a376bf94eee45a188de0590f1d2d913675ac2b05e45b879d58b0012e1fbf565e7b448d4caa221c2b2055fc5a4904492ceeafbb9ebb72f34135d38ca52b3b6da1b34f300c9cfecff837d684b50472d32b0148c9f1abc78bec9baff59726b6b55ba07cd1521f779edee08009e9d23f00a7c4562218233f0a786e5cd875afdbba132d08fbc519209107810b25fbe40000000f044bd20912746a276f681c2a2e01852342f68c9006cd7b9489daaf5fe7309a90cd7344655980daf626d0fb7e82086927acfe9d51c9f01bc9374f536a49b9abc C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378814" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A6D606B1-28E9-11EF-B73D-E693E3B3207D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1be5742a7a6687001167d3d37d9c09d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2156 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ihealthtravel.com udp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
US 8.8.8.8:53 2.gravatar.com udp
US 192.0.73.2:80 2.gravatar.com tcp
US 192.0.73.2:80 2.gravatar.com tcp
US 192.0.73.2:443 2.gravatar.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarFB1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fd808b3d9a2aa39ce3b88cbd0ba1f18
SHA1 de7f41da1174af7c9ae28636e0d725c586330f74
SHA256 c91282d0a20ee256cb6498e01bc255b17c6419bf5ee2b9657cbee915ff8cfe6d
SHA512 0123d194d29f1259b18dfc7f454482973f5ffcad5bf166a39b00eee574d64af9a55a87c6167864becade07740f4fbf10ce5800c38c066d6bacd1ac1e5c15d7d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3df7200348246fb182093233d342816
SHA1 cb0545226b1c78ca4ee4fb89dc725a92f8e9a023
SHA256 fe2232038c0930bd433207e2df9c7efb49a4ff8d86ffe88f4407921fde7f74dd
SHA512 d76e72a429ebcf13aed4672cdf6e06a471887d056a5caa54fcf56a046eba9ca89274d5d79afad10f1ab8205966cbf83bd2c58e9492f7454ee7de05a34081df61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b598c539858f954aaf5a3b49dc21438
SHA1 a72204d52c08b8c18dfed018a809b6b11c9dfd89
SHA256 3167c5329bd63afc295ced244030a9630d08a58df4f5a797b64d3dcd7b2e25e8
SHA512 dbd4461f170df863a545655c396c3637fe28db05ef14faaaffa7393f1222551adc946ec6052d3d894a331360c03ba13bc24ff5629201b4cabd3fcb44502231b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 312d82a25b6d3c702d39930e32de1584
SHA1 2b2036812629f32169d5de54a00f44bfa633534b
SHA256 ce3f730058b1d62f260c31d39ea6290d2ff33b9d5273845e2a0305dd52be2736
SHA512 29528450f016af8fc81f43c6af4323aedb43dbf315c0784a71c9174d2c7dc145e342fe041b310274453411e1e7339bbd82b47e25aa0603a76a937029bf727844

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80528e7bd203507bb29a1b8b34e90394
SHA1 031d7cc7cf3de28ed2b5f719db2d88f486ecccd4
SHA256 40d25c3ae30e1e753a60986af189abf5e7f5d13e941fc26564cdef7c6d9f2371
SHA512 d2bfb171bd18ef4b2519bc40cfcded2ed87823fc414a14f0b1e3f33d37818b3bdc8a860a04224ba4f7b34ce8169d847dc959b9d939f7d19cea1b0241a13224ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da73a821d01a8557d41d0a979edec7aa
SHA1 56420700e943861fc3d3083e33c9b9ba5e1989ca
SHA256 70338fb36673fab475c9969c53bd8fbbd9257d7ce87ddce849359da5c23ba117
SHA512 e57d86838489b62d3d54ee7234d564362ee6ce27e7b4444b41d931c2dd5f6f0de4dac2ebc671d08519645d5a2d5be69dc9f086d0b7fc040c718963919fc40496

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24b43a7d811be205aff52376a8abc1a5
SHA1 904fced2c4f3e0da75e0c600dd4f4f42bf84b9f0
SHA256 ae34431a068dbe66dfa1e146a0623346c7a6ad2893e3462f263ad8d6ad367833
SHA512 6b4086e5726137b29b9a26c14f315d5f3baccab64acab1748690d8641792ce2b2f505059b698f8c2b686b3faa626a02b57d0d585b38ecb55aa7de34ff873a2b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2fbc2b071cc8cbcd7948a32ef869d4b
SHA1 be9ec2e12ddd2ce9419cc72a00dadaf92ae570f8
SHA256 53f64d39841f00ca76fdf1249f11a4b1461a4a45df414f1fbcfa671c9d4882dd
SHA512 f0605626fb1274831808658c554483968365b495b001ab9c4512d0f2f5f963fb5c65c84d10301128e57340aa5a056130a6bf6a4ddec4eba0d9f7fb3745d8ad14

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12fc2237e6b9b24037f8a368cc4c5e0e
SHA1 dd8bdda066bb1cb8ba2c7e4b142ea6c5f6912c39
SHA256 90aa3a38938958e900a9eef1b0962f096e5d1556ac009333900ca0535b50e515
SHA512 861cfc1caf056c72bac9a0764a2fb0e7df9ca3981eb41545f1bfe115a6d143ffa21b2d5601b887922d0d32849ba6dee2830b46afdeda72441ffb63e309740a3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b315d17b8ac927d61a520ad855cbfb99
SHA1 0a2282cbdacbee7f9f02262739452c78ebe8e035
SHA256 87246757c4b29a7924f2eeaacae41c776d7ddd9c48ecbf0c2ba08c973c1e9a98
SHA512 cfb2a6e9f4c35800e87aa551bd264ceb3ec73a98a4c2b199b91da957a77b948abda5e406ae40aebd66a5729ceb2fdb01d03b77abcbb01d2d11874f70a8778a9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44e2a3348b661ffb396632f4b469cd19
SHA1 76c9a9149dedfa9743ec2464e03714251806a6dd
SHA256 b49571422f74e7aa6f00934665f598feae5a956ff18c21f4d484272e18bed147
SHA512 f7dbd14b06ae06cf2c22df11947a714e0989e12af691c243f579f368c633dd4db2f74c116a04da684eddd5826035765c336aca8b7a28c7a5b68e28d4acf2b97a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 446975464d6232d99f24b44d35412b92
SHA1 64f8426a45c7eaa983e926459085b69661e1e629
SHA256 bf65fe4937eafe1df2a57e688a1475ca891669917e796850ec257eee384eee48
SHA512 3a8c47cb86c9c61249464ce5aea35a37d727e8db4e954cb8257149e6e7162e6c357b37f3941445ae4c53de97bdb7a9167a4da3eeb653ad911a726bad9e73d674

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6a5d19bde172dee77e161ce9902aaac
SHA1 7553c10d7a8df2e1b3fdaf18f62a4156adb0d7ef
SHA256 39fa32bf25b5e16f9d516b808ea8f658ee2a0452c9f76689dca42579fa8ea220
SHA512 1765169fa33679cb5711e7a284787bcbb89d6f4c90d4d0f520a4f24a032db386834489e41abadd2a0fce953eb81a925c5b7b4876a99cbfc22b56b499d0683ee7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01a02bcd9e954eb1900ff3f3e3e10e4a
SHA1 baaffea0049619b267c7179a270e20f313e193f8
SHA256 f5d26c316c2b0616ff6d0f7033ebc9b05e9935436032245b84ab19e78307d1d5
SHA512 9a5e2befaab86b394bfcc7bffd3ef6a31ffbd8469a6f8985e3747caf2407c1001e5789fd7bab031806dee4a89628c45e996973576189f39def1bfc27db56d18e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99154a66285c3e517dad6623325a2fc5
SHA1 d37b067027865197500ed5f9389ce048ef975365
SHA256 0d0be28302528e5441ecc46eac22daf7efeaeec49198d58447e32561d99d2d03
SHA512 04608afec16222bbdb4d3e2f6183e6cc40a862e3d0d474041aa22c4b7878f73c33a5e6ac17072627046d6c4a57b4cabc787ab0685cf47bcc7922f88cc7fe9100

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e067e0a995d4393028ecd0c8d58ede3c
SHA1 8f6e65394d4fcd18a73b5ca8d5e579e73db6d71e
SHA256 a6dc8950300a364e44801458fc152a25c60ed1cdcbaaecf47577bae6176f2686
SHA512 677a33cf4e7736dc8f3d23748fa733d04cc9ab5e18427a1883eb56a1bd0910dd50332336af125821734ee056262cbaf73377fc4f26952d9ccb7cd1780f111275

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 3764ace9f57570463d0f8a9c476ac94c
SHA1 9008b333c00b38d315cbd45ec02915fa38d4ac5b
SHA256 e8d8e812cee55ab8b02929bd0174e3e77c3404e199e03f8eea967f0adfbf76c0
SHA512 94472722bba3e8097c793b7d5105f027f19b24e0d76d12b5e2a40ceb2b0a43bc584165041acd103a419aa6c09d36d42aa1a2c747efca1e32d0a88900c8c925bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83f9e8df41901acd11e20949fc2ed586
SHA1 4289b203c0932c97816f543e38412ce3ead8ffdb
SHA256 045bfeaeed1e1aa3fb97cecfa18b43ec07a04beb5ebb25f5a527da54206190b0
SHA512 77f1640b9f33e77b711c40ac65af01fdc125657e80cca559ff01fbe173dcb18dcc4b72a21f502410637c6de91789d28399a08bdfa8ae4c027247dce8c5fb6b5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e6a5360b957b51aebb3f571e172db6b
SHA1 abc716dae1d185a345e46da8f37cc03c3bb130c4
SHA256 7a85d873d54c4ccbce7caf69f96d825c844496d8fdc10004bcb81ac47eac67a0
SHA512 3fc43ab9646b49add769327d1e92df11e475b59fad2d146cc53cd488bb9429c8b2906e5d1e7739a170589455229da2f9f6549d609a64b309c4707b2ae7293dd2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b0660bc56aef0485d6fc0624188d1e34
SHA1 c1d0b7f2c483ca270812e9892451504f486f9a25
SHA256 854d5c87bf72678cb9f269e50c8fad9819da0a043ee359d30530301b96694e3d
SHA512 34c5d82c568b8be26d7d3f9230bfa7e7880aad4ddb88f700f71f89475f7baaf774ddc0fa9e99a2fecb4730fe290b3fbdae0053cd0c76e5f61aa9da54ab057c16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 511e0d5e4ac6f22b9a42bcd322ef3547
SHA1 349ed5a6f1dc6f27dd68428f92f187e68985df44
SHA256 9472b0d38db875bfb345cbade0b8fe8fae62076142958fa164ad827f66122ef4
SHA512 ba36313d4a3a496acdc75c258ff36cf3d964180abcaa56784e9cb44db2d7d28ca4910405264b022d9cf648acb2373f0e32da6c6d5aa9802dbaee8d194fd06659

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:29

Reported

2024-06-12 18:31

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

129s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1be5742a7a6687001167d3d37d9c09d_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1be5742a7a6687001167d3d37d9c09d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4228,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=2704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3812,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5412,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5428,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=1032,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=3860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5784,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1316,i,1400471177590024469,587385956640537806,262144 --variations-seed-version --mojo-platform-channel-handle=4388 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 ihealthtravel.com udp
US 8.8.8.8:53 ihealthtravel.com udp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
US 2.20.12.101:443 bzib.nelreports.net tcp
US 8.8.8.8:53 2.gravatar.com udp
US 8.8.8.8:53 2.gravatar.com udp
US 8.8.8.8:53 schweizer.com.ar udp
US 8.8.8.8:53 schweizer.com.ar udp
US 192.0.73.2:80 2.gravatar.com tcp
US 8.8.8.8:53 2.gravatar.com udp
US 8.8.8.8:53 2.gravatar.com udp
US 192.0.73.2:443 2.gravatar.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
AR 200.58.111.44:80 schweizer.com.ar tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
US 8.8.8.8:53 17.79.187.37.in-addr.arpa udp
US 8.8.8.8:53 101.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
AR 200.58.111.44:80 schweizer.com.ar tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
BE 88.221.83.210:443 www.bing.com tcp
FR 37.187.79.17:80 ihealthtravel.com tcp
US 8.8.8.8:53 schweizer.com.ar udp
US 8.8.8.8:53 schweizer.com.ar udp
AR 200.58.111.44:443 schweizer.com.ar tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 44.111.58.200.in-addr.arpa udp
US 8.8.8.8:53 210.83.221.88.in-addr.arpa udp
AR 200.58.111.44:443 schweizer.com.ar tcp
N/A 224.0.0.251:5353 udp
BE 2.17.107.129:443 www.bing.com tcp
US 8.8.8.8:53 129.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 195.197.17.2.in-addr.arpa udp
BE 88.221.83.241:443 www.bing.com tcp
US 8.8.8.8:53 241.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 11.179.89.13.in-addr.arpa udp

Files

N/A