Malware Analysis Report

2025-04-14 03:55

Sample ID 240612-wxdrwaydjk
Target a1b2b2831f9d091e5fcfa9ede8608ff7_JaffaCakes118
SHA256 f3e401d3621e1c1568813097bf8077008efd90b52acef0d29c9cbc8afa86fcac
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

f3e401d3621e1c1568813097bf8077008efd90b52acef0d29c9cbc8afa86fcac

Threat Level: No (potentially) malicious behavior was detected

The file a1b2b2831f9d091e5fcfa9ede8608ff7_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:17

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:17

Reported

2024-06-12 18:20

Platform

win7-20240611-en

Max time kernel

126s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b2b2831f9d091e5fcfa9ede8608ff7_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000d9619537a0544f94dbdea5dd1ddad7260c75ec029eab144cd94a01c412b907fc000000000e8000000002000020000000ec77e828a5034bfae851099d6dccc8f1a3a54c6213938676c91f7b0be0cd9d5b2000000063a75f36cf7885db62d54e85898bb4fda008c0531eaba7d6e9c65af8e6c2067440000000d4300da36afbea485299ecdd0638092700606c9620669668e4477d862de347fe0c8fcbb17b60e53768161a77acaf06cf14fa6ca0b058c6b68a2e391bc3f04d8b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007ba039dedc9660edd78cebf69c56945990fb60197ca33ae54347ff540b3985d9000000000e800000000200002000000043d8161345577ea9bea9485f99a463068770a0a5774804e27510eb98a8df26e590000000789ccda6f56990d56472ffd02b4be9110d038db8949b41131ea4694806d44d1900472f0d26a66b7f5902f42bf218745563ffb70961902e38f676991033b7c34fe5970c03984d40259f68ecdc8c6672813dd8fddec692c16975ffb86f01ad46ea5f600d1fb034d0bae3e33905e114f0ffb02340c821ded20901b23abf3feed12bc43c6acafb4a8c6dd68f23d8fd48a0fe40000000e3650295d776d3efb28d562c3d57b0299d8224b244d9f00ca9c722cdb86ec849c954b7a79cd65ca4216b2dab8fb5b8c60f0e09ec5f7a34534e520b83ae8de88a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1235BC91-28E8-11EF-AF9B-7E1039193522} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20e835e8f4bcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378137" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b2b2831f9d091e5fcfa9ede8608ff7_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1176 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 google-statik.pw udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 www.idraulico-riccione.it udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 nibirumail.com udp
SE 185.130.44.165:80 google-statik.pw tcp
US 104.18.10.207:443 netdna.bootstrapcdn.com tcp
US 104.18.10.207:443 netdna.bootstrapcdn.com tcp
SE 185.130.44.165:80 google-statik.pw tcp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
IT 46.28.2.29:443 nibirumail.com tcp
IT 46.28.2.29:443 nibirumail.com tcp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.70.197:443 static.addtoany.com tcp
US 104.22.70.197:443 static.addtoany.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
BE 2.17.107.226:80 apps.identrust.com tcp
BE 2.17.107.235:80 apps.identrust.com tcp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:80 developers.google.com tcp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
GB 216.58.213.3:443 ssl.gstatic.com tcp
GB 216.58.213.3:443 ssl.gstatic.com tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
GB 216.58.201.110:443 developers.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
NL 142.250.27.84:443 accounts.google.com tcp
NL 142.250.27.84:443 accounts.google.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 3eb947495f5cdb54b60f3df9c539d19a
SHA1 ee3384e50d2b8c07ec08bddf4ce805a52c82e6f8
SHA256 71efc3f364405fee6ccc1d3cb380f307f962c11398155657c5bde7125fc1c4db
SHA512 02027e2d6ceac9070b9624df35d26d960feab81a1134a2411e64c4c6e34ed2162308e1c3d01adb02af7e80fcc43181a6f4ed46ea151a60628b56c80a134fa6a0

C:\Users\Admin\AppData\Local\Temp\Cab5BE8.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5C19.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 859664bdca585438f0dcaab8bad45d43
SHA1 a461df9ba77d85ae03085e952447ffc51be687ef
SHA256 a856dbed7a277ef3994c643c5db06d7eb25ce51fdd6d3c5473b9d0eeedd3c235
SHA512 6298e7f679a77339e6451937f022cf1025e5ac86f8cd653d8c21842b7e5adb9714d1c35c082a3b4a40cb942d4427ffcf35c4a78155466a59bb0ddee5b82a08e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 479c63378c14ee52d2da3a248efaac7f
SHA1 4c3c69b4644f42e79bc2ec7b81c6a8f41d381877
SHA256 36f56bc0e393fa28b59818ab595df9356f49c3aab175b58e67d368d96116a77d
SHA512 024f85681ce82fba5562fedc799f3d4454180b6a96f47c96fae68eccd2be81273b22a13169a18c3fa27e58e2bc224350f054615f84aa3ea176a8f3706dc68b98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f31b4744450dc03f880570f11751b53
SHA1 acfcd1c7260ae4902ec1be8e0ed2c95041ad4106
SHA256 209b7af1936419da0f17731ec07e82d0c80c0a39094a8f2545f761cd9de340a3
SHA512 574f992dc787518fdcc46d1ae0e20c44746bd91e7f87e50be89d6d0a9a8247b1e0d3e711db39eb385597bfe62706f6f350be108cf022aa2f4ba5b17514cb8945

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\cb=gapi[1].js

MD5 0fe383a7ddb9bbaefc3105b3297f5583
SHA1 f80c9d789f251909c7560bd91a9e1b9a10c26362
SHA256 d7ad4aad4e48174c30ef21fc32c9380659d2c99a5c39680e10ed9752139d8683
SHA512 31de1f59377bc76e5d602d02273867ce750bbbccb7edc8f2803c0188002ecae6752ac3ec31c2108e64b0d871b01e6a8a06711969dc68bd9823303def0e7c1ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a0fb745d5d316bfe2b8e66f8097cf1d
SHA1 b0d833b252962605ac6b209dc76dfe6efd7fa297
SHA256 dee04b18365cd2af1c02366c0c243459db14f01bc3cda34de65471f34c8eb8a6
SHA512 36957a9e8ca3ab1d7d6a27e0d7465c638e4946214974eccc2d94105f720b0b70f2e9771a7f29a11093fa31195eb842bf1c2aba1d9c961e04ff631d4f67180c8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae1b2781c04b0aa2e6ab6bb2fd5337c2
SHA1 b29fe63ab347bc8a05c4471eeb8052b2627563a3
SHA256 26a67a0af8900aed39f721bf0d8cf77086f62a2d750f6865a1f4d738f51323dc
SHA512 c83f5cb065c9a52ecbdadc31db5c42a4354cf2a6323700c4878d9ed3fd39fd79d9d7c3e9923d4a0fe333130de8efd142bcc04041affad9d5b59658bb5f77e934

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99f11c0b0f9bcecfb13c8fa38b279b05
SHA1 6713bb6cfa0a2d4ee85f39e7360c502a9c60754a
SHA256 9c6c655069a0dbbb1910cbf17f732d78a3bbebea2d13ab5dcd681efd360ec8e9
SHA512 a2e27771dca02e90c1c693579f256ef6d655e2250749c7f530b286fb089ff0f7a2e877dd66dc6f3bfa56581d5960e3466f2a986d82304a87c0c2a431f4be2376

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4401ff26390fc8ef3216190ce0636805
SHA1 55ddfef1a5e56fd4010f37e11d75555efcd0963a
SHA256 76e8879ad2cf7cc065eaf8b4f083f702f8b94486b3fc3668fd3e326e73f3f15b
SHA512 2f474015c0e7d9694add2f5236b20459e3a439478b06b2f0d6580a4e4e33be8c256606951233eeed9d3bcb7a69abfe6bef75766691f95f38918a219bad258b33

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee9b009c57a796354dd800f78ff0f626
SHA1 728bda37f583df2d0e48e21906655405d5977c37
SHA256 b2e2113f4aff3f78fc9e5a23c4bd8a62194dd29ce1a021bd3d034c2b0a0b8915
SHA512 445b88257e8bb997635af53dc7015e704e7e53da0039a87a13d20184cc2b1b6489033f02e358a16c4e6683859fb826e8c3ab8a61d729f93a79c280dedeb0e3ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ece4ff73402e65d5cd9ffe48451e446
SHA1 341a17883bb5d6e93915e2fa7baa406d67490802
SHA256 eebd098ec8d6043f4fc8a2db9f6ac781c07a7bbe6b75b54273f85bcddf395c7f
SHA512 07f22efcc999e8c704e22f544bd8b07184937780844923ad4031bb3d5c36a728bfb29eda74309a892c1db63f0b7a7aa7dc0f0c9c2be3eb6e8b493dd8be3f480e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5da3b0b84893695234eb99f30a4bf3c
SHA1 c0d05be73cf7909b8f3627fcd8fdb71a8161f858
SHA256 5a9d86aa70319686c019fad96a0ec6adc0452df35331ca334ccf0e805c1eb1f7
SHA512 128dc5df530e6fc7fc0470379b4bd71778f62f0223908fb38e5bf30a9b84d44cb13790b5dc7b71a720d53fa3a33be96dbd05f2bf4c246a601de6b21f7f1c811b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 145daf56602b1f0933b768cfc970037a
SHA1 24721f917077e53428fd3f8ac33ff16750d34e63
SHA256 d95ec06b4d88cc325d91ff2324e16eae8c380db1cea2ec54321860f9d952d681
SHA512 2c181c5acd872aedb274ee5566518e38adf351cd7a3a7cc864816ebf66832f25c443d334d7e303477a11bdbcdeb3e71d9bcad6773c2887beec52abe9879563cb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bf13c242aca633c6d2926a3b8fb209d
SHA1 60c4e2876b00f8538e30df9bf6c22c451833ffb4
SHA256 68722412a63ee2dd1c420db8ba2989aaee9d8b33666f460e1361a5666e2d356b
SHA512 5f1bc9ea5e16b3991c770475c3bda708c9db241bb140d39f2fe477ab7f7b5ccf31c38efc4c4340120ab8b811b5ac9fccc7f47b408a6fb5e0015a5e7b61f790ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f26db8fdf0b661c032e8c0b4b648512
SHA1 c4d4d62a51b4e41c2b0df4d4778de08f0cfe7d4e
SHA256 6a47f9353d1e9ab80d95ed3218ee31768dab0345013a2092347d40947c659f13
SHA512 ca130b67f2f9d506a83fbce49dbc6d9f2c5970d18ac4f36abe3c4883e2f4f2d3a8bfb4980d5173e8ec23e897dc85b4b600ff66740413e2a69a8b6540bb9252bb

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\3604799710-postmessagerelay[1].js

MD5 40aaadf2a7451d276b940cddefb2d0ed
SHA1 b2fc8129a4f5e5a0c8cb631218f40a4230444d9e
SHA256 4b515a19e688085b55f51f1eda7bc3e51404e8f59b64652e094994baf7be28f2
SHA512 6f66544481257ff36cda85da81960a848ebcf86c2eb7bbe685c9b6a0e91bca9fc9879c4844315c90afd9158f1d54398f0f1d650d50204e77692e48b39a038d50

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HWTP8BNA\rpc_shindig_random[1].js

MD5 6a90a8e611705b6e5953757cc549ce8c
SHA1 3e7416db7afe4cfdf3980daba308df560b4bede6
SHA256 51fdd911dc05b1208911b0123aed6b542e9d9f04c94d7504c63d89ca259ef679
SHA512 583636571c015af525cddd5b8dc2ac9964aba5a7a9b0acd3908e4aeb4c2ee74cdfaabe49b0aa13d7b142748542426864e91e88e90d7f73bc647f0bfecb0ff7bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa382bce147facf9b0c8b6b390302634
SHA1 fb3059164924adc852ef47f959c87064d75dcb4d
SHA256 d1c5168481305d701452f92e1b187dcbe2419b81baaaed4c5fdfee196fc08fc7
SHA512 d1af67e999d61c0781b9ad13be82d530e9427bb2df92f0ca33575c32d7e5e79958397faf05df5542483e9f1ac4b74b16ae8b42964ee32043b110cfb9e619c414

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 20980fc95040b6b942029fe6b2c19eb3
SHA1 32a54540e1e8e6cf2db2f0f99ab26b89e49eedc8
SHA256 8326ed8b816cc222d3d23179a39ffc0bbfc006c166681d503116bb1cd94f32a5
SHA512 83a1beaa2da9d502394db7bf1cde858e1699474da6e497159e457f702fa5c1befdd171033fe540c116990f1c3fb74c938a72b4936c50a22536f758beb2e735c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c08035d0d1ae2c0864fc1e083ee1399
SHA1 b1b5a33c8a3e8318e49d1b7cf37285aaf0351f01
SHA256 6164bc970b9ef38ba7f04c4b71c6f9b3197c882dc55c8e22cbf70dc3f57e20dd
SHA512 b3b5a4b43099da32e68d590a509c65263c2e88440235669d87e2d117195aa567d6c8f88f0a0dc1ff8907c547040f495f5156da9f606f306ecaef52ebd88afc98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c94830bc2d9c84c6351ab1032a66a242
SHA1 f024fd14d248d7c12dd7f7328767aad57aea8c34
SHA256 3092ad986045257e5510eff4d7a6ea7f88ce7cb65912e743a3d21c4eb7621f3b
SHA512 1770fcee0b9063c2aa1d08f5a14fd544ea6606bb94a34f6862134103df92c493e453c98ffc5434499ede02e18bab16ca011265d442393c2be906920dde4d315d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 26f46f144cb8ad8267d19274a93a9957
SHA1 2617ddb8887077de915b8a19c4a62baeb47d4ca5
SHA256 ca4b5d48fa8008b4bad97fbe9d90b6e4e8b3781ffea43ef16a30cf51e8477f1e
SHA512 c83accc0db6f19ae743be117783d1ca8b888bc9ae0a0bf904666657a62f96c294d1ca03b740fd76b5e38dbb15219627514625f91df129c41d31b4c9c2588c8fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab506b4455678f5344a5d5af582567aa
SHA1 f04ff20913090a7c0bf91e80bf3578aa9a4c87fc
SHA256 4f5edf1a5e7a625e61e8b290fc2d08981f09796a3a0ef7820f4b2ae2d7bbff40
SHA512 7222648f439c451888383e160316d32e5e9945fcfec3f75207e794c41ad7c9e31c0f3536a4983486e7c8b3a240296fddcda034bf5866051a20bbd57393281fcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afe53b113efc2cba5ca919039fad5c29
SHA1 bdacd96e1ffb27bcd6e7d0dbfd70b4ce7bac0ff2
SHA256 143f51c0ef10d22d47c2212ad62f0493295c7627f2f6e763d2f263035315394a
SHA512 703e949f15e33156ce016e2422d8420f18d4526bc453dc06942c270212ccbf75b771e01d645748fbf2b660cd1c152f27fdf7f94372f3f5e19a23cd7657819b90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 354da76e9905b2d35b10a8a2020198f2
SHA1 f59e40c7645400c40547a31063298c67c71cd499
SHA256 b8923315362c75a8cbfc1deae8f047a1e0c36d8ca7c571bf04c331f6abfb9fa4
SHA512 7d2d95ae06144fd7a8e5e8449a29e40ffb6f1acdcf4b35a40513f610532fe3063fad257ef85760198f6e4720a0605e3aaba5b1d484c8160854b5e9d0759614cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7621c25b6a91aecbbe9f0e452aa0798
SHA1 c94cc843997b06f97b25902e40ba4db140612a5a
SHA256 6f3c99cb737ffe16772d799f7d940b0f6dec21c9c36f0834283be4f37da88cc2
SHA512 0f518ceac971a1efa1af88d304fed4c2c5711f2d99b2ed5ea429d2896f0fb3ac760230a87ad77238c28c5cbac93038ffb2f3443651931ced1caed3624c6be30d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3df344732ff9f89a8770c7b0d087179a
SHA1 be1a753574cac178cd9f2ba529d24f47c6c0380b
SHA256 73957b28deba4d0229210202b500b994d4949056fc59476e49d946acd26501b7
SHA512 8235d6ee4335392c0ad62c986ccf10cd415a71e7d7a9d7ee07e89ea2e8ebec12363d9e3349186a91f828fcdf229f028ac3d15f59899ebae2b6f31c1951c2cc2a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:17

Reported

2024-06-12 18:20

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b2b2831f9d091e5fcfa9ede8608ff7_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b2b2831f9d091e5fcfa9ede8608ff7_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4352 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=2720 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5388 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5784 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4880 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5960 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4728 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
BE 92.123.52.36:443 www.microsoft.com tcp
US 8.8.8.8:53 google-statik.pw udp
US 8.8.8.8:53 google-statik.pw udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 netdna.bootstrapcdn.com udp
SE 185.130.44.165:80 google-statik.pw tcp
US 104.18.11.207:443 netdna.bootstrapcdn.com udp
US 104.18.11.207:443 netdna.bootstrapcdn.com tcp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
GB 216.58.204.74:445 fonts.googleapis.com tcp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 36.52.123.92.in-addr.arpa udp
US 8.8.8.8:53 165.44.130.185.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 www.idraulico-riccione.it udp
US 8.8.8.8:53 www.idraulico-riccione.it udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 www.idraulico-riccione.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 nibirumail.com udp
US 8.8.8.8:53 nibirumail.com udp
IT 46.28.2.29:443 nibirumail.com tcp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
GB 216.58.204.74:139 fonts.googleapis.com tcp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 29.2.28.46.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 104.22.71.197:443 static.addtoany.com udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 8.8.8.8:53 serraturecassefortigraziano.it udp
US 104.18.11.207:443 netdna.bootstrapcdn.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 104.22.71.197:443 static.addtoany.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.71.197:443 static.addtoany.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
GB 216.58.201.110:80 developers.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 197.71.22.104.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 developers.google.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
GB 216.58.201.110:443 developers.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 142.250.200.14:443 apis.google.com udp
GB 216.58.213.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
BE 2.17.107.106:443 www.bing.com tcp
US 8.8.8.8:53 106.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
US 8.8.8.8:53 accounts.google.com udp
BE 88.221.83.218:443 www.bing.com tcp
US 8.8.8.8:53 218.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 18.173.189.20.in-addr.arpa udp

Files

N/A