Malware Analysis Report

2025-04-14 03:54

Sample ID 240612-wyarlsydln
Target a1b488ddb577ac076c1349ad8a0a027b_JaffaCakes118
SHA256 153d5d645498c80019342183e78f6a54d764d4de613b995d49718438edcd632a
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

153d5d645498c80019342183e78f6a54d764d4de613b995d49718438edcd632a

Threat Level: No (potentially) malicious behavior was detected

The file a1b488ddb577ac076c1349ad8a0a027b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 18:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 18:19

Reported

2024-06-12 18:21

Platform

win7-20240611-en

Max time kernel

136s

Max time network

123s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b488ddb577ac076c1349ad8a0a027b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4A017561-28E8-11EF-B3FC-D2ACEE0A983D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f64bd5298f75ef0abe3324b32c2c1138a9e3800feb77c4d68f3ba963c6f6fbfb000000000e8000000002000020000000a0884c0ee8b0ec9d8573790194563dd72705fde255a6ad70119e5839fc54d20690000000d0d80944ce9a90e1f25749071cace380d34948bbf4263f204443696229ac45a7ec280cf6d344574fd2e41c11a04207ed74f3c5e05668c8ae373ed698d6babb7e653ad3393ef5960424407a28a0d1e02a2118826aa377d7a785c75f3ca79d703fa94f35d1d2db03fb8609882b3ca4603a8344501178b48dd31f25bcc190fbc9e10ce5ff4d8b4efdfe7123d4759a8b22c4400000004c80b5df3a0c5d576506cb15234f76b75b2166eec8fa68c7b92d14e67a104eac3aa28353abc6cc2a71b6aa0e517c1845654740e44e735584eb8c6073ea19cb15 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000ea5bf29a29c369042b336fde6bbdae5ddaf283e163438ac50c7683722c9eb7b5000000000e8000000002000020000000bb7c39b1b67775955048d9179ee8655ef11309be10f7d2c6410b1e3fc1127eb720000000129cc648d4e432c1d46994bb73edbd09719cca7b45f478a29e0f81e76614088e400000000c7aafbb2f1402d1010c12186f8a3baa36144515ad3ae72a392089d60512c6398c1dedd174d4262d6172a67ac906a490531b2718e1edbacf7a02ec511f2658a7 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424378230" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70d29e5df5bcda01 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a1b488ddb577ac076c1349ad8a0a027b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 a7tqe.cn udp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5A90.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5B20.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acccbce62436232077fdb2c02c7c34ed
SHA1 1e5d9c95da3d7170f3782029290b37b37aad91db
SHA256 62888d94d6223c5f1c6314af135b70c4df3a2721dbb11c738689f1ef805d9d79
SHA512 ebbb707389197ff4dcd057d238ffa3528aab7fccfa893ce2ea540ab42b05e8f76bc7bc6790bdbe883680fc13167d68487a1b64af064b1ed2e8f635994708a08a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50f904be2154c24a35eb226e4b442de9
SHA1 ccc0e946a0a1ac278600c996d3c63436121309b8
SHA256 14b803872988d001b52d5e1fb7274bb967d3583ac4ed7fe137dd939c9fcf7738
SHA512 5edc7de46b5a3e3694aff8efb90f3db7c06a97352c3c8a2b3e0b783fc9913ab5bfd9c39f4ecc5cc2c6f987f715589560c45fe9ab12588788827da2731308db3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 730db1131eccdfd04d17023536fb0e02
SHA1 d574cb001c9a1e5426d84addef9604b58f14fe03
SHA256 b5d9c7ac72c77030edf433065b66c2618640831d5eaaca17b473953b6ae360d1
SHA512 99216849f80fc727a02794992fc9d89adc75b8665121a4da5e303044ff319c153a963558e4cbe19642ae0d79a646fa4f718d44e17fabeb300759634c0385dd0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e4190d5de192419bdf933fc440f9e64
SHA1 82c4f98825b9ac15f8203938cb36cfd049a176b7
SHA256 3df193a185be6cb1595ab9595990d2445cf6c1a7c9d291ab8e4824a7cb55a511
SHA512 1d9adfc7070919baf5fc1cb3fd3b085949e7bb33352260f8ef1fc2d16f8cd4b6b0f09c75156dce9fe3f28dede18b08c3894ad32bfae933653ba23ef2d0b0ea9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ae7551f846d5ab15fc6b3564ed4fe18
SHA1 4da7d41b0341f8b0df795ddea8783beee8604931
SHA256 25be5b820ed7e7f4254b98fee48442b3d89ea3fb186892303cba4de251568adf
SHA512 aed665411488cfcacf95ece5b58b5c2b415255e33d912cbbee645c31517c0c7aea64dee324264e9b4ebf1c83340b258213a2940017abfcfad1775cf4769dd359

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b84d770c30d465be55e198eadbfcd86d
SHA1 ccd4a4310284fd667202c474bf4e76833bbb1f70
SHA256 c62307f5748c67fbee8c506a18a004ff6b3ac6ab293001e412b67862793be118
SHA512 ca848c54af6badcfba1b7e50abd84649974a4209bc381e1f975f55ad8b6c32e38d8a0d17d9a53a09deee5115e0f4bdeb67b837683d4eae89ebf96ae72e4e4205

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9bac77206e0a9815b707b1377ac32f1
SHA1 001248a6b83196651ad66a946c27d3b95dfa784e
SHA256 d23bbeb5e721d3267759d41cbee6ff45c8d47ea62ead73fa3d03cfc4d7fdb6cf
SHA512 eca00a95a17b4368119760eb8acd1e11b2832fa2bd72ace6b0c7c0accf11e337ca75a610c9ced77ce0ef17cac59389b82d06966d068c16517d18af190ae91cca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45f16c4b52bb95284a69427bdb30df14
SHA1 b1b920b6751951959705eb7d2fdfc224ae87f91e
SHA256 39ce1a1ae94ab293530b89b6c19ac09bfc9c60c36386db5bbd526dbdc16fd58a
SHA512 ea68939a006e19b43183071dfc735ec721f841b46c8ac92b69450e7be1c37c2a4106655cae26ca1200fe348753eff7da812f2644b4f87bbe3cb82252042fcf3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7baadddcfa53554c9a51e819de6fcd95
SHA1 3f678ffe60e88c9f4d3b6e52771b0a683cf213fb
SHA256 d140ccd9d0caab99b88e5dc8ef9cc0eaced923ba386519f54e604feb2c946b59
SHA512 aab1d45588e5d384dd237410729cfd7bce00385b6e70344d8bb9d2aac0807d098b01ec44f15b4a2e28d65c594ce0bf2faf1bc4c59ef45bb89bda8544ab88e8a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97cd66cc957c7c87423adad27b260997
SHA1 f75bc8792400cd8d6d904b4dce0004827af9a1b0
SHA256 8f87191527fbb6243cbf67bc67d82f14ecbaa8a33e9f7350a18a7e026e7aab75
SHA512 73a469122f1311757e6e1fa6c804b379d3531e09fa00352dd637d821520f963bacb91c4cc7584b7e28bfae37615081cebe8b7b1c7b9901a8b558560681644168

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e0f96e434a745acf40d505033f1504e
SHA1 ca2862ecf4c246bcec70c052706b4df09f17c0db
SHA256 bc73742f9b4767ec0bbd98228adf4c06f7ebd07d165489b57f8e1b6ee41b8c82
SHA512 81c0cafaeb5b7ac2dd5ceb1d1d41a70463a1b2349bfe8ceed9b0937472731bca19056fd0f8aae9dc049d301f8eb083b992c007d0fadf1ee6cadecdbd0bf6ffa0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce078039983c35b4096899577be0cf66
SHA1 367a09767b90a09247b4e586b97712f5855b6433
SHA256 0d0d7615feea7fea9ec4b5601d01036b975436d0b0bbefd00420a09b905ccfa6
SHA512 ff05659e3c8fd69a1acaf9e040f615882949e544068d3b0eb25690b1d924223b06e85bfecadf052d1e9c41daa63d34bc87afe7c260967260fcf77adf35bb8177

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad065614e2aa92bf5e40574c75833cc7
SHA1 89d6d11609886f85900700e1428e5e311cad25b5
SHA256 38d65eb7f6d0315420bcc4e8ff15dadb749cad9457a99ecefdd12419055b7780
SHA512 c74dba5cff0ad83f8263184785bc971ab5c9f5aae1739a8cab3c38313e5477a275adb50ee773ef9a20d23114ec96112eb52ed6b52c86bc86f6fb40d2f2552576

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fddc24ff7ee919b765db2a2bdca11b92
SHA1 83ca04237b7ef5ae368f4165559509f66cecda5f
SHA256 d64e4792ff110ce3d1eeee83465be8806a8eb70c5aa99f0b7ae86608ac3fc35d
SHA512 e048062dcaafa502690813f06049e2f3cecbfe78270f5c8aa06777f7d861f43f04fc0e970dc4623da5c0464acbb84b8c09c242379f01f45282a1cee80b3b6004

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a352f5348d2511ea3a12ed56a300b68
SHA1 8706224b5f184fb37d7d01da77c84b322f9b1a8d
SHA256 a6a8f0fd9bc10e9743d0ad03db190686b275582ba52826aadd68549af61f0fc0
SHA512 439f3784e43ba2e4c2f381aab65ef262f169de01096c2180c24189ee738a364b299eaaee7d5fa2666534ae801e5082b3ca42da75a6784a26c0c50593a37025b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54b9b37a8b8bcd26f54b66f30f2cf1b2
SHA1 8cf2e90535e982fcbd87a33a616cc9439fba58a8
SHA256 08bbacfc333ee11720d45b1eed54cb6476bc7bf863b7a33ca660beec0b2ce653
SHA512 7f9a7f275803c106a3daf7cf6e1fa2ebd5c93c1be376a61b2cf69761fb3cb33d9a62e81cff00ae5ee20e6b10c92d27cdd9ec0c1f84b3feb2bd9178265b2ad657

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0008e623e75d5de367ffbcc5646b07e6
SHA1 68b68b2b682ec64341cc71aec5bd778348431d63
SHA256 0d7cf46041e6eab0e67f2a99d2994c69e66e4a65a95e4694d3444cd5e9872251
SHA512 23912134ad03cb626bd22dfc781ca8f56036806c9eebc57f595984d047da10c6084e35acb6e95aed562a9236c0bb005c984fec367ad7b9b3592c5a5d4c6824b6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffca653c87cb5b14224ca2f2f760827d
SHA1 9f8ad860ef1904555422b87ba2b6432d348ae2f0
SHA256 ee3c1e091f559c6ea726af0f8d8fbab9ea3347fab1c07fcc750d55a2beec6952
SHA512 402a57878c22684db46afa91846cf6a16b886bf0ca4570367b14c79d6174ae936c4a5090946a168f4990bb54c641408c03bf69bd4618841712b510b27c1c3929

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 18:19

Reported

2024-06-12 18:21

Platform

win10v2004-20240508-en

Max time kernel

138s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b488ddb577ac076c1349ad8a0a027b_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a1b488ddb577ac076c1349ad8a0a027b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3988,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=3996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4320,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=2680,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5404,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5412,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5904,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5744,i,11746347647270949551,7786733067759450703,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 a7tqe.cn udp
US 8.8.8.8:53 a7tqe.cn udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 a7tqe.cn udp
US 8.8.8.8:53 a7tqe.cn udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 a7tqe.cn udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A