Malware Analysis Report

2025-04-14 03:15

Sample ID 240612-y4bl7sydrc
Target a22d426798abfda4c1710c64fcbcab5d_JaffaCakes118
SHA256 e1d25b597d94a60531b7d97a8198d0bf4ef28820ee100d0c7b9666b9b1b5e2a0
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e1d25b597d94a60531b7d97a8198d0bf4ef28820ee100d0c7b9666b9b1b5e2a0

Threat Level: No (potentially) malicious behavior was detected

The file a22d426798abfda4c1710c64fcbcab5d_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 20:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 20:19

Reported

2024-06-12 20:22

Platform

win7-20240221-en

Max time kernel

134s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22d426798abfda4c1710c64fcbcab5d_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006c7f92e61d6f7e439559a7856234f412000000000200000000001066000000010000200000008e94e567b3fcdc913ca3a85f867d8c07a0e35a5fc2927f8f19dad4879dffefbf000000000e8000000002000020000000cb8b8cafa9703173ebb6fb4d915786c955e86d77d6a252933fd1cf260f30c88a900000003f680dcc5d1390726f93742760463ba37278e0468cecc4833fe7da7ca31c851874aa3200b10d742653168a4379d6e36b2ab977ccb4db408cdb1617d906f7c7718dcc46a9fe8fe90839370de75eb9ab88465df15f6f0e46d52c1fe011d4c21169c3b7f4e73a5b1eaa0bd8cf28a1c538379ee184ced7ad568ad714f353d5c63ee3ddb7fda2d2e519d5cfb9ffaa8162f3dc400000007813f6b26ff3783de440649629e121be5aefc3fb4370a419dd0376fe79a0bc76249e2a713726e1e4799847e5d3a7fbfd82ee490aa41d4b703efaa45329c0bf85 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2332BC31-28F9-11EF-91A4-56D57A935C49} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006c7f92e61d6f7e439559a7856234f412000000000200000000001066000000010000200000009f03e69253b41d110490af6ab4bd977f7849a8ab32a7c1bbafabcb11b2408921000000000e8000000002000020000000c3cb208d37bc08c852c1b7a1e6a0997134852d24fe42187e763b9c3245affec2200000005164585cba287126b011cebae55686460031ae8b2c0b3af94da202fad3d3f1f64000000020b2cae52f5dd30be19277df7d15187183f152660082b9f585775b60585c0eb845f552c521d03d2fd75bf9df9f59da27198bf972ca8163be00fff527e66e6b2d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 3069d4f705bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385465" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22d426798abfda4c1710c64fcbcab5d_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2BB4.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2CE4.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9102c5851d0e7e41aa14b7fab35f5a31
SHA1 d5c3fe56af322a2bd3540ad630cee4f42630c153
SHA256 17f6ecf8768ff12ebcd6222b0854fe5d90877a111f750e38ca2cff0b8c7dff7a
SHA512 9eb807fff0da5a240674445d047146677962f21f160a2441a2759926491f8ff34077eef98896830f63b98b74e58c17e260d62fdc03846330e0daf53bb2dad2d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ec799f1fb93d7fc5281eb522af1a600
SHA1 5d85dffadc30bc5c7b80998a7bd7ddc817e06d51
SHA256 a91150f99a7759a06ab3fe9cb342afcf597af0c0a156371e2a50b614f360e292
SHA512 3c734604cb4e4ea79c79ace570552737df22b79581cf1311e37a1460f857c704d3cc662208b1928da3de8caf728226d8b8e423b5f17989fae7e3caee28b80f81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 616be73de21e7713d240666e527a262f
SHA1 e9c59342fc7d698f15bb06f59d9fc7a1bfedd9c3
SHA256 8971b506d3c9b96498b81ab9030d5ef9fc0f3646e08186f4568b871c4d18c1dc
SHA512 a17e58d75f697922e4a88dddfcd31d619ba8fdac3c887ccac7e42552390f1a9da560d387763376645452afc775987eed7131f7b7230aefc0423f08ee33f9030d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7abc1e40273f03da35b602d035dbf2d0
SHA1 40d69a8496c499926ebd345159566ab50afcd2ed
SHA256 90e3d08570f0a8c4a7bf78c768a404b629380964060af53b22c27134104d3261
SHA512 aa6fb03eab231590a02ec2a2e97207cbe326fc7801ce31e88e486ae364d9974f4264409a5286096d2052df4153c134f71df8b95b3be26934fa92a246f9e678ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c09073bb400f53ca8e09931f93f3ecf
SHA1 3a15dc6d71aca75957f9bb1b96ad50cd76248c15
SHA256 e317190323d4b2fb44b508a531d7d77410a00a0ffd562ea11481331b1653fe2d
SHA512 2eeae0a8a8df242a8ca64fb7eb85d4474225714fc8b8578bfa87f47c26d82121ec1e1fa8f211df94fa061d20e117c691b5844e38a0070e35e2d6f5cd4049d1d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3fbf7e1cccd6c5cf9af88ae3e10c52ef
SHA1 8081090062ec6c92add229f233fe3db1fb27fdd3
SHA256 2d692e9c3a6427c21e3b852e01c66e526cc9511472d542e226585d71c6dbc377
SHA512 bc2b7aceda7a92aa7e725bb13070fe271b19935c0b34888a6841ea5eb548d06fb482b13922db4967855bb30971af591f0051f8ff7596b7da67eee36ab7495100

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00c0ae3042d429b91579924923cebddc
SHA1 35de80640b7eb801ea816651a2db326703fbc437
SHA256 e928e84e40c4a57d4332aecd6f2d061f77f756a45d498f6707cc8cdfd585defb
SHA512 ff72a8e4a50f9378662e7de7ed5475a17ce45af0b60c6b1f6d67b4b382df73ea5641711228aa66bdc6f598f12649ab35464faba253f4580aa5322fbafaf1590c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 285147c0f758ea2f846ce37d5e8b2f4c
SHA1 b72f387d65dd8049767fdefab4286b2a8d8ac4e7
SHA256 accfe00414f5735a3a13016a36069301958bdbd80c1bdba0b11269fae81e5da1
SHA512 9166cc653e4ca446ca240187433bb5a1e194c6d698dfe3dcdcd38f926496f8507183b3c1bbb93d2b1c55422d9641481e7e0abfea1c19b151a4c670f1f9c5bf3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1a21f1295c8550975efddda8fd4b44e
SHA1 e56765faeddd923851236082d9664cd2d3b07505
SHA256 f6cb42660639e941cd2d98a8d81f94995cce4edb0255546d47d47428b79ba932
SHA512 8756557ae57b12572ceef24193eb439d4678ff54986509c5366975a3ecc4525ebf9a586f471d9815ea4788c5a4c4524b866951b053bd1a58fbe491958bf518d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a9eb2ecdd62c3bae860e7771ff8a646
SHA1 74599bb86ccb8b45724c9bfd01e610d1992a43d6
SHA256 62f48475fc701a8168fcdd58c54adb2bccc8bbc179d58882d52b2f772768991b
SHA512 9ca260fa652fc1ac1b2d27626b7b9de9c3ccb7f51134ba8d8e4e14f9de1fa4debd8cb79a0756e7b62de265ffe05ff90c779d00c8cc735258479c51e41e27ecba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aaa8879096123a2e826734ea63f2d2cf
SHA1 c9370ceff044050a495881ffc2b215bddc8851c3
SHA256 22797f8669b7b5b1b9046158ec0d81da900fff5fd11017b3cb2975767ee7db22
SHA512 ce4405e25a0fb42046e6a8012e6604e53000d48688a10baff061a73b42613f16e938012afb6ff98019c6baf44b171f0a7d78dab4612f1fffd2db32de66f5e792

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 194db5c6c60c8965ab4626e465d2b185
SHA1 deb3c024b348cf0a5214f3de12b01109c95089b9
SHA256 4863f0435554cd0943f808b27382f02c01c6489a224b6938226aa3012d489f09
SHA512 327e69f9956c56e7be0ab72e91da639df64f28c1b8f0d7cb96d73bf329940c494adb0803064b2c8182dcd9d67423421f8ba19f5b80f6179675a383cdaab0feaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19f0940733611e4047da308541bad68e
SHA1 0d7f36a03f9141f7a90aa2ff0ccde1eb469db61d
SHA256 e310f196c0c8fa9eb43e4e71d2361542e9adaa67c303879d651f546bd50dc4da
SHA512 a685c426d83ccd7a14f8f1f1d38ff91a1117e5cf8e90abc04c02cdef832a6d3efd194f1a73e80f38d2913e87995cf2eea3cfc57577aeb4ef6abebc198cf1123e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc5a2175a20357f100c36a8d453579b6
SHA1 011f02b70e5f93d71ffe92cec91be42d1acdf140
SHA256 6dda4d871d41a4f803ea007a74ab85c3a362eda6f248cc185395ae8ec7fe4107
SHA512 46b02833ab966b12dadec3dbeca6af5fb7f8a6d01055ff30b1777e76e14f53157b40403ba76476fabff13ed18b7a753ef459aea21ebf766cfaaa6f28faa7c1bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7092a22a9153afbf98888bcb62866f84
SHA1 53d26bf7654b1ca1d01a4bee371a4a2593708771
SHA256 29f0adc01421aecb8e98962d179529ecfb325ef9760a61e20b9a7cf356864530
SHA512 3efd4d63dc9cdfc749e89f779e2e96874f6ffde35bd1a333f2302ca0337e7f5c365a64d100c81e5bd42ad50608f24da8ce81b1525fbb9b6a70386bf977efecf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9f738e499a6148d3d0a145597d01a09
SHA1 54982530ea166a57aadd339332b0d8fc6712e2f6
SHA256 96fd73fd07a1385a8f0e7ef90c253979a3a7c5f664dd6a097911e62b27bdb20a
SHA512 2af4e9d3930ac1b9b40577259aa67daf3453e2b04cc7d52995b7f183f0e3f7a372051e1ea6baab1c183ba2607cab118ba62b2077b594d6b09eb5381e0b53577b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 211cf87994ead7f741154b0cac33ed13
SHA1 1389d9e7e07cbf2a5fccf77213616b2ff0d46219
SHA256 d92eda3fe5f4217ef2f90dcbf43be900a649fb4d2ccfc281d254a8b44fb67e84
SHA512 7b0f1c3e2de2b322bb4b95b0e376e1bd1752e1ee1099380398a286455e5a539034280357cad4ecb4b55583b802f57c0cdf8a83c082806f48500c106d298a064a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c37d0c8b02c2fd397417fcbc8e38f8c0
SHA1 eb478f6b23db2130c50c1bfa41b97f7e6f10ac86
SHA256 ac2a3e579ffbf105861294234c87f0808db268e927aab0cdc97daee67f077112
SHA512 ebcecd836b23fc5ad4c9f30facb0224184df6fc1905f4b045699d9e88d609dfaf09c44ba9482e103c9fc33e8cd8178d6d9de92827fa2a4aebb7ea6de59c373e6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 94dff4a4fea5edb70ad594d77a156d22
SHA1 f770cce1f507ab4e7e049b6ef349a90b8fcc6fe0
SHA256 3b31e36f40dfc9463dbe4705491fd2c0e77be11fc32e658e89def0c50fb97f6b
SHA512 25cca70edc4a561253ea2de166c41dd47f6ffeca610c54d0db5d544219b2d2ae129dcb048afee6118b9f3dfc93065af016147c24ba708f7e69e87b8d5b3ae05d

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 20:19

Reported

2024-06-12 20:22

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

137s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a22d426798abfda4c1710c64fcbcab5d_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a22d426798abfda4c1710c64fcbcab5d_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=1428,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --field-trial-handle=4908,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=4436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3832,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=5380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5372,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=3840,i,2029050989380753659,15333598055019363793,262144 --variations-seed-version --mojo-platform-channel-handle=4528 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 249.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.202.52:445 counter.yadro.ru tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.17.251.4:443 bzib.nelreports.net tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 4.251.17.2.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 204.79.197.237:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
RU 88.212.201.198:445 counter.yadro.ru tcp
RU 88.212.201.204:445 counter.yadro.ru tcp
US 8.8.8.8:53 counter.yadro.ru udp
N/A 224.0.0.251:5353 udp
GB 52.123.242.9:443 tcp
NL 23.62.61.129:443 www.bing.com tcp
GB 52.123.242.49:443 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 40.173.79.40.in-addr.arpa udp

Files

N/A