Malware Analysis Report

2025-04-14 03:14

Sample ID 240612-y4lr6syejc
Target a22da812095c8ab36c91f6263778919a_JaffaCakes118
SHA256 93e830ab6cec8b2655f9769ea4d7cb1dabacdeda93d10df563545014156d6d22
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

93e830ab6cec8b2655f9769ea4d7cb1dabacdeda93d10df563545014156d6d22

Threat Level: No (potentially) malicious behavior was detected

The file a22da812095c8ab36c91f6263778919a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-12 20:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-12 20:20

Reported

2024-06-12 20:22

Platform

win7-20240611-en

Max time kernel

134s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22da812095c8ab36c91f6263778919a_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000f54bd65c200c6e245a9ea3e39a44c999ca8e9fb34b65b94f6115dd53161c2487000000000e8000000002000020000000beb89e2dcedbc7008b5fc02cd8dc7196b2992c87ede51f4f3dd76a79a9a18a9020000000a99a14b7af89524691c73b4c374876cc271291bcc207ce42576dcc74d97fbe6a400000007d6b2459a11bb4f8c73018439fb5d63e4dead4228d8f85f80aca72f1fa1a691dd4bcb8e355c19ab7cd7aa028dd2ec77b465734a42a1ab4dff2c167a6b4d19fe0 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b09db70a06bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000a465d86d9f41fcf1280ea939ed473c41f461e2163e63a06052f87deafbeb3a84000000000e8000000002000020000000294bd5b85616bfdabcf07d4f63f6a27995a797303b006242a64be4807f4f810890000000f3d397b415f3d810bf73b6c91074f626297eedbd9ffc8e09511c85e46fae1abb2bd8f66c8234e944355539eb35dbfe7f13cfcacc1160c23001485472198500f781fcbabdfb582dc487bd3ecf08939d2d8ed49060b92537d253aae8e64952264fd7a17df00ae01425e792c3b8dc241ffd74169733690dab92d7fe811030aa8769db93430b3d557d12f71cda9fe0b01fb640000000d4b2dc856d6a413481235be03ebb8062ed2df4c913ed9125730064e25b770c73ca959ccb0c8dcbac8e44fe8e136480761fe5366421a0d54ec7d9cc8ad76a86a1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424385495" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{34FEEB01-28F9-11EF-B9DB-4A2B752F9250} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a22da812095c8ab36c91f6263778919a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1936 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 coinhive.com udp
US 172.67.165.117:443 coinhive.com tcp
US 172.67.165.117:443 coinhive.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.250.119:443 mc.yandex.ru tcp
RU 87.250.250.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 77.88.21.119:443 mc.yandex.com tcp
RU 77.88.21.119:443 mc.yandex.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d78b523b9047f7dddd276e38d3b3709a
SHA1 f4371add67a5b5565897384c60745ad40fdfae1b
SHA256 3218a4346360594a0831ff9383529711885c85b88bd5114999334005e1b6e582
SHA512 431fd5bd3340df3561c5bb6d16e9179d8ab761e3532204887ad6f3a0b66d961ead732f18fdc7a7e7d4620282b8f5238114cf0c18b86ddca1efbd6250fd6a9bfe

C:\Users\Admin\AppData\Local\Temp\Cab2B55.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\Local\Temp\Tar2BF8.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1132cf36de34785ff75b82f805df64b
SHA1 148de7e22fb72064e0f4404205b2e83b47032697
SHA256 8bf6a874829268e128c0423513d7349376e70477195324258f08cee51a5633d3
SHA512 e2a46dc26f77a2777afcbc67d0b86144f5ddffadb88c097139e4e1b95b1552ccf8bbd73187385b7bacafb4bf24e67fbaca9412b8fd4ea3133b17309c6df459c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17bab072dd4b3be3694254d509f2a8fa
SHA1 2d7ca0a77f9d120d9268b9d39dcc3aef2cd20413
SHA256 860134a6a57faf462abade768600eedec9e2ee2393e67d7006a1b01f1c12545c
SHA512 24514cf4aa0d7b50d51f113db3f8b6c735a498b3181b688f315a22f7388cfad581118c4a4fea895074f663c4015ce668dbc5c9b3564a53480e9efdcaa64d6c1f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e171c51755234b9659f149c6077fdc23
SHA1 352dc6d3ef06d22b1d79890c93971fa5c13ee322
SHA256 3a319076691800b3f468015948833f9356a8abf7e43d5d013fd633d6e499fe3e
SHA512 84d28708c2905750ad1479549b490a520c6a299399424232e86528659754d6e2933b0f179b81e99eb9e61710f48bc8aef0ba4ffe7a2facba36601663aed1fe39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a54429edc8dbfda86ed67389751694b
SHA1 ee2e66a09a1ab8161448482150bbaaadec1b2fff
SHA256 87904313ae9ee311520d59ed7126f43bacd31d3cf064a99b01589baaffe09efd
SHA512 807a3959eef745b0ba8f462faa6402fa7f1bad58143a08b4516658ede9d7ff196f0dd53f40b83e7e838f18adf3edc1ecd554533a4908e6f5d8ace017c3c8deeb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c06b3294f8e7035144ed706ea6b3ab2f
SHA1 1267d5d6e833fd5b6a373e11ee14eb75fad0f2f6
SHA256 f2dfedb41fcc13d35877c67adabe2c953c5a7073ff7a3fd91f03941ed424f863
SHA512 82b94fd1b426c023f8a00d295ed584ddbcec1b2a643d41e24a2ca622869d596ae5a2fc5c2efd10df65c448ad86e0a2df02ac81a2ee06e5a214b15f7979a0ecf8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 569c500d68df3a413db8d61be464df9e
SHA1 a6456a24f2471787d2662c055d5afa30ac6ed5c1
SHA256 b4afcd751e072f20b8c72416f4e5db181ec337bc88741462434c3ebd16984715
SHA512 a75350bdfb6ada50e00e593cc3a638cfcf7b0ef5ac871dfded079b1522f543959e7a765aa48a3c9875821e25bfeecbaca390ff57aab1da23da7ae2b488aee224

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4702795f54a72f94f50fd923e6c7c957
SHA1 3f6af0ccde85dcc600f752436422f3017f8bb617
SHA256 4f865145c16b605e39ef24b54d250a85490c9b96d8798641c6a17ad65e159bfb
SHA512 17444d5bb66b21336fe1fc97b53855871e20397e2ae2320438bd5b26a02d5b68e3195dce585b9419236a48f6f1751782e118e2132d57b86c83643126dc9253f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f496fa6cbf4749dc3a7497bd29157b5
SHA1 89398a50bf77fc60386a80fd19ee90e0f56588eb
SHA256 71bd64246cfed91668afc9dadc66ea647590542ddfa01149a07ee2efb7648bfd
SHA512 c9f35594eaacf767c75b569ae38451d667cdd24ea6ea6bac4e68e720b550accbcfc025b778c7f22fc57b7eb9b7c62301c3dc57a6f0dab8f54d928a3c2a6adb0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfa20ccb65802ece69a7ee6fac7ca2d2
SHA1 891a1bbe5acba86683b06f324e2db4acc47219c3
SHA256 34b4e6553231ab45c4d7f29907d069e0578485e3b868b316a10bf5ffb8c37a76
SHA512 7cc5b70e83198a74dd9e26f88c318d5b02d26823bb666c9636c2ed9cb598f8b7cc3f4ae0447b87e452c6bb4b63b0644767b25b88f9f34dba042799f7608b793c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63df48752f1815879bbeaa843da031b0
SHA1 0e1180e99194957ae95477bbf92d263f2c18e711
SHA256 e22bb91bc29804ef3da2d150a41a3188d10f14fe48606a8d87438c63713cb67b
SHA512 65ca0d845cccae8ee8f98546a88229fdbbd8059c9f7321e0c580d13c0bdb76ac6022fdb4f9038e9da5a7d8aab1cd35b49628466dd06e142ccfe63b2a569a2962

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b43ae994cc5acb1b0e88c4d2e00ba63a
SHA1 e36710daf4c585a02f47b30e9a13227b34e5fbc9
SHA256 6e5c43b45307c308c80366d2b99a7d7fee6b9a09b52431ca3b3a8b66a787a60b
SHA512 04932fecd0ae37a18c01dad34199d984f4fa4785fbfd4590fd59b8a9f78f00e014889f05b41f0111b166172a07fe6a7ab4920711fa2f8eb6fef0e3984586b7d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4709c159f55cc9c3cde486337cf9a60
SHA1 37eaa872c900676e57acba06bdc9eff5f131c1d4
SHA256 2e5bb6e001b680bec9a66cc421b273e9c4fbe8c1f3cd4a5f259dd14145712b95
SHA512 af5776dc1830b8bee8e3ba5f782b91df256712731ff857c7fb8478ab916f87bbeac99429f0b9fb97c13295f3999a69ca231ae65c480d292629212b782df625bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ab059e289f07ee91d287c9b55e90f8c
SHA1 64a0e30ceb8f3f3d733629f888f63ca27521dd29
SHA256 c74f93f96c5356b4de4914f8399a7adebc39da5768f7239525b3beb02410366b
SHA512 acdd7e074daae417a21fa6b2dac5f07e7b7f7bd0fbdade8a08549ae850eed58d46de3e41976fccd61f82e7b2cf14c32c84ed7162ad2f93ad8ab0c8bf37e71c4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b64d679c4e9421022b8aeb2397daa062
SHA1 cf8a905407703b100cd1e51cd645eea35aaa2949
SHA256 b6ee88ef96e5d825f92b2edafdd9b098fc7bc68bcdacd84fc4f563a96ef4d177
SHA512 19f02009c125d73d4dfe22d7b06e2ba1889d597ce49af52243a6ab33b7f6532207e287763354d704db893dd8e5f72e7e65d09af0f21aa1b50f965883623160d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c29f01e7dbf9736ae954aeb6f60a3de
SHA1 78d75bce5163f4bb4e9b2b95be1ea9d7755811b9
SHA256 36dcc8824e7761377c3f2c12e8fd605dbf637ebc06312e826122b16de1a78d39
SHA512 2e2ffa10a64b63e259bead029caaccab1c1084afd5fa2dea97a02ca502b08142650861a9b3000c8e5ee78be394e168a3c79b1f853cb4d8152a0ce3a737b86018

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c863f689716c822cbf28d7017523178
SHA1 c1f9b01cd259bed0609fb3d7921fcf60b0e920b7
SHA256 257bdee1f4d07f74a83c734d456f09be5c77b84b68d6aa876ef2819dd4665110
SHA512 3860885716ece1e3fc2b38f263c84b0abb30f41cf047d1225bf5139213f744c0fa9f21205b0bdfc376ac90c358a068cf7cb04d2ba3a662154f94fa01bee29429

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6498b195ee9c165c87d52cb012614d7f
SHA1 3f43da6c1fc22bbd7e51d54746671fa1dff69364
SHA256 8ae07d9141f38e52024b70770d9a6611df6e4f6e8898a483aa578ed142f57c34
SHA512 1cb73b04d156c294377fa0374e08098acc5cf83850f85089c71d2a4deeefa26bb342b198baf62ab8f90edfbc779ceaef914e2cee54521337a9ef483228915056

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39f0f38d72dd41cee26c3d2543cac127
SHA1 59acea05c79b0a02448ded4d9dfd22f3faf87483
SHA256 11baacac8a88c9874edd1582eb3e3b015df28eaa2c50f771b4fb7a7ec78753af
SHA512 6ad944a2ae999dfc2890b5adf4ae4dde2fcac1d24c3acfe4f1221acd82a1491ab1d0e435f5852db6994d1ddf2ae72b45d068d92b9e66b1af873d499eafbc596c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b7dcfc0d46ecb4f44b46717068917c0
SHA1 6ba70ba94b0124c89a90b8c3426289cb13299928
SHA256 5b054fd861331246fe34aa2b4a37717aa33769f8a57be4586cea13e8e3f95731
SHA512 e85e3d304151e8f4f51604202bb1c3d63524e6d81de5f1662edc2c24a5e09f9956623527bcf1ceb316531d9e628189c0ae8abb026b02a21f5a8cc56d4ad8d83b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-12 20:20

Reported

2024-06-12 20:23

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a22da812095c8ab36c91f6263778919a_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a22da812095c8ab36c91f6263778919a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1036,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4116,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=760,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5444,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5452,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6696,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6776,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5972,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 yastatic.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 real-estate-abroad.ru udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A