Malware Analysis Report

2024-10-19 09:36

Sample ID 240613-1c7axavbpk
Target a6a81ee3514611287f617b6d1bd5f231_JaffaCakes118
SHA256 d6caea1f1a03bb275e670be3b56e5d908febb85d67b83f29e5939442e1ffcce8
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

d6caea1f1a03bb275e670be3b56e5d908febb85d67b83f29e5939442e1ffcce8

Threat Level: No (potentially) malicious behavior was detected

The file a6a81ee3514611287f617b6d1bd5f231_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 21:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 21:31

Reported

2024-06-13 21:34

Platform

win7-20240611-en

Max time kernel

122s

Max time network

136s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6a81ee3514611287f617b6d1bd5f231_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80ad0d24d9bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476158" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000000db4e51d6a1d1936a69b630e464678df8af761fc766de13d4d798e50723a5f5c000000000e800000000200002000000025331ddca8f05a125133ec76c668f23b0dcd9cb78508e9282b09978652b23b3690000000e599e28f121625f88f8cce5a3ae5628a6c5e7cd624622e95937f7764a9c6f339bc3ade47ac782f223a7ef3019f17c950bf6a83ad14a33d4508f27ae7abc3434e688dcf4f4b1f76cc1f800c8d1afcce71945df775ad4adc144a8234b64823e64c18c61901fa711de4bba3c1f48893c5221ef3c195f768c99bbfdec1c0884258000d67b8a2ae92ceec106c030e9e65a39e40000000b3aeed6015eb4f1bf3800b6d73fc37f4c9b8770b8a1ff77371d4d2a74beeea35dece9579225d110262910fd4a45ca755f80c6e20d0e0e00066151d52f239f1ad C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4B460551-29CC-11EF-8B35-D2952450F783} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000046876dd51c2e70daafd4d978bf95bbe37413e6b18e90a803174cae6981bd806000000000e8000000002000020000000d9a2834cfb16403d1263dadd9c74745615d74d91f12ffe4d2c49e4cd1feee27d200000004ddfd0440b172081364f7e05ac9a4706307fe8a3e84d320c93757183d1d9c4f5400000002dbafbf14be90b30cfbb605904fdf1b780515f95ff2ca10f5c35af06689d3e41e1d69f22f29b32f5b3ce2af22eb00958ebb2f8ac8978ac1a7242095baa34821d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6a81ee3514611287f617b6d1bd5f231_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ag8aq.cn udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA4E8.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd5de310968385dfe8ab1907a06a50f7
SHA1 683503ac661512e4865fa15ea3dd5719647306d3
SHA256 670d6f3b3f6cc65861be4bfffc53aff6341fe74d81b791a35c2d52e77b6c3d78
SHA512 f5c98b28478a7b5e81aafbe56e3f4c679f0e089be8bca008222a052d4805a25131cf76fd7015bc99af3afaf499f7d2618fd516a0e320565cdd43f11208db7b6b

C:\Users\Admin\AppData\Local\Temp\TarA5D7.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1bffea1149e69fc060f43e0b42e359e3
SHA1 019ec6f56975b4038089be1b3c7365f434ba87da
SHA256 802f6d59102b9c99a3f56eb280a4da0251c9be56d3c7bb32629870fb3e849bac
SHA512 c19414dcce3392a22634c62d2fb4b5d6137fd6c771b24cb48cd3406b954eb2c69cf922be9c75dc1ba4c274bfd22f4f9722cd7d32448c4bcd09626914ef0bde46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d91c74b13a2953643dce397c119ddad6
SHA1 724034469529c4e801dedb58d7a95c02be821306
SHA256 3c802b448905eb6d407031cbd768e29cd766a421d9ef6a234e5f94b6195a07fc
SHA512 92cb4553e1f97074dbec3d9ec01e828d49e4e200d78d5d9184d241ac5f24378e8bfdd97bcac246b21bcc15d6c8534d813eee5b653f5c8b6c7a408d69e28b8585

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 683dea4eb8a96d7d6abbe445bcf74210
SHA1 02ae844c502c5a7d8bae2bf1be835708e23ec477
SHA256 210ed33273102ada6f7e1161c1465d2c423fc22f1b5a5c3de00b7c9de4d15835
SHA512 e04b26f0b37a3f49c7008ab9a0943f0d862bc97979301f971cd45696571822e2850e48f61ca5753fd9961eb4495fea054c788bd48fbb0e2309b938739109ccc4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2067253a9845dfd1c88efaf472bfffc5
SHA1 8ac881897fbb896ab85ea6400d19196bcb519061
SHA256 240abca15dfbf5601bebc71747688f1654f625b4e328292a86373224671321b7
SHA512 07ed1ec80793b75bd45bc08dc2193042199e4ad56b47e61443db931102a9ce59b091cc1cbb382fed70c5cdd9c680ce0dbe7423fd46fb8683f534e93a8b51bbc6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72238670a7468450de9898a44b66a1a1
SHA1 64887ef3710246098133b634c9affe09bf52e7db
SHA256 39003b827354d7fd305ef944b142da2ef2c928a0faf947689a1499427b67b6d5
SHA512 b33ac01a8014974df0ecd84b82a0ae4e8b1b1861ed88e1338b7b415cd690219c96bbb65a43870d8c2114a2e8366c80eaa3de5a2ac35b6a22b46e1a79b324b9fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3750587a094f700a0004c262067b368
SHA1 51c32052ab25dd3409eda29b5eacb85625b22463
SHA256 9fab7cee9cc4085e8206d2284848c20123f71c8f9951d0d06edf3c1229c131b9
SHA512 948808d6fd573b532bc613d3b045f5ce629ac41baaee0fd9322ef8553d5d99f349a76887ae53b259946482c53bce355aff58c82edb6d99149feebb3fba5aa27e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6f000cc168b94cadb973bf61403e86b
SHA1 0ff69fd8d2b605e7b4c02fe53148ff9067957a12
SHA256 f2e8130b20d600f4559c483bd75fb20bfe9193c3e1a119206b57f82dc5367646
SHA512 8593253b8508f0c0d671477c10f284e55b849b7472316a6245c02bb658a9222bb0f66dc7d0fe9877ba62c32164295a03fc3c719d0bc1668d35bce5bf6b48742e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2acb1dce8de85d2b9ee04cfdd2dfc16c
SHA1 ded2ace036d67a3241e916eb8116a3bd1803770f
SHA256 94e1fa8b9afc712b1bb92984b6717fe8651557183e8d174d8a91984fff2a6a1a
SHA512 1f8db78c8dc45cf6baedfa44206da1dc23e7e5452ab16f2b7adddfff436bc51be048a52a8cc945cc2f1fb55cd837c80f0b1506485154867736e2f86b41cbef95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a13826608a10217ed0336bf9faae065c
SHA1 21daeb9d71956d6149f3a95c7be0280bd04c9667
SHA256 2bbd221a3d9411fb63dfd6d42b08ea5f517ab09c14ed79b99234532f4a485eac
SHA512 4aae69b4627d8808165998bc5b6552eac08339551c5a3604b8a48dd32f9454b43b579d3617fb67826f624f00dc0f561ad29f43086e219a4ca15f2ce3adf566bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a8d879eca96ffa90761c823e86153bb
SHA1 419320e2c58a3a6a96de59f5605a5db7f647f78a
SHA256 c63ce36de7cb58847b4d22fe69ec57d8493c3a3f2b10a36f11a0e0d80b384734
SHA512 a11cbb030d7bfedd81f9caf571287f02a4d9aca36b6c8ce58a7222119664335e61993daba2d236111b14a3d8deea213fc0e57ee7fee20167161af2a1bd6aba7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01a171e85aa25e4ecfa5eb7da9132399
SHA1 c77ec3c06df7d4bd4de919de8286c8ad59b08274
SHA256 f2c3d88cc6de7e5cd9207b744b5f9de831315076f93cc2329899fc6635718801
SHA512 2eb9533a55895ccf3487ee18da32f9d91265892e55f1844e2c02af109f75418cf0f9851ad3bbb69dbbc7a7c4c6447880e3b0594ec863816a73c085c237af65b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ad6ef51733d4b2f660ffc23c2c705d42
SHA1 d02b85aea231e2e4480a58659c93cb33084dfa6a
SHA256 0ac798614d090e4f61495d56d5531c2bd32696b83cf7e4c8449dc87582b46304
SHA512 a628d8d90d392654ca1d35c8177d0a7114abce2de09829e5b8cad0be5233a360d4bb1696e6226f2cda2c7c305809da0d2a8d1885e57443bde454c385eec229f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74c16e0659635eac97e5a72683adf50d
SHA1 d865ded742ad272cef75ac11fc0c140e4245b45f
SHA256 40c27cac335ff8683d7154a590d377d67609dd39e36dcb2388ec37d25cc6b660
SHA512 571381a4cc13e630c63a6aa40b1013cc4ef9f53403eab7d84e5e4ea0c7e9faddcb1c848fac1f78c4af1e9c19495345f03c1db90911a8a5415525866fa1a8d813

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54232f2dc856cd581d3637020658a92f
SHA1 5e563d4ff65b87e80ee3b3ce6ddcccfbc54ab0a4
SHA256 2261285cf6e36ed7c924a6aa50a1343cd041805a558f11e047b5e3572124b5af
SHA512 677ca925dd06ce2c18454194f47ef1deaa6c7e209f84dfdc919c1999fe774657af10ac73473499bb2ec8946698a108a4ac3bccbd61d86527661ae9ef0ec0b23d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c9144fcec3883611492a209b4b7d6e9
SHA1 738ced34811d201547475b0d983937ec6ffce302
SHA256 44e3b458debe7b093617230f6d56df3be64483a905250c616924e9ed9840b1df
SHA512 8fb52016e540ba1ffdb538dbc0c6854b30ebf4e1c0780ebc3b5bfe462f117dca1bbe0180c3401968f2facb5cedd7747e55652fbcb34bc4605eec032d38211fdd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c6eb81f9d7ee7a6bd3fe40b29d60889
SHA1 df93a63f8b2b81bdcf4d8cc10d7e46c8dd051290
SHA256 f92d03ec17e6af2bca78792dceabe3991390187aec3d699be2b9f80ccacaeffd
SHA512 c629558ed0d3088cf7a059580593cb8b39df0e0d9ddde108826455feac645f77b11e41fb6f53833fe7a05379d2837608cac90f206817f496b9cc369778ea00bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54439bc67d4007ab745e7d1319e6b93c
SHA1 6061c0a376b50dea73914e8757dd862a329ee2b8
SHA256 42dab99bb09cff05b6b61c3826a64e26060c496d9b660f26ed807b3070e96c58
SHA512 4ed16065fad24645858fd69667acec1cd9f96877a5be25114dcd0634048bf4d9328d723220807e77b7b02ee0505f723110855bb77f40ecf4493fbea80f50f8b2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 21:31

Reported

2024-06-13 21:33

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6a81ee3514611287f617b6d1bd5f231_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6a81ee3514611287f617b6d1bd5f231_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=3892,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4044,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5284,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5432,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5440,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5852,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=3100,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4088,i,11749492925348081608,8895412282206755658,262144 --variations-seed-version --mojo-platform-channel-handle=3848 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 164.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
NL 23.62.61.160:443 www.bing.com tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.160:443 www.bing.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
NL 23.62.61.171:443 www.bing.com tcp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp

Files

N/A