Malware Analysis Report

2024-10-19 09:37

Sample ID 240613-1dv92a1blb
Target a6a9f20b8d15db0641a8cc7ade951bd3_JaffaCakes118
SHA256 ce26bdff2198f2ea4f816c390d8d5d201c165973e2fc9ff715fbe934b9b3fde8
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ce26bdff2198f2ea4f816c390d8d5d201c165973e2fc9ff715fbe934b9b3fde8

Threat Level: No (potentially) malicious behavior was detected

The file a6a9f20b8d15db0641a8cc7ade951bd3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 21:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 21:32

Reported

2024-06-13 21:35

Platform

win7-20240611-en

Max time kernel

137s

Max time network

126s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6a9f20b8d15db0641a8cc7ade951bd3_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30150489d9bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{751B47A1-29CC-11EF-AF9B-7E1039193522} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009ab3b650346a5826acb1d6a08f99948a4733d7e294e19c2a5ab396f3f3d20208000000000e80000000020000200000001c56ab149dc141d41ba3f57c88e4a38b045b1158b73484289e24f134ab706ec420000000af5f5025c8992df13b3886494953608db44869f15e87111f54b1c98fd21a1e6340000000d4f20ac2b12b559525288b43827409bc5cf47e03ca486200016391935ee78d0c67825d2c307797e7636896011298a80f18b4040e3cf7ce9aa99a2f231f9fb25f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424476229" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b9537064da07391f40229967b85cbc5af19611404bb2be0739c9e15777b8e14a000000000e8000000002000020000000fafd7d01c2a0af1c164696bd2566074f3a4636dd4e056630ec90fd8100bcbf6c9000000020b83ffbd0e4ea412ebcd441ac0111ff35e8f321ec7a4e9e76633b0c0327cc6a55a6771668858c9cb4690989ed541c2cada12b7e905c865db3be06ac3297cd0a43ee8fb72f3052166e4edd433e3c94988e286552242460934eda32855e65d0aab2366276c0aff185dc5b8e09c146cda0efa40632b5686310e5dacf22cb585eb9ed1054120f6980f9dc62e3aa6d22d84e4000000057a4c2217b7e2352baf63f0bfe92350b291f342d886fac6c58d08f5281d849bddd7261e10d592798a4fe2ebcf69cf663461725b0e38c2d8927820d2c1f18d615 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6a9f20b8d15db0641a8cc7ade951bd3_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.91juyouwei.com udp
US 8.8.8.8:53 hm.baidu.com udp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
US 8.8.8.8:53 tb.53kf.com udp
CN 159.138.20.15:443 tb.53kf.com tcp
CN 159.138.20.15:443 tb.53kf.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
US 8.8.8.8:53 s23.cnzz.com udp
CN 220.185.168.234:80 s23.cnzz.com tcp
CN 220.185.168.234:80 s23.cnzz.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 220.185.168.234:80 s23.cnzz.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69ca2f5fbee0f5e379c950047c959dce
SHA1 57e46c9ba34138eab4fccdf8934cc432680c8471
SHA256 c39f5c755cb2cdbdfb813b6fa7e5edf9f551c99fb1d8f4e11fe457fb87701a26
SHA512 8e9fbac25ba8d340984ade36be9a32aea251fec83df135a8dbdb825b8738b2617ca618c3635451ccdbf5b86b3e559815fb3ef9f2816012ed860dae203f8c23f2

C:\Users\Admin\AppData\Local\Temp\Tar5969.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab5957.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86980b08afb26c9607fe8deb0d0e526e
SHA1 2da3d233970e5278a84d7152f95cef795901da1f
SHA256 8aad4c09fda9d6b51f5d8178f8e94b58f453270f0a86fbcd23815d5c601887d0
SHA512 f928bf3346b6d424e01badafce97227e296c8119f2b0a78298c4e156233487b50f040b366d415d731ef1aee9388d466969583b3706bcd4bcf1eed59d8bd5f17d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1414ad02064ae1722c86d7c6e069d3d7
SHA1 bbbf1ad5f6faafb0c6b3c8dc5235c1871bd90385
SHA256 baa59d181816ee6d3f6893c8688dc662f3bfdda8f46f8055543a8bb0fd9ea847
SHA512 cbb0ca5914438f8d622512d47ca305918996dbaa5e0003642849f7a411139329c050c0eb965b01c9ee2f8e30381d3ad6ee81a40f2d991f19c680726814b0ae25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5264804d69ed21a76418407b054a88e
SHA1 9ba11c8051fb4692bab32b2f0d1927ef75f55c27
SHA256 e751707b06456ddd633c9b11b1f03cb022f9cd90adf342435caab9f44ffa53e9
SHA512 3ea04842f589790fe54542db102f79fafc4feb1813974eef5d491f864fc5d2e07776644f6938a0ad8a6c2135f268dbb3dcb78bcfcc6eb2f5ef60ca11dbf912d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30fa84390f7848ac8b49432d064e034c
SHA1 165255ad0e4a66f1aadcbecd0fec6fb9e3546419
SHA256 2de843f6d43e0e78ae02ad9082e3c1abaefb705edb52099c0e872ecd30fc98ce
SHA512 6d52ecaa8a8f6d820a860da8a6ea3271ca1abf7a5e9b7f08025348259e884fdf14520f937e48e8651b76ea8c57b0212fba3b04b38d15668d44b5abaa7fb28405

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a9070f6479533374d929e457ebe83046
SHA1 6398066ced02223e156d4014a5a5b129c04e8077
SHA256 00f900ec02c472ab46a84c97562434ecf970dab5c24192884999e83a576a4c64
SHA512 bf24f9cbd8321ba99e0924fdde91bb63723e80baf629d10f43e9b37171274bed999cfd2d44e89349767a9f4b2dea19f20a45bb203263696cadaa658c62a67cd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e2289cc94c609e54a4220ea7f31c6c97
SHA1 354389a2915c7f3ddaf555b5aaa146c7ac2227a0
SHA256 2bc6c003c79b4d081d31c2d5c518c26c1e6a1f3b06712b50cff2a828b364859e
SHA512 82c3ec53fa28965fd40587e05ddd04608a67610e5131d529933ae9e37506debac99dc97dee7e87478a6ee798910a1384e2bf78d209095aaee31f30ee1696bf36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 812905a8d0435249a36f444b2574a8e9
SHA1 ed93e9ca046d72a2966844423e9166d1e0c7f70c
SHA256 4638bce4619a16b2e1ca39be60c73eb9dda279e9cfc271087aef995629a4feb9
SHA512 89023b84fad799c0bfd451a586995459fb5f3716acb196c8ba838bdcf4d69af543a72d4fff13401349101f82b3933a140c91eaff87de8340d56db886627ce242

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d1359e5a437fd99fc4d356525d00ec5
SHA1 f0649295b8df4ccba2b384fc9fe356bc7c8b54c6
SHA256 d6f8497b28243feb23aeabdb4c5a7e46badb7678c8f780ff6aeedb3d5d85c608
SHA512 2721a1a5ef8b971b77771e0667e508e23c02d441942ac9c287528955bcb0f543a9ef7c873ea9e58859b0b5d8f4c1f39c504905837e28c21c7d4a0680eee57908

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a51612254171be9c12ebbd980d3a8fc1
SHA1 376ac5d7a34793186f23c549aa4845f4ddb5acfc
SHA256 ab3defe8db5098baea38d63748b5bf11890f8c3c3a7093a53a74f1c3f65e81a2
SHA512 39ede53645f6fae90a2b08e87de1db43a1870fc58946b30a52d6d6a353cbebb880539c5367ed82b02936b13d83915ef4f6759603971ce5a1ea82e1c8d720a8e2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e75d9ba1497ce1709b93292c74ba023
SHA1 84649ccc7caf6df0383807fe49f70ca21a768862
SHA256 5377a183b5e0190908ec06f5d322047b7fba31cee00faf262ea064d40c071fa8
SHA512 44227a658bc01540db0cab1828fd11101a787b3ea965600e0ae704f18e4dfd483b6591c3efafb68aa8494443e29c4f4fe588170a1ba8ca261ce5053d86cd9c4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec5c2897da3754a56fa9e1ba93107b21
SHA1 e0c726d894be0dba8c0fec7ce06d98fce9cde75a
SHA256 4be2baa9303d32d00d5b4a6dd0eaca5b5d76afe15ae9634283603815857661db
SHA512 bf6935eecb59dbacebe2dec5780afc07e3356facfaa635d3ae6be78622f236b4f03a184ec5501f5a690842091f2cc0cbf4bae84265f36958675719e29697fb44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 896b56be141af9b62f6ad7d4e6c1deb4
SHA1 c415f22250a9f2744cce1c271950b2602347d0de
SHA256 cd83929dd78f9da0af7e17344064be09fc252bb542ed1db0dc3528fffa63112a
SHA512 7d63c07196de8a8b13d767ce5f65cd6a49c0c228d9a706cc1690fe64af70ed469990e5b7be65cafb1ff4f25f52e829e029ec6c908ad5d7992258b49c1b59367f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e5138ddf14101eef1d16299d8ee20d8
SHA1 c000598a0d3607ad68e04cfb21e4ce65cbda9a83
SHA256 d38cd27b809fa6ec7083d5df4cbda6ecbe4088d875a33871c04d496af6154582
SHA512 2c08892ec399bd86c14703f0a059a6b78d72a1e106d5b6c47b2d59b0ea15d32aac348d27115242d1862b72c36ba72a8560ee88d3ec737e4310d0fecad3511910

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b1d07e5ad27bfabb85b41472cb0cc29
SHA1 640cbfa493c1f36005220b4dad583a821fe1a807
SHA256 16ad01eb961b1a19a5cd98f42ddb8f6326c5708ea360ddc84d022070655be979
SHA512 979071ca832034bdea288bab88f104c5dea0e37746978156a635f147cb61f2a56f8e4c48ee349c0ed931161eae6bdd1ee1ee9cc310106e20a03c17c669d61ea9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 970211ddace9953cfabddc5bd1988162
SHA1 fc2abde250afcd99aa4ac3bfc360e82c06deb439
SHA256 089c9c0459fa5bb3d436677a9f69e8572e2f85850e7db9418c92e40def3fb3f2
SHA512 22101708c4b35056e9028fe22f2da804a9114e0e79c4054f8187e89e6cf8aa4a7810372e262a56caf8a532265190431d753974c8791f770b78a7f558feaa339d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cee533b101b2cb92bb35b678ab7020d8
SHA1 7232f4ffbf0469beb5179b7ab6d39759dbe013f5
SHA256 4e408af49ca6951939544e3026f80d517774cd0f1e76bdb6388640dea9d14e71
SHA512 133c4a959cd2376e83b5e71a7fc4e15bb289bbc97dd149f72915bf867a8ff57cc90724d001cb373e26ddad0fd4b4805c7888add7c311e71a6c9c8e0d2beae6a7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 843ba2ad002f48b5cc5488e921722eb2
SHA1 b79b383a1388949bcb3a419f5e7d9a3664d49a73
SHA256 a3f495266268ba02f871c6bd97896e5f75e15b5ac2f9bf2cf4de57326b11b31c
SHA512 5b7dc13a23b861e8f7f52a35de86344600ac4ed18a81f5b6d9985315c3b8e248a2461a4cefdfafcb7d47d8163638d26ad6f9a286e88c82af863bfa8934d19f56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d2c26cd9d900902d0c4e2ecd5b9d814c
SHA1 4fff34cdd3e32c696df1c53a38ffbdb2b7fcca10
SHA256 71585b2b95bd34262248c733a52dda17e366e54ad1ceefb3e03fb894479e136c
SHA512 a44dee3ceda4da28a9b358105fb1e5c32a482218eb73cadb3823b39dde0614e24890667fc7e8b26152241074dcc26f77f7607bfc53f814ecdc72b2bb05bc7eb4

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 21:32

Reported

2024-06-13 21:35

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6a9f20b8d15db0641a8cc7ade951bd3_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6a9f20b8d15db0641a8cc7ade951bd3_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4192,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3856,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4772,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5456,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5468,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5924,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5892,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5472,i,11266875042087428226,16669718873272757238,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.91juyouwei.com udp
US 8.8.8.8:53 www.91juyouwei.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 tb.53kf.com udp
US 8.8.8.8:53 tb.53kf.com udp
US 8.8.8.8:53 s23.cnzz.com udp
US 8.8.8.8:53 s23.cnzz.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.91juyouwei.com udp
US 8.8.8.8:53 www.91juyouwei.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 tb.53kf.com udp
US 8.8.8.8:53 tb.53kf.com udp
US 8.8.8.8:53 s23.cnzz.com udp
US 8.8.8.8:53 s23.cnzz.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.91juyouwei.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 tb.53kf.com udp
US 8.8.8.8:53 s23.cnzz.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 tb.53kf.com udp
US 8.8.8.8:53 tb.53kf.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 tb.53kf.com udp
US 8.8.8.8:53 tb.53kf.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 tb.53kf.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A