Malware Analysis Report

2025-01-18 12:51

Sample ID 240613-1vjbss1hnf
Target a6c456e2d342194489876598950ee30f_JaffaCakes118
SHA256 0876c490877150dc0ebda9651e30308df341ff583da977a2a1faffec12dae234
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

0876c490877150dc0ebda9651e30308df341ff583da977a2a1faffec12dae234

Threat Level: No (potentially) malicious behavior was detected

The file a6c456e2d342194489876598950ee30f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 21:58

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 21:58

Reported

2024-06-13 22:00

Platform

win7-20240611-en

Max time kernel

133s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6c456e2d342194489876598950ee30f_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{07468061-29D0-11EF-B5A7-FAD28091DCF5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000dbb839289c2b333ae796cd2265d4de9cb3c46a2eb77c8ab3f450651c0a57e1d9000000000e8000000002000020000000293086839bf2370cfe41a65745d3a615fd62cdcb8c092183f0349fa5d727098a20000000574f9b6d779e7c9b94710c6de3faddc0e5afad8bf05916f3d5484198aa1572d64000000039657fa7a516df599c84ff695267270c3689dff47b75dd13266549c97f957f6550d095b5df62d04d342ccade3eb90084495e57472ece58aae8cc486f09141233 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 101672dcdcbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424477760" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a039050000000002000000000010660000000100002000000089329d4f09487c77cac4eb5240815df7cd91df229a096ae6058399cbc8546c89000000000e800000000200002000000039ed2231f4d4a238f28ea0a1dcd340b96d7d017bd081df1a6237495c9455da1a900000007de3eccd6cbcc98de645433e64acf1cb554993d21bc209282b70bbd0a4a8aac52228dd19ec72f262b5012f143d09f69fda0d9935e125a872d2f49481021afd5300adfbf789b909e445d5c1cd8636915dbd3f77dd09d1759af0447d1ac3081a7913571dea32626eded15d70d9fdb1ac3f7cf09e12d80c67c5bf83f1c3e91f563b716d55bf2f41893ab0d8125b49f62206400000001c3e8ca060e29eadcc852dffc3912d8fd7279ac2010cc609409607eac8978d34c179e4658a3007ff9b2400ffa02d991d0fd666cbcd86ff4371e8b559930a7ee5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a6c456e2d342194489876598950ee30f_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 grillen6.2-hi.com udp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 64.136.20.38:80 grillen6.2-hi.com tcp
US 64.136.20.38:80 grillen6.2-hi.com tcp
US 8.8.8.8:53 ad.aboutwebservices.com udp
US 64.136.20.60:80 ad.aboutwebservices.com tcp
US 64.136.20.60:80 ad.aboutwebservices.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3862.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3901.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa90b2a3ab40168c17ad27dbe81af9cb
SHA1 8f16420355c5f68a173aa7b6e2300106ba31e48a
SHA256 4b0842917236358b3918fdb83139b0113af51cde1021e2f627313f09b9b8a250
SHA512 8be741cedf7826bcbffa5b284222390ec561be878111f201665f22bef1bfb12281d5d9e9dfd424dcc59614979bca4aa47b8b93beccd850c3084cd74169243e81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba029fecf7ad74b2f40d31af9b205f66
SHA1 821f012286d0f9520f969e51fcbc588326bd3eab
SHA256 255f4a8a4bc860d4c95b7d99c6c76fcb0846075161f34d752a0f4fb2f12d2283
SHA512 d47c0b9e68d3b1cc252f15f2beac20999930ba442b6fd21075200c72178601a384d8024182baa74b9bef481cdb1479cf3c790a6765546d6d6eaff9fca7d98276

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8229b9d633c9e493d47894d4a917fdc
SHA1 67202757488389d5415caa7e7ef06f5e63ca7379
SHA256 e9bd05fcc5262cb509f59826c6dd0a8d9a1eaf08144395a9bb9a5e8c232da3a5
SHA512 f98296a2fdefcf0ffc9fca8c45ed182bb46b710befab28a84999d2506d44084e26b9bff3e499840cbe2eedd3648a2f0e30358613142cfafc09989aa8b186feb9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 901c60cc22ea9a3d718190ae230db8f7
SHA1 a1d6120a08c79924f33e221998bfd445e817ae75
SHA256 2abed6e82929add9b53bdf91eae86abbe362ad2825531de87cc264905076082c
SHA512 ba5351e5aa7a342992debd23450154f218d4552a948b456f81ae3569d717fd47aab96e7c458f0d938fcfff2ae6c150cc743ae61019674dfe263e6e5829835dbf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3d4567af9bf0357d7a5546158cbea242
SHA1 919b9dd6efc5476906d80c2cf364e6b764dba858
SHA256 7c5b94b6c3fe564fd602b039334592aec4a610056b0b671e119572e72a224dba
SHA512 a6cacecb31dde3cf12a770e7e2fc25264e553e55271b3bd8a411d5a7885247f1937f6bced023d7bd943c205a78784703206114b5cf137d05aed99f11325af898

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e845c0c54992a8ae5974040ad252ba1e
SHA1 c3867ec7d218a45a67a455f730e2a7698450377f
SHA256 240cf5d6f132ceba1e8cae63b62a2e24e204920c68500360b1555857fb63da9f
SHA512 0fab02a323abaaaf8d3ab270adefdbee68e531ed08807bdddf95d9384d8dccbd25881936795e736c3dc20bdbb8c4960fe4f3632d1a2db529d8aa6df5eb989182

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11aee18adc5d03d55e2929330f20e01b
SHA1 25749d94f938bf5f9a0f0ce9f517048825f92b0a
SHA256 a27f03494ec7e4b9b22ce150ff34004dfcea22c185485f3d7756db32441b435c
SHA512 27eaa814806101d72d42ae268325c9091440b8cc580a19c924eee46a4c4a46ab72cab2e8728c04f88827a182c2f638866f77c1bb0d4541a2deb1cf54fda68a13

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cbe808c0f3e9eedb162d603ea306241
SHA1 f1fdefec5599317f96385a29d64274542d897f10
SHA256 695b0e959464a846edd38859d5d4c8e76c8ccfe47a6436226b5cdc57eed4a124
SHA512 f552b2ac2c2b00921f1bc8f1409d4c7453471ec2147da0a226862bfadb595245cb1f1c3a109c4ef9b4f83d33c262986d8fe1dda2e92f81c24a6507694b9379d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99d5f71348c3956a0208ddbcfbd880f7
SHA1 2b6dceaeeacf382684fcbc37707008f817b09b39
SHA256 259bd52e0d0ef92c0cdd4c5da1a5a9eea642c4dd1344636b465959ad1d1139c5
SHA512 d21999dcfdd719e907a2dc2a658e6fd7db0e4812a9fd6830ea015bd1ae990ba9e5603b4492fe44b8075d6db7c97243e3d6ed6d1cfb54d8d4c9fa66bb7141b4e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46237e44b68a3e720156f650865f065d
SHA1 f4a9d13cee184d90c03cdedf597a9cf831f8cc84
SHA256 3bf2ae72559607de39024fec41bb90ca1aeb2d90ec0b075d4d1e545818d2a87f
SHA512 eb4ae56d1514368bd4493cc64dd464b81cedc0ea73e056c90e2ca34ecb889c68279ebee93590f593c436c51fb83ad21f2f8e0755ee6fbdef715ad1f1798305cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3047ca8d8213e2fcf8d0546e94b9a7e2
SHA1 a44beb1e78347d293a3da17410563929a517c133
SHA256 b47e5fe5e0a4162fb7a535a005a07477856a5c23a43f0847fe66b99b33fe5917
SHA512 d78a5d969f43c926f8a0cf3c039606b1023c51b43f6ebbfca3756e014adbc6971fb2faebdfcbc7914e05889657443d3d0dc53297184b60fc3a1384342969862f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5313f929320b65436fd2e2e0b09d932
SHA1 998fafc3e9807d7d4a93c175c26b4342266bf5ea
SHA256 086fc7ca93bf88e70e4cf4fe14ad07b394bd48fde0afaeeeb67b71d8cb1468ce
SHA512 84364fdfdc6df7b211ebd58be291e1335db5d144c62b2897d3e263576386e1134a7ebbf980acbddacaa9938164d6b2c9c9f84845768bdece701a3fc01b135a08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e83e12d256cf39fdeaeccc5936a9d7eb
SHA1 2142afec9ef824043aff6721c329f2b8d91d3ad9
SHA256 11f2b94116038463783dd24c8750636bf41a99c3755a1b9618deab7f71198eef
SHA512 66791ca88cb7464e84283ef65f3aa172fbfb4c461349c86684f62b4a62c60564734ffa291efa6908eccd06d97272a8c2788ef046987e218e7cb0570bb67995bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88e86966e18d71ef6f2be791af174bad
SHA1 2f338d999ed7dadb330e5812c1430a1c187f1b68
SHA256 9ec8119ee330f5bd62f5864302309a911b47da9caa64deb875efb13350be0bd6
SHA512 75dbe800865f9de4e93fb3f466407b4f26602396c9ffb71d00b2c28a4df24991662bca1b17fb178c89d1606899a70942ea54c646a134f18992f1035ffafb64ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f29b8fecfdbc3bcd2f99783c51ccb516
SHA1 1b616963346e474bdfff2d15e60e0a17d35f0e6d
SHA256 032abb9e5f98591c695e419063abcdb244513968c1948916b9062408a796dc42
SHA512 624faca336df13b3e353832b4b3257664ea5ba258f94d40c6f3d58d7488fcab7eb5bb132363cb2e206ba2f2ce2b175e9bf2023921f1601d7574cad33984b02c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09caf8604d4fab7b4dbafa638884a2c7
SHA1 d2c17beb6dc3a96b3aaf3dfa9aa19ae954623b7d
SHA256 d799bd798b8827007f6c9d20270aec696c262c5ca04ac1713db5b5cb79779d38
SHA512 d091ea5979bf8d3d988896e7621d4f84c1fd2493ee65d2d593a2aa83df6682f3cb9b2efc438202a73549b44e570cd3edc53ac331de9ab442a7514d266a22c109

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe952a84c6474c9a1660c294fc428040
SHA1 a89e8aaf174127671532da7cfcce85d50fe5b2d8
SHA256 c7da6414bf25a7359fbc011d20a2d8b855f04ddcb7ec2254018f1a788eb061bd
SHA512 7c60d718c56cc1c9adcc4abc0d34cab6c2c7b8882669a727730fafb4b54d14b0d123e0e1a323b66d300caab3445ccd7c4c1f6195507f19829409db97f9c6f0c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 328ef62a51286a78d03da5b61753b4f9
SHA1 febfa5c3a7540e8739cc3c407d7ea3694c426438
SHA256 bd582b2af870859fca3d1a81f93f21a28f4c14caf3db0a7b37ec3fbe20155c73
SHA512 b8f0b2b0154c8369853ec298cb7217af41ab1cee84672297b73ee0be5ea01fe55ed16c0e1987cb54bf786d4352773ce9770ec52e86bc7471a1ef0212c761e979

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c6b3ec10ab087cc0b8d394bca1b1f94
SHA1 25301765974e9edc96e2f92ff370797356816698
SHA256 5f4407b424a1cc536159cd3d3e8e8b327729ce73e843b8aa1fd24385b1dad9f0
SHA512 c268d9e7c73658dc6cc84e87ccede79025c274afa2b3b07db6705e1c58adb8b85749c179ebf6263d8562043198a5e6cddef260a8c61e9333e91e81f8c936a39d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 658ca9a565df26bda8a8853980a1b960
SHA1 e276a6d31b4453a10f413ec3abb3d5ba080cba0b
SHA256 06a491de6c400f83eb5df23d68c6da8ac4af53282389f57966faf42ffa5e6b54
SHA512 3ddb987c8924e212fcaa4870856526d073d1447ecfeb88e84bc28a6fc73ba9cf33859573e582d602a171acfc2c2cbd31732a120452b91b2236add6eaf59484fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 991a18125bb5e56435357d1cb3069c79
SHA1 0b5a93e809bcadbadbade46624105c688f05cca7
SHA256 b6531ee2ad841703ff914933a2159ef825cd7fa65e6e6c4f09602cda4cbda711
SHA512 c28f59504b6c79e9ecc12776d6a40eb0dfce9d5a27058038255af08d101147167878f395dcce0f2c49cff742397f42a041100b026c37a5111ac1042a7685b804

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95343e61cdb8b9583e846514d424db9c
SHA1 7743fd29cccf560eb502e6e1d4c7112197bc567c
SHA256 0612fa63b3471f27efbef2a7033cfef5276098fea6675bbce249a1dfc088e96a
SHA512 063fcadb737b33767838bca4151e04ccea051801c2110f87a1b2dc632250b0851ebe0499bd0eea64be5173e2cc87042cd41ab8e72aaf43a99e69d7efe0889fde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ca0398b720edc1f1cfece0dcbedae8c
SHA1 03351a82fa87498559461e8104cc714434989e56
SHA256 18adfbd1d8ae5d595a44aee0173d22631f01d9e8912c1ad1c7d0e569fb32bdeb
SHA512 d18b11704e52bbc0e6e845c91b16c25818566be8985dc5e6b468e9b5115804d43897460b2d7ea0affed4ac94d2cc8e42b4fe4a15ee09cc4ab2e781e146b70c2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f61be44fef775e7297909a53b7a44d98
SHA1 93300b8deb25fcbd462b7087317edfdec69e13b3
SHA256 b3d522f3c91f846705a4eec8738542f3cbf0339b98d1a0b916ad8eaf62dd6f24
SHA512 6c8f395c45105b6da8e573e6cff99bee817e8487739d16eef8dff3bfe2ae8f025fed3ec9b86c2caa4bd07c332081e926e8bdf817bd52b81fd32de82fb4bcfeea

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 21:58

Reported

2024-06-13 22:00

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6c456e2d342194489876598950ee30f_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6c456e2d342194489876598950ee30f_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4872,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=3660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4064,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5312,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5324 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5212,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --field-trial-handle=5676,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5404,i,8447163055677043976,7218082390179600880,262144 --variations-seed-version --mojo-platform-channel-handle=3752 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 grillen6.2-hi.com udp
US 8.8.8.8:53 grillen6.2-hi.com udp
US 8.8.8.8:53 grillen6.2-hi.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
US 64.136.20.38:80 grillen6.2-hi.com tcp
US 64.136.20.38:80 grillen6.2-hi.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 ad.aboutwebservices.com udp
US 8.8.8.8:53 ad.aboutwebservices.com udp
US 64.136.20.60:80 ad.aboutwebservices.com tcp
US 64.136.20.60:80 ad.aboutwebservices.com tcp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 204.79.197.237:443 g.bing.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 data-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 38.20.136.64.in-addr.arpa udp
US 8.8.8.8:53 88.251.17.2.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 60.20.136.64.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp

Files

N/A