Malware Analysis Report

2025-01-18 02:21

Sample ID 240613-bn8wfayeqe
Target a354a0177e5aec44c48b3d40a6752892_JaffaCakes118
SHA256 e910f4eae57965d9e358ed24f29dfc00f9822380ba2b8e709dc83ec3e4f2902a
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e910f4eae57965d9e358ed24f29dfc00f9822380ba2b8e709dc83ec3e4f2902a

Threat Level: No (potentially) malicious behavior was detected

The file a354a0177e5aec44c48b3d40a6752892_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:18

Reported

2024-06-13 01:21

Platform

win7-20240221-en

Max time kernel

118s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a354a0177e5aec44c48b3d40a6752892_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DBB91731-2922-11EF-93E2-EEF45767FDFF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10f2e0b22fbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eec57062012b814fbe2917b08b6053e200000000020000000000106600000001000020000000a79e33d10733730a99011162782ee7e9eba8269e7624f3e1c4142635ddeaf85c000000000e80000000020000200000008b04a4004d1088c07ee3e3214a25c7ca52d9f7a96c8cbfa6fe95292372a564702000000020b1db31ae0548d605ed18ec0182b3906377df298c697a1346bf5f3f1329546140000000a7e6851c340e7d8d5a3a2e7955b6f9a0903df79b3b4fa0defb8585d5a02aa935d76997a466090188a6262532a49ec5fda78ea8e5e09c00807cd891109260e0b1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000eec57062012b814fbe2917b08b6053e200000000020000000000106600000001000020000000b7daaa22a045f928bdbbe7b16b97480e533290f1d8e6101ee6fde7e7a16ac1d3000000000e8000000002000020000000c488676151000f312aaf35560171124d889e1f0d5ed93d1ca019213f9732e84890000000aec354f55bbb2391d4c90737403d2dafc997fd54c110ae17274c8d1999b35a27da8c40da0f42fddbda7c8d7e0f590bf8cde357ab585d92006fca80328dc8563f36f47bcaff76915fefd6d93f6a1d1ecdff2d45cb583d8d6a616c58b63799d18259e2491b6d3e404a9234fef4e2f719e2e05f5819b4e601f64a71463c7aa73fe7fdc060ce0d54a470642741cb21f0ab0b400000001d8a56fc6e7a9ea77db9797085b16d29132d644f9ead6ab5ed81f9a38bf6ef61a82a00d7630bb0b75d83056ccb42454ff1cf6538d6d6d06bf044ed6f15319e7e C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403384" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a354a0177e5aec44c48b3d40a6752892_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 coinhive.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 saltworld.net udp
US 104.21.57.186:443 coinhive.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 104.21.11.155:80 saltworld.net tcp
US 104.21.11.155:80 saltworld.net tcp
US 104.21.11.155:80 saltworld.net tcp
US 104.21.11.155:80 saltworld.net tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 104.21.11.155:80 saltworld.net tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 104.21.11.155:80 saltworld.net tcp
US 104.21.57.186:443 coinhive.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:80 saltworld.net tcp
US 8.8.8.8:53 gamingw.net udp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar33E1.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab33DE.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 0795ef778e6797b09412a1d2bb5b2056
SHA1 ec26e2fd626ade1c3a65991c697aa1c3013efb44
SHA256 bcf080f1a024be2b2e56ae04d36874a56acac4a2beeb42926dcb2678426a6d77
SHA512 7563b2e96013ef1e5a72e842aa8e17418a74823c77612520bf06d65086d88b8cff6eb4b7ef5b78416ff096a7376c55738d44d6b215ac7730c1d08c5d13f61db5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d3049f1a4b143f13261e38abab901109
SHA1 1810917619ef7b98f40697c12f35a75575665f8f
SHA256 69df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6
SHA512 6af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 5184ddaa8b6d289c43486495cd512f4e
SHA1 045513521a11534d3f534ba84d4055a4cbf4656f
SHA256 6206feed291957fd53a60b615007077896ddcc657161a9fbf5bc66bdfb0bba47
SHA512 7637acb6d04a0b688cf726ed60e1c05d1494a1cc37cd2a014d01574b22b57e6c070eab2bdde15bbad60de670b06651d4d65f042cff1319aa858b1829bbd3e161

C:\Users\Admin\AppData\Local\Temp\Tar34E1.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a415363eaa83602e91d876180e1fa5d0
SHA1 f516178017277ee8ea18e420014f23613c64d2db
SHA256 9035dc21d5f311dbe49bdb03473c6319131614a41e5f01af8130708d93ab245d
SHA512 21de270386759ee16969a70b0f2c5924a714820201a973006f1c7e0fa0d5bdfd855a6e05ae0b39a154917d8957d1956dbbc95256165cabd772aea91e359021bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac941013c041a7cd8ad7334242943d63
SHA1 59828d839834ebaa31ea4494f4c6ff402bf0c867
SHA256 81cd83bf7e1d7e47425ceea227b96cba8d81163f999586a7bab2e0599db990fd
SHA512 686411ab7c142ef95f4892c6ad626a3832d2fbe3271a5b8cd061c5579baf81d42ffe1fd09cb618c9d6ace4feda8d1b71c8105fa20ac3f59694e6ab1fecbd57ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6819221d5eaff1adf4b5c548189186d1
SHA1 c6c7134ebb82fec8575baa319ca380e52946d599
SHA256 2782bd4e23e4fbc5c0a45d44eae19094c7588dfe5586ef45328d5cc4a896f102
SHA512 f54c1bccc47a61ac3af831ce83252eee2f1e3259c1f9d23f50b9a16916910afd2a8cd22929e66b85dc588f99b82571f6c208e580aa5066528d364a73352b090d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 311e456c47db3b10baaa8fc2126cc9a2
SHA1 1f06001e51c19a790a0ac5c52c45bd47b496bd6b
SHA256 babd6c241ed9cf7ec53a5ad561ba35e492123a473d97910672cd0ce2898f4c7a
SHA512 fe5f925bc53fcd852bf94e5368b594d6e3adeb05eedd963147326ade6d83355a8e74a4462ceb6e9bb05c6ec6f39aa8d8e6897fd2f822dee9b45bd98f20f41d66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4be8fbff984e408a31bef8be2ea3eb29
SHA1 19e526db5e5aa04792ea21709cc9e8d56bb1c768
SHA256 7087de8aee461b4bdbb4dd542524d93861b02a17460345000186c54ec710c393
SHA512 f450dc4e80421aebcbf5ec01c2563cab864ccba143bf9ce3ee495e02376669910cd0fad1c29b8987aee8766a52787cae46c56b194587176ef2781807b7cf245a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c8194db6ac63a112e9e98dcbaf4c2a4c
SHA1 7e8fb6f81a4f4fcc4c3d2de474acd60e843126ed
SHA256 80dde04cd1e1e7328d8f235ed740aa9d1fe2b45ced5c88d7c2a052bf3a68e426
SHA512 5c7b492c2ccfc27ba71fee9b1f6d1c24c32e013693bc5088189b15ec9e3e24287f460883094ba7df2c96a86a7d8d760ffdb8e6f884446c85768f9ca00ecd0245

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c58cbdfe23b623011bd968021289135d
SHA1 9ac486ea4b224a5defbe08e54746e46e15ac1343
SHA256 4f831bcc64585ffc61b6bb845c51a37f7fb9050ca163f5af0dead60b2d96ab70
SHA512 db4075a9e7f21bd3065ea80ea270f59cade08d7f720146785e3eae043d4247f3dc138b08660a4e0bd7d011a0604ef1884ee048e326fd830e2a78107623e7ee07

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e27b83770e3e80524a74f33b50406389
SHA1 fada28032a527ad0de9b53daadc2c25e7f608b9a
SHA256 97ca09005d8414a5aaa19cc1992c85230da25ca88be83634d669153be64c1fa5
SHA512 a4181f5424c9f5680a4d500604422747d427e28887a85f46007cfd5a614349bbf24eff63fa383789183f247db4d59c7e76ef5c895b11d21b256f3eb4ea84d1e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5358f93a5145228011ab8f726d929d8
SHA1 0b8fab44585cd5b17889ec4ef859f0a8d2b75ce8
SHA256 9146a158a88a8ee95e8a9ded667e9ef8286b71aef2c3525608528248d357ba8c
SHA512 8a51ddeb2400843631c3c640730d56b586daf0594691c8b49c31ef8f34de5cdb7bc044ca4f6a573d0c1600ab3d8da3bde985511d0bd92ce393d138fe0b705587

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce06f4477b4689964d21797dfdea9337
SHA1 5b5ee6c20e3acaf3b2066701cb645bb36d4f7d84
SHA256 6a540a894865c18194967954098143ef4ab44078025328de147bb8b798dfe715
SHA512 bbab8dd8ce68f018dc1f0dbdbaeaa7d1ee28605d9835a0b06967a141e5e333875fe37b850aac69167c590a7ead8532863e2afa4744b6806142d21ac263b6d6fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06748731a2cc428574f213fc1d3e89d4
SHA1 06283a5e7144231ff25257d3f726c2a6ea246d0f
SHA256 9fdc32b804f360c7df9c7d6a3b520258cafd4cb04f55ca7c81fb2574706496b6
SHA512 429be87ffdf4e281cec800774c1a4ec1011c4ce59325c141a691204a46d383640b76ce62f3379a92948a0963efae39884af76ecb4940f9f1ff90edf4644d1345

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7df444787cbb2cc612d1f8f17fcd87f
SHA1 11ad8117455dcad8ceb5cc4b5d9c6a0572bcdca1
SHA256 ad9a9df139a7420ad6ee9c044b66256faeb19a55550f4783bda5ef056e63f74b
SHA512 6da0561034b9b05e7dcca686ff667312a3cd3f0b1094d2ff34287ec8ee77168283b3ab87f62251c635bd76906dc16244d35a5a7d73f11dcac37ae57667cc1b8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4072b53711ed306660a782595d1e69a2
SHA1 0e06db3251f349df893efaf2ebb8d02c63cfdb3b
SHA256 fca88c23969bc41efb200d7a907541ab88382ddca5efe702c0552abeb0dd9295
SHA512 eba42c12586699ec3d450424104c5f277f17cb24b9ec49aec4d71a1346399d0274b081af91e75d56308180b0584dd8e814b837f56edeeed89633edd0c8ae072b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2cd5f52f0b80b41867b044d977b2c24
SHA1 0983a6696562607a250556140f6a6cce547bebb2
SHA256 0046ad16d3baebb1f99130cea8365978f77e515daaa7a0652899ebec24bd0fd0
SHA512 32a3b0d7d89b4f15a05e111bb017a2a48fefd9ad1ef3d197e6f740e191d17d8e2af63ba8e05eb13dcf96b3742d51ddba83662163bda207394ff242258aa6a866

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08557766cea6dc515113c1d384193995
SHA1 7aa0212c2ba3976023769bd41eada7d655c52bf7
SHA256 3b757b8ba642ea8d6c7a5d6e082b3363421d46fb2519b022bd7dcd4b71a283dc
SHA512 e7d586d55d14d112d9bad25754aef18faa7cc4ec3e814b3d025efc6ecb5afce20fdb4fc9ca214987f3c33f44b87a28b7aea507543caccbfb63bd838f46d75968

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fd16019e8933127bbe902024a149240
SHA1 53e617fc8b6179552eaefd6a571196419b2bfa84
SHA256 47d5fda5036e4d255cec615035603bd7eab06d3b0fc543782313e9b7c59a0fd6
SHA512 d3eea3540d14027043f26979e80f1cb84f1f56f28d917f30c20003e2da61681c92d2c566b996ecddc34c1494bf587624ac7a01b7e04b19a69a289d3f9dd654d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c85b5288dd45bd6052f9b9ea9fdbf93
SHA1 87e839b42156dd243691686173a9f8ad40d4af75
SHA256 33bd84d3b1283efcbc5e49db61512ac4de83c75662b716258e85766ea4e79791
SHA512 af58fa353a1bd9b50aca6a115ae126faad23ec010abbe30e678a2b932ac55bdbddde975084587bbbb9cf61ebaee8622527fa7a923a1b45b7e652a0f2e080d1b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 1b17cc142283c71a15b09402fa53aea3
SHA1 4a41c1133aab20b0d31fdc15790a86ac39ef7370
SHA256 97c27b63c4d1d6ab77577dee9f94f33416e3f3f569522f8b5013f1ce9115e5c3
SHA512 434258b73bcc55cdeee528bd9d2412c44788c69d8def695056d41f3309070e95549822dc22dac66c0d615a030ee2ef347f3b7c672ec8457270377107f077d825

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 10d81aa515d564754116aad4eb8bdfb6
SHA1 f0d03035ed21f2d5324e20638414380516c8d2a4
SHA256 bff0d1d0d03bd4e77cbb7a1e03173d9613885471eb71c93b316d69e1c02eb005
SHA512 6357f8e659470c0956b66280d01b6b19543f28e3f01f510eb9ee6cffafc4909f80b11fab19e828a83af8b5fc2bb435fcba5d098c9871016c0baed1bd1cfd10ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 47f557f1b4d3628afc2f3386df087d99
SHA1 50571e08c3b83a6864cb8bce0cec85e5aa4faf72
SHA256 62b3d2828f89b5a2ada5b50b32c9bff86353896d3bc7ab57fff3add3bc2fced9
SHA512 9962d3539b4d96deebc8cc5a8aadb1c82a7a9944126d8ff905bf336c35b6c4f095ff3fe938459e591b0773e60de2e02e05dea72c51efe91d9daf2084d2a854ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0653f324c2c11ab2a10a7dfaea1f0202
SHA1 b377ba3f7d73a6e8fd9e157f548359f22844aeba
SHA256 04ead3c2336e9d586f96d01c5839df2de20d68f1c54ed41b7c935dd384f428af
SHA512 ea33580c15984818773737f2f65e8ff346f9de40697ba31cc9abd2de0ab1fad46a31ac568394ef7adcf6f392f0c983134bb8d500a33ab6996df40217c55d72ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74a2151ba2302e5bcd33e7ac1305ef14
SHA1 1463fc8b4531529568de2f0751cfb0ac2adf2df1
SHA256 481b12592f3cf6c08449632871f61e5a57968d14d030fc54040789cb8236c6a5
SHA512 d37ef373b58a123e3562528e03107097199541b80abc589fb471c002f675a7e976fb3b60e9fa474b7d8d46edcf1c9bb6198f580b255d51db9d4efefe66a092bd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6bd336625f7ddb0f44e507820022b2f
SHA1 47772ed942d9232cb2b7a1613edb42ffdb5ed3f6
SHA256 cc3b55d606a41ba7200735c35d9e3bfdddd3f836a7542c1abfba364dc2376ac2
SHA512 e7f3962929a9481faaf0ddda81b9f22fc8212e456d53d9ad07d38b7e920ac00fa5314cc9b1f679497d65ef753371b98d49e69b6b91a67570106cc3ac5e799127

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 091c5614081a0980575c32389c5da78e
SHA1 fb63aa344e358972ef9da303e667d9cf373c7933
SHA256 2581be199f11d6e941447928fad4e619138dc8080f83fc3c24dfa359367b45df
SHA512 620ff1a73857e0bbca45d06b5a1c2593acfcb0c943b11e9f09ef9b08ddcdf323219c7325568cd0da64a2fd39ed1e65bd648b3c52894a317e02c7a30438affa8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d25f99cad0ff20ef32e5274daae25895
SHA1 f71d3c74522777eb6c41276a3380a37b73dc8541
SHA256 13e58540db8f9a579a14522f5b6fe6663236520dfcbaefc4483daadb2e6068cf
SHA512 0a016ee5532672694f84f5ff04e29afc2471ca02cf4f3a25e5322ef329d7e9806991af4a7461461d9304de3b6c530ab465968d2688afb520c615a226b29f8fbf

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:18

Reported

2024-06-13 01:21

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

137s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a354a0177e5aec44c48b3d40a6752892_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a354a0177e5aec44c48b3d40a6752892_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4592,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4696,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5220,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5360,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5384,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5348,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5824,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4308,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=5892 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 172.67.166.97:443 saltworld.net udp
US 2.20.12.101:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 gamingw.net udp
US 8.8.8.8:53 gamingw.net udp
US 172.67.160.162:443 gamingw.net udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 i1.wp.com udp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 57.234.16.2.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.166.67.172.in-addr.arpa udp
US 8.8.8.8:53 101.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 162.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp

Files

N/A