Malware Analysis Report

2025-01-18 02:36

Sample ID 240613-bqck1sseql
Target a356a7381ae3d48580701fd072d45cdc_JaffaCakes118
SHA256 84c8580882868bc6579173fc5c086edcf008c18d0fe1427e84edd7b01db8b48c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

84c8580882868bc6579173fc5c086edcf008c18d0fe1427e84edd7b01db8b48c

Threat Level: No (potentially) malicious behavior was detected

The file a356a7381ae3d48580701fd072d45cdc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 01:20

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 01:20

Reported

2024-06-13 01:23

Platform

win7-20240221-en

Max time kernel

134s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a356a7381ae3d48580701fd072d45cdc_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424403501" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001e3ff353921dcf4e9bd15ffef315904f00000000020000000000106600000001000020000000962239076468801f54a5e9bfe5a9c95ec66bc245ce31a5eee9b326a890cc158f000000000e80000000020000200000005b8eb3977af214cfb4fb10e91a895e8308666f049faea660d12918a6448150e220000000088db32c9ca110b4b235c43d0ccc92e5a106f1905d41e07fb6e7d7365fabc2fa4000000095e74cdf47f838f322f6e1906a14703eafee45ecc1d569026281f5fe9571b2d3658b64045864deedbe25d1db2b2f530052dbd7dcaa1869fdd64548023552dc0d C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30a209f62fbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{217821D1-2923-11EF-A38F-E61A8C993A67} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001e3ff353921dcf4e9bd15ffef315904f000000000200000000001066000000010000200000004729e844075ab576f41d5d7856cb652161fee169844641edf0c8d8363df8afdf000000000e8000000002000020000000c1abab3c2fd22d75e33657ae729f0d2611b67103a1b891283e4f299441fc6b419000000061d84ad122ca11da05ad9d46761461f3e4d6c10dccccbf1fe78911fc4bd22c16d1a7a3882a45a036c6172b439d437cd45a84df50c0b86d6f15ba4c8b8a327790a7c2999e42f1e9430775f5b7bc9db42a894e2d0583b3e4c294ec3213cf769e94c6a32b4335742b18c52d13d60bd7e09a6e207f53e54e04bdf932c27983b7c2c58fb5413268097cd22347ae02c959bfcb4000000010a79497850cb1a7474c622363728b2fc6b3fc58a01ff9a079c1d441d3616bda3978789868bdd4059d713263d200c3a12424864e986c4727f1c5ccc9c4e39cfd C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a356a7381ae3d48580701fd072d45cdc_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab37B6.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar38C6.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82b68cf5a5052de03b2ed47210235509
SHA1 0fd67e0fdaad85f0bb8148a03de40561960e49ff
SHA256 18fe45d3027d32e08b52db674628aad531350693c008049319deb16584032d65
SHA512 65848b51a60d070e2460704ddb69e4b598d430392eb08269d7c57821b3350f1dba1a11a7960e7e2088ca6ec2d761def5177959b689326ed34be868c77f017c27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f660c7e0f773784231f940b577cf9c54
SHA1 99bfc8a9d4a98089339997d1d4e30ebc72b8d2eb
SHA256 0e4ffcb4307a51959bd7485b0f75052006e7fbc8b272821d8109a64c28d73d53
SHA512 fa050aaa75016b7321d1d49bf05f79fa3637e6887f152488c5404b1137af28363192d426792deaccc5423933dd976d8765dfa48b1a3bc9d85c11e73d3084bc19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1c43fbd31e952e658962f6c657d556ee
SHA1 5040b0cc3b8f37b10482e3e3f8ef11bf88537459
SHA256 d9d835f984999f6dc793970bb8e19a0018b69550f2cd00ff4793ec888e200772
SHA512 c88cc1dd55c6516e6706c11d4242f0806e970e0c0707a7c61a4cd62f7e5cfe58980acc5fa6087f4bf7b4dc60bb995fcfe4b43f02385d39eb27c799a470aad5f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 daa6df8bf6cb9b1ebc47f7c835d8f0f4
SHA1 02c0829391a0caa14c2231fee355625c4cbf0d6f
SHA256 54a4051f44f8586bf4b4ad12c39e1bff744a317accc98c7660ebf6879d7304ba
SHA512 03e5989f4f2f3f8313549a015f5ee32cac7819981304e367a5849cc03478b85a9812cb9cc1f2aa24c46e05ec2c09f4500cbd8dd9322a8e2cab9c5c6144c31400

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b11bc08d4890d271e5a9e157138567ff
SHA1 7bf8be02b635ebe96e92591480b98966d4ac012e
SHA256 7c9a7708c0393aa68e445381a2216042a4bb07a15f7d73e62621cde001a11fe3
SHA512 edeeb1a45572e18d1ba499ad7d905da3b6700f258ee77b827d14377040233437289692f639bda79e594acf9801ffcbafcf51ea865e460674b6d2aca7f9a82326

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ffa39818f43613bcf369d28bf1b9350
SHA1 1c5fe9d2b1bc3c4c889f3b7bba1f0107aee24ef2
SHA256 05d6e333089e79f85fd0be0d952e3d9d0c1b58eb20ea0d8203dbfce755022dcb
SHA512 aa6869ef021cc17e3c09b3c3f21acc8d9ec33c3f7eabd08cf2f9d41ddf6006ad85e84af86a5f2cc8a3d02b881694cbf8c866c01f9888edd8199aa6a72cd63fe8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1eb1b3f4c92f5393e6143e20ad825b93
SHA1 9b90d981cf58bc8405e320654f53bf4ac2605551
SHA256 879602100daf6bde6bc95ba7d5ef3a6ace4d5d0bb98eb8e53fe8d09c4a0c1f3a
SHA512 cf9421dce9319db6a0202628b95be5dab165d74b91b27359efc6694698a7d101a2961827a626fa8f2873c1f648812fa4fc7f4763d1108dacd7b2f27d289a30bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c892e894b4d8d24a5a1d103c1bd0b8c
SHA1 c2dd7b012de11869f97dc79074b87913b94c2333
SHA256 761c377df4acb31e6eaf8335a39c7a8f76c62a7eea17d4cffb663d79034150eb
SHA512 cac3d1572942ff6267e0690fac064d996527770569ed01353fe75cb3db0591a888e27b14d5275ef69828b5d23246bee175e62e9cfe64d68212982cccac95dff0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2fa3f9e9a1eb62caf8a8cb12b1efcf4d
SHA1 7a06f7f2bd76cd19a7a5a96cbc7c5d0051b3fa85
SHA256 5623357f2386ec4c1aa0eab43c4530285fbc4c510b85918361e3791e98fd1054
SHA512 8f54bd47251f629e2b497215e6e9f22ebeb829ed080d5af8085e45583a57b7feaad1b120999f766688dc925c5958b87fa9fe50d700b319ab1f638ded48ee4ac9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c708a7872a7ab8d641151a59bba5615
SHA1 483bf57925648f2bc0d4705130d80a92f79efa3c
SHA256 2bdd9fdd2d7c1b738739f316b3a642c936b1b6e54c29dd2e0b5504fb53f4c809
SHA512 6247fd2fa7a4d4a6ed21b2ad5b57a4b4132b542bedc39bb4ee762cc10a0327ab541c99e6f0534df4ce57fb77fd92e2c6011fe40f1d06521191a3400d51dd34e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d733cadc3c3991bc466106c5601f165c
SHA1 f7a0d2a3881529f15333a2b306dcc3f512ad4337
SHA256 9028321d58d429bf424313b85eb13ecd39a1ad4cad1d77629fc661feb159b58a
SHA512 b407661c03c40225781033d5589052a841898dfeacb2f5c17bf12e31d3215d4b22aaccbbc42ba022d18c7c03ed401fd577abb2dbf7ef75a9c6978982c36cbce6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f18aa2e652797c01eb1db2fe1cca6dc
SHA1 4127da5b8b4caee7d3ffbb28711189e8a3726c79
SHA256 a0d2c4735d4fb1132b3c481a141e8e5aea8e7ed75efc63f36a3a19f5d029d6ff
SHA512 3425afa65054eaa3bd73a1e317e555b0b9989dcd72e9b3486e4fa09653347f5f6024ac3017e90d94c53f6d611a69ea6ee266a8304fae9f0426a94b8783fa7428

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5eeda22b8cc2527c51f613221cac934a
SHA1 b8dcfaf0cb4e1714d24a8134dd200896d51967b0
SHA256 f000077b7691af5001309a052d08ee1da2c6f8dc3f0798583a49e54786dabe80
SHA512 4b29bc592551a49809d990d5bd5a12c25338567609105c1c28b631661cc2db96fab1c9de8fd0a646f4234c5ceb3e2e7912ab8cab66657b069eda37828b8760e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21beb98df9b553e34153db10c2059770
SHA1 108a4d5296909780fe9e2cb1b7bba4b01efec967
SHA256 acaa30a03331be4ae14a95dedc38af7e6d682002aed8f9814e3ab75e05a4db3d
SHA512 2be0ca5e16a91b688af6c5c542b47cefa1cb980b5c0c6b96cb18429d5bfbd0e743ca856c49e3f09f3c5a52311e846d6c19b5a7cc110bf8df8c2f8c6321c559fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32b452df1b580995f49c602f8367aeee
SHA1 88cb079ba64454c2b3921c4cce8e31d69b6a0e22
SHA256 3f45640b6e7ed7b0db94d3985b56f19020cb7178a4daceeed569c97bc4fb70c6
SHA512 fa26dc4d56a802f5f7e4d9beac8cd56a7a26b773852a9539eb9a4292f3c9fefafac76dba51657dcdcda0d4c188b35c983a613306d9146287543ed16a0c6a2d1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d39cbfe94c3481587c3f8ec78cd930bb
SHA1 03faa6e43d81a9fc6bf3fa19874a9a02d7719a66
SHA256 8084abfb7be15f0909fe9a2117d34e464f78ca2bbcc1d2a9d0dc5de5ef96ee93
SHA512 54991e3bd03ca93cea4eb4045c37f109ae67440a710e6ee11ad99bc040d1bb4adca1f7b9cf9c83268a0f0e15804747064d0e10b6d85712c07d6ed9cc705bd2cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aaaa57106386a3041ef16a4be4cce4fd
SHA1 0ede2398cf1c310d45c6416f83876c30bcaf72bf
SHA256 6e05199a890de6663813d7ec42b059c5686d27d302c33bc848786ec82a760c45
SHA512 af63b1ee631c920248ff1fa7e3de205ea9996a7a187f1cd2078de9c68e9b6221989636545bb56e8b291300d467626c0cba8318c0cf06cfcfba6e7de6a6b9a6b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 427c808d75281fa946c38691e77d681c
SHA1 9b472d832cbacde9931835901230dde8f7d0124b
SHA256 9ab7eafdeee6e1695a5cfb49113031cf30dd430f4642eb4a1ebe258a2c3f0891
SHA512 1fee59785b8419049043403017ed7dfb0b2fafe79b3361f9891716989a79f5f497b7b9eea6cee8ee27f9d0bcda935bea4694a72cbbdb044a0614579613ceb394

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 755cfee42fb8e2918e00939121f9d5de
SHA1 687c8d4872699097bfbc89f46dfcaac4995775a2
SHA256 3af3e56f113b1cdcacae3fe5b8350abcd1feae9b16ed646d451c80352f6f5e64
SHA512 7ad0c4323c651c1b1036ed872e25fe9506c9d5b579e103b626291e63f66c0ed09a412724774150f34b6d3829df3602e78d98aa94a3e2a26488b9c8229c1cac36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a49c94cf9605c2da1a31d1ba997480a
SHA1 7b9fc67f724fd22ed976f20cdc88bdf34217f1b0
SHA256 e4b6231482e848974ec315c0750e608a0962046f5604d7f0e1b584b4af3da57f
SHA512 d9521a5af0c76012f49c34cb9632437222854eacb5af8c1bb0788962f36ab91d6f11cdd22f5e5aada3838c703df56815de12e5a80288b1888d3d3c75f9433cb7

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 01:20

Reported

2024-06-13 01:23

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a356a7381ae3d48580701fd072d45cdc_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a356a7381ae3d48580701fd072d45cdc_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4088,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=3160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=3784,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5212,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5292,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5312,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5216,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6032,i,14648456027158448592,4956305794400220180,262144 --variations-seed-version --mojo-platform-channel-handle=5748 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 cdn-adef.akamaized.net udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A