Malware Analysis Report

2025-04-14 03:17

Sample ID 240613-ddewqasanb
Target a3988839975ca0ba476e79e9b9a5ca4a_JaffaCakes118
SHA256 4ec6be09dbfc63fee31ca4f22a1afb6bc849fc41bb920559564ee822f895a97f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4ec6be09dbfc63fee31ca4f22a1afb6bc849fc41bb920559564ee822f895a97f

Threat Level: No (potentially) malicious behavior was detected

The file a3988839975ca0ba476e79e9b9a5ca4a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:53

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:53

Reported

2024-06-13 02:55

Platform

win7-20240221-en

Max time kernel

144s

Max time network

145s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3988839975ca0ba476e79e9b9a5ca4a_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3160c31bce3af49be20e3fe75e480750000000002000000000010660000000100002000000043f9c1263d4a4ce88fbd71112ff6992dcb96be2d0586eab4378f05ce6c01dede000000000e8000000002000020000000274e5f235d36f633aa94374c5eb53ee01085927976663ab2c6bb1f8d6e8b15952000000046c6cd369a1a2755bb8d0d1bf3a7e6da42289fba7b330c38e5f24b5d6e56001340000000babfcd9a7a20c126cfabc2cd0ef382fb92885f255d27112718fe40f7b121ce17f0954abe1d12af5e1255d7f213ca75daf259a82d58a2f7eaeb36fc6a2dfa7005 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60df27ea3cbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e3160c31bce3af49be20e3fe75e4807500000000020000000000106600000001000020000000486ee819298de5576f3e9445b48d2daf0a9ce209986e981999c1990d183f6b5e000000000e80000000020000200000009a6135bc55584a04ba3cb8271f653c1d73b21c4e0b219146ac362672c7bfd1bd9000000047cd08d76c7797ec7c7a0979602d5d8a5d8cbd9f645e54767af853eded491005c8f5b92e5e165ff852348cb6507743ca02dcd51702fe1494cae7b01ecf1a023e78b997c4ab2b38dcfe14f93c441e1b9ed5a7541251c6c07ac23c0d0983e9364051184ba1b1e8069b786d3791e8df0cbeccf938b70439e0b0e6bede4442f1dc4d5c9d72cab8d5210f1f5fad688b270d50400000008dbfc16dd6ee83150ceead0ca79f0ebe7af2af424da628d1000117689b5ca6800f08521727c96e8b0298475ade14fe7a297069b8a8a7b8bd3319451f358113b4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409063" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{15369391-2930-11EF-9034-729E5AF85804} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a3988839975ca0ba476e79e9b9a5ca4a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:912 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 dragosimport.com udp
NL 77.247.179.82:80 dragosimport.com tcp
NL 77.247.179.82:80 dragosimport.com tcp
US 8.8.8.8:53 ww1.dragosimport.com udp
US 3.33.243.145:80 ww1.dragosimport.com tcp
US 3.33.243.145:80 ww1.dragosimport.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2D2A.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2E0D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95b295f58828ac570439b6878b61e3ba
SHA1 43d2ecfa4dc4eea25d599c7d067ddc9be9d79029
SHA256 3d70ec1e4f98b0bfdcc548ac36380278e98767ba7fada7bf5f2437589bbe9cb9
SHA512 7ff34f30fb965241b8923c69f1590f9f2290d75227c471428b5077e615575b49961509e0c1e00d77192fd935c2305292cfe7ada5f9ab278facce728a03954cc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7893c9516fbca1c3a2f76b1549ac51b
SHA1 02fbad7ce0a1f79f57e8812eeaedb0e5f1296b3a
SHA256 0fe2ebbd37a73405d2082747dd20b74f3a5e0161fa10adf5400f004a414631f3
SHA512 f4d539b444e32ded6ef94ad013f531b3aa666da6330d1b3301d0a95e611d41329b5af2aaffb85dabf1692cf13c3bc51daaacef1a24ef19b45530e2f2e58edb78

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f586373789636b4616f0ab2c74e98d70
SHA1 1c97cf7f792094e97c45a2199acc44226267a282
SHA256 3990e29cad817cad71267cb1f6158ff2d5477fe966249617c4d638a3453bc4ef
SHA512 c4c8b7e0522e75a6031f1f00b1b90cb064fe6f195065fdb480b754fbcb299ee0d3541449e80cce121cd4d51781305ceed7f94ff9eea4316667b7b4aefceb526d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 053aaae061e0dc985a9060e2d075910c
SHA1 f935681ba588c175827b0665c504ba9f9a075840
SHA256 6a35b5a6973991a17ecd2c90496319c5f49b92baf4e518c7c1fbf2a9026025e3
SHA512 f04fccac8513972f4a230f6b71b703fab31e6ab355002e0d7a9583134a40cb2ea136f38e2a8be1c788c54c1d934306cefbd723a5108ed6b79bc3682d9f60d432

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc256f12caf1a04c007f63c25e123523
SHA1 bbc2171d3566980f89738e8adcd18d24bb810a71
SHA256 e6b461a612351bf4dc40d1d6b51c932b7b91fb24ea22f926cac14130de40b790
SHA512 05a86e255b662fb75e95bf2f57798ff22f104f0631073baa37dc71f25729f8f52cbf4ee89df7f3a1ee00c7373b6a9baf3d7c04bc891a565eb17e3cbf498672d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfa0ee6f91e426654add77c2b05be4fc
SHA1 e8c2afb93638dc0d1a2a902385e1a2dbb3b8121b
SHA256 88041958f5bc73f3dcf7896018d1bb85736bbd957648f737ed46d41c86374e07
SHA512 dedaec485991c6acc56164705da5e42b6854a9a95c883be335c997a584f6cd9435effcca7bb48d1555b373bb2780cb9cb5fd0553253254559b0a9e1c8204ccf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 216bf61fb3486cb99bdeaf33551e1ef0
SHA1 cfd6d0fe216567a5d1d9f0f9700674102e7da3cc
SHA256 aa2e27ca22692d4f59f0c7e60efe6527eeb8a21e70d6a96159e77aaf8681acc1
SHA512 a11d01d321dd96ddd3949fd222d76da002ad2bdca3957d03bfee798174fef565095f9e57ba76f7cafd99f91cf58b0f3988cefb2e13fd572d011255af9f74a71b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cc6a111ea093db8af2773c5284d7e21
SHA1 43349c78009d083126caa5a77d80a6784fb93c69
SHA256 45463355c6bd7a2bcf8b8893affedbadb28dc4c8daf2db5d57813639a9698840
SHA512 6e40f715ca645cee3bc455586922d1bf1e3f3119d8566631bd90a684ecd30873da6215449229e9b5aa874825512580c7c12fe4079e1ffa8ddc4fdf29a31a49ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c1ed53ccbc22fb4feb89f5405a9878aa
SHA1 0bf16cac69f15b27baec3e551a792c171a08187f
SHA256 6a48017cf01a99b29dea2bbc066023f161b72f3b9bc096884f2dd3a4c1ff5618
SHA512 7e657211e8f5522b6d954c1471a20a6468d52b67d606ac026a70abcd5cadce74a025bea8b5ef4adf93ae99481972d5dc7fc4e9ae52b6bb91b908238d3be444b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eebce9cbaf7548e775a0c4143d8b6f6e
SHA1 1c9ba57300c277d577f5056fb4dcad79341c8325
SHA256 162f03561c2cb1cfc75c30fdcdbe8264fca87f401b83bb144985a0cedcc97588
SHA512 e7664a2ee8beae244094e2c8195a8d20ba72005779ed8b1697ad3fa324530b083fc0620d889f2015dda4a24a80a56486d4dd4ccb52fb6c86640e4047ca4c27ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca9f98b621b89e44ea9c147d4ac217e0
SHA1 50f3b3c44d053c2feb766274b2254f515d58b7bd
SHA256 56567873179af53f81fa1d4498342af11d3b67180c930454db180e28e473bd70
SHA512 5a15fbdb793dd08efdd461c2cf4fe86bb5720debf8b2c88cbc2c23085c1de5a28332d8ea889076e4da107ca50de9290c1035f4cdb8a707775004c293e4155aeb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b44651eff79965006652f862ff11869b
SHA1 8f50af0122daf3259194a8235ab96546c70ccafb
SHA256 683d45e41623c278479611d76650a9dc7f00af4b6544cfd377389b1115463d46
SHA512 7eea2412360e6d8fa548b9855d6eb943d5087080f524f73c64da03af8290d4a5a873dd9f334d2525a16d69daf4965d72f8c9858aa68fef57e64f1e2c86571d0b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6d25ecd2d22fd518ff4eccbcd9cc992
SHA1 237605fdd4383f394288075df238c644526865e4
SHA256 ecf229389be0092c82cbc0a41295415b27548f4f9cf7efe8efe38718729e51b6
SHA512 761421eeea7cf908c465c20e909a66cd60b23d5d0c113801ff4e30bd46cc0ee19770439ef942ddb0edafb436edee0a6ce39d2587bd1254ecc3e6dbb401f65f1b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0df0ed82afefe23e21c7e7184aeeb556
SHA1 129ed0807aa22e2b3c3865ad6f2c9f12b5b23239
SHA256 6ef450293e4956a6ddc3b0ca15de96ba2339db30786013c2588022200b67fa13
SHA512 eeb27b4001e9d72273aae03fc662d0add31b5390afd40df2e05075eb794b85f860064e43da17e28e953cbc698a0b6eb21df388e2b114d3d5f876749c4c9d2c99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e73ca8963b180cd2047d2ce9a65f7db
SHA1 cdd2723780a4dc838c1395b7b3534c8fc422efa9
SHA256 fdadb59e7833bbc074e5d08647659f2aa38a3364e7e27c2a4dc03ada5122ee8f
SHA512 9f20f14bd43b2e70dd9c537dfb2e7ed6e99d8ee75c64bd38a186867d6d91da8970f0e2a1b9a8038acbf89584f47929637a973f25c6c7ca15ee99d5f9d332358f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb77da26d00db11db14503fac533e9d7
SHA1 21c7206c05cfd6fe8fe13513731860f93ca5b510
SHA256 bc388902eb2c88f89581c2bea0b050e452c32cd6d6c0cfe97f88576ef596be90
SHA512 7e9d317d596da365a5a7afa1d46c37ba2d88405a6302975eb689801d569d34d2c965b23a02f3f9f925842461847bf5a8b4f7baba20e1ddc57b30f689df6abaaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb53795956d4b871ef457e7f8f14eef5
SHA1 c3f5330939121c5312671013224545d4753be9dc
SHA256 e25c17e4fb89ed692be56d976317ca3493421ac1e5db6b182d2a38afd9d5c2a4
SHA512 2868bd038381ca33035ca238d7cd2a27a6e2184e2b44f885b363e1497738777f756183fdb56fdcb5325c678eb2a9e5b11da42d7a971e9cbaadf8db65dbe17145

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e92d63ad3cd3cba161caa5c035f9fa0
SHA1 abc4bd33eb82cfe7c024c07a13b79c2ca0f3a7ed
SHA256 5c5c59f3e6ddee6774a03270653631fd6c62afdf5dbf7d9fb243bddd6dc4901a
SHA512 4ccbf8e8d8372db29d36d22a86004a6d3672badffa795e160f1ee14b2bcf6f9da8ff13a15b09b4014b4ccc2190327cd2866868716d5a0b9a4094d82ac13d1438

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3b7e78990bc9d8a311d3b907bf84317
SHA1 d5a95f2fc4420541dbcd9a89c05b2b11e9b0cfcc
SHA256 040d984181f2983f6880b5f0332570ff026fa0d10259fc6b4ccbfa37efa267c8
SHA512 3eb3253f446a8105aa21dae094b7ef3e02106213dbeafca28456ad1386b11d7cd86bbaa9e808e9cd6597f6cc81482682aef7621d31787f3f71a59ae96f7c3e94

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:53

Reported

2024-06-13 02:58

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3988839975ca0ba476e79e9b9a5ca4a_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3988839975ca0ba476e79e9b9a5ca4a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3972 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4900 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4468 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3888 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5904 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5352 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 dragosimport.com udp
US 8.8.8.8:53 dragosimport.com udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
NL 77.247.179.82:80 dragosimport.com tcp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 82.179.247.77.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 www.autotirescenter.ro udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 udp
GB 87.248.205.0:80 tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.187.234:443 chromewebstore.googleapis.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 234.187.250.142.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 85.65.42.20.in-addr.arpa udp

Files

N/A