Malware Analysis Report

2025-04-14 03:01

Sample ID 240613-dfxvbawakp
Target a39a7344c77bf99eff96f1b0900b5f38_JaffaCakes118
SHA256 2946c4e517a2dd7709790fac4426cc54cdaa0bc8eed8fa5a0804725869fbdec5
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

2946c4e517a2dd7709790fac4426cc54cdaa0bc8eed8fa5a0804725869fbdec5

Threat Level: No (potentially) malicious behavior was detected

The file a39a7344c77bf99eff96f1b0900b5f38_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 02:57

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 02:57

Reported

2024-06-13 03:00

Platform

win7-20240611-en

Max time kernel

133s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39a7344c77bf99eff96f1b0900b5f38_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000000edd8f6a8f6d62e76b82dc016d9810192fefdccb0a68023c2515200e884d503d000000000e8000000002000020000000a13e5cba2abc8ada9cccc35780952b6ed1f221703a672f78e2e3b4cb4a13485090000000e5dfad7203bff2aaafe584bd00c34175e93e67ed6defd8dc2d43ba24d863fb34b3cd0dba06f6767bec1d79b9afbf9f94e74747ba2845357ee7e5d48d6cca72937db2b21fbf89c91c54336d211b3334d5123813b439f9c806664d357bcc3378b9dbb860c61cd88959c31719dceac549072be9ba8f701cdc55da0b12c248bbd4c0a2ac558436212580a21f267940e3d21a40000000464fbb2736031dad30c12777f0835db3d1877527c49dc8647a814b30980724908e4cc26d1fa172543a242066522fde4b23e515b469dd5e3435fdd04b343212a9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424409327" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000023a9feb02488849c61fa3ef58b2480a008bb5da309e6b4df1ea683263400a6da000000000e800000000200002000000021284857b76647a7d0ffc0068c7a8d94be421732f55a1e8e6cd387b6e6c1616920000000d60bfc3811f975d7b351f510ab9edc1e0a3c2230a863f3726da30de06246c9fe4000000053084c52ada7e59abbccd7f7d32fc7a9d17490cd726b11d7b97483514b101fe4fa887f5ebe0f39e89a8d5a8436c93d20b73229afa54b25ae1f401f485ef71db6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 505d85873dbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B2040E51-2930-11EF-BA09-6ACBDECABE1A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a39a7344c77bf99eff96f1b0900b5f38_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2140 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
NL 142.250.102.82:443 nguyenhuytap.googlecode.com tcp
NL 142.250.102.82:443 nguyenhuytap.googlecode.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 feb2599126cd6edadb82d069957117c9
SHA1 699fa585f68d4ba1d82036d225e10c2150584973
SHA256 e5b71eb9ac581fe931ef37ecc27fa17d7e40954b8842b2930ea9861de6994c47
SHA512 26e18e33b5b81c18859cf462ac863f2e00e4822f762e2f33059836bde5f9a912c5512d352428e0e6684eee9b87e39a11d516fd5ebfd7106ec64eae90fa3b7913

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 d3049f1a4b143f13261e38abab901109
SHA1 1810917619ef7b98f40697c12f35a75575665f8f
SHA256 69df6863aa24aedecf107a7e2e0353d592c52a5905cc2833d824c2298733e9d6
SHA512 6af844057e960d6f4165f297891b676492281fc4abdd7346a220b1972124fabe2a9e0f7b3825c9f67c1ed885262cf6fb994c4dcd607c1981005291a240b6e958

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 53f940910828fca6c9a139b2f73d6dd3
SHA1 9495bde8609580a87d5d6ae6b0287cc4509a367f
SHA256 5c94630f94cfa778b0684a8afe3cc01b1d5c569b6042339f4fee5e713674145f
SHA512 89e3b8d3545382e81cef4a238c806c62d8f460c7514eb9e8ec6fffb027e2f6e670c3c655cd4fcb005abd44a8792ca21050ef5b3475587b8248109c105adb93b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 c78149dce50614fcb87f9d64ac57bb4e
SHA1 a1164891e958ffa06f50262299ddae615b6059b5
SHA256 7676d44a0aa67a9e345a42bb591643586a257c2dafc660f397ab7269467b3741
SHA512 ac86723995fcae86372c61d56b6b9b8f597e1ef282643e5592569e27ace07dea90a297add0ecd6d6c037f299d32566c67995582e7489e6c63c2cda4482e8d28c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 76acdf81f142afb0a765b58f5c8ceaf9
SHA1 47d9ed6d7498f83d7947db6d1aabf64d86a607c0
SHA256 9d921c1a2117447a756fb8464b54571f8bbfb81cb1ec212f5a013fd85c8a3db4
SHA512 19ad72b8244110fb5097d9192448b27124d3bc38d78cdefee9729694d8482ec01d7cb757bcfdfec875da36b1bbf6322b0e8f710033f12bfd5452e15d84246303

C:\Users\Admin\AppData\Local\Temp\Cab119D.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R54TGSS0\plusone[1].js

MD5 53e032294d7b74dc7c3e47b03a045d1a
SHA1 f462da8a8f40b78d570a665668ba8d1a834960c2
SHA256 8076b082eadf0cab4a8823dbd7628a0b44f174c17b3221221c0e31e7c60307a2
SHA512 fe263fe86aea2ba1b86d86305650cdeee45cd1f7b4339f9d4fb81db776b78abedccd0ae77262f45d579751daa26f81385354b3d126fdb5577036e9dd1db33276

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M46YZP1\cb=gapi[3].js

MD5 f9255a0dec7524a9a3e867a9f878a68b
SHA1 813943e6af4a8592f48aeb0d2ab88ead8d3b8c8b
SHA256 d9acfd91940f52506ac7caeffea927d5d1ce0b483471fa771a3d4d78d59fda0d
SHA512 d013be6bfc6bcf6da8e08ed6ff4963f6c60389baa3a33d15db97d081d3239635f48111db65e580937eb1ea9dc3b7fc6b4aecb012daeee3bf99cfebf84748177e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88480432aa9a48c6e2775dffa8ab8ecd
SHA1 52e245dd730f6b7214e0d445f8235d18779a1d64
SHA256 1a8de7f96bc1a73eb1d1c2b00ee197f28d723dcac43ca272f179f909dcc412a2
SHA512 ff2c87ded361991f14aee7b6d0336bd5cd91a80049114bc0b7123dabbe00ced3c6536df3cb3923d1055ca702075ca45b047596eb9fbd80ae0535bd75dd1698c8

C:\Users\Admin\AppData\Local\Temp\Tar2BB8.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 771e498f3ebda563698f216cbed18169
SHA1 545ac32336e38929c276e600d41b0a1d34c4822c
SHA256 c54ca45a37411f716bd691f6b8c81649037ed8fee7cadd2a4bf7f11d2ac43294
SHA512 2bda54f549c339cd91a8c3a4d278f043f0d7d18327fb537a02f1928e54582a2b91e4cb492a7a0e7aed6b3bac9bdc1e966fc6220b07e4119ff1a4eeb22d2bf2c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ffa5a13553445ca21e11dae5279ad44
SHA1 34e3849137d6d77db006bd32d1c3e765474db6c9
SHA256 4b8724afa9cbe0878625238214d3815718116555d69843fd56b7017eb60cf9dd
SHA512 ff157118577b80594c57df5386dbab815be9d52d2696a21bd278d5696f9ba5db15574695ea28e9c2874f32b90b3837909a74827491e03e6452a9a15394609a20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b9d61481743b41f83104aff235c34a8
SHA1 2628c2e3f005541806f191b7f2a7fd17fa72a266
SHA256 da8c0c2f0182a93f446664ba4c60f8e257189b97d450fee5cc791a26a82bebc8
SHA512 70b5b04cb995e33f2875b9465536487a12b95f1172edca6046b72ec469a1dceec4fc0825c61419c8a70ad130ea2a80518df5f3e2db8bbfab9ee8bbd1ea28e1ff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d53ffb3468725e4f93c87aba83c955f
SHA1 7550afe421fe03a8d01597c695b90c503387bdf7
SHA256 ecf7929a81b6e13ef211504aae50a587d12d3f278e1fbdffe4da9c7fa145414d
SHA512 e1813ba07e1a19349b7f5714f4509d786143286bcc0d3665e86ec9d30077d37ec3b3895003641a895c1f6279ef3a4ac586de9e2c75108f6640e824162ae6db03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6a6af250702508fb04a71a77e359f2d
SHA1 6e495f9a9a7dbb454b4c805b7fec13e860b2efd6
SHA256 3cb274eaf808581cda0411da496dba16a2564ab35ac591eefc0d1e0aacd6d2e0
SHA512 85ede979f744d74fdf30bf867530dbcba9b9662895315a8912920c465476853ec757f7ea306055f57db36c0c863e865faeebbd1b733f8e2015c681a1e686cfac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35d3a66720faf29103a6634e5260437d
SHA1 f50a083fff1431ade14989c6bebc0c4bd4f223f4
SHA256 dbd28f6120672da4ed9cc6d31203c5760b218e8c0464af755078f96b1963bcaa
SHA512 ac710a305756f9f6e0dabc6c3c9c42ee77844c79fa61d7f65926bdc376c894908f4025e9a7e4795759eadae9344234b1fca97774b9e6716a7cf0633ab083f2b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae736af828f0d5e71f140b7a0b68aee9
SHA1 4149e9a567924ea32c4e0826a4926d262daf6e2e
SHA256 537d63771090069a23cdf5792aad630c67851b9912f31d40e605b275123ac51a
SHA512 f108c19ab4fcf3f36b49071e4af2a5866bb3b66c7c43bce2b5b21b4b09ef196e16cb2fea5069d03c36c67e81f9bda7b58a1382fded77e8aaa066e577b9a3b102

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 72ccb4bc056269dcee7976108e7d79f1
SHA1 053b0c7c733f7a9c1bae6d7dd03c1d176b5a3d78
SHA256 5cd76c47413437cdb75c5f2e621e22f20565df14e84c397b1ce4b2834170fc74
SHA512 4e7c0332d3bfffa50bb979962d3a30de1f504a926037ca3792bc8a70ab8bf34fece5baadb14a7a93d10fc522058c79abbb6990b4ba66c3534359b2c30b68592c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eebd2403d3b39587b28786e318a9da42
SHA1 0ab1b7a39dda73e96a43cdb2852a075157f701db
SHA256 4c5591ce3709c0bc4a594695e47045a4f1aee25183beeb8f387d8e630516204b
SHA512 92393a7ec935b81bdeebdadde875b3d403689ff3e5c9f0299ea69005a3a9c13eec5cb7762390f88f08aa288c70b48cf22ca7f9e2090c64b5865a613a66478030

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6162f52c8b2d3728da135c3c5f3ad67
SHA1 4b8c182137c836bb163f3a9d4bda411375d6992a
SHA256 d0ea1bbf1445fb68b147883a325b2564676f89bb7385cd083590f328726e442e
SHA512 adcbe7a021aa0be81a422544ca18bc33d2cc804b988d075ae161b49c5b3a56a3f07352dc53ddc15a33946764158d4d21e54e90b7b9fbb8a4e7fa82dbf85d5d3a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01d75e68aef1e946a18484990e0a840e
SHA1 075a2a836a74726574dea1eb4c3b1467526d9af0
SHA256 b6ec3d7d516e9e84baab4a767de0547824867f553c8696424a5f42c5a6bb8071
SHA512 a675e35a5539ca944fe34ef4ccfcf370b6adce342ce2226bff8da6060a5d1ad18ff0f87b2150fe5e73ecf5eb2cb948541bbd953bcf334b0c1562cd16402db7cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d56fdef96a46c957b81ffa6f131605af
SHA1 8fb7592222486cdad23de439b40a5fa9dbc1a677
SHA256 7e56839bb1fd1f16bc8b3ad41fce866ce12e7c8ed4e90cad599c68920fe47dd6
SHA512 1a670b97375d1bd21b9dac65c803a4033ad03cc79e424b4149da300f85753f29f36cc183672eeba18136fcbfb023b5859e0b741000da0f8916e385c4f9cd43b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 43680ac15900daddc2075c3ef1cd48f2
SHA1 4ff0fb64e719dad7246836a9847bee39951842c9
SHA256 b0b6575bea3a7699b4db8f7a9fa6bc19c91e4017469a6186ba3f865dafcaa0c7
SHA512 c1c87439733e041ec88c0b08eb0838bdef09add48f21fe771c197e93cec8a7c80e7ca04061a220fd66590b391394ce97885e4195a3529d337d80371f8bad67ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f50220e1abe3d297119027b186434eed
SHA1 f877308f3f7096c9a8fe326cc02fe3ab1a7a4f75
SHA256 07e2a642edb926ccce5891dd12de118bedfe2a85e776554d3b54fb7f163b0242
SHA512 83972e0689edf757b13596dc6b223d54315f10fcb6ab23a957e5a22a78a07f316f082c157d6a8a014255b5118b374f3182a6885998d09b5b03eaf27a4a25d967

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0ca81a04699daae7a87e14777fd5be25
SHA1 5d6e5fb95a018d89ad1087b07b2032b1b1d76de2
SHA256 4707e4e7aaade5d97b5647a9bcfca03e3a7ae520e0d003a04acf68f707ad4c99
SHA512 0e1dbc88b63a6f48fdc89205effd282143c3796b5353260668710a118683ae70aef6644aa7e8c173405effc3e3aea9f774e721c2f4054eb62d11be47f9e4c265

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67d0e84c80012a8962e8c266c2fb5734
SHA1 8e8d8941d7736c031dcd8d0fe753b1b0c1630e6c
SHA256 aaf3fcc79ef218acc6d2763c0d1748c06ee167f7d44104c6aaeaa924a52a3bda
SHA512 a25dcbf3184e75bfdc5593753c4dd9e8cb233663e057d54c05009c3959e25457900f469ca176ccb2ef4770b36ae0cb43aa6fd182433a02bb49710cb895eceee2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6ebf4f20d8038da1cbc82aa93b5744b
SHA1 9088393bb145b34b41922285e63ed790b52dd986
SHA256 938f2b5bab9ea5cf7a50803e1ddfa1dd8f910047ccb7f1b96699f5364f74a6a4
SHA512 a2c02d86119b3b2971e671cb76ccdf93794eead61cd7262cfd5cda5554a3e144612f00c99abfd36a3db95e0784927c7c2264dbbdd38500b31376c2e8a8789551

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ac0fab47981d33929e87c3aae459f35
SHA1 155e17d63d2d924a8c15737c24a9ecd87a9e2d85
SHA256 04d71d1ad608464ddc1c444c9dac49e22911a55cafd4e592856b1e8d3b617023
SHA512 ca5b00d771927e080144af177401ffa665593f7a3f11cfca7f63802cf2c0b9c541cb07fd8b2e419d37466783f38504f8ff274d4468c1e8e4168823b2618760fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8c48bde8d3b7c6d92576d04ee8b90408
SHA1 9c9616c7925b934a9121d2a3b9db295875186a15
SHA256 9f841ef491e5431fbd116f80f2de8c7766e055ca5f7197eb4fcb43ccceea3f05
SHA512 69355aca90cbe6cc77ca9cd406957a8d40fb9ace3b4c2a96f429400a5126b1b360ab7a17d525dcbed8b7246b65b7cc509856a200fe192cfaf3378be5b8de9208

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 02:57

Reported

2024-06-13 03:00

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39a7344c77bf99eff96f1b0900b5f38_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a39a7344c77bf99eff96f1b0900b5f38_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3944,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1404,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3808,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5320,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5452,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5284,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6152,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 appwebbrowser.blogspot.com udp
US 8.8.8.8:53 appwebbrowser.blogspot.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 appwebbrowser.blogspot.com udp
US 8.8.8.8:53 appwebbrowser.blogspot.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 appwebbrowser.blogspot.com udp
US 8.8.8.8:53 appwebbrowser.blogspot.com udp
US 8.8.8.8:53 appwebbrowser.blogspot.com udp
US 8.8.8.8:53 appwebbrowser.blogspot.com udp
US 8.8.8.8:53 appwebbrowser.blogspot.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A