Malware Analysis Report

2025-01-18 01:08

Sample ID 240613-g6l3aa1flj
Target a430819d8bd9c6df5b91448b896af5e1_JaffaCakes118
SHA256 ed379745f86affba18e6c94bf9bf2f068475457c3681dbcb0ebec90114223354
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ed379745f86affba18e6c94bf9bf2f068475457c3681dbcb0ebec90114223354

Threat Level: No (potentially) malicious behavior was detected

The file a430819d8bd9c6df5b91448b896af5e1_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:25

Reported

2024-06-13 06:27

Platform

win7-20240220-en

Max time kernel

120s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a430819d8bd9c6df5b91448b896af5e1_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015e87fc80eaa0a4b9cfd4616b4efe15f000000000200000000001066000000010000200000002b2000ac0d01b4da5e99068e9a1bc9a6289f44021e0b5791186292cedf0d80ab000000000e80000000020000200000000fcbbabf934c54339d012e3f2957cb9d5cb770ca1a789ead3b30a9621f6765912000000016b2078e46fef609ff2901f8a746316d7108b4194f6419ed36d05a5ad43ac5d940000000b1180472e0dbff108b3148ced78ae2939a7f732d9e0869d4dc6ee537d8f44e66f35c2725daf731248957706eaafb8bb0c3dd049f0577c618132ca8a2d352625a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000015e87fc80eaa0a4b9cfd4616b4efe15f000000000200000000001066000000010000200000000aa0c3250b168e5f375bf993e440586d5659a5b02ccd68565ea8834eb8815983000000000e800000000200002000000008c65d7fbb80a73b90391e951e3b740f76b8bf68e59b447358c6511936e299759000000083e6425add7ac95001b26d31721097accc82403dcc2286814a310d8e7745571578f6f0cd859cf86134f4d03b8a0b3ffcfa1648f67070a88b6d0f0e012f9197126a2bef59dd4dc1324cd6ce4706e7b7c18ae5c12518629a55f5c76dc74451fb4803c1707a8bdbedf54f8d709da658cad65874467a51fdffea2f7726397b7f9fca6c290cf506b8f014112ac1f96c19807640000000dffef1bbe2de4ead6f7960c453c9f2d8323d0b8d8f80006e638c10bbe1023124454d733b6837c021501435fe51a352fe0d1e7e1393824c4887227ab572af7fc4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0062f815abdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424421773" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AC6E3111-294D-11EF-9A4D-7A846B3196C4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a430819d8bd9c6df5b91448b896af5e1_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 party-nwvqdtumtz.now.sh udp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab15F3.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar16E5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b292dd5a1fd12442d5f4468c620313de
SHA1 df698601b6213ecb6ba9b7a79cda382c8e62bcbd
SHA256 22b1eb096e843797ad3ed96ab6af4b089e6ac810318a9e898514bc0dd17c4a0f
SHA512 87a712fda9588833eacfae90357f5bbd85ea479ba760c247436a426a8f83adcaa6ba30a8861f25e54ae5864a1d87b0c8edbbe526e9916b111a9ef4790d5cddb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11e0a78a2b89fb4e0a481a4bb186592b
SHA1 906cab76464f95bd5bcae2f3f76515dbe434bb34
SHA256 858e05501d2c9442954dcb745c7b0b0059bb768de073e25b9ebc1cfd8b982973
SHA512 c85de1124b4db25c28261dc1f89a13570b0a610fd633e059367021cacc2bf32992d1a099470ddea5de0ce5a1ec9f8556b58a088409a24fb430b208f792c6c057

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb286578a7b8eaf165ae5c6d54f62eac
SHA1 90c35e5a5250d5a1924b47c840d5c70037a6ee7e
SHA256 013cbf413326ff0c0a5b79761224275a3d5e2ed157879389a223a4439e458748
SHA512 faacb17e2bf346f7ce93199d66558f1d0374e51f27969f3b641ba8f45eba2b1ecedc44f5a072185b91a18a58d233ef15a1cdf34926284876d0ada290547ca1e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ceca9477733eb3f3a6b47dd140d70bcb
SHA1 43e873dac0ed9b00f5fce214375160d959850897
SHA256 8f01074c87455a4394f16286d5a90634f2e4ce3f112c55970cd4daa056cc709f
SHA512 032045e3f9555a186c6f8e65bef6fe0ab5cb5b27b8d24aeb02099d9a54628e25ac645c9fef459eb73f389ca9695695f9c8cd2d8b67b522de2fcad1754d95a30b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c4da5d55195ef63b2a77cb80a6956fc
SHA1 db4e941a15c6ba9cf12dc04eb0e490a5ad397bcf
SHA256 f2fb6c742091ae03c36a8e1ed81bab220f530322a21ee8de299e752de058d150
SHA512 302c97a4f2c1cffd5eb82a91b69f99a792d6ee0a48818595bc5442b4c11effec07ca2f02ea52287c0171562414939dec3b2dfb5b5bf8a6f16d68c6d6fa7eb41e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cddd92044c05056e0b0942261edde6fe
SHA1 672f8679366f686b85e8487ec3c7db51bd177d87
SHA256 c18953c4b44c044584feadbe81bf3a761206c1cb379d2c01ac8f807e3335b7aa
SHA512 3761a49f7d0932e6b552276b222ed9589a68d82605fff591a88ea7f4bb1694ba1a1704aa25c533e1234be0700edb7e054e967d6d683c7ede257eb6c5cf2b91df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c7cffe73cf386ae50aad6dd60db529d
SHA1 ff1a54bc2ba5adea309d112fff96cfb51d2a3f76
SHA256 aabbdc09dcff8b4289d0f971e8794a286cc4c61067a00c623a481f73617a345d
SHA512 ae34d38ecdb0398270c0567bd187a577a436dcf01b1915000f82dec42b2608509d4db1e2dd4f27da371b64295f927c94f65b4e51dd8a7f90b63dd73dfd1f7850

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42295f680ea085663d89485b87fa50ad
SHA1 1c5c6e0a9c080aa6c8b55267ce45927d10081035
SHA256 54d96752d4996478d13f76a0f468810f7baa1f8f80762f0656e127d283cedb87
SHA512 6edb4d337ca5f5687fcf894c02ce3632383717f56cb976afadad7bad5a38021545cb11f6ad5679f61c706441e2531bad32cf1ec84a0a0c465e6401d860d42872

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 538a222862270c52f139c4aa692df83c
SHA1 e01ca000c2fb553f9e28c588bfcbcc66f310633e
SHA256 0f8c93bc12ab0204731414cf0202d0ca8d3376bd2fee99ca83a5cec48a53b66f
SHA512 17d11315dc4f95c0f0e0fa61f93eda27c1f1098f91c4f321f09f81454b5ba2c6e27220998d95cd2439ff95ff57f34537c4b4f5013196c0295feb154618d9b786

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae9f1228cfba9a63a9d52d46ec44ea0f
SHA1 f24a6a7a91160d3886280f376b0052173a9a4a2e
SHA256 6da63a1518490242d379bd9294abcc324d4a8cd0e1d558bdea2ae835ae64bc1c
SHA512 25bb8790d3decd418ffc05c7eac41f59ac0f6206a8f36065b72e9e9d1ffaa298978a4a10dc7605cc1bec7f335ca1ad3b37dbd457090a5699c96a16ce8b4732d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a8bdfd38c42f82760da6e67210e15cbe
SHA1 01148701be01a75583dd14c061de646fac489967
SHA256 70edfcbc0f43af16f76dc1407d39c3abfa7c38b54e6cf1f3b3ec101af8414f3a
SHA512 de53c0422bbe01218282391c5fd778cfb202de2c1946c2518452ac72af0908d7977e6496ea5ee88faa355726eb6d4076ec83ff69fc707c49657f867e9be3b5fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5597f3aaf70c19d3e6f3e379da9fcb68
SHA1 195c736f772378a8e7ba63f7a0931d05813dd592
SHA256 6ce0d18272530e5e481c54be76129df50ddcf4529ccfc1c71500514700dd9352
SHA512 25528e28558f5331d8209976dcb1e3478e9b35f1e093f3701fb41028c84a6f8e59eb94c54019a520cbb6e563c236ab80306af4f7ef29f5f98a70f9e6f7dc839a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79051a0ef9e46f2ea7db99d64a77f106
SHA1 5b9821e4620f24cbf0a438c395bfaaa98f8b05e3
SHA256 bf5637dbc434215a82a2cb3b39c7df5636586ad8f050688221dcfc5e781a867c
SHA512 eac813f88ac9b84505254ee8842f31f9bc920ced992335018936c77f316d15a83d0cb2b164eb26624a97d66db289710ae0ad9cbdf1ae7b9fd1306eff587c55c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c82d85e2714ef13b315a4c4d608ed12
SHA1 861149f1450dc7f7a12bff9db75d6fd5bf8c9353
SHA256 f84e371714d4f0dea7b125344d0b584c153c05e038db665b930c945b55fa9a54
SHA512 58ea4b47fa8b782eb31526e995c558ea2455f0e773cd3cf4f57a0a0e579df7f469ac31829baf89bb995406e09ead898fa08c30fe10f92eb4bcc1bf3754642543

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7edaf3cf5ef6165513a7a1c61dc0d706
SHA1 883c91b8cca6fec7cc8bb9687f0cd0053068051d
SHA256 0f71151cc0a12e2d7897c780494c6ac23e99d4317ad12d98c0d04f98999b5895
SHA512 60ee58150e0fda81d3684cd11c30eafbbe9d1d01da87c1aa37d9501cf3a3b0037d21264c7b947687f11e5d6dcef1c8926ada3bc5dc7194ecd0631bdd15e9a521

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccd3e6b0638dee71e293575dad3d984a
SHA1 a23fa4d55afc6c2d5c79839b2c3209291c32610d
SHA256 48f445408b456dbb3eb35ab95bdb83f24fdc4460217bb3637fcbd4ad782d116b
SHA512 f6e1557402f9664c18dfe1010a13e6e3672de268e79d9bfd2ecd91aea20a6c55dda3050593a689593d44d5bdce8d3aa837f77a68989b05def4c742749e6567a5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d59823ecc18fdad21f5eeb751269285
SHA1 873a8665c8b5bb26d07fefb4e8925310a1aafe1c
SHA256 1475eb9eda78607bd8c2fe4ba335bbde6c85915bbee1b61ecde647457a57e899
SHA512 1c1b5c5a815f21ec027d5c418f530ea5b37de5243f37c95f44b7c3705f8a72fd572717d0acda58d9c59aadaa571e4693b7c9b5f17574b1820c94fcbc451ef909

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a906f9d3e35646affa219a9024d2cf7e
SHA1 9ac43ea269b9591316e39e1ff69a4401ae6cac57
SHA256 14e4e80c8d9e4a4b062c54ff2b28223f1dfd17a403855bfc32c5968fe9f8e9e4
SHA512 ca8aa39517d07e681b58a83dd3a569e539318034ef39409c1b7b610baa35818d6ae66c8af8aff47f665236d321c514c7e82bfe70d4bf21fb61eee04e33c3ee64

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:25

Reported

2024-06-13 06:27

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

138s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a430819d8bd9c6df5b91448b896af5e1_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a430819d8bd9c6df5b91448b896af5e1_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4128,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=3836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4256,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=4356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5324,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5468,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5500,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5664,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5808,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5504,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=3796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4136,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5872 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 party-nwvqdtumtz.now.sh udp
US 8.8.8.8:53 party-nwvqdtumtz.now.sh udp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
NL 2.18.121.23:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 party-nwvqdtumtz.vercel.app udp
US 8.8.8.8:53 party-nwvqdtumtz.vercel.app udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 76.76.21.241:443 party-nwvqdtumtz.vercel.app tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 22.21.76.76.in-addr.arpa udp
US 8.8.8.8:53 23.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 241.21.76.76.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
NL 23.62.61.145:443 www.bing.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 145.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
NL 23.62.61.145:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.145:443 www.bing.com udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
NL 23.62.61.178:443 www.bing.com tcp
US 8.8.8.8:53 178.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

N/A