Malware Analysis Report

2025-01-18 01:07

Sample ID 240613-g88das1glk
Target a434adf626007c1bc1f10d9c8b832780_JaffaCakes118
SHA256 ca9308b096dac799bfead20da2a19cfb1354fb5d747045726cd356a3f2292e9c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ca9308b096dac799bfead20da2a19cfb1354fb5d747045726cd356a3f2292e9c

Threat Level: No (potentially) malicious behavior was detected

The file a434adf626007c1bc1f10d9c8b832780_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:29

Reported

2024-06-13 06:32

Platform

win7-20240220-en

Max time kernel

119s

Max time network

129s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a434adf626007c1bc1f10d9c8b832780_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4FD2E581-294E-11EF-9A72-56DE4A60B18F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0480a275bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000059d609311af4254298a1cda72ec4142c000000000200000000001066000000010000200000000d5b891d63c978e9851ed1231b72db8cee62626ff4aedd1e43b804c49a312890000000000e8000000002000020000000463bcd2fc37f0cafd218b7ba5b3fe1bc4543a1e28e56978fdae3e3d4b5e6ba15900000007bd519aa0a6b203a2e41a4ee30e0232cc8994a77fa36fe9d39e77d6786a396f2f42b2bc776b4f8a71a7964f8b277ef62a0f09c99adabca8958809d9776c6927f11d2d77709309f617ad6d224346b3dc17d5deb3d5ac27a44056fe84038d8125a371151aae53f5b807e7a8f7cecf09ef55facbf6de6f9265abafd2a75e4f919a9a8981d4c06020a8ed0970a46483588ee40000000ace1e246c7900e6bc52c38533e013c8f570af1c7373ff86f9eb9383405d8d5b7feab0729399cde999f30c13be8c71f1474e27fdd69e497784002c0cdbb4240fa C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000059d609311af4254298a1cda72ec4142c00000000020000000000106600000001000020000000d1652743935914cad8248845cb31f7b6511970128cf56981712774a896dcc46b000000000e80000000020000200000005ee4492c12918b5cd7cccbee76153c780912ffd353f1cc6ef2e24c8933e1a964200000007222775ef2962631979e5e61d516328461fa694f20d0d85fc3bcdc8538f82749400000001cd94beaeb5dc29fc9347d478262724a753ea03e228361cddbf15dcb58fce57af74a3f640f6aa500ccff84601ebe0d3f2a7a3b92055cb45fa08b0d15cd3ed549 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422047" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a434adf626007c1bc1f10d9c8b832780_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2464 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 naswierkowej.pl udp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3C29.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3D0A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 553dc36508f93ba3f72b6635cb497fa0
SHA1 222988fcafc722249534892bfac3aa24d9742409
SHA256 bff2d499b8a5e849949e74f7cd03529df805db59e127cc0cc9599fe2e0b98a23
SHA512 19c653d4ea029415dff1106dd5454c7da67c16785bec1441d3528bd12519ed43f8d82a50ca11a5a4a05bd5d50a9dec6c249337a724a5ac8896dbcbcc7d3527ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fd4bdd6d939ef42bf46123e163d7da3
SHA1 166ab248a5f50a519da1b5168f1641762105dbc8
SHA256 d38ba552654c329311cfd077fa046e7369f025a8be63345924f5adbfed413e60
SHA512 8ef545040b5ccbcba98a30208b725f81662b7a02473e25419273f6694776771107718bdc65d7353d5d0a0d4c40775dd580fd34bdcea9a6b70bd6b279e73b1eed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a8ad9be90d0aae6ae324a3750f625e6
SHA1 66dc5f16e74b446ca9de9d7cce3f87757bcb8538
SHA256 9fdc49887689b6cdbdf431746180facb25521683ac3588cd3a08deefc1ce5b0f
SHA512 47f952bdde772fafe37cf412fadc417745879f4eeb6db0e4498cb5a4940ba1e10e1291fc9f242a140ecde0e32e7d65594a185091d42490046ea45a6ba126fb9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85be1f8212ac0dbde8eb4ef9219cbd2d
SHA1 cdd720f447b5ad552f5ec393636705af8de52d91
SHA256 e923170916ba5a7c10ced12da3618b3337b5715cf39d88c35f28375703fe34da
SHA512 cf2a204b91c118a19328809379211572de51a4e0f57c108dffa6f5a4757f506626b55d6a95bb029ea660cb4d633d4d43f324fece9a0dfc54577d45df0b305190

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2f1d2bd0bbe95d32bb36570376c409e3
SHA1 e2612c703ef02bd4ddd0cc0daf52c259b8c9d18c
SHA256 8fc9fcfa95a9543729226fa2b46a2e4beecc61751e0b863a75b6484bc9ca9cd6
SHA512 f5b900d152cfec073e72797c47c515e420989a6c12d018fcaca1cd4b5b786276e6d77f6e35ab4bcef641670bc89b8e9c6f7c4ea39d508b4f4aaaafd7487904bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c93019b18871f498a67309eb4e24bb74
SHA1 aaf1bcffddd8334c4147f2ae089f509d1aa5202f
SHA256 d478db4823f1ef68ceb589957ec536875aad284af290c3681266e6c6ae104ccf
SHA512 fb712397230bfa5d3bd267cde5723be1adfaa4d3965ba78d60a5330561e0eb3108ef1f356dd4c462d1b29f4e2daea9509d9ed3576c2817b78dd3faca01e664c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f46fbc440e3aa56d84b8dd6be6e622d1
SHA1 290a258f6a04dec765585289f39c6f8d751ddb1d
SHA256 9198cf008f40584bcc6f3c043cf0e0a10b83ab71d2821036be5236011ed0b0a3
SHA512 274c492ed6559486d10fba66cee70ba47af6e2f450f878758ebeb1545f7d368c9fa3e454d29cc3d9de3ed02f36f23c4bd0ab221632bb3eac936ea067f9c61745

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4aba396b0421b77eae9011ef0f672d23
SHA1 a37f523f7289f541473d1ca8ed5c2089fead5fb1
SHA256 73b0a5eaf568c22136e5d15fd99d03d8f7dd5759fc797b30bfc6a563ea9cf888
SHA512 5c977502650e8696d3560dfd0475dc2f3ba53c917c4c2398daa3f87b550c6518d2011271127c644c7596b81441406a9cf74fa02af15f6dea8a6b05b92330a811

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3ecc14983a21f7281dfd367eb895cfe
SHA1 c63c1480d55f4315dce68f8348fd1122bcc361bd
SHA256 52ab32a7c8acbdeca45c15253b330b4af3132ddef9f16bf82ca6ac7a41b6f6a5
SHA512 b05cb3d9b05439541dd16de43d5a6cbdee61d7c7ccc408e42264e2f9933f88aa12741a24744a00789b80849d3b5f5b1a12c8d9ad0cfbdc53efd2163719288686

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d4d479d21849feeca1b4cc5c894e41c
SHA1 f355e1f912139dca14e177f272bc74b588757bf6
SHA256 e2d938d063690dd4e60cddd829255dc0422a21b7e3c270e394a4a082d1704b65
SHA512 5d5895c3846a0091cb7b9730325d0a6f70a11e3135cf6a88c19ed8b2ca1ec468aea0da1bb48ebd2737220c7e19abf7be7f63261e4bf0d0065ab7a4d70dfb4973

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 923b502c6d730529c1949fff1b7807fc
SHA1 98ff4a92bc1aa12e2f55d3026f133adc8a4a391e
SHA256 c006e7f0ed0c85af14b8080d743ce821ac0b8a91d7a9702e3cf4b0a01a93e3f4
SHA512 f7d2f93b27f0d9ad2eeaa7d5819321258770b74e5bb35b2e67d032b2b3035f5b4d381ce84e517395cd5ec43969b58fae25bb799d48d2320de22d7eeee2e1dac0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c512e8949bdad6ba73261f0e840e1aa0
SHA1 3092cc912480b584b53318af142471d3671265e2
SHA256 19cb94839b54a84e45d95ccf7582aef4f754c05428c577f62266eaa9f67fc2ea
SHA512 60244d3453821f42ceaa7963c72aad1b17d56fa6c9a2e8f930318e36a3a0bb51e9383bfaba1ffb15071e7da1ca63902118acb5864a59e7bce941a4372a4e1eff

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e874b2a96eb16ad904cde9291a08be7e
SHA1 da909dc60c68132de05671282c40d575b315cf76
SHA256 331d2a052ae11ecba04480b73008c98e59fbb5f3a6678274ce97a1bdc5aea3a3
SHA512 5a573dde4248be49898c426e40afab3907517599c7837fd78434b09f505ddaf0249eb6816d4016fe800e8c55cba9be31eee17312746f683fa67b51bfa9fb15dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9c2dae7ce85dbe3c5d951259efeedee9
SHA1 cc9491f22149181ccd93dd9747255f21ab716c62
SHA256 dce8f61ecc6169544bfe2dcdb7605a5855097514a00434f0cbbf642b610debb7
SHA512 545b0a802a92534076f21a5f0cc1ed1ecf1b5e6e45cb2e3d239d3c0fc8e859029d3aebbd8ff4e4f1d8ee92546f79da0b591c08991e709de9afedd265bef636b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a50cf663a28d59c004ce51c5806833c0
SHA1 ade3832d3a7653bf51fc107a724a312359fe7324
SHA256 8606264f3e416f73ac1d9f2ca9791c8feed565ff55f86ea00f41bd9e015a10bb
SHA512 b35e2da5e397a59af998865d3ca20c7e495aa92beaceacd8ee35add05d972c0146f0b24905a47c326637e80138ec74f974cf7074f072755810ce8fc2a2fd492c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 448c670f79121e53e06e2e397e87b988
SHA1 d79f3f5b0cfda4174c60ec4b55f9f26fb28bc8ef
SHA256 925db97992ee30ae2a0776d694911545fbd096aa96a026f404625c813ab40803
SHA512 4a3a11514b4e51456bdf373b3a700809f6412041ae2a21e7a4f6712b24d3e874ffaf88cf056c9e2b5a9dc7c0161a0ca86a7a27675b025a7a98d753a11f37803a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a734b551d426082c6f0645208a8175b9
SHA1 73093d0ee76367037a6cf96d2a6384d7f0c36932
SHA256 6ddb6203c526eff7a4e6eab69c4b8b0cb10272876d99696da69e9d65f839bd67
SHA512 c335773097be8416d8d46a0d0218b2be3748ae6fa59156af3d2e1b401a01b20efcf952fc97a718508e676f7ce7902570769b52e79a5ed2881516b93d5019b5ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e96ad95de6ca4b02b4d7bb007c7ee9bc
SHA1 d7121e24a9cc75be3334dd60851a1a7248fb88aa
SHA256 3f41479b5c79e192e895cc84041cc12639781050d88b130d7096913959605718
SHA512 b39bb2f25a57887e19fccadbcc6a4cdbc94c94c139a880d3d7d4e2cc3c9fa45b6088b84350b8d4cfd73972c3d85427062b50c639f50842c5c389e7af26a8b9ed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84cd18c7dae24741bfa2b40b49b72430
SHA1 0b0289ae05a2fa1736d93905188f9c2d9c31d225
SHA256 883dedb4178777d23cd988a7754726dcf325693fb4b31c3b55d0173fd2d62450
SHA512 0c2241a5fecd199a116d2fd97b9f895a111b5795866c077cafe1784156813ba1aedf61440c50ddb631412c2573d0a352d7247688491f143a5cda46cd03cce1d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23d7edd138ce8831a69390b2a4ff7429
SHA1 dc184a8171441faec4a3962f69402bcbb12cdcc1
SHA256 20c6872f84a839f5dc6e91f42279d87f2fa25591f5eb9cf5e79fbadeb46c4b60
SHA512 8c7097bdcd7fad00a3437f1480c9a5b99f07f65f6bf2a7ee61a2d65d2736fa5240db9bac576e9613bcb950de51663bbba2c54b4d939744dbeecf8bd2990765e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 577c1ac78a19c51c76a3765aadee43c9
SHA1 e65d37ae95870b05d8ad9141cb7067b83e081eba
SHA256 dfb08282d2d0550eca0accf5cd8672d6a0f18dfc4c43c1e2ce1c62a601a33cc2
SHA512 3e1a1bc93a9becacb9ec81c033f8c8530b43b5a7e691a87c02d3531672c01edab15b2a9cc9d2c6557a8559fcadc116d3ad5d7e28560a2d8e4fc3db19ed0fc630

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba30c0cfdf4049097d01154d9b99037c
SHA1 699372750433b92145cebc318ec45dfbf28113c2
SHA256 e4e6aa0f38cd8919af89bc52cf340a6d403442d1bfe4fafae0c221497ee95f9b
SHA512 4745071836370d9647b976daf4fb3acf8dc5045fdf39bbcae0364cc9089144c8ae1fe34304b38255cc13795198eaf814ebc77b9d6e23a5f9628de45275125b76

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:29

Reported

2024-06-13 06:32

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a434adf626007c1bc1f10d9c8b832780_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a434adf626007c1bc1f10d9c8b832780_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4972 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4672 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5740 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5536 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5540 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5084 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 naswierkowej.pl udp
US 8.8.8.8:53 naswierkowej.pl udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
BE 23.55.97.181:443 www.microsoft.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
US 8.8.8.8:53 naswierkowej.pl udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
NL 2.18.121.23:443 bzib.nelreports.net tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 23.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.208.16.94:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.180.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
NL 23.62.61.121:443 www.bing.com tcp
US 8.8.8.8:53 121.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
NL 23.62.61.154:443 www.bing.com tcp
US 8.8.8.8:53 154.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 16.173.189.20.in-addr.arpa udp

Files

N/A