Malware Analysis Report

2025-01-18 01:11

Sample ID 240613-hb21pa1hlm
Target a43a6f0f2960723360640929864c9e4c_JaffaCakes118
SHA256 4ffd505f29f6ba871cf2c2a311d2fdafbb52e27902b89d5715ba507cb0ea2b14
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4ffd505f29f6ba871cf2c2a311d2fdafbb52e27902b89d5715ba507cb0ea2b14

Threat Level: No (potentially) malicious behavior was detected

The file a43a6f0f2960723360640929864c9e4c_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:34

Reported

2024-06-13 06:37

Platform

win7-20240611-en

Max time kernel

119s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43a6f0f2960723360640929864c9e4c_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422348" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000938b8bd2d48bedfa83d18ff62fe447a03a85913d09b600b75674f2b8c42bc9c0000000000e8000000002000020000000cb7d4ac9c3fd7183c6a6e40577eb10d4989df7abab9ca753de35f3244517a8e2200000003c7b15aa57df383377cad254813a14bebbcd19e71e6dea76800c473a99a09e87400000007aaf2396d4fa1c7eb96750d9b8befb9673ce9d49589cf4acd8ea1d0896833d04bf31f37cc79e518643ead49bc9cf96600116ab29b93a69bf4051f9f4793459fd C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{02678A71-294F-11EF-B489-E681C831DA43} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0e981d75bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000a5c8f912ff5225ae961cec8a226b2fc270c5ea08e0ff6051acaf76ec5a2457ac000000000e80000000020000200000003451105232fce4b8228e3829f49434b72c58be41d53879175a902d9cde90b59f9000000032b2b2b757fc5ac78ced7bbcdb684130593158c0cc67817ccfad3bbc39d663083efb3aa4c29e786ce935529ff0b00f4d74e265382c0bfb7e97f7e5bd9f2f2f00584fb2ff8ba5e314bf6f46dc52182df5ac2736da44b61be6ea099b973d6f14cafb8f27215a08399b388b40ee0beb48506411ec6b067f983e2da2584aad5690e030ea7ccac7d75c2119c1e91c9346deff400000001548b5f5c2f5f4892317cb798e87b1ff267e20afc3222d150e233fad178ff6ebe29a75fa8e58904cf8f9369a2bece37ac9bdc050a6ed578e8be0ee73a92d6357 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43a6f0f2960723360640929864c9e4c_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2264 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 park.above.com udp
US 103.224.212.241:80 park.above.com tcp
US 103.224.212.241:80 park.above.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab8AF3.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar8BA3.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0cf68426478cc16453127cbe5a41aecb
SHA1 a2e6ba314d07ccf5dc0bd64ce352a78db82d2d88
SHA256 ceee3d438541c2318de77ce3878160b206bb3df0a0e5a0f52cd8ddc840481d28
SHA512 e24439052d652cf366aa5bd2175f1575cc23eb29c7eb8ac3aef3c41d39d75c0abf844c281305a24bc1aec503c3b8c95fe3189b2bbad7646016f995817df92d87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cf2865a138727580065422ff0bae3a0
SHA1 c519c8200adbd897e92ad589da2d7f42d7bdf064
SHA256 5b976800b6e845e80167e0a0ccf1773039e597c67d45e4080827d876f4d58ec8
SHA512 9d77d4f5e918af5b7e17ebb61319fcba98eeadaf7f2cbee55e30933546dfa286b5903bd4c7d3c1c3548fb16705b4d2929b8fa2b4ede820eea4b1bbda681c984c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44c24d28df73ce65947133c834237a20
SHA1 a724db7a1f5e3e921ab158bb86cfea3a02997604
SHA256 5c348e08a7bb027495b1fdad6127038aab5e6df96b994bf8fcd014facd5f110d
SHA512 e6c85ef2b741e9e1c0c03f5a40f5fe8875e39a83b4ca093f1bd2e2d3708392787352c5231da79425dccd140dfb56d1a097b80e2bd92f1dac2b6dfafe2a650966

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52f016ec4246d7a7a3f8e1c488c214a0
SHA1 55c1a9e70503fe1edc253ffc6ccb1278ef22fc2d
SHA256 e0606cd3b3599877bfcc0e3f228baed9af1904ca97b7fff31c5f5d196f7c31dd
SHA512 54ad92712ad8dbe61c091e733e8e24104827dd7b80d63c1b7f529dd6f517a5769d9c983ccfda0ac851cbd7e19dcc018e929add16a9b0f0affe69fe5c969936a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f46fd207fdccb9fefa553ab94b3cb349
SHA1 f5c9f2e2d3837d8d2c2831005969e52b6f94bfaf
SHA256 3f253972128ff0aa800da38472258aaf6816fae22f26c8c483add6fe95a2b622
SHA512 fea7dc88b034ffb1ef62d241097faf703fdeae84e3e4ca2b01d8be7e20567a4eefcef1671a0033d9939eb1ec883ed43ddeb2ee115ffb7035591638313ca444f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1938719d512536c4f27c767bfe5b559e
SHA1 ad78d049c70c3ae1147438491c01b60003d8cc20
SHA256 dacf60af37adbe21ffc64f65773f9a9efdbe179b51090212cba54f079e129e2a
SHA512 5316cd86244ca7ce7b15f0fda5e70c31283945e26e62d40082accac06e57490d18cfc91c4a5a3fed90d54d02818940cec4a8fc1e38057403ba1445f019a58825

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39b392a9ff0ec073a5b1ee9d1628f7f5
SHA1 91400cfda3ea72d67a24e2d750246547ca84f2c2
SHA256 07bbfd7dea7515f1dc9aae5fb250a566774aa5ea20b113bcbe793bf73e3ff17b
SHA512 5bec36084a8a63f5224ce0cf1c918c1805177b7ed5f1672cb32a0b79a75061b7f7f855ca083d8dae652f7377a0369a6b6e524ee04bd4eadde670f12032e14080

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d015f9edfa339fb5181f960e103b4485
SHA1 0dc3cd4007e86c8e2a05a78c51ac9ddb42a8fb09
SHA256 104ce352b26024825931fd0e50b3274940f09062f3e2cd4219370c74eb4bfc55
SHA512 d4b0d15a712194f655eb07d2b5b63d65a429de9b2985d7295673b7257391ad90afb28b45b02027ed14a23681321e81943ee36105f958b340e4fa46fde430d2bc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e50afc0de804f18c6289a244e60a1fc9
SHA1 397f1f6a741d95a1a1c839f97b549e0df74dac16
SHA256 1328a69df705f549fbc0a052a85cc8b0b691d12d821df62a02d1055838f7d77f
SHA512 971c685baac6d72d35a38a001e55b10e71517750ce2497f885316c9b5938badb00c10ac2d6947b73c91524a34f8a428840b34c6d76ab701ce4661b8fe4a1de81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90e1cb56e1dee6f557f32557a9c87d12
SHA1 a8c2a7fdab2e56f6d8785922f4b11babec94874b
SHA256 da1d6fbbd783d22b42609e457ee440bad615d383f6ac8b3eb6aa4051492fe072
SHA512 df41df42b3279465730106ced1b4904f0a8c1fe39b9fb7961f8ea6a82bbf414b117cf17dd127f8c11e555d7d9ee27506474c708b033afbb85372fedbc6f61794

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fde9196fc9fab3e4856c0ff95bc1241b
SHA1 66c114bf4c3465769d31237f03da3b904c36e28e
SHA256 41fd82095966572cc91cedb18ce726de89296712fabb94e8ce74785a2f53b850
SHA512 38837c1fb3f81b883440ee29162e3c5f3f301b6ce6ccf0c878861193cc6c4c1b1a12470d15c26903a1eb0129c58988749cc1d508d80800ca569d1d88c2e1672d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c82e8b897be34f4a649be63ca93b4477
SHA1 cef38efc12e5773917ba287c23aa40eb78049d6a
SHA256 78798487d5c7e86ff398d55048855dae43a75fa93031363c7c45008348ddd5ad
SHA512 05cbbadbb687e4e83661d430025e83fec8745a1052929efd87d312214de40ee8888945efe0d242dbf7d472c849acc70ca724518e768800dff60b0f7b003f6bda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de1a8b35e3a051bb1ce293dbad18847e
SHA1 e2be5309bbcd99bf0d5278f6afcc702f4518332a
SHA256 3e65805ec327d9f44a1f3f564fae3b8396b0466fb28308fdfd806c65e38ec7a3
SHA512 d1b8da81bbc2c81fa1661ce4bb17ade5920e7d9ef7b097c6f0d2110d2958b33460fa3d07314741c8dee2db59682e3544a67ab38ecdbda60ec0b7b2520e485841

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e620c406bdc60996925a6be35e1eec8e
SHA1 aa2d7b01aef47022a4c001c355e3996222898962
SHA256 ff12900c772cee69af02a87a774785b3bf87a8f847c79c6f67ddce8717972228
SHA512 43eae07a355476d99f6e26e3dca15c62f35ad26e10bf4ed447b74c5bc969f4d615259a0614013d1e2502279d7d6680a9737964a3144c616cb63196a2ecaf4958

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e3ef57c35f89b1bd92aae716bfc1662
SHA1 b2844514416f36c6b07c2a1e226d77cad9654b9d
SHA256 18e998810dbe19499ab7e7695b9841ef5ed231c9abe5e8e8727be0873e80e986
SHA512 904d5fb478d2473f80e02c5b85b27c5c79a18007d677a9963a0a58f2566b0f71e6f0b56555520d7c1cc398936a6d2bed110e541fdef9c2bd8c4bf7b9e08aaf18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1346f5fd174a219e338ae8791953a16c
SHA1 e2575412dbd57fc1a0cc28a64dd183660a2c5c35
SHA256 bb22cb2e23de251ab2ed9ee802cec034a54e06295778df2c3cf5b6ff79b2829b
SHA512 fd13d32d278247246184fb252f1631f41f27c833aed3eaf9967c25e6ffad0bf5c8a4ce0cf18fe0f1a85a8e633f7c5b9669cf49d0c01a14692329ce299e07661e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 be1d605117990a55827051b976f2e953
SHA1 899a07449eb204a0eaf9f1f369fc0a0e82e6fcd3
SHA256 7d3340fed08be4fceb8aa16f34295f4a66b018ad8c7d6ecc8855bb3df4ab9f98
SHA512 6d4f5514015e5a08286b1d4cd9bf866098187f15ad5be2eefd41f839d5700e871b2ab9e0e97866d2add1e2d7e2943a025e3876d98a2b7b8364e234ab9e26ba18

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:34

Reported

2024-06-13 06:37

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43a6f0f2960723360640929864c9e4c_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43a6f0f2960723360640929864c9e4c_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4204,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=3796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4312,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=1872,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5456,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5464,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5864,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5280,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5316,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5308,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5096,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=4268,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=5336,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 park.above.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

N/A