Malware Analysis Report

2025-01-18 01:16

Sample ID 240613-hbs3sa1hlk
Target a43a53c0447315bbeb728e2bbaae753a_JaffaCakes118
SHA256 64804e7b7db4aa9cf6813e2c09f9d2c0aa121eb9150b65f58af54c0833e610ba
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

64804e7b7db4aa9cf6813e2c09f9d2c0aa121eb9150b65f58af54c0833e610ba

Threat Level: No (potentially) malicious behavior was detected

The file a43a53c0447315bbeb728e2bbaae753a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:34

Reported

2024-06-13 06:36

Platform

win7-20240611-en

Max time kernel

121s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43a53c0447315bbeb728e2bbaae753a_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000cf785816b881849b027a220ad6c96053e36f29097af1ddfceceff012310e0ea6000000000e8000000002000020000000331c534027d7a8be5b51667479696e16794ebb1d595cc445bd1c3dd399026b589000000048be43e90f612a682da4bd521088dfcb4c3f9c90a910b9fb16a1a32f8da733500ed566531d8fa16ecfeab87d2d8acaaac09298221f06160c8cf96fef0120032f1659a609588dd624629b7d316ad7919b9618977b231c4331758f8ce1316eb6d17c7c68ec47625ca9e5897c19fd2afc161a0b727dbbc546a405b1b84e679794798bea74a3b102c4a2adcc83cf9fb6f0da4000000027a840f19691f9f8431f574879796291643360c79332f6c01d80fe8ef7c746b9eafd84c94b94e4a312a34fe2a3c38acc0d663b2e72e511c0a47a2fc92375520e C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70032acc5bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422323" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3932F41-294E-11EF-968C-FEBBC6272832} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000419ba697ab0b9807f6ac66c13593fd05402185b70ff8b0f33fedceb615e7715b000000000e8000000002000020000000ad889c0ea30c8a23a14334d3bfd9fe7126944747e30c779dce493792fbfe534a200000008e3e53b7e5ece44b82937819d79c672c66b43a9e961d441e32ec6f491869ca6440000000c272217c2ab8ce4976a6d74118dc251b33f29b3d10f9dcfb592d61f099814d7b86bac92ff6e2cde033aededb2a49c7e3ab559980afac8b1dfec3d10b26342a4f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43a53c0447315bbeb728e2bbaae753a_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ag8aq.cn udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab9475.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar9515.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c489a978db73a21dcb14557f82f06d45
SHA1 e31d2422e8333c56a1a88b84fda9d43842deafdd
SHA256 4d336d6541be70cdb91125a814977bb2d0d450a47308582b970a01c854934cda
SHA512 683f0e0437385a673d99d76e3383843959589ea0db94698cdbd172fd64ac42a3877640b9bb1c0b6444efd477afbde67339a1b75653fbec270f87f5924f5e379a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 423be854a4399e66883493a38657a5dd
SHA1 fbfab6f4406e66b158c80533f86bcb79fe38aea6
SHA256 cce83ee3ac58bce0258d89ccd65f55b42b7c5f58e5267954cf43a630e893f2b1
SHA512 1db2c8150224fcc3c63e6c8cc7a1362208ebc514487fa56704a757f66e86eec9cce64c19b554404f0832b6fa84d3f670ba10f1b3defdb393fb9cc3798abef618

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93203980050b9cb25e7c3fb44a693bd4
SHA1 f94e368a39dfe828ac353ffbcd3408a3767a57f6
SHA256 2925a2942213c0c59668601a9b3b5bd1e5c217adcf2378a9230955c9cbaff10e
SHA512 e0a923cc9f11ca4f4bee742190738a3fc3ab365f28047e48d6ae52ad4fcf1f1d2d565b8d5ff736aeaabf275407bc8b48b46ecc5a870c24a85ddbacc50d16e0d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c328ea7428d6c110540176a7be732622
SHA1 50007af3ab837ef37a60fa871b21f434f728ee60
SHA256 11a59bc65a85ea83ec4ec646b6d95c6b5601377e467aba554f6dc69f07dcba2f
SHA512 1c0f69310aa3e37faab95779440d193575445552f7e4f29826398736ea67c0bd17da2d14dd4c7e3adca4c1567d178601d0481c2ce2c5a1a5601a33bb0b8a7d4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d3dd86408a175c8afc099c11fb2e1c2
SHA1 fc88b87b81015a110951c9c3e4a551a321ee45cb
SHA256 b5af11ccae329fff7d474b56ac710f5e3d57e37d998fc6f1660ca2c12340a980
SHA512 4a8fc5586b0bc2017ec0b77bb2ca43d99747983b62d2aa620c148cf1e50a8adbc8ec4657fca8d1a501de77b9f3470d85d81e47eaad8b1551295f4a2a651ef60a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d02f02e2825f64697feb26b1e7417519
SHA1 d374a9dbc07eefeaafe1311d3899607026eb8368
SHA256 a9b8293d4328ca558bc67cef6091a55f8785c2a93d555a3bed3b0b02c017eeba
SHA512 086e5511a6422d8a80045af6984065c02805c04112fbef69edef67baa3e40390fe382faa84e49b86417c42bef41f7726c45b800a560f6b73391c3b9d2e0ba842

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4c92be7964cd75938cfb0eed17e0597
SHA1 5ff76c2317e05c822cf50d387ae72a861729202e
SHA256 3cccbaa5cc9aad355bf61c20fcbc48cc6e1b3bd2e50affecb7330432c9ff7c8a
SHA512 8f9871a39797681a6a65672858723fed3d6cee04b86689cb032bdddaedb68e6d771c8427654d89473192a664256e6538054eabad85196a75d96ad18a79ee8011

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15b02fe8b39da2239ef215c3b0d361c9
SHA1 9a62dcb9cba8748bebf5b138c8de2126ef5f5ce6
SHA256 e7d68cc6acfecd1f83583b92c4accc704a0470728e2c4ecd11660bbd44338d0e
SHA512 845bdbee474d40eb22d4e0ca6026be93322d06b409a99b2b7170d5d139e83fd22de90d8223d29f87e29adde3aa2f2f8e3610e1fafead952b8f946d55a5aa1b53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc41e0a330bfac5999592137c4baee3d
SHA1 b383fcbb40e383edcab4f862939e50c4bd5ca215
SHA256 eb254a1d8f0191a0b3b05455ec85fde74857411c0557624f85d9c5d154fada24
SHA512 6d68e4a6b07981f8013a869183e84067e9f8b1adbbacf645a304f24e87e97b5ab2112c89adc924ac01003b0da207c20c2c17798f6bbe1cb4cb561f162f04c911

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56ef5f0312f6962e4afd1d524b4bdbc0
SHA1 12dfdd80a860f8aec722d6df204157dd42b54b3e
SHA256 0ba8aa2c5b625cab497e8392b697a2ed36afc4e2688acb851d761fe03c385709
SHA512 44ede667cce83651bab4378678df8234d46c8a4e9bc1d2c8f85e5c285e74a5643dc39e0f3c90a8bf7f8ad6ac4d572660ee28b95314bbbf70e5e2cd3cd1d3ca5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5260dca6c67555beca3cda9c42d7c123
SHA1 0e094e355c82cab3e336cb76a3f466a63366b059
SHA256 2a344d642bdb49de87c3cc13d81633cc1257ef1cabfedcee51ec9a081ee19c2d
SHA512 be137f549b42f351b41b412be8d0c61a997f58051f124cc89024fcf434df9f790564d5facc61ed90d4369da187c68ea30c74e361c3afdd0d7cdf4410387459b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42c58b446c9dd2077216400f9363e13f
SHA1 39661ef63474d2ab1ea16ad177cbe5227c05bfa3
SHA256 b2c06053ce1e94a56b8a164fc76bee9d9573b064fd79412ab0f9e1a0addad1a0
SHA512 418de75e2905b30b33fe96fb212104ad585b397a91836b4580e47a176417978678ce0b6bdea0dc72794e83c76830b59f51bdd2c5d7f111ae7ca1bbb861dfb813

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f547e9e19e6c47013a6cd3b030757bcd
SHA1 f97448a13c0739065bb8417eb481d0c6ab2ac7f4
SHA256 fb0f74e2b3a2cd8a3b6c583624d0062be3f2e2175c4ceb3e4717b1a29e0f81c9
SHA512 c7df0ac5cbbe1764352f62b619f4751e80ba2bddfef78214738701bd9aee187408df87cee35733b26663c7e795190a0c63550e75cc4a5dc85a64dcf9b8daddf6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05d1613c2bad8f5ba9187e082566e9c6
SHA1 67327e1f17715cac77cd5a8c4817a33deec7ae55
SHA256 ab1489e7a1ba33856c33963f8e3dd4941f27331679cf9437d13d12b5b22fc7c5
SHA512 4b6eab55e12ef43a6786a4ad32c1a71c03dcbea3fcfc52e7bce583829b59420eccc018012004764d38561c8ce19525dd495ccc17dede2e747f1d79f2a10283ac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c838154fb613104d55ca9be33f44cda
SHA1 b46aaa93424c917da0e16218aeb9373ecd165835
SHA256 1c01c8587a37c659f7ce85ca746f9e510b8cd4df0e8aa41438e627f711127ef2
SHA512 f17c849277a32e5746e4020e329132ef569b60dacbed938947444749c1e6efab0708485ac95c3a0c2b828ab3a78304e7b44ef68a5b4f366a67a08ac35f7b30f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acb39f0ecfe09953dfa5fa9fad83fc89
SHA1 74b80fd081d4e67caaec38ddb3db7fca35662bd4
SHA256 2b3d13104530d3cd7a1e16711d94378f91a8f856569b918371481adbe12ecb91
SHA512 f7fcbc0da6f6edbac5ce7e8180a53a7f3867af866e7b5822ac21ef614bc01c5f3abe92750a186b84ce5a6a60a50158b2f7a0fadf5fa153fae99885796d7812e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7311ce7a7bc215a098a4e7da4c89c68c
SHA1 ae5a564c52f50b651a5d54c849f286d4d316c8c2
SHA256 b386a2e7238ead5701cacb4bbd2da3ea95d271c29c3bf032ad72af16eccdfae2
SHA512 8153f3151324a59e288519131560e12b247e7f92c2053bf4df4e878e9d204200d0ec0cb2d5609106082aced83ae0f4e32d2d554d30564c1ea8b88d623ba4e8eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb9ec4da78a24f8d0abe883aa89926b3
SHA1 2deb934bd088e458b2fa2a5ad62496b8cd450bc0
SHA256 e77b574901defdd216fb696987d16f6f5859b44fe6f87384fadccf7c41661d92
SHA512 511316376e6fd6ed53405712e545a574218c3df9b509c53fc11122232c7dbb2f4719d01e3f4f62eea38cc20d73706cffc0134693b55e8fc3f5675b22ab285819

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:34

Reported

2024-06-13 06:36

Platform

win10v2004-20240508-en

Max time kernel

128s

Max time network

119s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43a53c0447315bbeb728e2bbaae753a_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43a53c0447315bbeb728e2bbaae753a_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3816,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=3776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4032,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5264,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5240,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5456,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5448,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A