Malware Analysis Report

2025-01-18 01:11

Sample ID 240613-hcnjpa1hnl
Target a43b5a5ad067385ef9b868102c0dacaa_JaffaCakes118
SHA256 b4576ac592405ae54fc8b758c6a7a0c0d246cca81cdf8ce2972fa8a84bf0a6a6
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b4576ac592405ae54fc8b758c6a7a0c0d246cca81cdf8ce2972fa8a84bf0a6a6

Threat Level: No (potentially) malicious behavior was detected

The file a43b5a5ad067385ef9b868102c0dacaa_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 06:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 06:35

Reported

2024-06-13 06:38

Platform

win7-20240611-en

Max time kernel

134s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43b5a5ad067385ef9b868102c0dacaa_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000069bce506b4d5b593b3b0f910ef7c582f8278bedcf5bf06d253badbeb73fafc7f000000000e80000000020000200000000e79027d33d43d1fdc7b86c5ef3c287919bde9e3eafc216c65f2fd79beca924e9000000093646d02d2ada32fcbef3936530c3a9841bdb9a68113e4f378d1ffc99f0f913e0ad4b1ad79d5a8c89618313ac1a109aaf74e3e04df68aa77e83fbfb40fabe1fdbc3d8a988fd5bf01851e3f85fa4ed5426c05d56e04fa64f70ba16129a166860df4d315fbbbb655f42ba7f8a7dd415cb0a38df6227a26f2907fef1738aaa727b8f65c2c214576c90de655f0d6f42a643b40000000858d980d0788427ba4af74dbf6293baf50b3c341085adfe66bcf500fde33feb53e452b48419871d58f234a35aa88448116ffe5422cb656ffa2637b2346c10250 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{28A47361-294F-11EF-B3FC-D2ACEE0A983D} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424422411" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f021aafd5bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000b69a2428338b5207c6c0322feaa9ce45eab57d1182406c58e50ccfe340864cf7000000000e800000000200002000000096f6082dde973755901bb5aa0e8da8468a855411c25ad0b4daa070911eddfbad20000000a234a0e41a1ee61aa317f7f0d9ede9c812d889b6488c934547b9ea80e1209e534000000095645681a03321745b78eb4470c64a506f8d7775437bc6070c34546f94181318c7c8424a83dc7050b18528723ef18498ec3c510bd7310ef341b8773ab19f680c C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a43b5a5ad067385ef9b868102c0dacaa_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2072 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab7478.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7526.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a03f64d1c9b62405d4d328357639056a
SHA1 136c657f0a7cbee1f7863fe2df07708d15958085
SHA256 c03c80bd70f49f5efc0ae34bf50809df59107f7634e8ef1385910127e746a6f4
SHA512 6a75426eb3111d4f76e8d61f4c0d5611f03685bcc6af17b4fc11393a2cbd7f4b174faeda6c6ed20f8d4502010b060ef4a19779a80940d174a9908aca873a9b67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0cd1a875b3289a2a6796a7b0b5e885d
SHA1 2eb7e97640f9b2201314d92fd98d13c70ab6d987
SHA256 c17deb0c587f43c637157ab73e16f75f025374fb0a92179bcf63ef3be4b28f82
SHA512 57042f990eabaac20e83b357c70fa939c7bfa12295d45608c6ea1e330248d63513e0d43f137639ebf196f80a6aba284e77d1e9285a3ec6f720771a1857fd68a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6777efd79fbbd8d046e0f65382c5e116
SHA1 4c4e2d00547ae7bc18a8f56977944d2141579f16
SHA256 0991c5d0c3e248d8ff59fe13acc4625578efe6b482e5cf2876b187c9f1b4198e
SHA512 67d84423be360f6a1c37198b35e75b31675a31e8e629954c37e8e370af77e7479d6ff5e96c07e8152aada366a1b2b60d081a1c42f53c4f3589f2bb8a1f03c679

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 89552273673c56e15cd0a298428a13e7
SHA1 4b821d01069bcfc0294ce4e81975df70eb4f618d
SHA256 9b16e16edd716ae48bc2a0f748e625baf0272fcf11bf5fb1bd4ab0a41daef531
SHA512 780923de7ca57e7a88dea7a473fa87435f415c409d120bc22fec942700621b8590ed9fbf07c377d4fa1ae1d56a787d6f56273a3322e8fe07cc1cac35d6a13ae2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0365b61c3c5c9ad8c6cda053ce360cc2
SHA1 18aec8072c641c0a117599fab98a0deba41468ae
SHA256 9ad2512a4539f045a40ea67896431cfac7cddd9ce65dea6183cfd2422160bdc8
SHA512 555edc4062f2d43583b3507c9a31c0d3c7f5ee98126021f6638edae872ddc00e855e737619d34b4b28585c840b4ed8f84e2b8e3a616cbf7f884cfaf531cde2fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 798e9607659a7c72552a1c9d66c0d42d
SHA1 cceda72a9902283512bdfaa5fd0b72eed52cbc3e
SHA256 6382423201fb47e502c7153410c882022669520829d424a730f3274e26d1c375
SHA512 27bb0bd20af2cd8946b24a32045d60387b38a7af386e573f61f2a0a8610859c4d0bd5a4fa5a06d1b05f37472f9da10ff2458afd6cee718598ea5695b62e2cc19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d5b7cded942401ec88fb710ebebe549
SHA1 63772b4fcf467c1640c584b685681265568b8c63
SHA256 622da9beaad455bc5c39114ea4a27f8a9090310531f1a2482f6b4bbbe8fa4d86
SHA512 4b1863164b804641190de65de32f1249ce9522613e2be73e08357f0594718d68c391443392ab6d97d2d5c33b91c2a0e673e7dfd2a535422838a872374c4d3b97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7098c4e79faff58d6df43c790b2c700b
SHA1 b96419a4d6368735bbb4931a070982107c05c41e
SHA256 78cc1a6d327349aaa23155f84b6b0e2408457c9d3337036087ae9f79c6657701
SHA512 ce63004be2fc707ca17e941e7e7fb754e96ea96b7ce3c4211ae38bf5dede091040992f5bb806d7326ed78d601869426b7aa42bb1cabd07be07e82cec93f5156a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24759936d88afed6c8b6e57a01c3d6aa
SHA1 b00a72d9083b07212cc558fbf4589bb14865b77f
SHA256 02ad1a5e8f2b0b5c9c659f6639facad5074f7817973a7f9ea72aac9d0cd483c9
SHA512 86a02dc96828779bf7ca0211a1d719aeeb14def15b61f70737dd4b54cd1dd0e97c168800792e9d18d8b7d32695d2344d0b96928db0b25d4a577bd5b8e189d5fe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adcaff00a8a5dfcc42b3b2c096d6cc3e
SHA1 a47c17289ff1667c6a1356f2514e6957f1cad94f
SHA256 1d6cee173330e96fa0979737be7a2c2ffa66c76ad74c2d4ca2ed1a06bc597167
SHA512 64cbf91289ba0b2aa2f7ed7d3a0101928b667f0433038c67d1aba9dac95aecb1040b77565fce470685b8549fdf566d02dbdee7abd3e7b81edd735969233d9379

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca192789c65ddd17ab6b6a03e0af34f8
SHA1 1df5ed9edbf5560ea0331c607e7b5cfc770870d1
SHA256 5648dea403f06e26ea672dd3b5467a1a2aea027ed9f6ab2d45c1a39c774a4e59
SHA512 17f6d9418545249a129ceb46ca98e6ebabf958ac0e9ab6cfb3c712363adcb8a0134886782f604d981916b892b2eec93a5ec14c8ca21e5c304c2e06517b7be4ea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 344b1e3df47af3c2b39b308d7f4ace08
SHA1 e32ed7217b49243a874f7b918639ed78c17db7cd
SHA256 98c49f3eb95169e8865250eb77b3aa47ef66b1c5f4054f1b214947911a45458d
SHA512 eac079713099013cb30aa24e211dc7676231cf9124d8c9c66dd8bfe668da06b99de9381bba5ed5d3d6e835f104db51e903b2ea1c3085b1c36aab810a73c359f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e5dd4aa18e1d81ad724fd6be1c8c0af
SHA1 e67a0aba487de79736937570a4f28cfe1aaac6b0
SHA256 1f0d5354d0f39aece4a9df717c01d40fb3d705aa874167940479d4ebf8ba3ea8
SHA512 c38ca8bc40b3e8a41cef9943168e1d736b40b6f4c5905bd847d51a304dbebab52772f8b6d956479cae80eb2627481e72a398c6e7f3123d7f6c9b8c0cd84a51b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c82ce1350bca0558f1869a843be0eacd
SHA1 31e8741d31ec54921f30fcd4a7fd7787ca8b7343
SHA256 2bb7fa0d288a632a3a4edf7619334fca0ece6cd900c9874a1bd1f5b94a414946
SHA512 fe50804ac49372f2959d73b51ead57f01dc8c8b74336ba9f3c216aff844bec112280e6ed45b9d54f618a86e6e4d028751c9374dd65b41a8ac600e6b816718970

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58ca0d77d6be190a430ecec04e410d92
SHA1 100b7f358c967bf94c34c0c5bf9ad87b0c7375f1
SHA256 00379c9c4a82228ec8ea0b050de31f43f17f1c6638a6fc96acb340ca05db578c
SHA512 19c3f205b42e731ab30b8822a6014d5b467b9f335ceb01a290a297b9418845f53e11e323156e33a8949ccd648213beb6cbee93dead90143f626ac0cb92a9187d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 566ec58c1f596626026d0bfd5c610f26
SHA1 5aa5ed414f2625cb85f20f578fb4e12451e99c1c
SHA256 7cb465a138b701628ecf9968c46b3cc3820ce0c2870f4bc1a6a1f22988893445
SHA512 8462671035f37df46d77bf8563bd574641d92b1274a105dcc5f5df8614a48552344a5051c6c2870e37cc7949a43dc8dbe1a8a61b5ec7273734572d6b8a264c2b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b72e428265b2588241ccf73f26c93611
SHA1 dffa09a1179058a4f03784b4fabf8f1f97e3b4b5
SHA256 e31dd3db5b75f45c91467b6c09d3b5f1d2525c86be400ccc2faab2be261ba223
SHA512 ade4c55026bceba90452faf2cb4896835fa6d9a0cdb4401d9ad9fea429cfd3b713b4937ae6a1212a25d620edbbd4a1e92ead18a6e4b20d15efd55dbe2bcc1876

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e96ba2439b18d778e173889477f9e81
SHA1 56ee650cab4fc730823ae7370a1311e7a010e868
SHA256 33a334661576a3e3db9228e973f1e7517594a73fa8742ab4a99a8f6f653af1c7
SHA512 fe62ed24e0a4b349fbadadee7a5171046e6c9348765536fa8a15c33b0f6d24383c17a0d05c552e15a62f7ae9be3ac3e56f46e83257746c8514aaf9d9cd82a3fd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 289e2a1eaf6dadd80546c461e0306546
SHA1 dc6b3533bf549b50d186137cfc2c5517bc6ca96e
SHA256 23189d40204f79f021e55c68e4eaa4b56a32751137577e6db046b1b13a65e04e
SHA512 129b4148edd49265956d8e145fe1e12ea983f2067d1dda0ef66d58c3458a8e43b857845463a73995a7f3b2b0f3c6b5d28151141504a9cd335c78901f1db1f964

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d0aae6deb747d326c1b4329006da9d87
SHA1 b84c1b389413a96597dc4286409eb48b5030c731
SHA256 0c44100b1aa6291e800ba31c7b75e23ac77f717ca8eb6b2d3262069312e198d5
SHA512 12259cf4e2c8486c43debc20d12d1fb77972adc374f19120ea20855cd248f7f9a86b036b719548494872a1e74670b76c64c38c4be3a2c4f766fb2108d92ec18e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a768e458b2b2995597fc836dcf9ab592
SHA1 67d2d274bdaefeae75d62c234974a4b7cc565e83
SHA256 07cbf9e3f67dd28b9b71338dd7e00b33c5891f6df7339b5fd1463ee9542107ff
SHA512 15c1a1fa549120d155a664ab28e21972e4fb3f15eca8be3d20ba492e8e230f69397ccfa33fb2aabaa7865d7fe9563432482ae7c368bf03642892a0a83fc8ec6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7f864cfc7fcb97a42500d939977e01a
SHA1 1d792a247b205acd8282e039f53a2938b103ff60
SHA256 1e4d6e16647df3d3369e29b6b7846a643c0a4eb66c37e4bd0e2acfe494b5a8d1
SHA512 8ed8e5289699025da1c72c5f2746f5807288c375872e90615ab0063928b64b4633f25b99ef003415d845ccdf40fb1acdf1804807d5b2c929d817a4998839d43e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 06:35

Reported

2024-06-13 06:38

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43b5a5ad067385ef9b868102c0dacaa_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a43b5a5ad067385ef9b868102c0dacaa_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3928 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4944 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5836 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5484 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4744 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 2.18.121.10:443 bzib.nelreports.net tcp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 10.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.182.143.212:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 212.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 13.107.253.67:443 tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.136:443 www.bing.com tcp
US 8.8.8.8:53 136.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
NL 23.62.61.88:443 www.bing.com tcp
US 8.8.8.8:53 88.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 204.201.50.20.in-addr.arpa udp

Files

N/A