Malware Analysis Report

2025-01-18 01:35

Sample ID 240613-j2hkeavapm
Target a48f7d68d94685b6220516b8a51ce534_JaffaCakes118
SHA256 0e40d4a0103fe9713520cfff0cb49a00ed39fe78d2c4cbae7ede857dbb3e5a88
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

0e40d4a0103fe9713520cfff0cb49a00ed39fe78d2c4cbae7ede857dbb3e5a88

Threat Level: No (potentially) malicious behavior was detected

The file a48f7d68d94685b6220516b8a51ce534_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:09

Reported

2024-06-13 08:12

Platform

win7-20231129-en

Max time kernel

136s

Max time network

140s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48f7d68d94685b6220516b8a51ce534_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30d6ee2069bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4C257521-295C-11EF-8DE0-D691EE3F3902} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d4c24f20cecc74fa281ab869347d87a00000000020000000000106600000001000020000000fa4c8fb84e1aa46b1c72e81565f56fc73e532d66f38d602d7dafc7c52a810f2b000000000e80000000020000200000008276e919ab3330bc9017dfeab3fe0bd393e32cc462f93fa1b7a70f1d41e43b9c90000000d036d4f73aef68b8059baa0833c1fee111b461d87fc0abce248016fcb17a0997ed742a1bf53e1af9084e44c28e2a4aa13be0484bae0afd836977736406fa7f14ecf4005688b04624cf9da50e00cc9757583fefad2d0454bbb4a6ced5fa80171b0af2f0d9e603120b7413a4389d7d5d26a077e3efc5cec3828c62f8874fe9a585f9d8fc4686cbe155122597e5a71ee08a4000000062b76c562ce18a1d038d9928e3cc48d19fa22183e8d886e79158a0b0f31bdabd96bc41b0645a89e3637850db0078dbae76612ff89428f30ed1fd0b1c6fb64bb9 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424428053" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d4c24f20cecc74fa281ab869347d87a00000000020000000000106600000001000020000000a72fb09059594bfcaf1334a172d46f90ffd1a50899dc74f74ac9fd1b0c67d2a6000000000e80000000020000200000000010821113ce79cec528852c1749b6a8686ec7e7cdff0601448a9b71286ea30820000000f26cfe742914b8a15442b179c57cddb76f2c252ba6b958ee6b3b03b52e544d13400000000c8a1993699878017c7a86705d97a3d96d3cddc4a8a97ec37a231f44049050612cf5ebbd74c5c58a6710221f4b49eba490a749ebe363f5cb648665d2babe8c04 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48f7d68d94685b6220516b8a51ce534_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1848 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img.sedoparking.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 sedoparking.com udp
DE 64.190.63.136:80 sedoparking.com tcp
DE 64.190.63.136:80 sedoparking.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 23.62.61.155:80 www.bing.com tcp
NL 23.62.61.155:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar23DC.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0fe71b57bacd9ae711660dbbaf00dada
SHA1 3e59e57a7f162934cf396c3b3f38aec6299ab20d
SHA256 d5dcc49e6e75053742ed6af3b47d64d0b632c1d57d2b342aa36c3d4548695e21
SHA512 f772ee2c3f7fd332c0fed75c17f697dafb3103823d1adb71d678722241e33efb39706cf80080a88e4fe692cdf1574195b444fae36f43614637bf0865e08fb443

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 294c305ebf35b340218b2430d2c101f2
SHA1 949899d0f8224cd8ace43a2082ba96c6c45143ec
SHA256 a841491127939354f0a436f4e69aa34b663e5c75d7050de3b94788961d17a570
SHA512 28510cf1bab73aab0466c5d0a83d813c329a19c1b46aef1426a65dd7c53ad4c428ab4cf2f67b5591851e7cb3b1b37128990adcf2f7ae1a0478b0f3a715036501

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a3de9c6dd1e75db12424b0a44d309310
SHA1 6eb0c8771217648b446e01d6d6a961c0ae906fd0
SHA256 3772357f418bc2350c020269a2e734bc50b6e26afd929a0426211e27dbfa2edf
SHA512 da3d3fe1283c0ffc7adb4ab8849c9e090fc12093bda04f777aab3d5a10c531a980209c6257ee63b9d0493127aed4f38815d3db67591c89d0c96cc3230202a3f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 83fb107d248e3def034555fce1159fd3
SHA1 facfaea09d2469c6a83bdd42794d8ffa7b7397d2
SHA256 d02862a4be052205086d556b73739ba1bfdb125f4291af6280107c330ed33282
SHA512 b5564eccfd69409efdc2f64efe78c90208af14d9b0a7f958a1adfffa98fe2a3c0bb58a157bab8c62e0b686529969a64d39c7bb52c2606b6bb85b49d118ac34cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 602b1340a2d7327fdc758386f16dbb4f
SHA1 5f2eb920b1d1d7198e86fbdb22ab7555437bd0a9
SHA256 2f071405557f553328d62348db21a9e56c87cff19a30ff1aa7cfc9d1bd9fa6e5
SHA512 b502a8762405239f2c47a09b234c2b73e60422ed94db9aa206207acc34552113167193eb91a7eaadb2591c822ccf1cd8f6a15389160b6961ca70aa7c529f4c18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44b9c25ce5e98b276ab76158d9e408b3
SHA1 6767c1d186422c432c207e75057d0c4a45ff8116
SHA256 d8f839d70f7e24019fac54a1fe17cc5ee9bce6b829d10f053657805162d02da1
SHA512 bef2f8e336e7881da415dadd32c91ce33d6aeaae7b8274fb4222295c1eae8e9e5ec1e4bdd114bc23c97b3209f041f4d6c89233497585a3f434a37863cebafc30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b3734cc65ab2b287c7be0cac4976d944
SHA1 8e770cef10e05f19c8ec1bac3322bca7f3909ea2
SHA256 b890adf0820b447e0381787d328a6a0ae5b14f11e80550ca2c2a30bf19452cea
SHA512 f8e2c8dfe6c54450459c2efc3f4240c3603f60332eeeaaa3d7f05173413dc7854813f8efed297e0e20c3052137521f6fefb1e65c58c818169bfff458a735c03d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7859a5fd1e6494878c3764559c3649a7
SHA1 60d6df907877f3ff094657c9308bc142edc6defc
SHA256 7a041774d85695e3e65d18efb9d353bcf96b25bdb4c52f58cc865c904d59e1b5
SHA512 63e80e143b4374926ecd85dfd30d3ee60bb111b28ec44ec204dbda9061ca44a6795d9727fb261e206832b9be5ff7e5e6d9ab723a731345acd7a84cf2010322db

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 2150c6eaa75ac28cb1efe7cc5510da1d
SHA1 d469372ca61c69ba16a1eedc0145f16fdbfcb733
SHA256 135e6129506eac91b8de711d212ec0b67e548178f51d13bfc15627d5c70aad04
SHA512 4a70fb5aa813fc2fdc77641992a36c8dfed8d7ff52a97a0035bd1e9d9b3f5d0067fbd678e22dda6e01e96cdf171fd0ce8e4ad63bc680072fb2a47031098ec07a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68321c546bff18be17e316e1c91a1d99
SHA1 5b18037652fa0366e5ccf4d8131f8bbc1daf2944
SHA256 b81cb93f7c8f3cb460ac28459cd4beee171c53683550cb56c7a25f63edc03d68
SHA512 a6e480ef636704b9891ce368f52da253f7f84ed35d0c5ad0dbd1cd38c6f06b201c45afa493401908eb5d705ca08ae812648f48294475e70413b408f4f671710c

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8da9fb68a7d72f6b2cf78d224c28ea9
SHA1 f600085245dd3ac1f7333960ad671fad7ea1e985
SHA256 107b5c1e90439a661ab1e5538826fb6862dd5e16c04690c11bcf40f304128e48
SHA512 b74eaf2b17d026825781d84b262fbbe061b4d90f61eda736d5a973d08b50fa969a84180fd6f4630798bbc38961fb761aa8358dba3c7f1ae3fe8e0404a20c7137

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8efdb2532d151d98a335b953fe450a08
SHA1 193408ec5b814595d6b2d4dc7b8933a0ea025fa1
SHA256 3905f7a5885229cbbd777f25e93f48345560ada37e87f89330c2b0b6e2923d45
SHA512 0d53111d62007ffec3fafec52baf20cf6e0d46ce187f117e15b6b2d40c66d5573a8c891742d36958731a6d6ff737ae0c7945fb7e2070436cb006afc737a9372a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a843eefc01b1198ea8d5f867cef6e245
SHA1 620d0913c677532520521ae574d064fb37c5d2b3
SHA256 ed149fb51f46c7b0d1f8fad3c3338a03b8a1c694c1ce79fe2798d34de41a076b
SHA512 124e94f45281c6d1bd4007e6269e7bbfb5e882adcfcf3a114791d8011709d3a6c08a30ac455e8c038c6f8001f309649025391ef3f63a7a50f20f71de3ed68b69

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 52839c2d688e99ce2b1b9a7b319f1a51
SHA1 08e08de98e6edd5ce005286c9852ac5acea18d90
SHA256 3b3f6b642eea8508f23fa56d04dd109959ece2ceb60559b702c4a9fa5985a099
SHA512 f1d3832ee24f95e11d0b420d88964cd18a9595d2aa43ee5de0441f3a8493acac5185ecc7eaae50cb6e23fcd71330a2df0ff26f40aec0305adc5ade413da781ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70fb54dbc8c84da5b2ef3a6870719315
SHA1 bbf8c3c98a7cce767ff7e241ec4a01875752c984
SHA256 6ddc46a2d239e3d2f4e1778e6e5e832a40716b72b1d5b68707b05265bb4ee228
SHA512 6b6d595856cb103bd4d0745290092a1ee1f6affbfcda04bc9d6a850860ca5093b3465d5a3e046d62c8f5fa1a36aafd3e0c2bb4ad5170eba7949549b3f9f27f39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 50d67c2ec70bca0f2cec0e35c11fa32d
SHA1 ada389183751c66708823ed8f4d32b2eb4e211a7
SHA256 e23e22f4b462deeb4788909cf701263ea24fdc8ee27877b6eec751945b5b6f12
SHA512 4c84e7482c78cef898e08658194e65b030623c495300d408eda0564b05e3678e29ee71c6ef8463f76c2389356193dd60494fa122ceada6407343ae56d289e106

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27d18868d9587837ed170b943887df0f
SHA1 20f204e13eca88e82d8de2c797622441ef7ed815
SHA256 3559e29965e0132c941333df46d3b7d02e08b6a30445fb53468be7a0e8556049
SHA512 a44d312a28709ebf4f58cc60bf7996c385a1e01c758ddc1baa3ab8e781f7dc5a6bbd5f8c6950fb856e64a4f2f4963e319c0cde429f04583b28e320ec829ce7b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fca35bce138b9c550f37586dbf486727
SHA1 9d1a04d20912487c5cc095b7ec4b0a2e99a0b0f1
SHA256 d8a8c28eed8e202f681bce344174ba5133120ab628acaa64caf22e0c5f2a506e
SHA512 882547d62122a088c6c93603da08081a1426b75e01ead27dbf5e4d6944c5e6f1bd4655b89261ebf047c3cea65067cdf4d76cbe4abe5c1099bb254adeb272ba3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 891fa9da9208e1387a65d50b80a3ce75
SHA1 f09c9419ba9f776502e9ca84377b12aba820133c
SHA256 0dd64978798890e006674fd055edacae74fcffb85b0162a2d6ab1b4f818747a4
SHA512 1ae77b3ec0011ceb2ce01fe384782dfdea4d5811289ea12465c7426247370d16662341af7aa2d1aba70551769e7500027f3c09bdc94ca3f68bfbaf414a3feadb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f280207646035b4ea7eb18ae19f53456
SHA1 8acbf138d890f651f1fb644573c9fec1f3146e42
SHA256 7c28daad6fc49d7c5a2b1e65738c5867fe19b003afc87ff572f0cfb0454d993f
SHA512 4cfc6ac8f80ab7103cf0f23cac6ad2e99ff63578cc97b765c808a230de490a26d44c1fd47e9a5588e4ed4ac2b84a3e72e54d9758257bd0d615c8eef9b8bdefa1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 049ddcc1af39332882bb82a83c6e6869
SHA1 a062b2f2f9dab3f819a1ec4fd4e4c69c9db9f78e
SHA256 e215dbd48db3574d3fb6311d834daa4f67dd06ee756c2c1e305a91be83fd4029
SHA512 183aabe3a8c2e8b9291b7393f4afa25e5b964c1469f053b14980b6662c4104d5c4e60e84b37084aa212cfee3ba7c64f2dd375dd422e9dd3402384415d5119c41

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:09

Reported

2024-06-13 08:12

Platform

win10v2004-20240508-en

Max time kernel

128s

Max time network

119s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48f7d68d94685b6220516b8a51ce534_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48f7d68d94685b6220516b8a51ce534_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3804,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3984,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=4900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5244,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5256,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5320,i,1809100026287847100,9768898026582633513,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A