Malware Analysis Report

2025-01-18 02:05

Sample ID 240613-jej5qazaqh
Target a47310be66bd4df3e9a71cfa8a8546e0_JaffaCakes118
SHA256 ccbf9a85ad50abb6bccf22811c035b8292924b71c8ee7fff3cbcc9bc223b075f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ccbf9a85ad50abb6bccf22811c035b8292924b71c8ee7fff3cbcc9bc223b075f

Threat Level: No (potentially) malicious behavior was detected

The file a47310be66bd4df3e9a71cfa8a8546e0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:34

Reported

2024-06-13 07:37

Platform

win7-20240611-en

Max time kernel

142s

Max time network

125s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47310be66bd4df3e9a71cfa8a8546e0_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000007250ef940b635580fd9bc7104a308127a39add40b2eaf2ce2d9389086f30cba5000000000e8000000002000020000000bb6eb0fc0ec46cb8738e717967dee55e56aeb46b895114aed1a548d2e43e435f20000000a6313b7a7a6f5a7e07e303abd92ba6a78963e953831174276cd8ec41224645f1400000002eb2e4e230c6d4f503917f549045ee11a35c624ff38cc5569479559900737bab7e46cb4b830c3ea42cd8bf78a06c726e54a6871035c299eafa0261ff05c6ca1a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424425965" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6E435231-2957-11EF-917B-C299D158824A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e04a0b8564bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000956b68065689ca7cbb43c6120ebb9bec1c54da0ca586ffab04a02da5befbb1ba000000000e80000000020000200000005e0ee1ef16d83e9f835f98da955f8b968d1f17d0295ff2d462c1968145feb41790000000d79e44356d263743c0ac5e1a04845d8408709920eac5b97fb2804db44ab307bb34609cf13ba36a683d16a18dbe20dfe5ddad17ab2945a0f84a76f02278f79c36f73fecdea1d5e9944ed0c0e3534b1f9f8e948cb878fb091d9a2071ff4a3c7e38fa34538ddfed29e325c316e5d02edde3ffcc72d208fdff8bdea7d49b27e7c6cfa4c08cb0fa5dfc3cb48ed028852c467440000000a57dda76f50e938dae61da25fea3e7263dd75c5547926c046ba8a21b3b9dda90dc030218a1032bc79b8a6313580b69f97350869a956ce1d2ccd93c081a50116d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47310be66bd4df3e9a71cfa8a8546e0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2932 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 0abid.wqqjn.cn udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab9905.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar99B5.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 974e75eb1be544300b50277a90771594
SHA1 0b797eaf970bea8fcd67b9d2d47cb7bf90adf80c
SHA256 7eb4271e281f203d5e9787c2b01b9098d36dbe789457b57415075c4bb72f397f
SHA512 ed55154c68cd7b76d58af1ef8f85b2d85e7fe4ef354a633b1038218f5cf161f64b050405e0dc84fb6c52e34d67f99ad8ca489a05a175e0848e6f057cf501bd8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca12cc46665bfd81e770edfed72e445c
SHA1 609248cc678a31e2db2adb66ece7af67f20ec36b
SHA256 c81fa2ff6c29547d399ba0ae12db2ab3f407a31b8409d703f937fdfa337fe0a4
SHA512 5521dcd591cbe97e8892680851c496ddd326501c480d3f78efe3e339a6b229aedd21829a36f006689717bba23464290d30d1fde20e33aece2f214a6aec2d47eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f41ac3ea3a3161d64906dad6340662e
SHA1 f2a7490559e222cf5dbf8cc76f50e52830ad701c
SHA256 1145c929cdc9d69daaaca6b0c467d62033ac0d729bd46b209e122e1d3a87e714
SHA512 fede4c4c9253c1d4201d84dfb3f204a75ac370d25bb0b771744c4d5038ae0bf3e380f7cacc0bba8b692a55276b415c605f6970ebb4cc90262cbd19dfb934696d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24d3e7e62eba90b49cd4a2f30a34bc6e
SHA1 427944a7c6f5e31133fec025a4f8152042c4bf96
SHA256 feeb33c332717b038c5df076ec090b46393e378fc0051ea50975c2ab40008349
SHA512 9e9e0120582bec858966e50eac74d5e19c0f37b3d21f14ef501379b5f4a011c2ae4a7b1b7f2694115cc890012737598eb1e119d74c17fb4142e9c0f2e11b2101

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b60f85709ff93aa7965484c80dbf90d
SHA1 5bf404ceacffa24093d128c53a3de084af69d8f5
SHA256 eaa1e6440b68d66d9b6e65ba5357224d4cb6f9b9480901b3bd582cc19b38938c
SHA512 f7d54dd7a188088961b80d9f2da2a615a259c87063b60c2a9384f70e4544518978a3afc530d2dba044870cb7d3468f3b577bf7b53892d2438ad0c22bc2b06c77

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f04fe1649862990e254df7233b117cb4
SHA1 95e7d887dec45556da8d4cbce5679599549a3bf4
SHA256 5a08952aae075024a0002c1dafe8f71e2932b23b80b23c6a6cc681ec2febde62
SHA512 71239e76c2457bfecd75ac4d91f8e750aaf56b537acc8b961d0a78f45024d2cd5cabe474f001790b463e09a7e55e235917e0beb6286be1e5644b6d9fd4de88e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 191d8093741e0d3b9415b5db95f546fe
SHA1 57dcbf0e34089f7fb23d5836b7a1eb3f8f1bd346
SHA256 79945f2de2aad9bb011295e7bcd39272a90190c41e3a8b5f5f060056ce1b8da9
SHA512 0e7ab8196d93e5d3edf08ff2edf021304c428a556afd3b71519e8f4c8841620d39a6523ed9885be5128ae020e96691e9a4d8ff9808e2fd246c4d707cbdb9bf50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a38ca6feca056ea5f46df0dbce086190
SHA1 fbfbe045c5379e46e543985a38ab6dd65e19a4c7
SHA256 316339f1ac2b4ac343c2f1af7b5100d08dc7f1320a3d093bfe45c269a71b67d7
SHA512 eb5ba48ab3a1bd3e3431a7f9fe11109c447ae5f3dd107514e32dee51a923c6dfb4daad1acbd22dbb7c0f3a7690f08a4f8476e65889dec9e944376f76a091f663

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b2b8acd8fec6043565250c520cf93e8a
SHA1 9731236e769712b2bbacc0e939b6fe2f16924dec
SHA256 b741a6ba46a0cc34ab882f21a06f918153d9265035c9983289ab561c244240ab
SHA512 18990f6027c86a3071e779c69d7b858aedd17682adfe2371ac0bf0a6110647528d6e6b8bb40c796b496732106d4da3cdea04853495ba2c044ccb7a1fa8afc581

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7a9c7c6069c16d5b0515196d61b40cb
SHA1 1aaf9d2483cd4df90ded4c62fafaced439474449
SHA256 c8b133e63db00be109b575a41e9d671da5ce2b9ba28c74ed3a3013d5bbac4425
SHA512 b98b8ef1a5a146ed4a1c63fd864e091bd1a76f4489a9856509c49a201b5edff710933c123e1bb9799c7948857b0142d7ab5d6df126fd32ece92d01c88c85c709

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f63610e614dcef4f72fc072bd297b927
SHA1 3a17688a31420d015ad90ed4ce696615073f11cd
SHA256 bc32e1e78c78c59e2aeb30c61514c9acf30efdf1fb716472b1a381480fa34c7f
SHA512 d77910984f7036d8cd2039c0cd162889df2c81abf06e7623dd9e6f2705b2de575eb85c4703be5049db512798df47fcda6646207405b632cbf6c31e28735617d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38d6031014ff87b26d3de026935ccdeb
SHA1 e72fae8f5272b84b1d501486e929911fa6a9479c
SHA256 c833277c5f449c7d0a3c138a03d2fbd755ce5611a5596400627f8b50c14ba5d0
SHA512 a9032bfb4b2062a94e3bffa4765f97202d978b3a9b5a21bd557fcb8848e2c9110550d1c3e477ba5abccf3eda89741eb3fae0e37bef90956a0b5d35388bffc538

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d1d0d5081ebac5f98a1677c5d0da80f
SHA1 0c282e2c5131198aa7d92bfdaefe48c982338b54
SHA256 3084e6a6881739b44e464144f434e8efe8ed11463de8a7d70bce6002f3f66151
SHA512 a42722a02fa24d9a215e496bb86c95a72c8f9cd07709fd57a664afc08465ca2734f2e7f6b25e4527b1766009b29b1208710e441b55e91d298191fc946a83ff85

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25312eb5c69007d961a01a5b23cc6190
SHA1 f98c89c1f65b07916ae05c5e08e0c6bd1306928e
SHA256 7f3393c9f99784accb6cb9bdb3894760b20e86e7c215bb554a5385d5d4aba667
SHA512 439ece80f607c686f8da74254b7bc8a6834fbaedfa3833a8451e5b38b174a4c9dbde573b90a6243a8709cb8f285e72d407d7b297879b2b66378e1ed2ffa8a304

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a973fdea9e800da6cfb4ddeb8e732f0
SHA1 f609e5d5dff681e6b1a764d453b2b8c1116f7407
SHA256 3c402c4d77e86941227626cf9a8086428b6d1cd64f78a9302d9cd2f52b413db6
SHA512 b55cf2c0a5d1db4ec23190f25f1ca7b74fec6f2562442ec4af6254cabf5005a95189516f7bba9619f84d2395f797b412c8af1725dca5a322a0dc1f24c2f3b483

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1310f2eb0851f0e60b1af097d911d57
SHA1 880f59f94afb7bd939990e5e494f40b8c2788ace
SHA256 c818a193219f2b8f6da5cda1ed397b6294186f198bc20d400fd7b68bdae4ced9
SHA512 2014f89d365009b530e977b85e83ecc98079d64c6b272ed77b5d97ee81069d99696f24d55d45a31a3d8791c25b5276218633827bd329de6e0c8e6aad567937bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bb8ce97906adff64c70ee5e948d7277
SHA1 03ddb93b67a5d83dc11a6850483454d046b793c7
SHA256 ad50debfd4cf343a637d6ffab2a59309b60caf586918b27719346d8f94bcb313
SHA512 ae001cabc0b91b271859bdb00156949d6409b8c38ab62790103df1c4e2b7fdb8b1485f18d0fbe3ed51d83474214d8276de69470c68b6d068d2c0bbd91ea636aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4af0aefbc3fbbcfbfe98de0e3e1feaf9
SHA1 264dd91c24c481ffa939f41144970bb7c856e1e8
SHA256 e6f6094056a05de4dd0082cd28cba59f93918b5920c1dc5831403987e8228ca7
SHA512 8488148a5d0fd41f79cd4d250b57a6e6dffdf2118f985af174162b4ec852dfcdd8f784d24004f5b2decc497ef650019fc2005c2622d1e5c44caf228f1b4237dd

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:34

Reported

2024-06-13 07:37

Platform

win10v2004-20240611-en

Max time kernel

148s

Max time network

150s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47310be66bd4df3e9a71cfa8a8546e0_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47310be66bd4df3e9a71cfa8a8546e0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4128,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4940,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=4200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5332,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5480,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5500,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6000,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5556,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5876 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=6168,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6196 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 0abid.wqqjn.cn udp
US 8.8.8.8:53 0abid.wqqjn.cn udp
US 8.8.8.8:53 0abid.wqqjn.cn udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
NL 23.62.61.90:443 www.bing.com tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 90.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.99:443 www.bing.com udp
US 8.8.8.8:53 99.61.62.23.in-addr.arpa udp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
NL 23.62.61.57:443 www.bing.com tcp
US 8.8.8.8:53 57.61.62.23.in-addr.arpa udp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
CN 180.101.212.103:80 bdimg.share.baidu.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp

Files

N/A