Malware Analysis Report

2025-01-18 02:06

Sample ID 240613-jezkeatcpq
Target a473b8132dc74c35bed59bd415ba92e0_JaffaCakes118
SHA256 132b369b077bd8b5fa156cd90a4ddcc1415fcaac155f2ffa561349453ace6414
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

132b369b077bd8b5fa156cd90a4ddcc1415fcaac155f2ffa561349453ace6414

Threat Level: No (potentially) malicious behavior was detected

The file a473b8132dc74c35bed59bd415ba92e0_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:35

Reported

2024-06-13 07:38

Platform

win7-20240611-en

Max time kernel

117s

Max time network

132s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a473b8132dc74c35bed59bd415ba92e0_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000002860d5f370f0777f910d95506b92708064f6054812b066725535f15ec4e1008e000000000e8000000002000020000000dac459c4e3e767f7330aed70b9e272cb189a74d0ac543a7f107bef405ec5d249200000008cdf90587b402c9d30a9b86583d1c8236af555aeee0c5a2dc4bd27da844a79be40000000421d4cc071b848dddb5d8fa516bb5a81dae4d0d7e1e7744ba531d5494882d17e5efde1a1beb6cb87c3cc1cd7bb9cf0247597b39d08c1ebd14c67235d6b46c1cd C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603a945f64bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{89C5E4A1-2957-11EF-A155-FAD28091DCF5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000018f7381e91ac4cee79563cea13436d18a28d9183f1c4eb96e14ee19703c88979000000000e8000000002000020000000f3fb950b825825b2afd4f9c7d3e56de115b8928a79557305723b2d8741499dbb900000000309dd212e7f6e28c45e3ab94ca97937d802732eb2556a53b4ada49c8e126756479038873aa548fbeeb76f7581a36fdc5017143475b9e3af02d209f3266cba757e900b8a5c4f1bc267e8fba8dfe050ee8b6321bedbbab54d4e71ccb2b426ed50f24f0a1af312dd76f9765b628f3d10e0d89c614f9af5dcb1bc8f7b9381b4ca4365d548a123e214aeee09d2134e9691be400000007f61fee461012405876f3e81227dfb0474733221433e1acf1e3b22b300dd872adab267f88b62f24186a93b728a6ac9deab8cb93b4b537b2a15f2d831ada87154 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426011" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a473b8132dc74c35bed59bd415ba92e0_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab86FC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar879D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22c6cd56a39405f70dd96abf65c05124
SHA1 33f82c9a9a682a5bba48b9e8e993142034dae494
SHA256 67dec44bf203cf769cc11c92d69ac3afc82992188a006fb8bf91b36a0a99fba0
SHA512 9b5956af694deb5ac73947c3c128add4fede97f3faed41ddd4673fd0650352a58bdb3a1651e694f489ae6ab63c266f8e9a997b37e4f89434a03d23b18e1bd359

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84a229277afbca463f67b784181ffbcb
SHA1 b1761bf1d0d517108a90b37fa16480d9ef070eb8
SHA256 57a0f20806fc16a2a837beb79a5f1a17b00222d66c8d2f530ca5c7b88e287b7b
SHA512 48c3130d9dc6c8c13cd47a2a533a895f670a7c00776e173d811d00534d8fc8b91ed82565acdef1d372a258f30b25c038723ab0eddbbc55794951aa75006bb469

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 390af9d10e75cea4032ed01a2baf89fd
SHA1 0e9b2fd5f5bb486ba6341597305f621813b5a6b1
SHA256 171b322de026eb2cb895dcf032a9cca287e4dcd7c14256f40f27f9a9ad8ce076
SHA512 074b49d1be06b6f783fa049a6ab60a15035262bd348b8fd3441b622950c4684798d3e987cfdbfcbfb8182b9566571a1a943f9b77cdec1cf2ff2e216b2b43e35e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c12773a207fad72e00296bba2b0e6724
SHA1 30ad90bedb91c428c23cd2781664c84782448583
SHA256 d03b3e5d78ad30e9fa134546be0ddad5b95c2cdbc8557af387a1e0ef579750c0
SHA512 365df66139a6159f917387c8105debb3460e984729e69e28d80ac6bcdb28eb18e35eb1d41390c54c1e29d86335cae2f228b8ac9a06749dd621486be75091521c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 420905f9677cbf75a45e327743bfb9e0
SHA1 a06ab2086d512ec70e63f260016a0f30aa6198b9
SHA256 e6cadc60a0a223015d1bd44d737e6c610cceb074cd02d5300a4460ba6bce6047
SHA512 5e2c744b6ff89fb8603ad8f2112af342a52acb852675b5bb713f163949984a0116203b9a5208dbe191d34b784a8d1f60563ab8a5f615d89163035e93e01ee140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49539153d699bcdd444b8882811c9571
SHA1 0fb179e31d79b01d14769d696fedc46c0661b5e6
SHA256 00b466ef01ddf8ebfb60d7bf6d1fb93546451ed82136efeeb948af24ecab175d
SHA512 4fac442525b7253ed634b2a7df0592d6db05a8bda57695d5dbfec0896985caddd55f54bdb421bf3f9b3a739fcc5c763f518c31fcd4980859c5e99a91977cb517

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0405ef8ff0a6bdc7042855da2a1e9f1
SHA1 b85c21cbd9c0e27315e9e6f08ecda5f36a484ebd
SHA256 76051b30e7152d67036f064c7607acb29d43e3dd661c36cb8b7bf75c9d1df07c
SHA512 3b36330966daa725bc211b01dbcde7567c51bfe3ab2c28aee3c9f1e4c67517577d87f113d50c25c8e4bf87054e30544de6b4e4629ef29ed349c2147bd46aaf51

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1735ac72e17570a8ccd7498990c01f71
SHA1 db6350c617e71670dfdb0ce53eb98cc6e0e9d255
SHA256 589d8294ae197377de1ec14b57a8cab8b49296e4d024264c0b8bb6ff5b62bbbc
SHA512 53456e74b5185dc2104821a01f9fd8507b40e39ed1b26093d7a62a241a98ab91d0ac31ed012b57b82db5bba79a52df2de9857012055216154ce8d98933182a7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d4944e37ca30284387abcc5629243841
SHA1 a2e17c0c8d6a5a3a4643805adf3b17cfa8c96a9a
SHA256 71d8d1fd9f3ce6660c4e69a4b7fa053c44f835e4572bcd15cb0d0c1b4326b593
SHA512 b9efdbaf40d525e1a5b80585aea908c1e582662fe1c6d1d7ee668b5d207d47f8af0d6b826f3323539e87b4f84bae8b28397adc13709852177cba7164a285bc66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 765130a58a1b63d93631dcd470c318e0
SHA1 918d7861accdb144e9b1fcfa3f3f193cde42cb90
SHA256 8395d97662453bd409ec4d2ee6789e4af0869c5fd221efd51c0d3bc7bb6e00d7
SHA512 39f86dfb136bdcf9887a6e4f0d6adcdd89f89bcec54f5fc71defb184d45e54ebbb6ca0001aaaacf078a3116029c94a58983a2be884d6f32678c06d3f53eb0dae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bfa9ee0fbe724cfc5c19214a5b6f4b38
SHA1 2af0d60213194cada71aa68a4d94659aaaebcb39
SHA256 6aef7250efe312beea8e99451ef617cfad5158a76eafeb54d50d9d6edeb77dd3
SHA512 7381ef068145c24828979d911d03644e10db990f1fec8337469d1cc78c00f878a6dac507b9a802b7c886fbeb63f66226dd97f30e495b3dcd203a9f8f375a80a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4148fb3e2d90da9cf5e76c75303eae5f
SHA1 92f45389496ffee6f6ba123c551526f31fcc774c
SHA256 de0b8bd80107b1bf5934da8955572fb8ed73fb935b1e4ec29c8baa205e30d6e5
SHA512 39a7bec1219395c6807c890fec008c7b4417d6b3c4048903af6a79b74cb64135b88032fc8b8ff0f6dd4d84a6f454f78c1a15863ccfa6fd6ad3bdaa9b23b93aba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcb2f8779e571904567eeca921a2671f
SHA1 4e5d80c6eb31a84edc08d23888080807c50e0d90
SHA256 2d7c1b71c25223e797ce3ea9f03909f8aa72681a6c65dbe7b9073b6e23e55f29
SHA512 4931d0c6f6c390f4d30309929021c7d3c1808a684620b0ea02e81274b75c2a901bf141bacceffab11c15af2b2b56af040ca09566534584d5b07ec2430c7c6dc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58220ed5b7ae3bd825959f80170b84a3
SHA1 003de1f490493d84a7b52e78e9db2460383f1bf5
SHA256 1eb7e1b7e003a898b006aa920441608a7a26b6425fe7e1372cc0bf74d4b96ca2
SHA512 14e32f09967b9b4f4b12479e821ff3c656c950e577e85886dc9e21edefb5321a2033cdb4462dcf683a23e4000e67310950f0dcaf781adab6a318403d60791bf3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e468f747b584cc6f05a55c20fd4f3154
SHA1 b75620ca56a2c7f2a808a84366b29d6cdbaf37d3
SHA256 9fe608fcaf21684007f2c156ef545c11963017402f65e3bef9482ec9c3686c8b
SHA512 72600db3f852179da008bb31408d3e98ee32332f28749aeee3611b7ac28f1beec3b9cc442a2973d1097a6848681926248f87eb46d1b9c369b54f3c09a0822507

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a72db4c2e4e7f86dee0486c680a72c5
SHA1 30ceda894ab5fec68f5c23539b0d8ef7db46b0e6
SHA256 5be5ef08c822c3239c48838aa29c864f38a82cd60453e49803eca01a7d1b8fe0
SHA512 2afeb3329e18518da416d74c287195360e7b599009351a5658d91fa6d84ecd89ac74e66df5dee24207c5e961c215e7050b7da297cfb159eab72e84f7e25b2df1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a15bf529b647da0fe7e0469b6561cb69
SHA1 c438d405608dcd01846e48853b95dc0d080a2bf2
SHA256 143cbc1d8de29624a18f28a4eef682280eae3494a7a6e6642746092ad0b8fb64
SHA512 55fa8133b257d6887117c87ca05cfc6c29bfc0e2b662d0f43de27386ff6674ccc5dfa71a0962ae6bab870fa64ec95597fdfdcaaeaed456750d67e22f14a24033

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ef206df92e6a443490e16add789fdd9
SHA1 720c35d02dd28203e56b4f2482e92583ee7a880f
SHA256 a03a23b498d67e3c3fe31159cefc70de83ff1eaea34f28c2e2e80c2f57cc25a1
SHA512 3a77f4526972479960d9e641a3bc1492eb0a00c580b8950b579def2aaab3b761e9afc9140580b5e54800fc8fb3bee22c8fa9d9c5f8bc4661e9fbe4364a37921a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3157d69207250f65b521368c2c0e5598
SHA1 c6ccaae129b99cab164e9753a8ed85f6d45e6cae
SHA256 fdeff15e33b3825552e2ddb3273943f22553f4a79c5ba476780850527d1117d7
SHA512 c4fd7a0294e01b1c5a565ea83c84c13d83161beedb951d5aeb8dfda97ac257ebb58622004eddac02df5ca7f17b7f504bc28fecdec8fb22384252c2b0828d02a1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:35

Reported

2024-06-13 07:38

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a473b8132dc74c35bed59bd415ba92e0_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a473b8132dc74c35bed59bd415ba92e0_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5428 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5388 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5612 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=2104 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5892 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5608 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 158.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
GB 142.250.200.42:443 tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.21:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
NL 23.62.61.113:443 www.bing.com tcp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp

Files

N/A