Malware Analysis Report

2025-01-18 02:02

Sample ID 240613-jf1tvszblg
Target a475808d657a9ada3b9a327710ec9e8b_JaffaCakes118
SHA256 337dead7dca38e47232c9002a09f37d4426930b81ab5801924d54d27205dfd31
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

337dead7dca38e47232c9002a09f37d4426930b81ab5801924d54d27205dfd31

Threat Level: No (potentially) malicious behavior was detected

The file a475808d657a9ada3b9a327710ec9e8b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:37

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:37

Reported

2024-06-13 07:39

Platform

win7-20240611-en

Max time kernel

134s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a475808d657a9ada3b9a327710ec9e8b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000005accc5ec9b4ee374efca6e9d9569557c5bcfd204be588fa2eccc5211130d2580000000000e8000000002000020000000cdb979f8a3bfb496c1eab5afdb97c5957536c88aba5d6c2c99d15d14fad28f9c20000000a3f44022fd065d675134e7cec911aa6ab5d2c10e663e8d684e5a77a9a3bd8e1840000000af5ebbb9d0eeac59cb19cf3691515439097b95cda2307754bd2980d8b9af9c7a98910533bae19062a4db25d7e072131b7748fd8c22b76dc1baaec1ab04b3ec05 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000000ec32f9d22d29994937b3ffa5f3176b7b822ee37cabd91b6f9d653ee8640775b000000000e800000000200002000000049e574364a4b1fe27295e89f49c5e4544ebc0d133e2a0ca4b74805f4d7aa8e9c9000000027978549c8f359622be7416b36b3d0af55cebf19e5adb11f85fefd633d93d9f701beea2c271caae42d026da189cc5732efd159274b050322cb8007e92b9fed461160921168a5a839942cd93e183723d4f26e9b870240598db4287a6e9d56bc82fc2971e422a9b8a7cdf7ee7d63e4976ad76137510a865da7c1c9b415968149d7feb03597a1a17463367891fdd64396cc40000000ae69142ecca11548d169cdf711a3fefb6bc1f7c72898f3b20be62858c43261691d3b13c77174e9e4fc46cf7a5ff080c56fbd9fe7f9c6459c70541f9e99967d24 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426114" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a00eb2a564bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C805E5D1-2957-11EF-AAA1-627D7EE66EFE} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a475808d657a9ada3b9a327710ec9e8b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2368 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.vescontug-marine.com udp
US 172.67.170.93:80 www.vescontug-marine.com tcp
US 172.67.170.93:80 www.vescontug-marine.com tcp
US 172.67.170.93:80 www.vescontug-marine.com tcp
US 172.67.170.93:80 www.vescontug-marine.com tcp
US 172.67.170.93:80 www.vescontug-marine.com tcp
US 172.67.170.93:80 www.vescontug-marine.com tcp
US 172.67.170.93:80 www.vescontug-marine.com tcp
US 172.67.170.93:80 www.vescontug-marine.com tcp
US 172.67.170.93:80 www.vescontug-marine.com tcp
US 172.67.170.93:80 www.vescontug-marine.com tcp
US 172.67.170.93:80 www.vescontug-marine.com tcp
US 172.67.170.93:80 www.vescontug-marine.com tcp
US 8.8.8.8:53 vescontug-marine.com udp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 104.21.47.39:443 vescontug-marine.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FY3LN490\jquery[1].htm

MD5 fda44910deb1a460be4ac5d56d61d837
SHA1 f6d0c643351580307b2eaa6a7560e76965496bc7
SHA256 933b971c6388d594a23fa1559825db5bec8ade2db1240aa8fc9d0c684949e8c9
SHA512 57dda9aa7c29f960cd7948a4e4567844d3289fa729e9e388e7f4edcbdf16bf6a94536598b4f9ff8942849f1f96bd3c00bc24a75e748a36fbf2a145f63bf904c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 beed46275e52bd4206b1adf2a4e5aa3e
SHA1 cfb06bf6b9cad0fcc47ca443ceb7c57009b8f37e
SHA256 26cd01dbca720e558b9a5d4c18d42dbf7b0044663981480f8f39451abe40ae66
SHA512 47696f1ec71b16b585dfca922dea2a786c2cd1785004a01288d49da443850ecc7a8a89e82acd393504ba210345e8ff6dedd2fe198e304830730e6f53418c710d

C:\Users\Admin\AppData\Local\Temp\Cab6200.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\Local\Temp\Tar62C1.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65d5359d48517f8712717f5c2098d699
SHA1 53ed7439e5beadeb70cdd33d1a7a173eccde99b9
SHA256 2ec52b7456208360e962117fa7d8204bb4c700a5df67cd70253db3ab90753527
SHA512 1e5883aaf8c0cb974072552d3017c4cbde711794f699b9ba89e05d18bbcfa3465a03fa24a3575df8db7626d5194c3a4fe001b787447cde9978d69787d3b6fe93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 caa495450e183405c97b77f8ef5875a1
SHA1 39f46edb9359eecc0a073f6de841269cbf3dfe9f
SHA256 621d3cf5eaa45d4eeb09146935eb1c892c0f3975dc7de056193b57a480f9d752
SHA512 7e211571d6d9d6ca349d4e7cfe425f1e795722e2d7e60520ce87b7f8833d596ddb68ed5847f13e6fd88a02bc3fb9aa22da864dd3d1f6e9b424696264d07762ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f5031a1c159a8c283bfc34c5c251eb6e
SHA1 4be0cf88f31e2835bddae57f0b1d3a613ab8aa97
SHA256 c90f4efc41f612b892b975797a66f829307a52e270b781bee6a75eef0c31c38b
SHA512 44ad134fa615e6d8af5609ee279d97ab7a057b143021673ab7748ac26d4772e05d03a440b3efdd9729d8c366caf4bcecd18e43715a3e3ef65748da001463f4d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e58c83feb1e1311ac74dd4e80e6cd390
SHA1 72a13bcdc247bd61d03aba4e711a5da56858a352
SHA256 af54ef626422848a3077d5354bb2544411048d1562e13b1095f6ce082056e51a
SHA512 5a65d97e93fc20ca041171ef5e620308bce93d940ff55522dde10221bdd2b2de23c0c14ed2614aa2e076ad878a87fe477db459609c4ad3b2291caf7be4630846

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd08f559ac8263ce4cf1b428c02b8434
SHA1 5f45992c03219cf1b57227d3cd3b90216005e53c
SHA256 338a80d1d61015f86536b71422b8ae8e9d85805668a4fe1fab6ae1a4e83969e4
SHA512 1c3878e1ba803ddc17a4259640ce12c740ad6cbce668b3d7b5f801f3acd1fd3354f188ff2288aa6063cef0300b15d2c7c6343318a77b5a848472a1dda3e56451

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09eeb9036474a07a85f05354f5ce5206
SHA1 0ec14a71b5b22691c8c2c682b27621ebd32dd00c
SHA256 b4346cec0e57afaaec92a2339e69228804513f8a2f218efe3107035bad558e20
SHA512 e2c6ce1fed03810a8944bf3231b6faa31cfc75f14876d63f178b8b944cf5d2425abc776c66bd39fe751dcaec204dae3f89049a7926a1dc094de8f419929dc01f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74ac0f8f0a5506dd5cd35571dc150b7e
SHA1 d7a2114a742958d5b51916688d70fc032b3be0f8
SHA256 13495802f02ede6c95b989ed52496b84947da19b0d2ad96d857ebf4c11626d5b
SHA512 319423825aa987a9c1b02ff74c49e4a270a458755d960ec02d3be24cb79d095612f1d144ad35316f4496f7c49267b99032c3a1058292d7d027fc8f626d3990de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6faa6b6d237cd84c106365f1d9c94330
SHA1 efbc1f47453edae9e475fc210051668a880ea1f8
SHA256 1e18a9eb02d10106e1e09b1bf7a01a5d12464a9c9d71ace42052eb627ea315b4
SHA512 3ab6fe37d562360e841a7ed70c4bb1bb052bd0b0608686f3efeed141013db727d52667264db67410b238770994d13c289e1e9ce1dc0e7211f64d200f18f7f472

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11ddefcb0beeb883a9298dfc66c0c646
SHA1 b3efd4e0cb39d5b736e33f95b1798358b68d0701
SHA256 b1d0dd60fbd86cd49b9492aa0249e51e45988372a0f1cccdb08656e367677cc2
SHA512 65b0c40849849e43addfe5e0abcca7cffe058d8b260937d87ae493b907eac8e444a6e080cbcecb63eb6a85978e52d91dcf7867c0f327875745b939dbfa356ad9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ebc39325dfa6fc54daff42bb224e24e2
SHA1 de29922126d9bc8a107a566578517b2d162572b1
SHA256 e933f877f1b8eeadc1fb6034792532fa6f2db6c05959f6ee730f8a9d627e3597
SHA512 39728b404b5329f8d190eda37643dfc6060132a76ed2b9cff4d5cdc92cb0e8333b9665b7b24e62b66f8fc9c55e02b919378893300721a70d5976a68fc9582a8b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0a1eecfc8fe086bce3f73903bd0d1903
SHA1 a42cd13cc67a00bb036e197b3470fa7c92ebda60
SHA256 1e88004dc6d3bfbb59c12df4cd15087ee0a20fc75eab548b1cf17e47e3cac619
SHA512 3108ae93ad7b9d65c0c55c9ac8934fcbec4e678dcbfa171039aba55fa31f65c9db00e35f67ea3291aff96a2b07d6333a0bf18e7dec6fe30cba2abdd3d1dcbcd8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 24c9f4bc7b8031e65e2433340875b90e
SHA1 2820d3e36d4128f86446d6bce78eae13ed4e0523
SHA256 7b40d3c92a7b2e4dd057ce1716a4269b228f4782e1056ee6e1af0437c5b75e75
SHA512 fda5eedcaa51a535031ae8f6482bd7180f772374d3b52e80dbf3fbe20a2ba7a342d6930f8e5aa95ebb07dc49481f350778367c80f0ec2252b28a94b2e9dad9a6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00a7f2b5e8ba771de0fa554c407567e9
SHA1 c3bf8ef8c87be9f23dc78ad5f50f4a6a42499917
SHA256 d43386b58c2ce2cd9ba9de90d76ba966bf9b0c59f8a4ae616ed2ba1850e0afa7
SHA512 9af24e04bc1fde8ab38e6554dd6f017f9f901672811eac3df96343b0841492a29dbd35abc590ffd6d73d247c65bb8785da73d4e6443019889b82959fce0534a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 23e81ce3f72a790b9e890146813f9e17
SHA1 7e89de8067ad1afb5a744168ddcfeff8d29517fc
SHA256 f063619b037f0fb0330555a9662c7acabb495a134408be943e8675ab4994ea69
SHA512 ef938e09384bb4877926f7ac6d2568240d23221e56c90ad70c52304cfb72e161af172859dcec4de7f9c9426c9bcde02701c70b8b29568c10f2ae388de2cd8a5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9458718f05c14d79d0bdb5372dffa8f5
SHA1 9caf75b76788405b306cf44111f9a04f838e3c11
SHA256 9f85bc1a8a634735c7fa32db01caf891263432d5f4a516d6a64c941e1792cbb4
SHA512 edd0932ae6c362fefdf0353cb384a7dcaae5f97b16db8f6057c8700969ea585d23fe6772a33a48b39d9458d9ab466c3f6d036a82c626add1d8338d126453ade1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 268c93f84eab9b5f46c52de6f4839854
SHA1 02351f4b8048eb845cfbc2e457d45db1753fd60e
SHA256 90593c2a80aecdc6d3ee240ace50d1edc871b5afaacc0a0876864e180f6b7331
SHA512 7e24d0a67e22c68d67224dcc249a8da5f2bfdd331d9ddceb2ad6a4fa2df3555f57a55efaa0eaed9f7de8476134a1bb66d52e5b089cb96ddd8b9bea34fc7a08cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a70ceec66769315f1b2305d4a839bc2b
SHA1 3170164f544dd6e90d8e2d80bf1d2360ec9a37cd
SHA256 dfe8cb168bca4715963b3bf155eb590e7e460dfadb1e1de7e86fd4f395775b71
SHA512 ec92a8c894230191fc7b163632c41adada81d4bd1090563d3572a68b414029948fa22f6c293a73499507675acd0070f028475da828649a574098ed43af519d67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3bf21f63510f3f86e1c4d77d14d28084
SHA1 00c1001efcd1e00c4e140b454964c1d8b6fcd008
SHA256 3dd8a20648ef5f8c9f0c7dc370087a2d4ba4fc4868862bcf69434a73a6191e1e
SHA512 ae7612fa424b89e29540652286ca09bf6e273a6cb783e8683fd8ca016354e11e06f9fd2473b863f625ebf7d7f8e0da189bab1cd8b5d8f4299a484cac8b65e578

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd2c76e95382f19307531e924dc73f68
SHA1 6e98f832b76ad303c40725e2b50050e89c5c4ed5
SHA256 a6fd6f38f9ff3c058bcb4662692edd88cd07323225554151d0b304f3a506c5de
SHA512 ff331d8b64cf0bc6cd31b6771cd6a4c324c11d13764af228745b71ab522408510a66c73d543edbea834f483a783bb5d6ee0d5e746160a82276252067072699e6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:37

Reported

2024-06-13 07:40

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a475808d657a9ada3b9a327710ec9e8b_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a475808d657a9ada3b9a327710ec9e8b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5396 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4300 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4904 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4908 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5404 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.vescontug-marine.com udp
US 8.8.8.8:53 www.vescontug-marine.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.vescontug-marine.com udp
US 8.8.8.8:53 www.vescontug-marine.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
BE 23.55.97.181:443 www.microsoft.com tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 104.21.47.39:443 www.vescontug-marine.com tcp
US 104.21.47.39:443 www.vescontug-marine.com tcp
US 104.21.47.39:443 www.vescontug-marine.com tcp
US 104.21.47.39:443 www.vescontug-marine.com tcp
US 104.21.47.39:443 www.vescontug-marine.com tcp
US 104.21.47.39:443 www.vescontug-marine.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 39.47.21.104.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 vescontug-marine.com udp
US 8.8.8.8:53 vescontug-marine.com udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 104.21.47.39:443 vescontug-marine.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.90:443 www.bing.com tcp
US 8.8.8.8:53 90.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
BE 88.221.83.203:443 www.bing.com tcp
US 8.8.8.8:53 203.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 63.141.182.52.in-addr.arpa udp

Files

N/A