Malware Analysis Report

2025-01-18 01:59

Sample ID 240613-jkgxjstekk
Target a47ad9d01a4948c905de6713472a78ff_JaffaCakes118
SHA256 b223f809f45c6551d82c75a251ba7aab1ac2ef7d0aad9122a104707347750145
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b223f809f45c6551d82c75a251ba7aab1ac2ef7d0aad9122a104707347750145

Threat Level: No (potentially) malicious behavior was detected

The file a47ad9d01a4948c905de6713472a78ff_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:43

Reported

2024-06-13 07:46

Platform

win7-20240611-en

Max time kernel

144s

Max time network

147s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47ad9d01a4948c905de6713472a78ff_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A2FF9B41-2958-11EF-8144-CE80800B5EC6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426484" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000091aee292972bbb02b46f3a2f65881f96ce74a21749730ab120703f8178a3a311000000000e80000000020000200000007d6fb2cc44a276f213d9d472ed8c194be23d665ccd5d25020f5e820b074be95220000000853ffdb0142ad9182c0047aad37f6e6684711e4d8ae5735093511fd29d5db20e40000000deeb1790530e866ca513fe1cf8e98b4c7c9170b92a8f573a5c25d6b3811bac7c9eb81cb1a62ecd3bdade27afc8e0e9168af398714f18bde883933cec5798e39a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000bda2791dadb7ffbb66ace6aa8b4cdfddbc586e7493e7f0fde1192e2806b78689000000000e80000000020000200000003994a505d4fa1f7814283eb4295f39909704d449d47e412d0e4f5081278f448690000000e40f5f6f09fb85405613c4408e24a1349982f33f39826e67e699accd2f5a4f3ce38e7015a3612a69af74e6a5dffecc6ed12ae7504db2db5a71e3db231005446167664e227da3e8feca78d8efc3a66791889f11124fa2acfbd657b7616891e071198b4020feb3fbd5567f7af972f9039505da690f0e628f04de9309442576101823b58bb0aa7c1773f2c4fc2ed664939540000000ac1735d8847d4e59549de5e6564d7242e80bca19e0e8dc8524a0709b841471ed63f3fd4ddc122c3192413013ec7194a5e585b123dd543e8fb1ebd6070cb38afc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0865d7965bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47ad9d01a4948c905de6713472a78ff_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1688 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 thebutterflycatcher.com udp
US 8.8.8.8:53 s.gravatar.com udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 stats.wordpress.com udp
US 192.0.77.32:80 s0.wp.com tcp
US 192.0.78.27:80 stats.wordpress.com tcp
US 192.0.77.32:80 s0.wp.com tcp
US 192.0.73.2:80 s.gravatar.com tcp
US 192.0.73.2:80 s.gravatar.com tcp
US 192.0.78.27:80 stats.wordpress.com tcp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.70.197:80 static.addtoany.com tcp
US 104.22.70.197:80 static.addtoany.com tcp
US 192.0.78.27:443 stats.wordpress.com tcp
US 192.0.73.2:443 s.gravatar.com tcp
US 104.22.70.197:443 static.addtoany.com tcp
US 8.8.8.8:53 apps.identrust.com udp
BE 23.14.90.91:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 104.22.70.197:443 static.addtoany.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab567B.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar5768.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fc5017f0b6d8d043d355fadb7620f2b
SHA1 feb1246c9f19dc787ca31e451456ca98312f2171
SHA256 43277d709bf878178b57a746e8626e56ddf4b5af2ef820f9c76fb11283c91c18
SHA512 3bbd2f19a05c6348196d2ef671dada73d660905836225eee8e41a820623063a5be62bdc740bd796f92ca9e02e7932f5908b91b07eb742650e276d48c32702e8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 732ebd6cfeaa32f3e15df71ed9716b71
SHA1 f0fcafef1bcecb32ec7712efc696200ec95a6700
SHA256 af3d9f05fbca2d0114c5ea6194675895cf69e0ab786c2dd84e01ecc6baea9267
SHA512 74784bf8f546f042c0c179144272239018993fb2726e5bcc085dd285abe51ab38d1e53ab0b66583ef941a7680a4923c924cccc7cf098a140f10db12b85459a30

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a131439f86541c15191b27053dec085
SHA1 c28bcc619344d682da831108ba6062e72a046267
SHA256 da69e1447145d25b4362970317cbf0e275c7064c047d1642b8a40650e3aa21b2
SHA512 eb1b9e7f0cb53e33fa17f251baffb2bfd2c7155ead5f7adbc030e1733b903839ac96dfec76bb7fbe6bea8292e60bba5315d653368e250880436270442dd8071d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b16efa4023d913298eb0efd8ebc3b377
SHA1 d211509f03904cf11bc47805a3c9c3d053ac130d
SHA256 da2141bc29252943489455a4679658ff2e51642dbf417feca39c6e95e7f02052
SHA512 c4f17d6f9c787f551fe9889b2a561302a1068fe2d3b9d76b3bf83c4973b7c729577523876e9a169425baa8b8adb8cb72ee5cfceefc607c80288bfd35b3933dad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cf6a1ab31957292dd0a7cb22bb39ba8b
SHA1 ee465fef27cb43a92b2a52d542f080cefb89a489
SHA256 946cce3eaf56574db9f6ff6032cc31d0ba112e4755cbd054248c5c40dc2d5ff8
SHA512 4cd8d7a8c28185d8b4d46045dcf4e0cc49646a87fa74bea05c856df51b3ae8b00bbc14e03b0dfa9f51013a079d44b404378494c36d5e643bff943d2592cd5414

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 032a18fd16039defa97ff5dfcb338cf2
SHA1 de6d85d5650dde07824a8be89a684b8f58a360ed
SHA256 7acbb14564b049b8997035c0fd66800571b85f87aa5ac8c1594500b3e1240d41
SHA512 92d023b811942cc7a8b194ba0d4677060a35b4172f36d5cc6807b01fdc0dd894da33b2374f61f0899c71a73a4be6f741a836e1324e52566bf2b1b089cde35756

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96be0e35df339ac799ee713b753778ae
SHA1 ed65418c0ccd21df7246f3c2471fae1f48a845fc
SHA256 bc8b2721110f54261054ed4f4a0ddded86e1f5523f8ad466438d2b6c0e4b40cd
SHA512 ed2dd81cd5634a83aee5732a3ba005fcb0704ffa7b7eff979fd3e36e06453939a6543a3c7c056db651f124e7d0617b11629cf58604ba299dfaa03af61111516a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 078c3565e0621699faa7eb27ac946242
SHA1 b86f4942379a75e22ae1c8c20613c013e09c7642
SHA256 30290def767adc7e0622c3d02ffc951ba0a0231efd8a68704bbf2d59ebab2797
SHA512 5035173e1f6a9299e39e05d50fd861df1224c6457f47220f8efaf4258cc18bb1f3f4a83183d050e95a375d46671d1a7a3a08797853f99808e85d000a4daea5fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3a60a8629e6ea56c3412f02bbb09ab35
SHA1 2667d85b60614e5796126defcf7466a9df1105ed
SHA256 ba13f6ccf0f816efe6913ef5d0709062453ecbe74e917956f5022da4b3198ab6
SHA512 bcb7db3f77cd32609181a7cc26f5c7d6066b78171ac16357cbadaa260ca0e2673dd7581278a5b40034fa0bfca383e451849b4ccfcff51b5fd7d8dda0f405081b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7043dc5d8aa1d7064ba7c6e5ce0f2a2
SHA1 bcf2bbf79a6e4774189638365475a774e66c81c1
SHA256 1836012b17ba8d93985e7827465213ddf574b4bd8960f5f7efb18eab0185eb9d
SHA512 090cbcbe188c489f89c64869935cd51fa96c33af164d2b1f0d1939ea03e491f515720875e353f03bb010e6c2ec478c388e4d52dc178c05d4161da36842265c9c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 15b52c7b45e3c6dc133ed1ebb04d28fd
SHA1 8f09253aa96ee34ca2b011467040d33dfe7393e1
SHA256 df3b479e7ba1914f941c2f68ca216f58f293d602d4e039ce50433cbe9150cd06
SHA512 8b0a63907aefd1f86543a7d711d36955a9f39f021ecfd72411127f3c4883cde35f73ed8356b8fc3e517fcde7f17e54774466fa564ec79bd5ca7d9721de5ac9af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ff62f8cbb41f5cbc2ebe66c44755575
SHA1 a723f08c86fab954db075ab1081c329b60b11c1a
SHA256 c64aef0e549d8f3c20845598b4d44b5bc32df2b95fae26605eabc7ae712563cd
SHA512 014ce5dec1aa8f8c92111a152b516f0502bd09c179bef606cab87c075a8352612df3944f3222c9f9613f2cff3ec65e2cdf734e2f99f4b391ddbe93107f5179d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fe5b6bc2af7b8da959aca92113a1213d
SHA1 278fa32ff4d279b5bd3ae05aa0f01994ab286fd1
SHA256 735b1f2b1c87bfc326ac9c8e1934f1a4723baf5bd6423ca46143575f6b1c5609
SHA512 dacef65e6401ce0893a4ee897a82367e0e0d69697c194f9fdefc4a538a3b197249e3eae7a71bbbf5fae48d2bc4cd15e73d778b5beb957cb02b47d28a880189d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 922d54f878605e19ce8b130ca7e804ef
SHA1 3fda0dff8bf3fed581434de1a9861317f7096a2a
SHA256 8073b691f61e9d044f058fac4b897e7d919a6ce397f16fb6be0cc8dcddc7671e
SHA512 754f6f5abe1e40e7a7cc8fcc77b0c4b914c2ee87f564aed7801eece239ed81534ebe54f94b856343ee2227583b508700973895408afbdf567de9e646416253ee

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5fd6f637a6d794e367fb05a669a3922d
SHA1 15433682d4c77785ddd697455fe2173ea0e154be
SHA256 d17b03c169e33280ca47d573fdc6a6169d606a5f60d9c23ef9b12430a99c2fe3
SHA512 289fb6fa7f2340a63325979c00522c5f0cbe7241886f3c7f435da74692e0c178ba986934c61625ac870e086f29dc86f6566f0cd1446d77c81d73161d16c9ac43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 79a1c0a28da0428d1996054bafb6141e
SHA1 c180f1d4e8103b079a6503406ea9f40c979e48bc
SHA256 0cabca326fd5cfbed143267adc925ef6b073e27cc719947d3226ac04093222da
SHA512 7ee427015f7d863f5d86d53a2ec8ab9cd0c25dce301b4cd8a77b3b4f56fd5d52e7501f91c4be6f28d5964dac6292c579e081cbcc50665e9feddd8fc8a2d31702

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9bb7da8f7eecbb4a656d9542a729d194
SHA1 4a75349fbd48c469b0d189305d911658d1d2b3ee
SHA256 2f92f1a174410e857f0d8b5ddac331226a76b33e0804ae0145a87915c40c51e1
SHA512 e6491977512f53d5107682c14897d5b257af52beae8830ba4346e44237a000fca7aa2a2f8dd63cfe2e45b7726a5061890f349aed540a6571f4250c0293f439b0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e7bc8cca572bc0b0dd668b177682068
SHA1 f41aec5835124eac058106ac89995acf3f9c6de5
SHA256 22e9eb1bbaed4166f2225964552a0c3746f0ba1d2387b89786cac5afbfff21eb
SHA512 f4a2b25dd4f8f1c62bd22df2ae62cdb284e9526fe52082ec2ebdcefb67cef82c24a6a3e844c490e14841f1dbe24e82d177507073e87fba7c91cec560b604b131

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93cf5d8aa4e75b66bef8c559a93c4ac0
SHA1 25ec15228b3f6092ab487ff08169b22e63811e36
SHA256 de63a9c645a8c87a9bb55002b27a929530372d17f3160c1f8ae52d3baf9a45e3
SHA512 231332f787e0ee6c1b6bfd20bd2e9169952d1c0a3c82b04d5e0aa636b25faa65b5c9a5ef0e292ce26bc933675eb913da87c6115e0b9a18f631c2b156f3852476

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 25630e3c2e7f2f0eecef2d9f23dd8558
SHA1 96d04f91933c0ecb317b27e7a63506b9376e9416
SHA256 ab7641367e748b5c8deb2a31722c3e4606dd2b483d574f3f88ea86110a1d65a2
SHA512 7a0a395a6a358eccaf631f472ffb40dba9c202656a87e0ee07e5f56f3fa89acf18fa9a74fde4625b672c20989ede6dcb9e4b258adb306a34ea85362d90e3b4d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39ae0456d54b685335de923c01c927e5
SHA1 fa87c23af70f71264d5b64ff512e603ba8ddbf6d
SHA256 9f0bd7c38105559f4ef823a5db06c47191bea6b60f7ad033b51a0aa4601d0339
SHA512 ef846b042f6f10b4e859b182c2623343909d5e1343ea96c9656ec3e4931057f588a75da9b14053a20c1255a5237d69b6fdb98829fde51c3fc9e71113749cb1cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2216d17bd7b7472552240f39d35d327
SHA1 d5c4da1a0062dca3b6064f7ecd5986bf800e3667
SHA256 fcaf132682daa8009e1bce3b8abe3d5d9f9b7138950521783a7b30030c3e468b
SHA512 659e7ce67c05287862775ed2585360456b14a4ec4b3506fef1be7f6888a18ee91d2183b7fe3a969b6e2a2ba11f3b265fd137c7515d3287acfab71d5ca6b3081f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:43

Reported

2024-06-13 07:46

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47ad9d01a4948c905de6713472a78ff_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47ad9d01a4948c905de6713472a78ff_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4700 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4996 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5076 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5928 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=4012 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5660 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 thebutterflycatcher.com udp
US 8.8.8.8:53 thebutterflycatcher.com udp
US 8.8.8.8:53 thebutterflycatcher.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 thebutterflycatcher.com udp
US 8.8.8.8:53 thebutterflycatcher.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 thebutterflycatcher.com udp
US 8.8.8.8:53 thebutterflycatcher.com udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 s.gravatar.com udp
US 8.8.8.8:53 s.gravatar.com udp
US 8.8.8.8:53 stats.wordpress.com udp
US 8.8.8.8:53 stats.wordpress.com udp
US 192.0.77.32:80 s0.wp.com tcp
US 192.0.78.27:80 stats.wordpress.com tcp
US 192.0.73.2:80 s.gravatar.com tcp
US 8.8.8.8:53 thebutterflycatcher.com udp
US 8.8.8.8:53 thebutterflycatcher.com udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 stats.wordpress.com udp
US 8.8.8.8:53 stats.wordpress.com udp
US 8.8.8.8:53 s.gravatar.com udp
US 8.8.8.8:53 s.gravatar.com udp
US 192.0.73.2:443 s.gravatar.com tcp
US 192.0.78.26:443 stats.wordpress.com tcp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.70.197:443 static.addtoany.com udp
US 104.22.70.197:443 static.addtoany.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 104.22.70.197:443 static.addtoany.com udp
US 104.22.70.197:443 static.addtoany.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.76.3:445 pixel.wp.com tcp
US 8.8.8.8:53 32.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 27.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 26.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 197.70.22.104.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 pixel.wp.com udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.22:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 thebutterflycatcher.com udp
US 8.8.8.8:53 thebutterflycatcher.com udp
US 8.8.8.8:53 thebutterflycatcher.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.42:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
BE 2.17.107.121:443 www.bing.com tcp
US 8.8.8.8:53 121.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
BE 88.221.83.249:443 www.bing.com tcp
US 8.8.8.8:53 249.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 201.64.52.20.in-addr.arpa udp

Files

N/A