Malware Analysis Report

2025-01-18 01:58

Sample ID 240613-jl51rstenm
Target a47d33467d628426c8e24f88db282ffd_JaffaCakes118
SHA256 57812b9698f28da0896d8be42c64f957fbbf24e18146bde7ef22baf0b424394f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

57812b9698f28da0896d8be42c64f957fbbf24e18146bde7ef22baf0b424394f

Threat Level: No (potentially) malicious behavior was detected

The file a47d33467d628426c8e24f88db282ffd_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:46

Reported

2024-06-13 07:48

Platform

win7-20240611-en

Max time kernel

133s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47d33467d628426c8e24f88db282ffd_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a0390500000000020000000000106600000001000020000000982b7ceb6873ad9d8092554a1589767ab8d4ca80dc665193cf6ab9f571152e01000000000e80000000020000200000008074362ea822441d47840f40e42ea2c84b472a0d7137f7c2b38a1fdba0a2275c2000000050cffb4ae5a0856ba64023e2814f12d8781fd18f0593f794da3cac523f8ceeb940000000737016d92a514300fc118b4b7cdb03d57335f6c36d0d5697a0f201d56d5c2bef310ec2e95a9d9988503b6bbf638562a3b1b9930066d4ec5df6fe4e02169f3dbc C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000002c789e300daed5dad18ef66bd72685fed2bed54d5497025ab59e6cd7bbf9cc6d000000000e8000000002000020000000fa3d01177f019f2afe8c0c5edba78d5cd79543807a22ae99fdd3c5acee87646890000000f6b6771088bdc9a105496a0f209966edae8f279b10ff93396d6b2057ef8f1ceb9d6870a6e81b063df5ced8ce862f1012c835dbf547bfe784ccda40023a654948582f4b60365c454ffda5fd78bc4e0eb9179757f600a9609d8c9a9350cf622e67e4bf66c0f4e318a627464aba7357ce6734c2d155c8a6eba132ef9c8b809fc83402f23bdcdfffaa1c3087b73d1ea29fd940000000758b790d69e589f2d88321dffe5fcad547a6cd9932e2e56592975eed5fe02b9c8864c7cd4fdb4446867f7df719be71d12bc102abda50b15cf3945b997ed47222 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0883C401-2959-11EF-A381-7EE57A38E3C7} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d06d12dd65bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426652" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47d33467d628426c8e24f88db282ffd_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1572 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.process-club.com.cn udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab3D13.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3DA2.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39b404f35f07d21af3cde6cc2a7bdd6e
SHA1 c06107857c66501b14c6f697d81b7e125f342bae
SHA256 29aedbb772d2a82edfa87a25755162905485d6313eb08f73a486aa149dd37522
SHA512 6ea08a798ebdae068b79a6dadd18bfe02650b475e5cd8889da4b1cab37f0349895b3a19810571d6c4af6be67f8cfad1475a52e63b26f53768056d998f3554fe4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 701f54e7b05dee2716af52f3ff57ab5e
SHA1 2277d642d0d887f7724d9163af13439bc1f0da1c
SHA256 90b9d566f8cbb735c396ae7452e2edd98f308478dbeefc97e8988be208c6ef14
SHA512 ff2d6645229b3814a564c2d1e36f744a63e043e8c0123d5b176bf9cd0c7068ee7db2f3d49c7b36205588a20fcef7999df3a50bae1d30ab7232f3c8f4277cd795

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 090c3fc172ac60651318b81b9d1fe213
SHA1 5697f8f34de92bfd4b455eecef88897ff62184ee
SHA256 70c219d444040d45a38b0299a490b1f46ee6004310e11571d9be7be71a413df5
SHA512 f2305df0a14163ee767583592af38ea18251bb89bd29d5c6d70d2b7d8c37493a53d6d42091e632ee2659930276d2d690abc154500fa46abd94353928b0f1da80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdcb9a42e74ff4c8b568aad102965d0c
SHA1 8dee8ea0b10c580a21ff665421d0848e3c33694c
SHA256 bbedd161cd3721d8d87a43d69a687757c3e9b9e89c0b26e48cc1c12f8317149c
SHA512 ada425efeeea8cad3994e05b24b04814d72e9cea8d450eb104ba5f2f971d7caaa1b8dbb5e4d0d072011548f9e2428eb7fd0faf2b032d94d15a838e98fe6798f9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 251034aef0706869acdd447b939741c4
SHA1 4e1d156dd6c19aa468bae74467d95a48d4799295
SHA256 cee512f6f8895167433f369eb9917f866f41a5c2e3b1f2de8c17150924494638
SHA512 3f8a1715f3d2c571d9ae2494a2ce08165761a5f32fb4aa6773f6a8c40e32fc67fb84670bf807795657da96429b7ff3ae5aceea975fb60403f4827fa2eda09129

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a37aceb7dce3253611fe447e8503f636
SHA1 02e7d6ab753807985db76af05fef9754beb96eb1
SHA256 51ab1c463e6161b65a2f87a21fcf6eeb1b00b9f00b2ca47860f1044ac5e99111
SHA512 34559651b970d7931f90239772c3a405c35bddcb06e2bebd8363fea600eed57db5ba918310f5f4ba9608df3c9445881930a658b923c5beaf0b3480bccbd3e2e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6277a74704d6ae82230c6a6982eed7a7
SHA1 d39e621e0a2b946b8d83ef4c1b1e3a939c3657e4
SHA256 85418090a64d7f46a4734100bff225b70af03d06812d56db6e3104d7e3966125
SHA512 acd6e546207aea75a72b766c1d60a5aab0e2d0cd49b009b76d7a90fcc905f94a77c39c3eba1d19d497cd319e3d25fcc00a55e54941615f73a437b4e14ee8efda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dac94cfeb8dadc28e7ef6523bcc84d02
SHA1 5787dd61da6a0162b334973a962dc5cf8e54fadc
SHA256 2ca28c1afe2a164c9097002f8826de7c28fb14789dc0ab0323d025e495384bdc
SHA512 31bb836274b9a7b8767bd1dc56739df3064bdd919bccf84d865dc2f3a7a53429b33e056c988fd08285db963c5126d2dad2a2fa9027c5a61cf38f3f21c2758fed

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39f847d59b3d9fee43cf08ef1ae34a6a
SHA1 fcddf910df9b6ae09ae38e0c3a972cb8e04fb452
SHA256 b7ccbb5d3938b235c528e6c9d173ba8734c95bac0418f3d95d779ffbc9f8bc38
SHA512 0f6685d120fa06da8583b9e33be35c77f1232734939351540f200050575c3d9873aa619adf0a04abbf13286cac004b0cfd4932a3c8c50b5bd693c106df2dfd80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4da0f0010e91a752b074e8b2f3ca50c2
SHA1 4a2b2479b023f66de6c404dcc8a3512f4804ea06
SHA256 1ccb75b7969603d9e4b08db85142e2658d5a491248b6d91e911d9ff0962cb57b
SHA512 e61b30c3f046daedf164a899540e65564302d1299c0c0dd938d1d636abf6fa5c6d0fd5504096952e184ff53436bd34c42e0632e26da81accaccb10fc25c88f16

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86b60e7b0a628ff17cb3014ed9b06266
SHA1 c806f72055dc4ac54ffcf1fd796ba537c58d77c2
SHA256 5c3996a499cf3afb5d82529c482cf1a96d8631be2dc934be00d4df3f7104afd1
SHA512 39ab25ede1a34a14ea594d6e940dfdf5aaa300b19780f18a4fd525fedea0a223fba3cb99b2fa184651356660d2aadb6a7c6fa6eb249ab48ab205e4338966db93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 214fc24dbd86eba573b954289e798586
SHA1 26aace19fd5c2d4965a1021965755778fcfa3b2d
SHA256 eac63bcde7794a06b67e22b11a898f331f7368ee39424ec144d0f9ca29928d8b
SHA512 c17e772827266193ccf4e58ef9201a60afc1c454b0ea611f3f425fc9bcee4e6ccaf2158a454e6b1270fd56df75b33057cd6bf304b2b00a399e7afd2ff88efffd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63ea1539add4abfe5e4bcbde8195d1fc
SHA1 933d064375f7642395b2c4419a57d8b919d0ba99
SHA256 2720787de328df996a1626260c14cbe5cb5192a7168ee7f1ee236e14e71bd9a0
SHA512 b44f6bc18f80554057f2bb690eaa7dfe7b42dbbc79561ef085f46d5e85aeac03bdf958e87c70d556ced833bd39517f4436ac0fbcaba2783eecc8f3b815345eb4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0763587c920f6309f7762956ad68f24
SHA1 ed2ec65ce62ff1d081d23ed4129b0f759d0b2b2a
SHA256 f6d7ba83d4be4f00f244b1a1fdd4b6a5c86d8eb05999f299a5efaeef0f9830ba
SHA512 f0af0b643bd501757b65fac3c6d7d3e80bab74cb93cc5d4400d30b54bfd1209e91da4944621720a9187c570c50cac84cb0b9c45175034cd074ea8193e01c6666

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 492f9fd1241ae5b4e06f13c6fe98aeff
SHA1 0a3424b006aaec81f5294d510f3e2f02639b5b76
SHA256 b9b74c2d5a87107539701185bf56713ccfd6b22ecbf24e5d9f33c13b322738df
SHA512 0dc1e0a6d137a3d7950225f1a88826ea2554c60defe256875d670923e6e26e06e21a3bfe4f67e68857088180b406948ebda2e9f5248c97d4837c7a4d44640c8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b547b13a6c2c6cc2016c433d8a650a1
SHA1 9a8bbee4514b590c6b5e8f3bef34b3ff85a7e559
SHA256 d620d1ccf6aed2e160b29236cc8c93c793607b26ea87233fa1793adffc3d62b6
SHA512 400e0f0e5e2a52bed9941b02c57fc6bc2cea8cdbadbdebb3a5c9b6bb049d3a1bc61bdac9a8ea09f78cf2e60349be92cb1c95055c137e901c45fd9d9d4bbc6e91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6039ba5d9db2a6cac428e04b49fd912f
SHA1 70f552f5abc32e929742b7e14dd41f920803066e
SHA256 339b8bbc01a6d7876dd7de6ce279a3d8e0557991bb1a9ad5e5629544125cce4a
SHA512 3cf1448e6f6ed3ec625d2beda211bbcdf3e800594f1a2f663da893f34016768343dbaad5a6da8cd51d99cfe29605ea99555ee35f987b84f234e4ea1706975cb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f2108a5c558b4beb9d33f01f094f10e
SHA1 3cd8d0c98c99057ae3e4adf0e25badcd3723b522
SHA256 1f0ff545a3b474cac1c99b732d32888ab8c6ee15fb3766e69317d6812c862f43
SHA512 af0fa3b0e3b194cc96c80fcf8a7d4f96a4577437753c8ae205934dac54b23a4ca4c30ae8f312c789c75cd2297abf9d3aa92923b1e73b7e598634261aa4126771

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f419d6ae7e4796bca7cba17da60cb6b6
SHA1 f12f648bd095f892157187972dfc6c0132c96135
SHA256 20911691e04051daec0565bdcbd6bc9b5a579130a9b24114787a1db4e85b77fa
SHA512 5a8d652be948ef045f39a275d9ae1903aa229194ba745d7877a93b83b06011c3f8b6a49db3fde281e0781b8994e01d3912a49b2d6576334dd5a29d0f4a26b62c

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:46

Reported

2024-06-13 07:49

Platform

win10v2004-20240611-en

Max time kernel

129s

Max time network

141s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47d33467d628426c8e24f88db282ffd_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47d33467d628426c8e24f88db282ffd_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4120,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=4180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3780,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5344,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5512,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5524,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6068,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5732,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5488,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3812,i,16866810346450717340,3849854439116899380,262144 --variations-seed-version --mojo-platform-channel-handle=5936 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.process-club.com.cn udp
US 8.8.8.8:53 www.process-club.com.cn udp
US 8.8.8.8:53 www.process-club.com.cn udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
BE 88.221.83.211:443 www.bing.com udp
US 8.8.8.8:53 211.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
BE 88.221.83.210:443 www.bing.com tcp
US 8.8.8.8:53 210.83.221.88.in-addr.arpa udp

Files

N/A