Malware Analysis Report

2025-01-18 02:02

Sample ID 240613-jl6x3azcrg
Target a47d484aae9d1528c64d3099801b1734_JaffaCakes118
SHA256 f35eda0ef982cd3fbe651f1bf319d0c14a3780afef3dd6f4789c3cda78e4ebf3
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

f35eda0ef982cd3fbe651f1bf319d0c14a3780afef3dd6f4789c3cda78e4ebf3

Threat Level: No (potentially) malicious behavior was detected

The file a47d484aae9d1528c64d3099801b1734_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:46

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:46

Reported

2024-06-13 07:48

Platform

win7-20240221-en

Max time kernel

149s

Max time network

139s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47d484aae9d1528c64d3099801b1734_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426654" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000038a5f3f52dd244989f0bec0b9239d990000000002000000000010660000000100002000000033f54181ed33abce2e4e4a4c8892d503c79a25622b7bbc25f44f55c4afbad79f000000000e80000000020000200000005bf92db03d8c8a72f1937889b5c5caa0a585381fa81f259c8232f28ee4e1f001200000001cface750ec4e6fe14583b7cb0e6d28979726fad0e6be97336523c9b2d6fc802400000005a62589c1ddb814123148bdb9d8ead407a9df5d9deead88d0bad68cb34f2d9360cceae1d602b531891f5a2f0e88c06bfaddce4317e7a0b131d39767bb54320fb C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 100740e065bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0A47C2F1-2959-11EF-A304-E60682B688C9} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000038a5f3f52dd244989f0bec0b9239d9900000000020000000000106600000001000020000000ebd387bf22d8421631556392b1707fb3db36076013a676c2994c75476e6e35e0000000000e8000000002000020000000e0ab8d18cc33e474f87bec0057a441d3aa497b883c09b6b3920d1fe8a549ab23900000008d2648a55d752255a7f1d05a917c56143972c99e99801dfa7254e883cc3e7294e6b03ae2bd1611ab8ca0e2bda3ab1203641f3208edbdb5cd355101338809e17007646e9d2860cc9d777b95c3ed6bd9c01f48e3da7ebecbe2d6b5e65e5849e21d445dffed031b471aa7b50dbb6e79966cef2bd028fc051b130310fd404851809479c63fe594354e66a7f1d400930907c44000000009fb01cd69608133939ddde58a31938d748d727259a33a4026f6494b3a1b218ee000e5739a45ca1e7a76e1692a843391e9d77bd633c4d8c1390a3e1de8e2bcd4 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47d484aae9d1528c64d3099801b1734_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1812 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 infoinstytut.pl udp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 maps.googleapis.com udp
US 192.0.77.32:80 s0.wp.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.234:80 maps.googleapis.com tcp
GB 142.250.187.202:80 fonts.googleapis.com tcp
GB 142.250.187.234:80 maps.googleapis.com tcp
US 192.0.77.32:80 s0.wp.com tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
US 8.8.8.8:53 download.castaldigrafica.it udp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
IT 91.142.143.25:80 download.castaldigrafica.it tcp
IT 91.142.143.25:80 download.castaldigrafica.it tcp
US 8.8.8.8:53 e-sistemas.com.mx udp
US 8.8.8.8:53 e-sistemas.com.mx udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 udp
US 8.8.8.8:53 udp

Files

C:\Users\Admin\AppData\Local\Temp\Cab349B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar356A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07a44a4edbfc046f875b19772fcbb98e
SHA1 679d911705b80366198c47b8b39a5fbaa9ce1576
SHA256 05f4c9ea0ffd17f4ca291bf41e2977d870185646299704d56f4f5fb3b856258d
SHA512 8cc5c96ef01c370993fc14e12b11f6b31d7285f431ae9c523b869d872e6dca2a657c7f5ed607d18ad8c6aa9789eecdfadb4298bd09d7f1d645fb02f86051907f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d7b387fdd23770ee29d0958eb58ce090
SHA1 9c1b560ae7611dfa425d57ec5a66c6109fe7c65c
SHA256 3e66e65bfd747c3426ea1dd6eb3fe9fd6560e4166e3937ee1b0ba44803db5f12
SHA512 d5484e1f0cfa14fa85087fcba2cee97f05e3afa71bed57ed4d86c46515a4ae29c243989161066c7516072da16f4effae084792a6f7a8f428f9685b6a202ab3e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d3e74b70a5e198d2c3de69cba8bd090
SHA1 b148b132d8a6caf3a608b0e9e18d6057aabf31af
SHA256 288da07fdcaea051b6a7cd03a651d415cd838aae9ffe4b10c826d54a362929d1
SHA512 5de38178ef42abc24dec90effe159917fe340c56227154d8736bb3e9932c0ffaff978a7479977829eed2af10c15cf119c6fed2334f67a6f49aeb79f64876058f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12e5db8cd82b92ab552a3f443e6603fb
SHA1 f6b88fa04fb0cd943efd5945eb5cf334e8033c4d
SHA256 2b71f2c16e23001d3a10a0c937f4ca98e1800f31029cc13d5ed0ce555e48a005
SHA512 7060cea49c4d6e9eda7e08cd59d77f37fc0d6420732b29f90dd3d3d1b7496c01aeb5b6c110bb29a61cbc93cb7607bf4c738183b31ef7ae07a882338f1d6d5716

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 364c364e8b99faa57fdcf2dd7a6a3e89
SHA1 9574466424765f92c2c8e7528c8298b7c729031d
SHA256 291ac549ec13335dc0dc91bcb468cd92c5fc2cedfb14f37ea0164f50d79d484d
SHA512 7f4cc97271a8c1977ce92cc9a52695120d91f650b1050e183f2400bb5db6e1af9e3025b8bf5603104b03ac63dbdf889851a13b9d743dd41a7006bc8a9add9f52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aa44b34e8a9f909901aab7e7104d5621
SHA1 7ecd2d2ad10cd9cc114e753cf6ae5cdb95f313a6
SHA256 f9cf1f4f8636321fadcce929bc871f51587d4b500822da7ec35318b435c6c1c9
SHA512 1067f49c445a680e8418ffbfec8205dc7a7c0020f383a589c8b773c85c7b5aecf613809a5599f62d597f3f80e65446d032a8863f5d3e7750ee227ec5882e81c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 98f5fd4394a902f194188aecd7505843
SHA1 cbd7e192bc4de93a65488c82223d6171446a054e
SHA256 c3b70a27c0de540e96be42ddd88cecc965578768a09a74308b8c6e2370e744c5
SHA512 b0c7dab90b0ed098df30abd1f6c20d25546aeda81467b3b9b3443049c14cce1712ced7ac2f62a7c4ee2d25a0625edcb2c6dc9c532e20da7bddd3b84ddab25b74

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3802028398463da9f7b060ed2d1215e2
SHA1 980c1d4f868497c5b3a38fa2a013f34953a3dc24
SHA256 edf54a5cfd66243e3297b676aee06a063e2c4243199540d7d68bea2576d43a71
SHA512 6d98848b92bfe38c7f17b2e885875ce045ea941117ebf607bfd580e75834f59a38f0d5105dd34f5116bf52b3b9cd0d1695ef9e3a3d12797f79d9d6c3b6e64c76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f7a7a4feebb2913d2fa16fdbb226027c
SHA1 59aa12477b3a79d4b56bc798a25d4da120849091
SHA256 1dabc0d061cb8d8e81d3d7d064648a4fe1e6de4729b176ba73d6e54ab55e2aaf
SHA512 e4091ac550ec6a8cc76711046e3dc5d1e128b1a0cc5eae493672eda83adde159040a4f84b8c1a54c33c3c1bf5875326d3095a5e25122b897f460f80ac8106052

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a01e6e2d410147ba1e5f17443a404197
SHA1 cab9092698c9e8ec7f81a683e7d52a51270b5a60
SHA256 8b13b800156a26e1605364553c431168057fdf40ac5696c4fbcaf14415f9f2bd
SHA512 9f66e163d992413802e7212a2b120c961eda99400fe90449236a5c419b2ebd5945461bf424dfab271118f84908c5eb2a2d45ad1ec1b0a48ee4b50abd282fc7c7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b7ee8a91a450db200de9c2c2afa5cda
SHA1 773755a30ef64febad3e4579f1f3e852cc75bcb9
SHA256 b9dbc07159397f869493aea2d9e5b0e2dfc462c876bfb35dad0448499ffa1820
SHA512 68e9a3cf8f9dbb214ca9a62cd55b032c559783fa00272d47c26e491804e264b0654e9685af4271c4ef85db8a3405570180a56e946a4ed792029fb10fe0d24376

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 705331bfa703a2090cc6d9b614dcd67e
SHA1 077a32bfb54bba12391849a1c1fada496111ac3e
SHA256 83922a40f8a7f03b24339dce79e60ef4be062b0c3057ac2cd20faa5c6021b484
SHA512 57a5f070b9ae0a4b62d13230fb905da37824fa8d0a580ff05c7e07bb215febe6e8691bcd190c303121152e7daa961319019c12776aba06225a293b4568aaa924

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2548e39b7f97104d0cd0f9d817d1cea0
SHA1 c19c2a43d94f907c88f5107791913a12c8a5efff
SHA256 431d0b44f21bf47eb5676ba192e2a642f76fe1cf9e4473bb66076a64b95a164d
SHA512 5d9654d9baf789008ec64df9927053a2fc25c5237a79b25f2e312f93271a04bb38b85d685fb10fdf601bed7615e846337f033f7a4b462bd9faa90e7d8b550d94

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b56185aa19c6accb152800f1baa14ec4
SHA1 50ee8d33ed87f9a2d2419d8f886f2269613c8977
SHA256 99b5ee5415a74dd6595e71a530eaf585dd463b953db7f5eede7ff30ebbfe1510
SHA512 531efc5e4577b342be6e6214c42c6d73fb128e726e298fba655728b40980e1cb43dd31ffb82ff578c802aced8d612a3567a5729ba23f350cde6f52d7548caf8c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95502bc1bbfe7e51ad3c190436111e52
SHA1 1605fdf1167f8c3ca1d4040fb959e182d96d85cb
SHA256 117f513544753179b39b4709e3888babaddb11c0760eb3f37c02a4a064f320ad
SHA512 eca3827d675770ffa359b495c1de1d5747d32787599920b7586abdc01b46290b6fc00d68e6425fd09bf2f8253f5f4e21665a3a4eef3f49b7db6861b2e8e30dfd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a07509e27ae624f525ebb4111cce44bd
SHA1 4489f6042785531818b5cfe85a4d84c49f56bb06
SHA256 25b00ad50d4a9954d90508cf4dab52e9a2aab8fc721aa71dc4591a2be65ed2b9
SHA512 211b25eb27f63abfdc13a49ca12625cfe042bddb5c9ef1b373f2e90dcbee7a9d67e45376669a30cc2a417bb36a46a98c99ba6f58d8e834d1cb59244964a1cd08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 34d0ad9ade3686cae7310b6d97269d97
SHA1 13284f97ec907f7303cc7854ecfded5e959f86dd
SHA256 89321ace71464014eaff35e47e563620090e66f6e3abbf9b08c4d27084bcffb4
SHA512 84aaa434ec958dc2d69453214dd652347a047c59de13c3f68af2e0dddc810e6d660838b980f411801ddb738d77a0324187fd92f4dc8e938ffe1e8e94aad02cf3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f64b1d3e31f5d69d36fbb61b3f668a57
SHA1 bab7202bbf3c9057ab0f13994f25b695a358a48c
SHA256 64b597b755fa62bcef3c14199e19c152f1624d135dc9f02349a4852b1343748e
SHA512 1492c7765a520adcdbf3249fe60584f606c46b397990c3dfd62c569cb498b7f97e3195f4c21d2887de001529997edcf2b703e1741a1563dc23f488a7ceb54870

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88ca3d2da0abbbb4994397d11732aa95
SHA1 6e06422e8ee2cd0d207f61b8f07e67bf9fcc440d
SHA256 1ba4da7ce2316fcff2798a0bc43d135372c7341136f13ab37a90fabfb143910c
SHA512 7c8c55eb26e29ce0aa63b8596ea22cddef432a1d2326bfb654e0facccbeab50460bffb0d47e00815d701b403d2d5b230304b64de9e1af2cf1ad54602d7629980

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d2a4ae3c261db7c2ed38fade880f7b1
SHA1 4be64a76436eb62ba0a88c996feb9da327096a70
SHA256 9f2d2318035e0683b601e986d002be71c99eeb2ebc9d749f405bd0198feec4f1
SHA512 bd086cd6b6a21b1670d1983af9c99ce8e5d29cd12e2e5bd74976ee9c5ddfbc0a22459368d06043a11a8cc75434669f81a668cac4f571613c19ba7370b7b4e3e8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e9cf8973a605ff4555a97577142ffa2
SHA1 42580abf70f0b0616401dc96a47365ca85a00760
SHA256 a57d4640fa95fee639691f621353a2dcd5205d415cd48516ac8cabc730ffa2fe
SHA512 d8c5e471f5e382483690faa6346e6aeb882bd66599a0e1533371781851444d76aceef8398da60d4b15dbef3d99b5fe64329c73d63e22b06c4d5a6abd264711d2

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:46

Reported

2024-06-13 07:49

Platform

win10v2004-20240611-en

Max time kernel

129s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47d484aae9d1528c64d3099801b1734_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47d484aae9d1528c64d3099801b1734_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4640,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=1952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4920,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5212,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5356,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5508,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5960,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5648,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4120,i,2113996974559895641,18156918660790954073,262144 --variations-seed-version --mojo-platform-channel-handle=5892 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 infoinstytut.pl udp
US 8.8.8.8:53 infoinstytut.pl udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 maps.googleapis.com udp
US 8.8.8.8:53 maps.googleapis.com udp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
GB 142.250.187.202:80 maps.googleapis.com tcp
GB 142.250.187.202:80 maps.googleapis.com tcp
GB 142.250.179.234:80 maps.googleapis.com tcp
GB 216.58.201.99:80 fonts.gstatic.com tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
US 8.8.8.8:53 www.microsoft.com udp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
US 8.8.8.8:53 s0.wp.com udp
US 8.8.8.8:53 s0.wp.com udp
GB 142.250.179.234:80 maps.googleapis.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 216.58.201.99:80 fonts.gstatic.com tcp
US 192.0.77.32:80 s0.wp.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 57.40.255.185.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
US 8.8.8.8:53 g.bing.com udp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
US 204.79.197.237:443 g.bing.com tcp
PL 185.255.40.57:80 infoinstytut.pl tcp
BE 2.17.107.122:443 www.bing.com tcp
US 8.8.8.8:53 32.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 122.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
GB 142.250.179.234:80 maps.googleapis.com tcp
BE 88.221.83.218:443 www.bing.com udp
US 8.8.8.8:53 218.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
BE 88.221.83.234:443 www.bing.com tcp
US 8.8.8.8:53 234.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 216.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 67.112.168.52.in-addr.arpa udp

Files

N/A