Malware Analysis Report

2025-01-18 01:59

Sample ID 240613-jm914steqn
Target a47e1f08a07227268e0f6fe00f671061_JaffaCakes118
SHA256 7b62794bb0b16e9383aa16dcc08eadd1860855dfb7fe551f776ec37c697db51b
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

7b62794bb0b16e9383aa16dcc08eadd1860855dfb7fe551f776ec37c697db51b

Threat Level: No (potentially) malicious behavior was detected

The file a47e1f08a07227268e0f6fe00f671061_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:48

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:48

Reported

2024-06-13 07:50

Platform

win7-20240221-en

Max time kernel

142s

Max time network

143s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47e1f08a07227268e0f6fe00f671061_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004aee54a821029549b0da7c95196f73650000000002000000000010660000000100002000000074880f3576c6dfc54a786324bd1ee4fb77b3bca558964040024566d03ce6a678000000000e80000000020000200000004c0547d30e6c2471ed9bf49f1772409668958d1659465d7173d04f67ed56ed762000000000a16aa8fcb9b1c67d48c83b43b7fe44e8b6c8b134da7c9a012878e30231b15e4000000082593654d91c4ebdda2e5d8decef0f9c773b0915e772f021151ef4ae92aed15cd40fdb4deb185c40a0bdc161475e8fcc5a86b8d2bcb7ba2bf9722c9d1a924531 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426772" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f04dfc3d66bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004aee54a821029549b0da7c95196f73650000000002000000000010660000000100002000000062c02478dcff8a23854383b01265d415fed6601c9ac59439b46d7955fc51b188000000000e8000000002000020000000cddc0380e4b136753902c2c504ed189d988fb3c6309bff2333b15437322c1f8b900000003c606dff99c38610cb92e938e841d3c0378633e1ae96335d79a012d588c35402bd287a3ac2022d10ecffa0daedc9a07ae698f7fc9d214b9e1a4bcdcdb447f9abfd1a7bac4fbff128db4f3e044cf69153d9d506a75dc543c1087a720c6648511ea52f60546979fdce6ec207d96fbbf10fc93bbe286d0beeac4ee9340f077a312a372b8d179a3d7a2b26ea06074995935a40000000447984d232b602eb5d335f7e1e654184b9b135b0f753e6b61397c45181b1c716595fd74fe4b1b26e70979e9d43c04bc5781f6618a6c0899a913427eea51ef8ce C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{500F12C1-2959-11EF-87AA-FA8378BF1C4A} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47e1f08a07227268e0f6fe00f671061_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 wpa.qq.com udp
US 8.8.8.8:53 amos.im.alisoft.com udp
US 8.8.8.8:53 amos.alicdn.com udp
CN 203.119.169.246:80 amos.im.alisoft.com tcp
CN 203.119.169.246:80 amos.im.alisoft.com tcp
HK 43.129.2.11:80 wpa.qq.com tcp
HK 43.129.2.11:80 wpa.qq.com tcp
CN 203.119.145.45:80 amos.alicdn.com tcp
CN 203.119.145.45:80 amos.alicdn.com tcp
HK 43.129.2.11:443 wpa.qq.com tcp
US 8.8.8.8:53 ocsp.digicert.cn udp
US 163.181.154.236:80 ocsp.digicert.cn tcp
US 8.8.8.8:53 pub.idqqimg.com udp
HK 203.205.136.105:80 pub.idqqimg.com tcp
HK 203.205.136.105:80 pub.idqqimg.com tcp
HK 203.205.136.105:443 pub.idqqimg.com tcp
US 8.8.8.8:53 ocsp.dcocsp.cn udp
GB 79.133.176.166:80 ocsp.dcocsp.cn tcp
CN 203.119.169.246:80 amos.im.alisoft.com tcp
CN 203.119.145.45:80 amos.alicdn.com tcp
CN 203.119.145.45:80 amos.alicdn.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabDB43.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4a53aa8dbd16f657c83a1c0190421c7f
SHA1 bd9597d437fc02c73ea5620e4fab39eefb3d9c8c
SHA256 4f8c8005bc74db73ea037dac6892dfa53c13b4ab318495a1cae2a184818a6166
SHA512 8e0bfccaf0d0a156bec96e82a34fc8ba2355950156ba027633dedf76170baba289f03098b8c2b02361fc64597a80afb9309dd512971c28bdbaa1aa330256da94

C:\Users\Admin\AppData\Local\Temp\TarDB55.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarDD01.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 e3142b1d6f423fdbaea5154674f12036
SHA1 0f3903f8588611650552ac2703328eee50a5f419
SHA256 f74b8d4fff12f821fd7b520d2c86ea9f8f854bbd207141d03b837d59ef443052
SHA512 aab286db8a3590f5372493a9c03d34730a3e0050543e9699286e6901dbbb2439cf4fe341287ed68ad2f9695e4e23a3fcdf3eed1c9cc7cc47909ce30dd80373d3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df9a90e4ee30a0ca717ade68b7eeee10
SHA1 f4fadc3e2bff2e3e963d5c93eb1fb78e25f3b04e
SHA256 2e0403ecec69435566965e32147d995c3ebef7b2cc3833a4dcb8277e911e7868
SHA512 7b39b5b11f97423cafb1fcf0ab9474f0b8382a7c2097582e9be63df9f60f6c629eb91fdfd9a87e296877570a1cc92b50fe9ddda681b52fc282c04666088f4fa9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a3adce1b0763456d4b7c8bce4dae567f
SHA1 ab3575ce2ee2b3360de7476aec5e6d9b86ac1ba9
SHA256 d79abf42acd3b50b6638222c8659ebf29f6b685b5036668f9c36b65afd96baf3
SHA512 83649286fc106e01f3e2654ee80b05f8741054adc6cf8fd4eed391b041f0401f0de58902ff04124106fe6a1519645aa80e87575e9e7b679aaf4b9035af9dcd81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 42b4ff6de096d646a84827a04fc9e039
SHA1 3f0d1e859bac879d188fc315fa03d38c0f70641c
SHA256 a2b60911d9daeb59ede158d1381e94e8fa8d5cb709e6d2681e2d18879fd65ce6
SHA512 7c5214669540a49e1ec2dee67e2a2a58ddd519a29b15a46d50ed96c6b877c4a39454a0c8b203ea01886d261224637cb2f07958fb848182c3e6878623569d6564

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74246ba50b891dbc76858436b5b4b869
SHA1 c31592ec05c86149020bf85f6292160a90bc033e
SHA256 790e8b98e221851b7e59fb5b7b3661879378049712022035cbc29d1f12d3530a
SHA512 3666a4466edf3e19c8df6b115cc68750834f12e4d9d429635702e13a85f57774a829f5a5aa932563116626f3eee034de3daf145524a13fe2c32de1b72e892724

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cce8681e709eae9e17eb016d3854c4f3
SHA1 d1b3ec50e926455ba734bd331797c25a2a177906
SHA256 267b906f69c1fa8d5c001872ab7c2d43888f5d9768117e50698bc8d3cd5181cf
SHA512 6282ecc784cf07f480ba89d584af6eb98d931432880a6e9293d3807096f4d067786018f082f02deac9dd87718c07d04f68c468e8a950fc2fd3174e660cad648d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9d70f8ed6ee1ae3dbedea36031232d31
SHA1 6e0737882fd16be98d8270744622a8a5a0e69732
SHA256 a83e5d435850f5ccffcfb5837f60f271d3881f5bb2975d41b7586e47ab03f597
SHA512 515ae610bc29e377b72d50c8af11b6f9d2160db0ae3aef0b272c997ba3a7cb259587be948ecc6d836214e2d3affa297eada4fd3bc1b7f81c7c4101560ce6a741

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae359ed3b19d0998735efb9ee082dfd0
SHA1 9b12c24a9d447a060151844d4860ad8aa0915fa2
SHA256 e4d556db1025af60d0fd83eff404b2965de85a25a2e47bfe2c78266ca631a899
SHA512 2af9217a733cb70e3ff283fc8567c8522d6fe4c5f8e8a6ba7c9a71711b94036b8e7a3f1a70f76a6da68157acab02abc7a9c9daadf5cf7c4ffbc1faf7080f0a53

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccd31f1d17818b60bde0f5ee8392373f
SHA1 c5401610514c95eceed7d8205f9e375fbcbd961b
SHA256 789fec73c684850d349f9712db96ee5099548d5ac24bd73f1ba979301a843da2
SHA512 89dbf16668f5ab720b96dab639ac980c5fc36f18367c0c84bdfa2dab22f5bc3c587ae993bccf0f24d8bd8f1637c8aba15f291d6c3369549342023b543bd486d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2792daf1c7baa631811666bb2e38483a
SHA1 1822fa4581df9870257d78e98fbe4b2116268449
SHA256 a1e013742c717b070590b42e16229c097380c7f551b961863eb68d194ebeeb05
SHA512 68e502f30119b524be57b560c85d795d6116fb759c9cc65de49fdc342159e12979fb139dce53c69050f75c4264d1ee3db1536818d97b63d8971968f9963a592a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9621ccae5ca48c199582c3770962539f
SHA1 33adabb034c56e3ce1add1117e3ba19d9cad85da
SHA256 622de0c53923179e4251b0b51605862701c10ba355bfaa08b56ef4fd2479be8f
SHA512 d1ae7072e8a73ccb9505ff7e1aad49ff0bcd7f8ee09b7815f719b65a65d35f9bd50cd1bd0e900be5ec9bc4bd7116c1887c3bcf3b9ff30a64781ae38453c955d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acc29bbc54623519e763cd41710f678b
SHA1 3e9158abaf1a378027b0da78b94afaf978a591c6
SHA256 b24705bad2f1f2c5434e261ce71d0ee117ba79aa4c0ad5613d6bd465e64f70f4
SHA512 83baf8910b2c80df063f791ee506aab7bf481c19e48586ea402a1649b6721883b1dd223a7374f1ef720ea6cb3c6bd955ca5b361492421e45f334857ab3730ef8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 767ab7b9560d297d4bddfb8a37bc660c
SHA1 44f0d6d964881adcba0a8fdbe87a78434f3dc8f6
SHA256 e1eef57e26801b8646981fe282cb32277b7c12a679eae77711e66446371c0a32
SHA512 51530fcfeda7af0c788158c4afb695825b3d8d3e4b813635b59e6a6359477f383f690988759e5ce37c02a5aab3117259fa0f7ff730fd78b039c6a302f75c2a2f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e589bb2354ff7f3d6cc19eecc7a2bfa0
SHA1 aed1b68e2e3eb49c375a217938a684e45e1cb755
SHA256 00137aaa95c4d9ee1ff7177987f4f53cb4d10e6e77b129824613e554e27e2ddf
SHA512 3e437989f18692de8284daeace18f4ab7a629a24717212f751b060bd22691d079f670a9bb8dced214bd340459034d67575ca9f2a3f3afa59b41a95b63b0308e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 825142fc387a668b360057136be0409a
SHA1 f0e421044900ae8b3be61eb48d283ae754a0a77e
SHA256 9aa93c93615c38bbdf61202b3587f6eacb16fd6f03b04dbe69c6811b113eb7b1
SHA512 b9d5c73a5cf98fb97ef7013c4d74e7e947941c1444c6b0dc6782f3b59921128838c18f08d2b313dfeaa680f6453273cb474baaf26be3a837967ccf0266d0e659

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa5a55bd3181d1033e516a5abbcbf8de
SHA1 b17a6e806b030027aa7ec2bd4ba21c1bdd92fc81
SHA256 e2e85e9be8000bfe0ea7ed7084fc70a2a2b22e6efd1678fe5e20fc3b031ba8f0
SHA512 44506d5e335e6e0d33c256de97048e2858eb93607942f0c8c92226d40794f195eceed3c9d23bc5a7374186a9f8026f9b804d60f6a5c16b077cb3bd9adea31c09

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55abd4a8edfc0a18702b0f3f85183c83
SHA1 673fa4ed9a0016f03f9f548c30ffac6ee1b4e1a6
SHA256 8cdce03994a7b4d0cbd9010646bef7d9190c3e08980e43e4ec29c74ef8331055
SHA512 d9c418c8f8a522692983d3881799c9e385b8ade7b39985dbdc586e04cf2e7a57091cc0bdb2bbc81f700d0ed44aafd1c47f6cee285b34c8ef76f794bd78204aa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0d345973df5109aff40b0aad94b44521
SHA1 561b587270bccaecfe0cefc9152c46841bab5f55
SHA256 5d9309f0720b7d090d27adc46c400205d868528d970b69b8f6d81d5b20343567
SHA512 925f0f1001c3dd05e7930bcae2cdee82c92668a9e45093477c3ebec7703c66885535010066d3e6f42969ef65760422002d712d56c37069389a86c0dcfda7b1e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 618deb1a03f0c1b3162fef57cc7cdee3
SHA1 0d433071e5086b22adf6f44f4f128e620bcaa39e
SHA256 5f68021d1998c9d33c57f0f911c379ee5a681aff325a9d6555e90215a858de0c
SHA512 e43a77caa2fad0d17a87c8daf94edbc1209905109bcb748c57807621a86d483de88d246e7aa73e59325ee863bcc22087d21fa7a0838ec277cf5fd1a84e039fb0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ffe4bb95952c5a50e28dbe99376f51f1
SHA1 fb6a28064878a24c1075a66c2e3a280d0dfa6a1d
SHA256 6ad351deefcf6b3a0a7815918d6a25c939418a04d6a98915ed7250c30d63d814
SHA512 ebd2cb36a53f98baebdddc2b82a9934b6eb9bd195d4dbec74b965ef62fa215ea47cd2f8fb3d5dc8ffb566a27b8912ec6589355fe577e912e70dbc103d37420e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fec0aa43ee2277825dcae5d74fa5cfd7
SHA1 4700c535e1b739f7a361323b19702f4741273c41
SHA256 2b362650c392951a3f6bfe4658ff8a1825981b518d1454347f2ea51ef6e6246c
SHA512 84c63d1d591af732dfd298f1d8f598508db73d1366952af5d91fb30990770b674f2e7763d101c3f0eed9df1e7a3580d7b845a61960fa86dd2cc89540e50af8e7

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:48

Reported

2024-06-13 07:50

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47e1f08a07227268e0f6fe00f671061_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47e1f08a07227268e0f6fe00f671061_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3968,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=3900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4052,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=3812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4900,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5464,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5444 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5488,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=4880,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=4580,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5452,i,13879737908471496610,15335851594401413307,262144 --variations-seed-version --mojo-platform-channel-handle=3848 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 wpa.qq.com udp
US 8.8.8.8:53 wpa.qq.com udp
US 8.8.8.8:53 amos.im.alisoft.com udp
US 8.8.8.8:53 amos.im.alisoft.com udp
US 8.8.8.8:53 static.addtoany.com udp
US 8.8.8.8:53 amos.alicdn.com udp
US 8.8.8.8:53 amos.alicdn.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 wpa.qq.com udp
US 8.8.8.8:53 wpa.qq.com udp
US 8.8.8.8:53 amos.im.alisoft.com udp
US 8.8.8.8:53 amos.im.alisoft.com udp
US 8.8.8.8:53 amos.alicdn.com udp
US 8.8.8.8:53 amos.alicdn.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 wpa.qq.com udp
US 8.8.8.8:53 amos.im.alisoft.com udp
US 8.8.8.8:53 amos.alicdn.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A