Malware Analysis Report

2025-01-18 02:02

Sample ID 240613-jmwtgstepl
Target a47db7a352e3091f7088d48f26803e11_JaffaCakes118
SHA256 4f6689518fe66ce4d0f97b7cdae7d536b146045d694dbe3f1d00abed4c167af1
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

4f6689518fe66ce4d0f97b7cdae7d536b146045d694dbe3f1d00abed4c167af1

Threat Level: No (potentially) malicious behavior was detected

The file a47db7a352e3091f7088d48f26803e11_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:47

Reported

2024-06-13 07:50

Platform

win7-20240611-en

Max time kernel

138s

Max time network

123s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47db7a352e3091f7088d48f26803e11_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426735" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 900a124e66bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000009ccb518e55f1f9cf790668f8570ecab32a23807b10d615ed0d4c046923dc166f000000000e8000000002000020000000fde384a229c0ac5998426d9063e34ff2a9414eaed0d086f7b5d08a32cdb154539000000078da943daf0c04de8266632740da71217c4e3eedd5b2640ae58d624b94463d307ca954955ef57776c4f072a92dbfd88b729af3b2ec42363b77e8965c3d8525af02015c97421dab257513e2b8a51c09601f696cd2012c3498bc9745104987f6806593c678ef8b4aba6d5c627f95d05298e8d680d424e2da7ab8873f9c38eaa7a2dc30e95e49188b6e5b6171bbbab4eaec4000000057ddf0e954c6462762d4577431585d72ff6d8b07a4577f1ea94a6e57e4caf933d874540ae429ee29332a7ee93bc784429fe6e144329f8720a5f44f5047a145ea C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000500f83a2d36f991622eb952a8a89215d1798ea120f66808bd660137b41cf44bd000000000e800000000200002000000068a1b214c467ba0bb5435b7f6954d5fa706761f6077f41287318db5efaa01ab6200000004f39f99c0e9da4404c32d8fd1b4754e33cff5bf2d1d9959859df049ce432b3024000000068d249c420b1169f3f1f4efd903d2090f845fd1fdedc8400e97ad310fb6dcbfc383951e1ef26f4e3a9d8b3349e7d933c06f6e894093ccd485d2fe91e03579e6f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{39BF76E1-2959-11EF-AB87-5E4DB530A215} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47db7a352e3091f7088d48f26803e11_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 s22.cnzz.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
CN 220.185.168.234:443 s22.cnzz.com tcp
CN 220.185.168.234:443 s22.cnzz.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 220.185.168.234:443 s22.cnzz.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5909.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar598A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6fbc4afa644b1ec1a0fc3d57dc6c78d1
SHA1 147057012f92077f0a7419813b12ede09f04a813
SHA256 1d0c5e3bedb2a119c05224ccdc3d24259d71bc3f92e79ee12868910cae0b8067
SHA512 539d5fe65dd3dd51763596a808ba6c563aaca91476d23a18618614c0866907aebb5e72e425d35f84b22624b61a697c65c97ec8e5fb4976e0ea55cf0ff8a4afde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9197650204e04b5fb5d00f1a4282a450
SHA1 6e8efd0e594502213735b1597bf956916f68d16e
SHA256 53ec0ad8f8bb31a241c0ef398cb6e020c4f36d62bcfd1a5ceab0a2923a6efed7
SHA512 481e33d33ddf4626b40542c62f4311af76b97d3b28004ca9501b3cba2083423125a2d8ec030ea49f16702e1951f7c4144c01dd0d17f9ef4a90463664ff022d8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04604087025e0da25383540837249004
SHA1 bd0e68ce36a017181f34c79d7b464f5506a58d05
SHA256 58fc5b707bb268cadec017a6d11eef8692e1a2ec43882249ba5f67f6a7f65c23
SHA512 9b22015fd0c050c9e8bcec3a2367ff040b47f00e1618d75922f2e2dc9b598f191dc9e5a15b7d3c6258f69cb224035ab5f9f1720246b8dcbd8bbbdf199add75ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e6f8997387fb8d1f1456aa0371bef75c
SHA1 3ad3e51d138120365666ce563f8d433d6c45f5ed
SHA256 eeb0addd3ace1888c6d027ed3810a13854b70b8f4639ca1da8804830d95e0b7b
SHA512 42f835cca1c954b498e67fcb6cd7eebfe7c221d86fedf0e7740a5665fa5353430b328e63422855d0886f9e599f127ad039ce1f7a1e1a021da75ca967a237a1fc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a0b4ca9f31c6f2ffd8973049933ec943
SHA1 11846b49ea95f6890f318655c12ebbdc25d53c06
SHA256 9529c446d910e0fe1d849bc2ae2a534d232f842e799a333f28a3a3c69ccbfbb6
SHA512 b97a45e8c9fbc81eeb2f4ac009d5619b3bf7219e6f201a88b98e75d66814d7e0c61fd7df5b2e06c9ac4a084ecb2f08d61276550f63787bee372ed580ee484bde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 851b575aa98f2be6b164bd7165d43571
SHA1 907f9722b7d12198554d3a38a15e40d2e1825c56
SHA256 f7f44cc5cc9d5f43bf0f3c826cccf6c4cad81d8350e9a123c64fd5c413a62699
SHA512 9af38f6fdbbd0f131ccfdafb9643e8c4fd34b65f870dd81d281ab340aa8474ef3889aa52d6afd74bfe0ea46c0a954624bd39cd46963b168db9ccb1a3b41fc33a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 727362448e279e6a34864438afb743d5
SHA1 4d0898d57d0f7f0776551bc1c0ed895996c102c7
SHA256 2c560166a09583bc902aa3209cddb58460d51ddca15d9885be63b0ca0b8462c3
SHA512 3edb8e255ddc31593d1709dd15dba38e9a4bfd18d71fe24d03345f8c31158fff9ab31c29dd308883e488c2015b282b6127f75f3a741687696ad06c1e7e6f1531

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1635ae9367e644e010200a3fa255413
SHA1 dd8904ac3de9908a6cca9b24eb463c1da14d0bce
SHA256 9f545ae1eddab162374d0d05a42a057fe48d497cc26a4e02e04dcdfa11f51979
SHA512 e3caa728790b3d9deb67f8e89df852c98ce1c0e2a9445693ec359572d322059e1adc8223f2bd8fff7ad43c6224f4bc4d569f74a116547952fc9777f00cfc10c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a859295d7e238e0ebdfca06d807176b
SHA1 f6365ab58e4177941bbf7c3e94bb6d14caa4f494
SHA256 6e6bf873c93d4eff87775a879ff1e164790395b83546bdedafb1dab3b91c44f8
SHA512 2d25c9aeebc753b1e9deb87b046963b9339fba115e8f5bd11b5e87413542d9ff33fe465ac68b3d8e731970939156e924e6cc1c638149859eb33d48b74fc8805d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2aba5205a51dc428aa09fe5d00b99efa
SHA1 2df4523a3f6d6d3a52c6f00f421bd83d2ae63707
SHA256 8821f0cc9ae3e72e4f1661541986326bd55e2feabf64e05a89093db0e8230b3c
SHA512 40111f6bb874f9b13c6b48d967d8f1836876bcca2a7cd13a9a5856b90686650308b835fe855a64854782709494b078e994eb4f5d3801cadfae517080e8052a3e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3db8cb096e97e8a5638a74dffadf0827
SHA1 18bac5297d4355f12c42bc16bd77755fb2fafca6
SHA256 8330c0bf93f8e925ce64ffa3773e3d725f5aff91e71a286dff4b1fa6c2549bca
SHA512 fb5f11131b22cbfa51940b798e95e6c2949ae653b1c0cb2e78f90aacd2a66cd9f106f7c30d39172433ad3b3fa0847645ba1fb6bc66a8c04903152f64a4cda240

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 982541048eb981732e20ffc9d58bc749
SHA1 17c35b25f9c484d0fd3c56376c5640de6865b5ef
SHA256 90281b7a7a3ee5204f60dc909bbecf767e5f59a159c969955c9bdc519ff2e024
SHA512 235b5d04e61b2fb9f6761e7d91336d0339be07cb9238129959c0d04070c031bf4e3cf7d048b02544923228a9c6e5d01f17cbc9e5b3cd9c9fc638e1f3f55fc400

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c78a1f7d3965b3c4fe863f13f8df68aa
SHA1 b7f22907d7eaa2eb27d7f602e80a0346a217e1fb
SHA256 a08ce7bc333cf0de37765b9f391582340fb72ea7a66353584b20feee2bac9d56
SHA512 12d3ffe7883da36452f8dad5fbe398fc85f618229891e9cde37989ae80066b3a3ec7058b9db961b9dc44361516f0962c922c514f71fad915a6433a760bf538d4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f8c440b5154657139fbaddd28a339cd
SHA1 47b145521b9d939b7381cd998f8050736d4e2a83
SHA256 0d5abaacdc0b64e355ca47278c5955e2a77176955043f4e8a501f153e453f9f0
SHA512 1f7aadce02c05bebf9eb10baf74f673d9fc11cc6fd7c76722ae2003238c9e8ed069315109800456578a1ba95c23d1a3823e04c8139ac8d69d25436ba1e9ff21f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3c2a601446afb68291040ab1437fa568
SHA1 e78809b007963fa01895b9e92b17f82cb3d30dc0
SHA256 cc53f9b3e559e24b470558f2f9ffea8f9bee0180a7885047d5502f74618365fc
SHA512 dba720623cc2626d34b4cf8cf3cabedf9b0acadbb3819dcdd23fc18025dfbf481a4654d8ecda47dacdfed1bfbdfb94b5d9f0e64dfb302282913dd1fa45542541

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 351e7b50f761250853ebc566bfdcf9ef
SHA1 59ee6ba29b0415ade02ae75a337f61cd4a071a6d
SHA256 848a8ac6d1d341e4540afe99cb1b40ff83dae69488e9c1933f28d8f9b2b2fae2
SHA512 b26aadd352994cea24c53eacfe717482759c02013b6abb1ba2ceaa03306fda234f80caaf60b343c55516aa571149d67c9c68966a30465f58ed649a5a5fab46b4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f4606b5b144048baaa2b6b19681f5504
SHA1 95c329067128f9029970f002f9c665c483bd171b
SHA256 03bd9547714f215136f111fb2f3edaa66b6676196b9060ddca4303d710bb2ebe
SHA512 a0ec953d0722e87c62e9cdcadb31ccc219ff8df7691a4c02266a2cc96241dbcb337aa8f2ed0fc96a6063a5d846824c85c208e4aeeaff95f4b87c4ed04f2c88d6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee5a495a8e9397062ea4c8dc9bca4f73
SHA1 7cb4b1b464936d11407cfb56af42d0061e4e0160
SHA256 d0a036b70c15b7ca315593fe45df8173b4fd66c784cc7cac2c6af92610536e0a
SHA512 70f0d43c6e009d8c7363a091c68a05bad90280be282f08753dcc31b161311e170e2a1e8aba3370526daf21912cba31d135f6927dead897b9c03f0c2dffee290c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 160d68899461230ccd3db6f878e2246a
SHA1 182accff2bc5c213dc88e1c8479954e79b645c99
SHA256 9b87ad2dfda73a880f8102fc68c34a54c99d0520a6f56067632be9e2b7308a4a
SHA512 67afc56641bca440c066106a0345b0572c857d87fd7beb50e7b27ef473830a532c1f328eacfb673c65b633d9698d696d0685687c230f3e4f1394864d7283c742

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:47

Reported

2024-06-13 07:50

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47db7a352e3091f7088d48f26803e11_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47db7a352e3091f7088d48f26803e11_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1044 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3704 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3416 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4900 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4352 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 s22.cnzz.com udp
US 8.8.8.8:53 s22.cnzz.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
CN 220.185.168.234:443 s22.cnzz.com tcp
US 8.8.8.8:53 www.microsoft.com udp
CN 220.185.168.234:443 s22.cnzz.com tcp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.20:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 20.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
BE 88.221.83.200:443 www.bing.com tcp
US 8.8.8.8:53 200.83.221.88.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
BE 88.221.83.218:443 www.bing.com tcp
US 8.8.8.8:53 218.83.221.88.in-addr.arpa udp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp

Files

N/A