Malware Analysis Report

2025-01-18 01:59

Sample ID 240613-jmxqsatepm
Target a47dbd853732924a9bcafa1c0f39df45_JaffaCakes118
SHA256 dc9bcf987808f0d6531100b0f781ffde9e08be2466bd43c4a9345664250cc334
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

dc9bcf987808f0d6531100b0f781ffde9e08be2466bd43c4a9345664250cc334

Threat Level: No (potentially) malicious behavior was detected

The file a47dbd853732924a9bcafa1c0f39df45_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 07:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 07:47

Reported

2024-06-13 07:50

Platform

win7-20240611-en

Max time kernel

136s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47dbd853732924a9bcafa1c0f39df45_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000001583db50a9c3e12210f51ddabbc266041f8b85c309eba3366e9273a36da9ee8a000000000e8000000002000020000000b3df7ed0de0cc721a1a5b06f1368d4cd5e2a24c06b26dab824e4ddb262ea66329000000078d0871ee674af99c9a7f52ac97046817353310fca6fd451f7c3f8d6c32acdc2203364ba2d81b2749524295d825f826c2615e722b4a25e4ee07afeb8a9181fc8c1d4c03eaad52cc465af69cb883da4cf2b5757270cf05fbf838908dd32956a21edf86c4c1b33ad0a6c3df2b26e85759229637f90ce42a1efcf425c0b471ec6bbfba54f5741518af4049bb835f8493ab540000000d783c6e52211d92b37b283ea28c1f39eec11df4906a3c2b97c882beaaba6da73c0b60b4711ffe9a5918911bd57d41d535a1c546b2781ef740f37f44377c9935b C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3B1327D1-2959-11EF-AAE0-7E2A7D203091} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 104da91266bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424426738" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000e8801b916c63e6610d3e87d17180eca1fc33de600a47ff3ad02a2cc09ff17b90000000000e800000000200002000000072e7e091d0bb9d0f74877fac50e583813a9d87a5e1333a059ce829c5325256d720000000d5f425e3371cd83985cdb2f7ed503f3d48fb008b1ec88b736e2cad8cd54677234000000009adaa0d11e7b5e8433b0c0ce90ec9b4c8ddc3c725e7b00286d86b71a104f91cff4c855cac2379d73d84d7d5d9df286673d37979c389540691bd810bc6bcb5b5 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a47dbd853732924a9bcafa1c0f39df45_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2268 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 voquocan.googlecode.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 static.mwork.vn udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
NL 142.250.102.82:80 voquocan.googlecode.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
NL 142.250.102.82:443 voquocan.googlecode.com tcp
NL 142.250.102.82:443 voquocan.googlecode.com tcp
NL 142.250.102.82:80 voquocan.googlecode.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com tcp
US 8.8.8.8:53 lh4.googleusercontent.com udp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
GB 172.217.16.225:443 lh4.googleusercontent.com tcp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
GB 172.217.16.225:443 lh5.googleusercontent.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 98b2b019fc99a9f0d33292dbefc5d1bb
SHA1 78a0d7153fade01fc8400ee31c9f394f93d6b874
SHA256 b1b63fd0f3731c0840e508afdfada4e45e5f4d211a0a225d9392eee3677fc22d
SHA512 cc8a6d64c09e6e76f0109504036a820678672a061e03a69e947439c02eafa374bd4eda44b6f969301b550ca1ac136ee47a15d2e0b0318e5c94d6da628d30fbfe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 2bc50d1052bcfa298e8847220563f324
SHA1 84282f0a2b6718a1ea7d7609a1c68c2ec95b5a55
SHA256 10e307253e6eb5723b29664552cc73a71c2e170248a7675a2010b10aeef9e151
SHA512 eb85e60ab335bff447cc2eebe1906ff68b60b157746e38018673385335a13d536f7754e7dffb445ce86ee57c05e66208e49bcb6306d94bbdef27b12db6fd2370

C:\Users\Admin\AppData\Local\Temp\Tar793A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab7938.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_DACC52A1882A05AED14688828CFAE295

MD5 a4c3e4b3f212ccf9719236eaa8f728be
SHA1 e017a18974a9969ca60ca2499ac54b464d91a2ef
SHA256 0641546fbe6a6bf201d918796cf5efa992632208053037f369a6173cc2afd39a
SHA512 c4c229eec604f4022ab0d439eb8b95bbdbb554d809d4571745957f0da5dc740e4ecb13757273b9dcf9f431a5b1ca40d53a539e2ccfaadbf7c161dba6b8b2734f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cdebbcbfb01801d04137b5efdd95dfe8
SHA1 da2a58e000a269e9b01363281c359f6da92e863c
SHA256 b660214f5d58603be5e6a7e921dbe19490d01b3cd702d1d49153b4edf6749660
SHA512 f4fee7903355c87898fccc1dc1df6d7b0a1b94b72c740c7b81b5d0a3fcbf8b53286e1607a32387d519fd7f95ae9824bbadc0b2d658ad9303b3776bcbd900349a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4878f0d53ad8d8b899550470a4783e4a
SHA1 318d342e10bb033e0a2c10f5ff2de9540fb1ff33
SHA256 f683dda6da79e4eef2d26137599e19d4186a9ce4855f1da1adc01156441e626c
SHA512 a6d7b8cb127fefe43980580d59c316294f7133cd0d8786f6f447485dd0274453292e22e363e968218d045dc65f6adb6a2b99d34e5ce2edfa5c5def28e001260d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51e29374aa23beed933054f1ba223883
SHA1 124c74fe404fb60f27d98a1685cdbc44590235ea
SHA256 0c16422ed3d36daeab864ab7046641aec2e38b8b661ee8789bc88d3b1f78b7ec
SHA512 0e9b2b74f9edd80cba4958972cac11e91751d780e5cfa6d68173a9547c24c4342835f0782b98ca255e69c50eaa6e0b1623d5ce4825ffbefe429ac2cc0c9d1af4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1024b0170a7cc751632f22b3b38b1ed7
SHA1 c867000c6bb7d33c831b2ba67103212cc0355685
SHA256 48c473f3bc982d6a0f78c7821e8b752a479502e9755fea441bea279eb2689bea
SHA512 ab0c030c041bbe082196a5598b1306437e8cf580a90905569584054cead5353eafaa7e7a07c789a4efbd934c727f781990651dba3ebcc54f9b3cb77b56d57c5a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5f842ab24040d0d29e7c70cde83030a
SHA1 ce5df3d1054a745e7adeb6bbe15eeebcfe607990
SHA256 187a0b589504be4644dfda6008df146171afe2fca183a61a29721e251deaf400
SHA512 18b278cda8197bca779b2635cd23db71d8def5dcdd648c6327af0555443e90ec9cf3351cb97f2d29b03cec186bcbcfb2c888672cf5950e13d65ed83cf9665aa6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 056054387415abaaf278713a2c505449
SHA1 9219053fb332079f5be6de10b9f42931d3bc24a2
SHA256 87edcfead5ac56b0364662d9e8d55e12a078e27c5009ee636ebdf23da21a31f3
SHA512 b3bfd44b234d98e45c34d3dde2cb027adfd0af46be7c960336965dc244a97f583475460ff59e43cbe8b40e647fdd46d1203956ce6b9e3f51ac90a32c95db7343

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70328e882f8f4a98aa9356164003096b
SHA1 6f62e9348af5e14eea2f157b257d35aca2985fd8
SHA256 df4bafd06147cdb84fa8d38cd48ef9d8bca2f8f5d87f5a028290e58927461ed2
SHA512 e551e29ce0a2eacf8038e581b6c16bc72e487e871cdd60b663ac4aa4676dcdfc0acdc70d0bea04a5650be988dd5d6196b8a51cffd705b323efbc3937a09bbd8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 efe8899eb50ee1766edea37df043a8f7
SHA1 c95bb4a92b4ab624987867826138c27b5aa34110
SHA256 cd3c15110ed1448c2ad21d7018997774a92b38f42034d0b081376815c132a614
SHA512 e9c0f6de0d659c23d375b7f0e04fa495706a41409a32481aae829ef7e887f9ea7c06f802bd1d630359d0fa6ee3d3c56134e9baec3ba96873185ed8809ae68be6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c2bd80627ccd5d6b5420f86c7b7b9c2
SHA1 a986bc21507657fd5aa472be7883d6a82bcdfb25
SHA256 df04d542d4bcec9f2c7158fb363ff74ed2ed5183c419d0c738431b873fc853d4
SHA512 5c345d1b9a10928e8b190131183cbf45d4187e149a40eab0d8c834f302db9ba6871550f4fc0192bd2155c3c1c1ccdd8abffbff9d75c1f101976757ce3d9c8d37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 01e6cc7bd6dbcb7eef2de819da885c11
SHA1 afafb0db783bf8b142edca4b8ba2d48fe1c25366
SHA256 f86ed74e8696573f6e063bda3773beafe233a110e2aa06e167ab4b7310395c14
SHA512 074e0131ef8e0e6020d6d244923ffa83bd131bd723126e2c2f7ae9b6407043eaf1b9e3645825495caccf81c181767d5546cd0aef50e18770f0818041b73a8de2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a571d845f3d96e488c3420cb1de76228
SHA1 6e32b0972140eb4dbc4954adbc5cae664be149ef
SHA256 3e875bef2ecec8d86ddf4c8fa92fd9ad0c2d1e3e638fda18b4e84b74990bf7d0
SHA512 aeca402bb1c2502c3181da3f33fd8807cf68965fdb2afbbcb6a6c6224aaa2c97617cdbdedfe19d21944aea7dbc8d3ba75d5418b6b951a0fed7e4530c71344ebe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ebb04ee87b094baf5588827aa728e2e
SHA1 835bd1ce60e5c4463b7b13da84379c1909820786
SHA256 016782c36cdcbbbee9c0837e9bf76e0dd6e5d4e927abc5709e2750c165bb5b66
SHA512 69ae5ca62e459e0f0f709391d8d5c7a5596970d3c4f4f933a92126fd1626ef7960f794cdcedb639596d404e0f8bdb1210be01a13f8dfea964c82bf10febaff49

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6808763a8ae542bdd80aaee1832e91ca
SHA1 e20e0a353a6091b5d799ca6e925651e1d537e9bb
SHA256 74fa7d57eac6da338c837d3e39bc4763da4f4a2c138e6146b1c7541ece8d49e6
SHA512 8aad95b1985a83d50c76c4e81067fb3bb77b5cd10fa6124c1d92599b16ffdafe276c3e97a959bfe7bc911d70e51aee9d1efd544b6befcac8bb3227e6320c537c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1b43ec2c225f757d18224b1f0191ff3
SHA1 c3f4375245ed5690b8d54bf2e63495825a77c6dc
SHA256 5564eb06b4690f3e2e48c5238d58f14b1cba648e5141b58ffc117e3c584edcce
SHA512 3488b9af00e1c1f02dc458209101bfa83630dd541c739518d7691e6fdcade99d52ddf97ed83d6ba921544d0e30fbb7ca577903dccd966729cfaabeffdd8cedfa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c7ed051188bc7b63f35cdc714f285ee
SHA1 bb67812a40e96307310ae8adb729f658fa2d8888
SHA256 5a218ef01b197d9bb58fd832e53e62ca08b906c3028c26a38633d0e5f1d514fa
SHA512 352bbf37fe60614e33b448a996449f4325d44840647568ce9a239ebb0d832865920807f75846ed3cd5976d8c1714865d872374fb7e939ccdaee38bdbe864f6b5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3757aee3aa32dacef0c3ddc0a97ad92
SHA1 7b7f9fb73af741cfd55f3654aab9b21a1e77ea51
SHA256 9d62597c20d683488dc43e2a043cb949288e8d262a26d1086d8ac0577b2666be
SHA512 f4f1aec511a555d4b4b4126ce4a8443fe8ea57e0c4bf3800259e14d492672a235089b14a2222a05b7d478d10630d312395d1bf31ae00db68734240e86a602c22

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a45d07fef87faccc16af82b01cee8de
SHA1 01dd993ad7322ee495ceb9c410a5ef1bf31bffc1
SHA256 8ee02117d61775dbd30bcbc55aa4ac576e4908edb97d27e801003c4f945cc9b4
SHA512 5737ff7e0d5182b6276cbdbe45f23fee346214259d99ff1231faddc5e45304e89ac20c61021dc6071c510a36cd9a26940cf63901c3d15fa5797220121edb7d87

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33c398d45c274ccd3aa1176a9057928c
SHA1 363d689f094f7c6efa18141a237dfbb6288e9b78
SHA256 e9742f72d378466254e610afdc40d0cb94f359dd9ae70387a2878e2409a30689
SHA512 e90f01dbf590284c0988ecbbcdb4dbcbfd9f786580dc3ca37141d87f4c51a0f8af2e24e71a1411b6fae15aa17ff2861fcd14ad2942f6c0ccd953a7eb9945447c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12ba0755165343075b8aa52fd6c7374b
SHA1 50ff655cbbd3cec851fd69f26e187e0e3dcae467
SHA256 59f7db60fab724c1de5299b92bc9df73255bf8d54103e5a3f8ba11556786a6d6
SHA512 01ae6b9ed8a0904925b65b1269867be9b38af2162836d638ec14a6772e88a86caa95379399ca5a0713dfa612706cad1e33433519c5ac1e4ed21f721506ddfe8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9461d83bb29bfef6d772ed885e2a4746
SHA1 1f9a60b20fdf0549eeaa3de23e501a25fe09c96d
SHA256 358f9d955d43a69e6056fbfae36725def70f25aef5f92e90fc556c3d5e85501b
SHA512 48966df3a98e16ba1bb51320b115ed742c08a82463660d9805e7b45aa0a9311fa50115e53c28fc5cde8296e5314f738d56014bb4db3bf4d4e54410e5355ac71f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 07:47

Reported

2024-06-13 07:50

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47dbd853732924a9bcafa1c0f39df45_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a47dbd853732924a9bcafa1c0f39df45_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5728 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4596 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5392 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4052 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4244 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 www.blogger.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 nguyenhuytap.googlecode.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 2.bp.blogspot.com udp
US 8.8.8.8:53 static.mwork.vn udp
US 8.8.8.8:53 static.mwork.vn udp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
NL 142.250.102.82:443 nguyenhuytap.googlecode.com tcp
GB 142.250.180.1:80 2.bp.blogspot.com tcp
US 8.8.8.8:53 static.mwork.vn udp
GB 142.250.178.9:443 www.blogger.com tcp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 static.mwork.vn udp
US 8.8.8.8:53 static.mwork.vn udp
US 8.8.8.8:53 voquocan.googlecode.com udp
US 8.8.8.8:53 voquocan.googlecode.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
NL 142.250.102.82:80 voquocan.googlecode.com tcp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 82.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 1.bp.blogspot.com udp
US 8.8.8.8:53 1.bp.blogspot.com udp
GB 142.250.178.9:443 www.blogger.com udp
GB 142.250.180.1:80 1.bp.blogspot.com tcp
GB 172.217.16.225:443 lh3.googleusercontent.com tcp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 resources.blogblog.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
US 8.8.8.8:53 4.bp.blogspot.com udp
GB 142.250.180.1:80 4.bp.blogspot.com tcp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 3.bp.blogspot.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh4.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
US 8.8.8.8:53 lh5.googleusercontent.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.180.1:80 3.bp.blogspot.com tcp
GB 142.250.178.9:443 resources.blogblog.com tcp
GB 172.217.16.238:443 apis.google.com tcp
GB 172.217.16.238:443 apis.google.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 tai-yahoo-mien-phi.blogspot.com udp
US 8.8.8.8:53 tai-yahoo-mien-phi.blogspot.com udp
GB 142.250.200.1:80 tai-yahoo-mien-phi.blogspot.com tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 1.200.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 20.231.121.79:80 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 104.208.16.94:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 94.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 13.107.246.64:443 tcp
BE 88.221.83.234:443 www.bing.com tcp
US 8.8.8.8:53 234.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
BE 88.221.83.209:443 www.bing.com tcp
US 8.8.8.8:53 209.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 8.167.79.40.in-addr.arpa udp

Files

N/A