Malware Analysis Report

2025-01-18 01:35

Sample ID 240613-jzzqxazgnc
Target a48d8388642eb81b84f6af3ded7ab104_JaffaCakes118
SHA256 f642bc0e9f00269b0677aace06a9004ba6fc8f2e3e6c51857dc8c9c2c7bb263f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

f642bc0e9f00269b0677aace06a9004ba6fc8f2e3e6c51857dc8c9c2c7bb263f

Threat Level: No (potentially) malicious behavior was detected

The file a48d8388642eb81b84f6af3ded7ab104_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:07

Reported

2024-06-13 08:09

Platform

win7-20240221-en

Max time kernel

118s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48d8388642eb81b84f6af3ded7ab104_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e5214638034fc74f82f1757063019b0800000000020000000000106600000001000020000000dbc33fdbc3430e1b93287610d369dc2aaeaf61f2e2917310b43e1f73b4cf9cba000000000e800000000200002000000062ebb82aab46b8d8e9ab3985cf6a850ed757cb768d00d911655f463a9f36582620000000c93081ecdb066225efb77a60a651e44bca4b8f138b63e4adfcdc8bc37e17edbd40000000dd190d7f54e15ec392b62f9a3b6f85ab337febdcd92ca251fc604941433ee6170bacd886d7d618b1f00042448cfd1fb0e2937883bb5647c8481a12e55e25a45d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EC36A671-295B-11EF-9966-EA483E0BCDAF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80b906c268bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e5214638034fc74f82f1757063019b080000000002000000000010660000000100002000000063a3be75050ed7e3f75771cc6273214dcb31b0b23bbc272aa1ca494be5f3afab000000000e8000000002000020000000893a4e9358405f3646bfee955ea90f0903ad8af3a4b4c5b32d3f4fc5d184ee379000000061553b42aa2d82701d7b35fc6f2c1d6af6ea48c5232316b856e9c86831312c929a407e2aef4e003243193ecdeab210af4739860295e34e05f589ff973c9fa9d96c3f50588b83984ff98b452bbfb071607f368f5e46b71a35e3c162bd98c9453ead8e67744b65530c53eebd1656c187973e61752c237147eabb9974234c990a2e6f8642f4efd9d44fa093d925cd38cb4440000000734d6bdaccb4be21358ef76a5d4ffcf3f2d0e88fa69f51c6c27ea00d143141268bb43b02a480456c4d5e346e690a01b4462d5b1cad779aa946a290a1c5152045 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424427894" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a48d8388642eb81b84f6af3ded7ab104_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 coinhive.com udp
US 172.67.165.117:443 coinhive.com tcp
US 172.67.165.117:443 coinhive.com tcp
GB 142.250.179.226:80 pagead2.googlesyndication.com tcp
GB 142.250.179.226:80 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
RU 77.88.21.119:443 mc.yandex.ru tcp
RU 77.88.21.119:443 mc.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.com udp
RU 77.88.21.119:443 mc.yandex.com tcp
RU 77.88.21.119:443 mc.yandex.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 fe0.google.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 107fd14a2c373133af17f37cffbe9346
SHA1 cb0c170c4ed0c23f414f44b35a7a4d7933920c4e
SHA256 993431e1f62049a7b0f512392ed5739dd5153719371a2b41fd34c85166eaa67c
SHA512 7e357c5573227a6a9295eb2db1dac834bc1b1a2757b6867e6a92c17945bfa90d3ea446cf18603ac62b136794654fa41f7679029b17e69bbc5688cc4b6473c1a4

C:\Users\Admin\AppData\Local\Temp\Tar42EE.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\Local\Temp\Cab42ED.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ec9b8e4c4801d694ad966d93c2c5efb
SHA1 2fc35770874c8deb84f27aa919e889076551189f
SHA256 98d52a295125ba27bd17768992bebbc78fb7c30e098426a6354bebeaae4fc128
SHA512 805c8b6a197521ea5a30f63741e164c3a815162f2ce18d512cfd0e7de72a97bfea9a0501739bf89b8841788c3ab9a086af34c8dd79e89c44d3aa130cc904c072

C:\Users\Admin\AppData\Local\Temp\Tar43CE.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a90c5ea36c521596816429f1623f8b0
SHA1 2c8c4f3561c921837277178840fd84ed2b51e12f
SHA256 3099fa6711faf6d04f031750c6bb3d2895d7842c89bb1f0b49881f913c92e7ea
SHA512 f84008b021dce0150c2aaaf775c17a9aa502ee4e9be3ef8910ec6f09fa6e439cc6c083424efadd275e9952fa1f4b61f9d157c5a3117120fca3d0bcf459fbd93e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 86cecbdb1b93682e7767d8bf57b95d1f
SHA1 c99ca898f1e0405cd06889821818072abba9d602
SHA256 29e61268424e202ea99ef7ae2858b5fdfe66d7d03d823c15a0667c50313d2563
SHA512 1031b4b32f8478a524fba8df951a2cacd84598fefe1f0b081d41454c2a356daf2d373fdbdc7506517bb4e6bce93c00e8d96552d154fb2fc786e257394e065383

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ab7fc899263c0361ad35d9714016b52
SHA1 52deb69ad06116c486bc857b3a71ffade8a4bc34
SHA256 ea2dad92a83089fa698724b0b7958b349ac79898b568aae58b6de68d2747876e
SHA512 7bbc993e4a92a13f7fe07e9629ca8015f39d7fdfe6ecbc8c991a70690bbed85406049a454e64d2efd9fe1aed67c9bff08279aef7cab56d6bf16d44064f71924f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a272594392ceec967239d61d9157a4c
SHA1 f96693f181ff366f70064c1a5ae8a6205a034059
SHA256 85089835b73c5ea3610a4e1010e91f770b7843e328fa9f518986d55fec1d0d6a
SHA512 0abafe8285d8229982d52241929e143513418bfd4738f112d58ee7756d7e4c8e36a4803206741f4531e3d3465971a0a7a71794bd11f225cae65191543d18b671

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c0403a7e7bd8c431796eb4199a84a2f5
SHA1 3726cde691b0463b9d63642fedaaea4e4d01eaf8
SHA256 5cf5be93ddce26d2e110449ee0d7822cffe6a18f355a0ac132bc0ea11b8e9745
SHA512 cba578152792cda88ed36e1367770855dc58aecb511a25fbb502087a1c4c0b1e2b5eb450fe2e10b6511347fc3b5d548ee33934e7a99ffbd071573c0bc24af8c6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 739bc1a36cad58df242e764489b6927e
SHA1 3a3ce78b92f749bf2608c3bd4c9ac6587f0a2e9f
SHA256 c7150f4ae1542dfaabf7371cebdcd722e17e2be83457214725e28c199ab34afe
SHA512 f75614560ae068c4a621edb502a4a802b50c05e18946d0222f0a753a074e2db69da46fde0b0fe0d87eea6246570457eb91e4adb34c02b2c6316b06bc87f92105

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2eb6ba000bc3e1120aa37c255aabfc7c
SHA1 64ff0035cd3ca8277d55b1f1813d5b332a0fa1d6
SHA256 1175cb6cf3602f62ef135583ca52352a05ba2f7d0abb616fbfde416eb7a780f5
SHA512 06ebf9bde2c9c85323bb4452979e869571bf4ccec30165bc9496f04ff5917902ff985bae85e294ae17479a56b6a51310d5f5e23ef6081d6b423307ea559fe45c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8754412fdbaccb0254891ac73d6be30c
SHA1 8148fe3f672157e7ca46792e2ac4808746746710
SHA256 c08d775f82bfe1a85e5225f2309e40cec1c797bdb46c24b245debdf27324efeb
SHA512 d40a71ae578447a7d3d29fb97d68ef4cc670a51847072c95fb889419410a53fcab201107142cd728ae40c44c49708c58df0afc19f9ff5f466c92194c4dccf95a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6a76cb32112d4b920786114ee7e9bf5
SHA1 422104e98bb4b58bf7db96a352fe7dd897f54e22
SHA256 16f6c79875313b54cb789542611bb4e8cd1c678a6ab95f9e9d791f96911d6884
SHA512 96eef9fe5f6a12926508bb283884b014e869dcfb9aeea64d3e7695ec1b972376811066985d47e6a8b998f4fbc83d3dfc37c03ad8a77f2f0b8139b0a539109a15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1a9f972289d0329d57f0388e16462a61
SHA1 049762fb493404991d5b424d9b2f849b2f9f7b61
SHA256 6e3c91b0b969c674aa5a7eb213b42bd77d0021a5ffda89b9a956dd16a69261ff
SHA512 d4651cd60b45e95f2492216eb3db9a0d3ebfa92712a5a72cb743259682f6c76e1ebaeffd61a59979511db6dd17288a98544565af06bbfd046dddf9b0bae762df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 4934618afceb1ee72b21a4323a8e539a
SHA1 c046d212dc2670797558c1470ed9e07b7ca20081
SHA256 2cb7fb28f56aec0e10f761037895c9537a5214c4fd881db751248bbc81e62706
SHA512 eb65ff6360b1883baf7c43ed883a9ea25a5d535c2727bb6a4b8bba455113770a728be34c499d9684cbc1ece357aa4b0e3ec32763db984344a7585855f3c4aacf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81352fd5c88f9614e849be76bf4588f6
SHA1 4dfd2a0e229248c75a3e1cfd914f798624d5e309
SHA256 50c4ca11f734903bebfee10e6798f1abd32e7c4d125b8fd2b86e1656c40925a2
SHA512 cd459b418be8d249835b67d918cc76ba9a4994340860f0d7685c5f12cef47c55de88f1ea80799ad739531a3b2f67c495fd8ef4b254d233722e5c4ca1239bac97

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31038b63e92dfcc5c9ea24c631bc4d7d
SHA1 4b34171776fc49a958bb41dcf3447da6693adee9
SHA256 f1f9f4791982ad6e06d457c3825e8f41e5ce2df91fe02557cebd7cf55776a461
SHA512 5aaf23928250cb8a4b09667b43dfdb915f42dece83b26b9147d9c3e5b4308f526931177e0a5feb326bc246f4ba0125b45f9ca099b93a74d618abcff755a7d293

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f565018ffa098aea7da811221ea31ad
SHA1 2ba4f44209fd2eb99638e2b9656c4be2d0c07ae8
SHA256 7c6517ef57281b18190d85add8f14e904fad46f5b0be384f10efea8c2ccb670b
SHA512 ef9014d242c3f859543beac102d0c6aecbb1ee2a406bcf17f8957774af73644602c00be5a132882852d4970b2ec897eb6f1f5a5a7f404c3a5fe7ae5c2c5f747a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 cee3522aa5e65f335d0ee3be8ca87696
SHA1 64c1c9131788a6654dea27886b964c6615313212
SHA256 091369ed6c6cdac1522afcad72809412876743d434e2c683ece3fccb1c634bfc
SHA512 d194632d917021fcb97a1c5e96d861c2450430ce13089885237ace46b8441eeb8fcffdaac176902d76d1384b30d97743cd7b636559c1e4186329e49583200491

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 397dfca722453437b5a65bf7be970f84
SHA1 adf0c106548a1ce1b60574604d3839db8699cc0b
SHA256 7f54c4eebfcec8435d9d1247ea33ebfaea8b8920972cd977e6af588bf55a1c82
SHA512 400905b051b3257abe52224dde56df75fef6749596332a5f2b19e5694ea84632e54a13606d17fcbbff48f0a48d1e86bfa06f38d11a1e0487c435e10f74bce140

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38f3094a18d0b93029c741b9c53a7326
SHA1 507df1104a8a5e5a595d7c0f81478c6281c93834
SHA256 74a6a360e47633bd53fb954f8ef5f43397cb97f4d2d7fbbd6ae5fc3c99e1a146
SHA512 8d394404b29a1700bdf57998ef164d352f34494a9e6f303a284b4cddeae4783d29e98d004ce98d8139f46d43388af0aa6e6de8616d7b2a86608f481c04bbecae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 871423677fa2803b0e37ec0648741f1f
SHA1 3be1cd07e403697cd43d0058d0ce2d9a071c85dc
SHA256 5058c8438b90bbbab973a9ffdf32147991a307e5f4226ac50da2d44338521986
SHA512 cad6434d9ff58ecbeb57c95f2fce484b88fc657350963b6e5a5ea33f138c0d981dc10b1e47b40c6cec6b2508e935f3360b891b1961ba2e1d7caa91e248afc8c7

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:07

Reported

2024-06-13 08:09

Platform

win10v2004-20240611-en

Max time kernel

130s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48d8388642eb81b84f6af3ded7ab104_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a48d8388642eb81b84f6af3ded7ab104_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4060,i,15316930299780304231,7592852768794498680,262144 --variations-seed-version --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4184,i,15316930299780304231,7592852768794498680,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=1036,i,15316930299780304231,7592852768794498680,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1040,i,15316930299780304231,7592852768794498680,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5464,i,15316930299780304231,7592852768794498680,262144 --variations-seed-version --mojo-platform-channel-handle=4156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5996,i,15316930299780304231,7592852768794498680,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6192,i,15316930299780304231,7592852768794498680,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5664,i,15316930299780304231,7592852768794498680,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.250.119:443 mc.yandex.ru tcp
GB 142.250.187.226:445 pagead2.googlesyndication.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
BE 23.55.97.181:443 www.microsoft.com tcp
SE 184.31.15.40:443 bzib.nelreports.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.180.2:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 mc.yandex.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 119.250.250.87.in-addr.arpa udp
US 8.8.8.8:53 181.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 2.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
GB 172.217.169.34:139 pagead2.googlesyndication.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.113:443 www.bing.com udp
US 8.8.8.8:53 113.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp
US 8.8.8.8:53 155.61.62.23.in-addr.arpa udp
NL 23.62.61.155:443 www.bing.com tcp

Files

N/A