Malware Analysis Report

2025-01-18 01:25

Sample ID 240613-kapp3s1cja
Target a49cec0359c4b0338ba4a8e5dbd0d287_JaffaCakes118
SHA256 5decc811bb6318dd388f9381a2f10fa87a3e8238e82f86c415b70fa07756c407
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

5decc811bb6318dd388f9381a2f10fa87a3e8238e82f86c415b70fa07756c407

Threat Level: No (potentially) malicious behavior was detected

The file a49cec0359c4b0338ba4a8e5dbd0d287_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:24

Reported

2024-06-13 08:26

Platform

win7-20240221-en

Max time kernel

133s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a49cec0359c4b0338ba4a8e5dbd0d287_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006165ff9f600573419ae2dab9de2f1eca000000000200000000001066000000010000200000008b5a3e3e416b2e1c5a81017f4941bbd895f89e9ca3eb225f672dbb90701596f0000000000e8000000002000020000000b68b6b54294fa6bfee3995838c698e18d80c5dd4c67e205b0f1d8c64e724ea9d900000009f4ca401dd61cb4ff5cf13c5b3c1d754ead0f8368f1bc62ef771201801762cd830d1858f921f6264f0b7b5e7239602c41e5c99ec5d36f06c4e55be0908c1db518bb72258598a68633857e24a9aafc10a457636390e5fb79723c832442fcc125d60d876ca54ca91d659d2cb6532d7cc5c5ea5fdecfc983b6b733c9d47870259c4d77ab29eb11c2d8e464755427c4e7d7c40000000944191fe65bfaa17e5c6e111784d431698bc5c770879194574f6c88ae05cebc59c9702fd7a6b429caa0597820d01694616936910482aafb35a6baa28ac6059ce C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006165ff9f600573419ae2dab9de2f1eca0000000002000000000010660000000100002000000036230e4e0f48c7a9c88fa9f9f3e251cce96c9b5856dd12efd2bf508a942c822f000000000e8000000002000020000000579131fa40e7f9e6fdda2c3a7e2c49750c42cd62cba8511b955a4b74935214ad20000000eed6abb8ba1689fe0c85731021fcfb0270ee91416e26e872073f944df2e2ac6d400000009b8a5062b596178d561c725e54cf070a2b0b4a6503eec0d669c8c5ce3a3b240017a654c78ff3a18dc5b35af375e615d3388cbae65d9a1f2fd4e9c76397b2a848 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a07e5c256bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424428914" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4CCB47F1-295E-11EF-85B1-6A83D32C515E} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a49cec0359c4b0338ba4a8e5dbd0d287_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2180 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ag8aq.cn udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab5F33.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar6014.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 359d00ca24182f8fcc05f18c84a99b5d
SHA1 7d735f556b7a5bcfead0dcb19010f7f43f5a0078
SHA256 c782448d4d3829284c6bd27d1ef00de54e6f94c331ebb936d6a1dbb5246227a2
SHA512 f641d19062c06387da0d1b0538e0136a0a686a3deadcb0ac291f99870c9a2a45ca640551075f3a49ccc9fd39d1993e54fd0bc4584fb7aadb4aa98efe817245f0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81276c8bc603e8974f16fe3cd8540426
SHA1 7b23b8888af6b53fa3a72502c2eedd172cecd50a
SHA256 fc5bb3b62537b395fe58c92b24f6cc458a3a577e1b8971409cd3a10962fb02a7
SHA512 85b4f16a6d6f38227cdc3307db60eb1970de773b1690c919117c81c77ddcbf4a4d3736a2a211923595a3eddfebeb9816a7586cbda0fc5606528685004bc2912e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 69221949e670fc394e3690e1b8d450a6
SHA1 e8ce6254f3050af46303bdf50ce5f91b113c5974
SHA256 97e3b77d29c8eedf1e48111778812ba69f2d91883e01b78a98d50b23c1a4da39
SHA512 e09ad8dc888ebd820025be11fcc81d4ca519a679a7d311f803299e28b00c0d173d2b8041d27475c66cf5cd3efbb77eb7f850a13f3c49994e3b2927935e3a3c26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f15a4a6b82ee595c39dd50106e8ec74
SHA1 2078b10103b3adab0e4cf5223942ed9a4b79b033
SHA256 13a66cb56ca8fae5182380ed071f29bd751ca4c471e0f298e1fff1b8607a098d
SHA512 f9eba7519bd5be1ee998a3f792899c18d16298a45faabcd16f794648ea00c365ab080840ccf8f251fd34e9ff4447efb288fb447ed1c03175735c735606743d80

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef6bb63e6900940323a0d2827c751b06
SHA1 f2973a845769d481c6d363435ba9316d8fe79304
SHA256 4b3ea8f59279be428a2b4d0d81b974d7f9926d834e271a5be4344295d93191e3
SHA512 c80706b81579d60f0edf9f697532310b08ad81fc328d9c884ef55dc3861aee62ee4109606dcb4e70f4e22b9358e5781b22aa30aada7830ffa66716009b21ad7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 74a21c9921b1c4a9f5cdd300e3c5155c
SHA1 1987f8e300ea33c08bd470105a83aca7a94b9dd2
SHA256 2155996ab58ff37b0a159b044c68ad91bcf804a5c003c1b567efab7023c43554
SHA512 9de4e2b2e7b5c96ee9da31f9a59e8252025eb1394f8885ef3e2d4a920fee70ed231f22e33599c4917003287f9c44647aefdaf98db90edac72828ef706cb31d50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e1f55304c5330d3edbb4b56fa32caa7b
SHA1 5dc69407e2b1d79fb941d0de9d744e07fafa9b11
SHA256 efa2272f3b4457daa60bfcd4115ac6e1c7306aedb813ee61834d57096ebb9b5a
SHA512 146e0c306c6921d6d57ce3c41b78c326254f630973e71d9a8dc0e196d85633e4440561b3ee350cc5551542dcf77deee83530541468d3e5d3aa6a283162ef1cbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3929816163ab5f8b89e578d173cc6ba6
SHA1 d3f113e7d6544f499f8649a05b3aea0d70b93c6b
SHA256 58d5119ff4d3af3670796aa4d5c9025b17511c308ca812a9dfa29247c9e90062
SHA512 a89da80baddf27956061f1ee7681bcbb8b6e00e89a98145cf17197f900975a84b01103e83509bfb4086f2c02c3d448720c3a42726421aa296ab7c6d9f94170d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 003f5e7074743130363f514a8d030301
SHA1 60f5cf459d88cb1254ec48e3c975de4633670710
SHA256 a92fbf0cc9d48eda22700df616ee14e82acce2c6461d133ccc013540a6e40e9b
SHA512 016dacefa97843a0fcb60997c6b0c0d2773a3db34e3614f0193358aa45dbd16731ac54dfdbc89f37094c808bb7a23e18e5dfeddf5662e5960fad2c71e8bb1068

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6ebfcb71f8a3ac2d8ade954a1fa09b26
SHA1 82585abeb955add44f4c68041a5fccc0020a77f5
SHA256 428b4b89f15a020f718a926811eed643882c81c220b27cd8b255fa4c3d4f2576
SHA512 2a701cf3c73935db7b49d791c06cb5a24b2fca070d7be8ced834d458db4e80ca624c815a9405e14d6d953fa91fbe9a88f5ecfa9eb85d1340d8f14109301afd95

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 602ee23d635ab04108e2d210b28c4a1c
SHA1 5afad964bf077a6d1681384516645064770ab341
SHA256 8e4914d70b0eb032d899d8776cf4e77fafab8303f16a18e739f19b26a5b10f4c
SHA512 ad22ec3552cda10b6a0b5fb6787994eab77be39660e0003ff5b4d2d3697fadd70943763906fdc422071458304e195f5c1c624e74f1c59a438a859e2cf53e8d6d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0dd6111329aa87cfd3620b9fae773aff
SHA1 f58026c322210273c9b4c7de431aa3036b50572b
SHA256 6840ba8ccb3ac87e5f7131460ffcb14700b21f106c05ba9966ef72faca9d9ce4
SHA512 566d137249ec0a866d5ebbb2fce99a3d46c334a31505d2289f516344bd048065b11dad5cdb9af5be5270c98991a4b461103942d774a69ef35e5313f2edb3de24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f30fa57d5126b6280b5c64cd13ff6e6f
SHA1 72a53681788abf5e414c468095213c813dac7e8f
SHA256 61e4068fd5dff07327df1651ac7c266ba0533c7667d62df70bf4602d841efd47
SHA512 afb862b62a23d85e001a644f2a886c6a29a42898b36bca574ba4798b5582e89a2e02e5e778ab27f4b6183c31c16c9d13175e3463e2062679556725ac613d2a5f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7586a864174466dcd62e29f633e1f1a3
SHA1 70486597f5fbc32156e9f8afc0bd8d52b5cb64a5
SHA256 434ed4a88bc82925e2beaccd6cc75bca6c0b48481c9862e52be00709dbbf32ce
SHA512 ed708a9494808a1176496ac443a7c35696c122871f989f5899e4ec2e045c31039b3929c3e6001403ab8bc74942e2639e4fd88c8511ee73a038ec610cf03a510c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c08202d8f5853a4aca0adf0ef11669fa
SHA1 c3fad83412f0efcff433ab422a2c326d38f1486e
SHA256 bea670809694130c07d89886c40f75c2fbf0a5c0f6c2b3856ca3444c5adbc93b
SHA512 a8f4a74584377575107535fd1a09aecbb48ffe7f93077c5965273b5825ab7b1fda2bff38e8db1358577e4838cf21a61ff7c798cb99472e0ef66dc1af68c05b8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ea77a1aadc7d698feaf3aa7f418c0d70
SHA1 fe9c0ebdd23515df1e7d95725617ced1ddf40652
SHA256 7f5be0a700e2be3c36f8c48ae9f6030d0673901f3498ffab2041761285e0b323
SHA512 cf905656dc77541bb626978977899b4c66998a48bb89986da8133a5ec446c79b4954b61cc25e511e5ee8db164818a13daa36cc5d139f4c0af1249ebd54894522

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c2a0c8566b34c58c2ad8934515a5ff07
SHA1 646b714feba7d90fc742c0d4e3af859e95520e58
SHA256 374e46cb5ec9df9c36cb12df08374d2c22112db0c2fa6fd04a61db74ee682725
SHA512 61c1ca6ae1c120f7d099f64ef11c2dc1eeba311fad7ae918d4ba44d0fa0e2408ab4f9a2a0251c21edc6ffec0776f237e57996604a8ff1493835141d0ecc48996

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8022fc3a8cb8f7671a3d54e47019959d
SHA1 44649ebdf859a87fef99299b9385b051a74e14aa
SHA256 834ef4142560c556810b0a57136d128b50308bde56b091798f86e6f436a5f8ac
SHA512 2f3595949bbdd451278285b15f3317592d2ad996fdf8374a853eb48dcf3f08576375c473c8adb8a86d87d7d23819ec479e9aedfe0824d2eb0b6389529886ca83

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 100f1b9b8d59370ebcb3418e8ff7e340
SHA1 84a0f9cc59a6e7f363c289fa0a53bb07b3604b0a
SHA256 8cd7b56f4163e631c8a808128a6705ba5436e29cb0a77462a20bff9793613cf9
SHA512 b881f75485da6b8016da2edee5b2007d18b0e8ab8bd47fc1fe0a9426879e1b8ff83305c25752be68a4ad31ac78db2cc4c06654bc994909902aef63648d1bb058

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:24

Reported

2024-06-13 08:26

Platform

win10v2004-20240611-en

Max time kernel

129s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a49cec0359c4b0338ba4a8e5dbd0d287_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a49cec0359c4b0338ba4a8e5dbd0d287_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=4148,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=4584,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=2748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5256,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5328,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5456,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5260,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5672,i,11751898164297348119,13021661521765644467,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 23.34.233.128:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 16.43.107.13.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.194:443 www.bing.com udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.129:443 www.bing.com tcp
US 8.8.8.8:53 129.61.62.23.in-addr.arpa udp

Files

N/A