Malware Analysis Report

2025-01-18 01:37

Sample ID 240613-kfj2sa1dqf
Target a4a5b7c821214983f79725100cc659dc_JaffaCakes118
SHA256 3a5ec8f8938a5eb80a5e48d88d1b536c5f7f7d79d540836680ed478c42e91437
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

3a5ec8f8938a5eb80a5e48d88d1b536c5f7f7d79d540836680ed478c42e91437

Threat Level: No (potentially) malicious behavior was detected

The file a4a5b7c821214983f79725100cc659dc_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 08:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 08:32

Reported

2024-06-13 08:35

Platform

win7-20240611-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a5b7c821214983f79725100cc659dc_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{7AEF1ED1-295F-11EF-A05A-CE80800B5EC6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429421" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4a5b7c821214983f79725100cc659dc_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1A16.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1AC6.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f06369ec9112016dd4636a1a84f28271
SHA1 45e80bfcc1398f01d64af4da0d769bb75daaf6b1
SHA256 d6dfc147047fcd5b4a01b597f4acd7c3fd56d50ca8845021387988c3b2889a47
SHA512 bfaac045f831973b4b53da24e8e62680639ebb9b03a8e67073c0d571fd8236fce5a3a78113148a67026c6f95a153e34f2f0b612c999cfcc8775fdf0a9c7b5ab2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 213f8fbc6b0e99536125dcd811824415
SHA1 32bb77a8ff96fdefce2feffb2dd1ee045c5ce336
SHA256 12ab2c945efccec6339c725b9128a370fa6e3c4666fde47deee749d3b26d2186
SHA512 b31473e2e38d9a588aa7b2dc996e667fe145cba5b13be7bfebe3110df18b6bbf9614755d9133b8cc45f488a410138b79df58374d98b8870668961b6b6260b4dd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4941113d25ffda360938b20d0ed6b547
SHA1 bc53aafeec0154ba30692166e371e1b09da53b40
SHA256 f9c4555c9b5b5b9a02fc8735adfc81d6be89b316c7abd62b703b5f82b229e494
SHA512 13eb28a8cfcbbd5b65da1c404b18756b7e8232489fb6e9f742d710128d18dedd0fed1b177d972002c65ece39aa33df9c6ac98d26930cdb42c7debb73987e49f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80a0ac0ecf68110a6a1b057c1bfa6923
SHA1 650452f9b1fb8d0d3a7cbb1564aee7a7277e0f30
SHA256 7704c6b3e4dc7cca858ea97ca1469f4437444533e8a8acf353531a480049862f
SHA512 17aa567709cbbf0103c4df0469bb7a6a8f937b4a2fecdae661f475517e09492b5912af9597a009dc8aeec64cba89d020c59ee2d2340e7a7a304eaa3908f10c34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 378767df20c221f54abd3ace18e5b9d5
SHA1 62a181e198956f3cb50f61f294437e80b63240a4
SHA256 df6b70c49a33bf8a2cec9c62ea7ac62f17fe85e6544263e3b94e430e5d3d2fde
SHA512 d9c4996a5fcd5cb32deba2785c04e5b147c761f17d76475de4431a5c17ee42d770396ad1c965e7d5ba1ad1a9365af598a12da2f2fee52b27ddc0f5ac7681f371

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5343398cac213573489ce19797720e44
SHA1 f92e7492d311478dbcfaddc4944de22be1a3265a
SHA256 421b4f82bcf4f53de788b778cfd2d71974109b0ed5ffbb857e7f8ea25aefb75c
SHA512 c5c23b728e1f38fe9414fc7d82138a0bc4f22ef29ec252fd4a190808615a7f3e9718e71e09179941ac7f8b2f5a4c021bf57646ac42d2c6f5c1554279796c3fb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df46eea0e5eb58cbd97243fd8258fddc
SHA1 a0890c51b1b243a286c8c50ac11e136d33a1422e
SHA256 27d32a494c01eca705cb166063fa9c9886428581a19cafb549df0e61f24f858a
SHA512 7487f06e98fa38c3312d29610cf1ecfc42c3e7ddb2ee03c0080055d50ea3b4c1e8b9736c61ba04105cdeb075487d52f9cbb7d9ccf775def3bfac6c045c546469

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dcfea0e5e853bebc2f46b3d1a3e7ce83
SHA1 2741ad774c1c9beb6d4dec64a18775d9f7896c8b
SHA256 6d4bcb5d2623db5f8f9f7edba9f662929af615ccc5d65e9062dc54af17e3ea02
SHA512 be200770ba3ca9b9d67a9e31fb4404dfcac4ea1e94d3a9458e0f0d689087571b626121a92dfd2492e2d623bd7fe364dfeab72197dc10729a0dd09d499d051f3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e23b4eaa064d6583cddd2797a590ca36
SHA1 1bb284b33f19e646a11f6101f60c4963b3ac9133
SHA256 8e4484f2fbdfd61363408056795930f5bebd5e6efdfe566f8a87ec487b8c6372
SHA512 4dcff0e248dfdbbd5031fb874da494048935fd3cc7b6ad47d3d53fb70c967c7d86272770093990c1182364f48929eeceee4933a6bad5335019f0e567b18d7dd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8a3dd88ba435880cf58871241a6b039
SHA1 38a6f4696fcf95fac1217553f300db1c79c240bb
SHA256 ced7031e8879a01abc6c6a88ca16461cd14384d6f325736878bc7949f720bd40
SHA512 74422be583adeecc586fc04f382eed9d8da1ebebf45aac5ad40a7137318ab8f7a9f9ad7d8c2c87da07580f8b6def58e853d505b4417a2823952b1664ed2f0dea

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 771c59ad7b60f7ebae8a96fa93dcbf7c
SHA1 60443d009286980423189e4de478f02692453e6d
SHA256 1917f23070a292047ee53aecc18b0fa94ad0691299b636386bc9e1cff5b2fa6d
SHA512 6d859faa6ed34a859a67767985981d703031b5abfa56f5bed3f77ba0ddab2e7e4e5b4de6b31d1e3d70aaefba4a8820d5e84c4bd836e90a2028fbaa05af520fa7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 328b7e639f4e2e2610ebe33d8c2a405e
SHA1 f49e1189f14d45aad13c23ecde65f5a75af5d318
SHA256 ce9b2330717abba01a2ade6874bda570978b7532eeeb03cd6b7ac457ca6ad228
SHA512 ebf8dfffbcd02880269bc57d96d824d45f66058441b0d45c1fb066eb05012232347e177d96be0a3c960a6ac8ccba64dbeec5833f27642fb4edcff15932c9ecda

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6626ba71d828d47e017046c9ecb68ce
SHA1 dd84443d1caae4a54f5e71312d8d83c061cc3fd3
SHA256 daf7ad294b837142ffc7e31b960659fe58d4f09a390891a3afb5f421b66eb9bb
SHA512 f4e0ca20342273ae10d484188d857c8c6a47a8b79dc02ddf68d302b12031adb754f6c718507ec9bc3baf82e00c8d8f59e121d7da8d27d438588b68b1fc2a4879

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 90192c2e4c563bb684d4dd4ac5ff3faa
SHA1 e6321e8de81b2ffac86aff1502a7c3e087733b65
SHA256 4c2e6a99078c5c017a3124dc68cdb32f47a98bc71c3d27a54ca006d090a95a5b
SHA512 e995ae4276379fc9f5b802eea5a22b88ae6739cc55cb14e3bb96ac9d143cc40777a8c592ea7d22433c2f44b6903f44e5058b4f53bb0bbd7ccebbb185ef00f008

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b29a939a432b7c2f68aedcf3cda6bbf2
SHA1 446999ceafdd79b306d5a9a69173feafa4d235c4
SHA256 276be8be00810e0de92ca0b19218d734ccc565fbc3a3b4aac6b7069b961748a4
SHA512 b7c5f6b84d37c1259990dde110955c7ca7be621fa7c9c3936bc7394a4d175ca8f804c317fab569eee381db6b5cbb4fdd00d4cdf3ceb748d49ecc5b0349da64a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ed8ca5d4705f15f6622df139a1b7d63
SHA1 3f3b2341b9ebf181f51e0c74a9fe8098a09fc532
SHA256 4f23b70da26f2ed833c1ffe53a1419cc5ae98caf75234be599b6ab94d9e10c43
SHA512 87b49ad6e1559916787234306df387d8335a3cf40cab52b4daadb28811fcd7c384973f0312900f340e6ae6db077f370c35a090749e98bdc0c56562d82bb4898f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b531deb8ae3de9712dd2c941b6133a5c
SHA1 4f21b6682749b9935d1e2ab0bc3a83cde4e19114
SHA256 792474b488461d9cd4f02e4eaaaa4f4d7f939eef944cc6292c75c7f9fdcf2b45
SHA512 d50d29cc360cde2d6440a2e0232d229305f7a96ad9cac831f87d4ad9f3196845f54907f373801dd77d2ae5304cc48679ae699ec04e49570258da01f55744729e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f06e022087fa72c8d06182f561edf423
SHA1 4d00406c03f12c0477624e831d3b68c8120dfa43
SHA256 cf148cacd29256123ec20672f48c99af11c3051cb28f4510311ef3afebcd50db
SHA512 195b8de81bbb2297d2ff1d79daf850085096c03038393e597a5648dbde3a257a96437203a104577d748b07fb24287ee0047b8189cd9d9968ebc1ff2ea313e014

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 33263f6115fc2951a4fe73e187f4d431
SHA1 e3544af95488a7ad1912c5f6a05915337510f9ec
SHA256 6ee601cb4a2d3e0fc712f4d9d060b4443a41c9d11419c5baba4cf710dc33aa38
SHA512 8541a7c1357f170896290be377fc8b27c4f81142e0fa2378b29f6f5907995b6f771e7b01c0709a627840fec83d121d819a0f59e6ab3c3e47a711202c6a9b8623

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 08:32

Reported

2024-06-13 08:35

Platform

win10v2004-20240508-en

Max time kernel

134s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a5b7c821214983f79725100cc659dc_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4a5b7c821214983f79725100cc659dc_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=5084,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=1044,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=3708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5252,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5416,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5448,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5868,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6104,i,13035806169561352434,1332896185314862791,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 www.w134na.top udp
US 8.8.8.8:53 www.w134na.top udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A