Malware Analysis Report

2025-01-18 00:33

Sample ID 240613-l85pmavajc
Target a506b3359686b00566c121f44795a6c2_JaffaCakes118
SHA256 e56ca6a62a0c857146377e649eb6bd121e00e2fe0994eb2a07aedcf5913abe43
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e56ca6a62a0c857146377e649eb6bd121e00e2fe0994eb2a07aedcf5913abe43

Threat Level: No (potentially) malicious behavior was detected

The file a506b3359686b00566c121f44795a6c2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:13

Reported

2024-06-13 10:15

Platform

win7-20240221-en

Max time kernel

138s

Max time network

141s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a506b3359686b00566c121f44795a6c2_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000648cb8e40da083419fff8fe8ed8707ee00000000020000000000106600000001000020000000e748e5f2169864e955fdb096ba97ae147b6b64dde6ef7f79502f1445712e7a66000000000e8000000002000020000000fe3845f6cfd8ac1f4047892c67dc73feeeb61e4efd3047fe9294fe7198f14d7e200000009df25400fb16c5949e26264aef6cdf49641754ad78dbe7aac2a7e0c64e35ad5d4000000077d8928f31b06b313c0e38c364ab9550a870bc43c562574bbaaaa0e6496b8d476530f029215e7728c0f1fd69abcc770fc510fa4cdc8a0904dc989faa3e2a4946 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435461" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8B216391-296D-11EF-822E-56D57A935C49} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 401a09607abdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000648cb8e40da083419fff8fe8ed8707ee000000000200000000001066000000010000200000002619d58fdf23e38db07c17e3dfb85e7256d271bb7f3835da02d581d79de7053a000000000e8000000002000020000000845dd3db6cf8faecdb9b614efad522d6ae9d876f1dbb95475aee26cc3ab95bf0900000005ff2ca22dec7388362b814c974e74db4e3c4b59a248482b8aa2a6d919402bfe49e4c0c1114020f9b1e26b95eadb14b47b205a7714dd8359d084ed3896818f4b888c848dc4205a23af1c083d42b751ca6b20afc06091aba213617d6cd522cbf331e98ba482ab48a6ef911b4fc3fe1216c3a43d26de0a0261bd06f6012af1dcbcc7390e10a9fc987e11685abdff27e5449400000008472ba0eda0f9361c97da51668741b83b31e50a99203a2e6a3be2a2a1dec96b898f43d02cfcb418676492ac1f0dd81bfaa5ca7334912a7a01b35be12de469057 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a506b3359686b00566c121f44795a6c2_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1504 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 e-jugend-eberfing.de udp
DE 178.254.10.141:80 e-jugend-eberfing.de tcp
DE 178.254.10.141:80 e-jugend-eberfing.de tcp
DE 178.254.10.141:80 e-jugend-eberfing.de tcp
DE 178.254.10.141:80 e-jugend-eberfing.de tcp
DE 178.254.10.141:80 e-jugend-eberfing.de tcp
DE 178.254.10.141:80 e-jugend-eberfing.de tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab360F.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar3712.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bba18cc181e8e55eec43d377768d9f68
SHA1 316b69d5b6ac355d20fb3c7cb9f9640599b3c9c2
SHA256 31b8e364514520ceb476ea7736e1e58082c7473bb738c6c7935503261d7ac39e
SHA512 2b58c69d50848f5fcf81e466b2a10f8cd5e8d8936f515eb2c46a9cfd96df210962905969279227b5055ef3133195be79398003f7e39c64c41043cc17bd9d3158

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b5e0232ecbd7d537842173ab6d5ea594
SHA1 e5c82c8bfb4f087577461cf257dbc296f2c98cd4
SHA256 9b6b21531e2c7a17a560d5c798f9847d3ce1de1b92e08f4ef75f395441994c5f
SHA512 268b847f532010f5fd2dc3e76424fb762865694d677565697fef9c9f8fa25a015c9b1cbda166cdc7b824a589bac48b4b8bbcae3a12acf48fad9a4491475b3257

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfb6def11f7ebad1f1dd30f470618cf6
SHA1 950df768605a18c3729f03ba7d18b5945e0c7719
SHA256 3ccb7c4a70d39ba6c29f0eaf6aaa0bd77f637e6dd1711fe76dadd98991f411de
SHA512 ca4cf32a7b549c2bd03b89cc3822e8ba871d7ef22e24219b2cd6d65590d1310aa23e5e4f7f396f71262fbc1eeabbefd8df5b345c33a644efa4d205457f7f9658

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e92cebffe9c2effe4b2fbab2deb60db0
SHA1 d8ef166fdb10db614433b8a5f6374aec9058c232
SHA256 2b27451243eab298422c11bb0d07c5d9c1023b92eee067f6e005c2b407d28b0c
SHA512 9f5a6391c6ecfc4f0c490ba7f10bb4af5ad516a76b62060dcbb7d6cb17ff8cae8ddeea20189be4a88f80357a0af85b7660291957c8d12209499cfd166006264a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc74ecf876c61beb49be608bc6934669
SHA1 683f9d6dbb75652116cda13d8b13a7a3a20908fe
SHA256 5b6f012c4b3520eff68d3a49c3fabe1f238f4f17ffe3a3f0af6ca747bf343d3b
SHA512 46866f1b0c448d623cf2f4c910ff0deba4cb41b90b9a3b3a281a0b608d148708a801cd5a72aae2766ea5792d505b512ff25338d019c45ea48591318785d6abd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a4f353c6cb217c1b524aed8ca37b728
SHA1 c028b37a29bdb2637dce610e9254345bb5ee081e
SHA256 d2f75625dc8de344abb0cb6b51991d5fc392132a2f6f653287902b274990d60f
SHA512 42e6ffeb645659eea28a4c9d6ae7a919fecf06d21606cf746b7ae0ae55b0ad77653a91eef36e982948f2e9deef3e51a2878577b0959369d62b316a5385e06a11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 402aef1744234d8d8b1e820868956263
SHA1 43e047b1c40119c135c423a05025ed198cbe0d78
SHA256 b9e3ea56dea8c90559babca0fc441dd8bfee46dc95759029b3e0e9e1e436b82a
SHA512 a774a0d7dc61da58743df10dd6bf9178d528c7e21125ff58e3847197c40dc7950ee0da826778ef436beb3589d6f0ee7995970f6e38fdb87ad508ba96c6a92b56

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 070af16195287f572a369f589895f5db
SHA1 8b2f87cce9bc0391281b85dfcd44cfc86627b210
SHA256 378904d8905d42e81388f50af5c8e02b45e54855791b05bbb8ef9d91d0b38207
SHA512 f6de146ea31cd33d2782736c0e46555218a5b1353e57210ed99c83b97b0cd24db630429e3e7b9414c1cd1a02e75ca2d59aa736475df7161a4202449c6cd205c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 598fb876eec7ec952c66f9d2c94a3132
SHA1 993232b7e155a01d1004b4c649b2a43bcbe0cdf1
SHA256 77a9e7b27f5925d24f2af99116f734610def1b33fd2a7a77af9a81a81bc7fb6a
SHA512 9082d34b456a1fc50b83d7054e3cd4c6cf5f9969477782763b3d83e91be52f1d06895d1cb0ffda900bc04ced34b3f78751df3abcb449598a9bfbb1208a3589be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2878e9c67d53bfb8ccb05eb9b211ad99
SHA1 e0b8bd03c821f00e5c5a6aaffeb904395b0ba205
SHA256 02446e9874718e590f0ca4d62ffe4946cc5dfa92138e63a628df4c460e53688f
SHA512 3163beadb84a54ed364a363547be9034cbc3978d709b05b7ebea74ed7d9e4b042633ed4ebe001e7265ee0c0e2e44f5e2f7b051477f2a24086a60c77d35847004

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 575a0bbcca842e795042c44783e96256
SHA1 d1db5e25150bcd6a0e8df14ddbd0f3474ff3e0b7
SHA256 9ffa3ecee707add53012577cfae488db86ae75c09f11fa5978f3d3052d2297df
SHA512 b05e2e812da03142a12e03086c7d324fb4e72f37a4883a87d55189a86c1d4953bb413f6d193e3ff979f02038bf82df1bf5aa94c4cab830c3fe62e31b882529ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77b8bed539d8a8cb92e7cccbe9db1174
SHA1 09c96fd3573314a6b399d5d65c0d0e3b9d33df57
SHA256 8f92d331efc5fa4863ccf82e58c7abc479bf269394218e99d18baaf2f054f331
SHA512 46b918cc6bd7a7fa39c5de94744c068f178df2f3da7414ee79f589685d75527df6aea46f80e0e3ac87becfaa479bf2f7056ac5bebaf6a56b38252c1d7a4ca4dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d71a29f5b1c76b07276c461ed146190
SHA1 c57540310dab6f09a32a336e9d85e02ae537416f
SHA256 1353eb0cdfc66b2df702e66e74558dab0294a742926f9e3aa346e9802a421937
SHA512 5f0932cb0adf92853e786cba11e83aa9572cc28a810ec958651008d3e3be99821ffdcff51f42245b4bbb2884f5eb0ded3f3a934a0f159b770235ab871f8179c0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14cf9b7d3498fc472187cca5f8e50c80
SHA1 2fa6456712fc1dff92251e563baec10dee1dcbd6
SHA256 66bbc11e48e627aefe615542fedd7f0ffec770d4238313b80f43b90c89d174ad
SHA512 c09b173db4b1a10b8119a751a3087272001573c35ab0b7d29fc1f1c1b469ca5a9cf363d1cba34f90ec3390422a340174e9e0c651b00134cbf1d2d2e1de13cf35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d289b2bc575970f78492047e2597edab
SHA1 2922b41681d6d1c6dbd63a7bf8360784674b9f9a
SHA256 f9fd6e15d81aa7f5327607e23724f8fccf3da6d5f3480a57d433a10e0e8db444
SHA512 38dd505a2b5d2bc71045636173005ea0c84df169c0a1ad5d65351b510dba4fc757636bf8a7681abae101cabced36cace34919c439201f9ba6a25e15f7265ea12

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a84eb84870a9b1550d65a166e46b798b
SHA1 66e07ace446870517fbc715f2566bf7a1ea05292
SHA256 1beeb3df3a5c1bcbc40dc0fbc96c8fb65d58719994aa585bde595c8a9c046324
SHA512 3035eb2dc5da27b47d831d851ebecefc1065bb36d06396eaeefca5b01f10c7c69cb69c5ac2c0cab83e7e1713a7803fded99ee004b0dc869a48bfc5a25df428ad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 264f9fb6de91490bfc5023f38dbd7922
SHA1 e94966a9150e3b6268763340549c28482ab06f29
SHA256 929dbb6f055f1db1663ef625bb4fca72250a5b48dca3d7625487557310d1ae01
SHA512 41af04d2ada8f70c96aa636b22d4191b599462d48346526f1281eb1024b5aa1505ff0752ec93a8696b047fc05bff56bbf1a9546f31bc67bafdfbbced218bb71c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06775459664eff9ab17d0a58d1423339
SHA1 dd39113a3ed78357688a3d4ff933dacaa03a5500
SHA256 b2eca49e1bd7b5c9991f760e095cca2eb20de126e4cde03645a6725f3a33b7be
SHA512 392ceffdd6405e5dc4df2f45004ef8ecff24f84608c02b5e7cafa950ec8d35081bcefdafdfa53528fca53f8d19f3e0f1fb2312ec39f2a6389dc665165f34070a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a02069487fda492cfdc56551b98ff11d
SHA1 b3b3a9d241d9e5affde9bde46d01510f65c3a3c4
SHA256 50db51cbd2eb0f0a1b905e0b1f3ec78362f672f2d1aeef3488f90f8203607394
SHA512 03804adada3a10690c471bf2249026e49e0ba20143f48e25759afaff8ceb84b1908290937eaeb45a35a2d7996ed95828ca1e84257043fb32a359f1079d030d61

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 994b949d2d0a5fc309ca0aef1f7396b1
SHA1 bb7581e51bfc4392ba82fa981b8dcf0f0ca8c7fc
SHA256 e3b2d12927d0cf1719bdd3d666139db42137501535e35e5d5a796ee319cb35aa
SHA512 d04a7621110e639c53b2325cf5f3e045bcf55ac133407f133409034eb10719bd1443f76f1755aa65a4801f4c74311206bbdf16f01756eda79b3a767586010575

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0bdae7272f37122e14c9744d8efaa6ec
SHA1 65e81bfa68a20285c94ec8cbc6bdeae969bca24b
SHA256 1c68d1e93201dbd0e4f940d6863195e285085c7d9b8a5d1e8eab24f742811cfe
SHA512 2b4534372c825fc3800f2e708693e1c1842baf2e8dc9a25b454c0a2d02b020df595c4d29f1893f232f93f9535e4e26101c8def5d15edd678ea07e796299e0358

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:13

Reported

2024-06-13 10:15

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

144s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a506b3359686b00566c121f44795a6c2_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a506b3359686b00566c121f44795a6c2_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4176,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4036,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5288,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5444,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5476,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5888,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5636,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=6768,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 e-jugend-eberfing.de udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A