Malware Analysis Report

2025-01-18 00:58

Sample ID 240613-lckdtawgnj
Target a4d47fcf232991c271028c4f8c05b5e2_JaffaCakes118
SHA256 ad531e43c956acb21867e1fa00c9a929528e6df4cc67cda5ab2a0f725417c928
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

ad531e43c956acb21867e1fa00c9a929528e6df4cc67cda5ab2a0f725417c928

Threat Level: No (potentially) malicious behavior was detected

The file a4d47fcf232991c271028c4f8c05b5e2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:23

Reported

2024-06-13 09:25

Platform

win7-20240611-en

Max time kernel

121s

Max time network

127s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d47fcf232991c271028c4f8c05b5e2_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432463" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000008f9ae053eace46ba7a0d7f0651899bdc7c45d85d9ae3a2f586d0a462b3aa254a000000000e8000000002000020000000112484aa93bd0a86104f544220a9237e5e741ff5d29df43a0e418bb51612aea8900000005f711e29414a208c4ae2d105613037d689e5411b881430cb83cad081394f764f81c49083c16b1c18aaee301bb5c313cfa574137fa69d6354568aa55e8a27d45c64aafd3bcbcd9b9a2b83b3bce22fecad78b1eb37700aa84b327caf84e321afce9acc3a7ed5293884a2d29c56da2fd445fe5da7a203dd00d134ab0b25c464bfcc929f641a006c27325e5a610d8f8feeb54000000014e4603bd4afeb736acd1d06e2c8bcf60e2c56ba8f815e631c24e4f6bb0a7ffd82570ba6dae89fb2540e77ef8b08b4de485ecbd18ee549f5b87823ebdcf63ce3 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9022C701-2966-11EF-B5A7-FAD28091DCF5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f04bcd6673bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1340930862-1405011213-2821322012-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000006fb3d087c4ee9c4bb22550fd83a03905000000000200000000001066000000010000200000006e6b5ed17a1f4dbe7bf5c635e03ac2fb76bb197071479c37ff2fbecf1d5311c7000000000e8000000002000020000000af61a0b3a9f79b7e67587d5ef88458e838431f047834a1889b76275e27fcf6da20000000f7ddb3b99a58f694a5853d4caa9fbba2c4f7a1e4098e631d250d71c42bf78a9740000000e9d4d8bb8f1b43f2caacfb19011a588aa40e502b3408ce782c16b1802c186db7cd853d0e4a5c79f750a9993b75d740badc8f8f287215d19c37a6ec423f2bfc10 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d47fcf232991c271028c4f8c05b5e2_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1380 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 coinhive.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:80 www.gravatar.com tcp
US 104.21.57.186:443 coinhive.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 104.21.57.186:443 coinhive.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 188.114.96.2:80 saltworld.net tcp
US 188.114.96.2:80 saltworld.net tcp
US 188.114.96.2:80 saltworld.net tcp
US 188.114.96.2:80 saltworld.net tcp
US 188.114.96.2:80 saltworld.net tcp
US 188.114.96.2:80 saltworld.net tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 188.114.96.2:443 saltworld.net tcp
US 188.114.96.2:443 saltworld.net tcp
US 188.114.96.2:443 saltworld.net tcp
US 8.8.8.8:53 gamingw.net udp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 188.114.96.2:443 saltworld.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DODQ7AEY\6128162e0ab80b6aaefd01d25ec9fefe[1].htm

MD5 4f8e702cc244ec5d4de32740c0ecbd97
SHA1 3adb1f02d5b6054de0046e367c1d687b6cdf7aff
SHA256 9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
SHA512 21047fea5269fee75a2a187aa09316519e35068cb2f2f76cfaf371e5224445e9d5c98497bd76fb9608d2b73e9dac1a3f5bfadfdc4623c479d53ecf93d81d3c9f

C:\Users\Admin\AppData\Local\Temp\Cab1F07.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1F1B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0759c1312473d1c443f3f48a9c877b2c
SHA1 61780ef84f13563aae6b70361da72c31850d3c5a
SHA256 2733749345b5335c8fb2b193fa4e27f4eb4bd2c48bc4468e23ca9934bdbfea7a
SHA512 b5f1e2031ef28be5c250cb060d8f86e96055290f02bac8cc7acbbc121e7d4e37e686ae5ae2cb51ca01f4127f839eb3d3e7264af21ef2ec6de3bb961412965e34

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 361a5c99f64ae7452a4a999f9bec49cb
SHA1 77b74c8a814ef72ce3311a9c7aece0e8ddb320a8
SHA256 746fbc6d387bc026e0ef1dfc58d31fb679dc713ae4df3d695b93cd50bc7e266d
SHA512 958693e020efe4f478d4bca252ba47cd3cc1ecce6711cc414c26a2ea976eb031f7583062bb3003dcb55485ff9ad395d67c964a0ebd92f05bd084d66001060dc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 450a1474ec6ff220fb601b9d9c004325
SHA1 866ce4e4e9c26a44f441b30a49ff4a85ed2fe1cd
SHA256 623268163ace5893d9721925a04325cabf775047a01ba4a4a1521d07a3096548
SHA512 31b314c3b2db9a6d47439173d2fded9d64c5ccab2bb0b0056d623fc74df0fbfdacfcb6447d6db6b295eee3aee5b191b2f68e1224c827774200d94dd88b7dac20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 3ef502bd12385c77f46e53b2e58aa92d
SHA1 edae911d51e2d87ba8283e999ffa5e9fd55ec287
SHA256 1fadc1842baf809835c3c35b99042e45c6960a10c1d590bf018b04c59782c3d4
SHA512 70c0f82e0a40b26ac1694affe5510f02dabdfe056eb0e0003eed706e1a830d98206f3d0a956ffe91dfcfbc46bb775b63169e72474fa1df29484254a6e8aae0c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_89854CA6A0F0936A4D2ECA78845CEA25

MD5 2c7ecdbbb063ea5981f2aabe7fcf9ac2
SHA1 5c92e25fa96ac7eb2d432563ce62be6a11dbd232
SHA256 a6420b0e8db153c246988af7382bb94364fe491631d88ca68f800e83750489c4
SHA512 8d7258ae557ce5f5fb98fa4da2f55036df3ebe308392f656a1bc21cf09f0d335ada0b44503fb523b16e8067bc7803f7e20e5e05bdfcc9b4ef970e763975b8c93

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 5fbbd11da1447361d95430e07018c9c3
SHA1 23934454aa9c6076fe25696a8223c63ff258f496
SHA256 9018fa7df4d8c5ac5f77c69f1a33e696bbc91e2d44a64d3b81274c510242b2ff
SHA512 c3d1b0ed8493b07dbb496c8369c34011c9cd46c8020f9a693aa807baa5e375a09c0d633f14f05212d2e6ac7c4802e69bc13c186eb95086e0220a26a5523f4b7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 77734c8b49c6cb7014bccbfef999871a
SHA1 964bf494aaecd620d31f9bdec14621ac758b1f13
SHA256 585c45d23d34feed68dc13f8f115623501d7679f2dcd97f51cc7b3e6924d2bcd
SHA512 324b50653737c624ce4cfca9a139160d1b79678514091bd12a3cdd9c7c29424c7ab5129963fac9c92216162df0c018e3eb147ae80151ff6d5db823a91437af26

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b46c4b5081f9e3037be2bbc1c17e377a
SHA1 66aa4aefc54ddc953086596ac3487fcca3305535
SHA256 393195be7f6bcaa90db7f765a660097486d3b41e83d50c4e639102c511a383d7
SHA512 06d400246b9c912a0a39228d5db43a9008476a5616cdf4fb225e07283554d833423c9bbc09581bdaf8921f28bc79e6fb339a5246f4b30ee4be578569e865ae90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6213d7b8a66b65adb79c173b27b1ea18
SHA1 1697b19cc0b9c69eb3cb52c203442bac5bd40c45
SHA256 8c5592bfdd43802a887330d7d28aaa381d725ff9270495c39e3ad3398fb17398
SHA512 4baca658707a72fddb41a6df1cc26f8fae434be6fdcd3ecbfe395473f45dad86902e28870f8c1d0854a954d864233fe8c5688dd5899cf71913ed8ca7fe6d0f98

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7857ff533dff88bc608b202b53bf7766
SHA1 4cc014d3dbdb5dde65c390a55be489c81645d451
SHA256 1f215f0c6bb5ac8f937a314044c97f374372eef478d95afaf367433b16663a49
SHA512 151aaeaeb30f473bc29d048f3a637cb6f2863db3991cacb99ff8899a8ca30b9a3e6c50500ea5cf5ee6ebccec92db1d64b98ae1ee5eb285aca9a6b2282026afa8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 99463a39d7c09eade764aa19408f43d3
SHA1 4ef8e116bab54338e428085e7d2bbf94f3cbbd41
SHA256 7211bd4a8d98b773adc65bc885901b52bca0bec484a6f7c20025d943c01a0eb6
SHA512 1c96055020fea78e049215c1525100f6ba445edfc5eb44e4169ab4843b0fcadb7c2fc8ab2ae85d0e94f843a612097c024c26a5448b4c98b84ee865f2d9e31f39

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 05e0189ecaf77859d71f626a0cdc3835
SHA1 8b687bc2c9fe567a2a4bdf081c3243abf214482c
SHA256 d6e945e42724acf774a1448eef4c10e39a85ab09a925104035da630cd4294f9d
SHA512 09795fef19dacf7ab455451ec5e1929c69a7a92c9a6905debb16c88a61ab858e6a49206d813f239cc7b14c869915fd5ce9eb5ad386e824a1896cf7ef37280626

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 55e1ba74bf29364e15862004d22938e0
SHA1 becbbe390b111975b2c5b24a3de0ec4230d2ac2a
SHA256 185ef535025e599d334f97073fd2ad068075f43579b6f4a37d90b43142615864
SHA512 9a31c9ac4679ffa78394cf894125ba151b03883f892f2e0e12ba27cb3e5b90c0efdec9fd3578c3a81de98f080fad46a660ca0fb2c332d85736867792fed1ae7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3418cb8e68569ffdbc30cda81c44693d
SHA1 85af286c67684dcb23f21b2c1dacfed6524f566c
SHA256 cc02dcae86584adf48f166029fe39e0bb867007a1907e73bdf81c96f8d330096
SHA512 05e7974613b317163855b75adad015b818f3e8ba6c2915cee5c916960a53acc16a195b269faa1efd58f64a476e97b7bafdcdf5d7feac96d045175074b4dd493d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6280506625350572907b638949fbd05b
SHA1 a101bde330896c72c699dd749c96437f2808d355
SHA256 8d4e1ba9420fff1354947b597123038da9d0747a91df7af7f98b61eef70c0e95
SHA512 37d773db1c901d9ec6cfb27c73858b8346b1104f1a62c7084c182d3ca4e53ed6e0eb8c06809ae19aad88ffd7ca2b50540ce3aa6257f935f9105966f4d5fd3667

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0da09a22965597e09b7c8d9cec4b4968
SHA1 48ab0ecdfa474dcb7ee05feb103162fcd14b94ad
SHA256 0b105ca7fe39cd30339a807f11b79de4b48635f0509ebfcb4a5ac67ea3f44521
SHA512 e7b4cb5a30e0e94dc21bc53e3a6c92c403195a1937031c520bd5e0f4442bde92f0d649e46ea0b540e835f0ad8332099d0192500e89a3140c77c37211f5442663

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97f11b1fa6d85c3ae197c1188f6129a9
SHA1 c70a4983e9515e32fe302a824136e1ee831d695e
SHA256 99d1db12df35a89ec05f3c1c9a499584d816df2d6373df5f0cd026ea7fa01d05
SHA512 4da7ba5c35bc2481b99c12ddf6bd76825c29ef8256c85c4625f8eac7be01d7f75f7b37805bf787bf53ce5fda52bc85f2bd037bf15c351a6a4a0d587c49c78877

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f1876022dc471ee08c37c7309a2d4109
SHA1 937d1bba1cb0769edb979d5c473191ce0dd23897
SHA256 ccb5ab638e076f6210f32b5cb307b8d2e43c6c26dd7d8de96ed7b9e9da192600
SHA512 4e01e6d5d1fa65d2141e52f29b8b9b28b0f475ce5ab64626128dd0c943f17df55fb692fd71a6882c425c9d9926efc4e855eb212488cd47d9e62073e188d9f14a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f94aa281428f46f247976c707f614d17
SHA1 90b2fae353fc68b0ec653c9bd2d0e18b3a3e2494
SHA256 d796e63150499471bfa47ad10f429c6b801c761e407364db00c69e3f4ae7abf5
SHA512 e70e7fb35a330a597f718c40e36e5dbd766c3c98bb5aa67f56d259f67177a323921da9533fa9aa1976f8bc865f6e5abb8f8670d5528a2c33a8811d5093a6ae44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6392aa05e4ede5ec6f8ebc3dd9ecc07a
SHA1 349ce0f8873bb8d27f1c8b9c5c495fb01b81f5f1
SHA256 82be40f586bf68ebed8952cb41c244277352b939be1aecaa022a73bfd30ad24f
SHA512 bbd58d6369264f565b528c94b5d922d22582de936658a3311ccd5d2728c55a04464033287fa323fd56084551387964e236d82e0c2b0f16a5132212e11d3f3bb6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 037787036048c50f69c92eb8d0656100
SHA1 b3e23a7378f374e119df1eaa5079fb6065ed425a
SHA256 09dfc8cf745a65f345614cdbb37d3593ea69f0858cb6aa8b9d5a80581751a705
SHA512 e7b2c6b3d3234b40e1952bf5d4b00d8627f142a5d6ddc45abba94c7815aaa7a5ef50eee10d25715f6ec0b70114f766343dcbb1d3f985bed5d23f7e9edef62e08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb9240c3f4f968d2ca0eadfb5e8aeeb1
SHA1 bd26044bd87fc65b50c1a9c2011bfafd3ec86f2a
SHA256 c73ba0a3430e5bf98f827ce83ea4d355008119257888ae992f5134629e1788a3
SHA512 d2fba7d577ab8d4625e1021a9fb2f3087ecd1c9e09e68b4cd88d301c87141a8004ac36856b85d94adaadbe8c6aac2ec262982ae1567a505e2074379a9a62a9bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3175dcc3bbadb8431096b4570619a28
SHA1 0c982c75f2c5638620eb4dd51651daff85a800ab
SHA256 82793adca3dd9038e01e1147e59440c0227e9a8dbf3d99c1c5afb0dbef8fc850
SHA512 0000d25f3dcaa8c219dc0a112f0ffba638eb157c1bf789c96286aec5fc28c88afd95b38b255b422068391977d42dfd09ce80c1b1be317b1cdb3394c5e73f6d64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7e0da861d0185b135a55b3fcf552253f
SHA1 36efecf915669ed0935ad479674f9a5f311348ec
SHA256 2450238fb53b4516354ceb5a94f4954599cc9e6d500525225a81ad338f96f20f
SHA512 7bcb34df45d34cc374c819040ad7f72a1b86ccdee85a59ae3ec586701d255d57b128626ba05588fce61ece27fc9bada8e0f849ea28e330a47ec447bcb1179f3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6371e32ef00b4a84a1e095d049483603
SHA1 29961681cfd05f0e462a4fc488bfba44e4c145a9
SHA256 b54442d069e50131eb3712a20f3d2786da3c77f038f3076e53580198ab1e00f0
SHA512 3c31e34305cc55b08f8df2627914ae7025ba6352ff76f42e67d9c25fc3330a34af50eec8d779160963bae452b7653115f4a2602331b4f530c9b615b1825913c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d3e1e0ae7cd79a9e3c09957ccd058b18
SHA1 1002f015216cdd5e6dbe48f86731760483c6a027
SHA256 fcd1ac7a2629284c8ce87e6a7e2d75a57843ee6a2c013f56d7fd2cb4e0594ce7
SHA512 547196f07751fb7d121d073dbb0f1dc6ee658fbbdadd290bc2a73246fc218e011e828a5ea0e5126fade06b1d6692f87c7ffa4136c534e16a505a9ab698a67115

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:23

Reported

2024-06-13 09:25

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d47fcf232991c271028c4f8c05b5e2_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d47fcf232991c271028c4f8c05b5e2_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4892 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5444 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4704 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=1404 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5920 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 104.21.11.155:443 saltworld.net tcp
US 8.8.8.8:53 gamingw.net udp
US 8.8.8.8:53 gamingw.net udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 155.11.21.104.in-addr.arpa udp
US 172.67.160.162:443 gamingw.net udp
US 172.67.160.162:443 gamingw.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 104.21.11.155:443 saltworld.net udp
US 192.0.73.2:80 www.gravatar.com tcp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 162.160.67.172.in-addr.arpa udp
US 8.8.8.8:53 i1.wp.com udp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.22:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
NL 23.62.61.160:443 www.bing.com tcp
US 8.8.8.8:53 160.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
NL 52.142.223.178:80 tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
NL 23.62.61.56:443 www.bing.com tcp
US 8.8.8.8:53 56.61.62.23.in-addr.arpa udp

Files

N/A