Malware Analysis Report

2025-01-18 00:58

Sample ID 240613-lcrswswgpk
Target a4d504e108f58f5ea61aecb9d1f8ec86_JaffaCakes118
SHA256 271ca1ceafa459d700e33bcb372854bf11cdce239c91e15152309f3e6157004c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

271ca1ceafa459d700e33bcb372854bf11cdce239c91e15152309f3e6157004c

Threat Level: No (potentially) malicious behavior was detected

The file a4d504e108f58f5ea61aecb9d1f8ec86_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:23

Reported

2024-06-13 09:26

Platform

win7-20240221-en

Max time kernel

133s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d504e108f58f5ea61aecb9d1f8ec86_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004c33bd5ea3ffe34885316fbc4abd4e5900000000020000000000106600000001000020000000e496b5b1037dac4b276edd0041092be15e1aea7bdf4de0da6909c0f80d5be279000000000e8000000002000020000000933753048150e0b3297dd9f0c9afb8c351a946982002a378f6cc6cc52bf68ad89000000061d1d1b92f327a39fb89a147b2abc013ebe434b1bdc7d7358e22458c180af928e044aa0ceac0584c1cd34588780c5a719848e045c5a0d58d1f663b6f3822021aa0d717dcec2ea7a7261fdbd8883654c59b3a94d29875bd31ca5ab965662d3116eaf931cf21f79ff525510a89651b75bc379f06cf44df22c672b01dccba7d8ac7b22c9a3ad50c336a2421587a41edb43040000000bfdfd2828d810b2c776adf5db3bb310861ce1441671fb4d6a4cab970f52ec015ee03cf035fb0469ef13a9bf52cd3625195f13195e944ca9cbde9c951b09ba7ce C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004c33bd5ea3ffe34885316fbc4abd4e59000000000200000000001066000000010000200000005c40bd62d7f6af109cfd6a1603403ad7b2a4c49ee5bfe0a6c3b4c1cc11b2920e000000000e8000000002000020000000d82dd20a6892488a0eaee97976dd10168105306e10c986e51bc8b6462642e82f200000002ee6e395bbe21f93f53d4265d92ee638ddafce09731422f7481a7fb20296b93940000000dccb4d02267f1d55b28210a461ce550246d9b190f905f94d6e8aeac402d779c53254189744b23edb58c671060f286820ef0389a37d3e6159f27f03195a9d2b86 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9DD723A1-2966-11EF-A293-4AADDC6219DF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432486" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 20e4947273bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d504e108f58f5ea61aecb9d1f8ec86_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2CAF.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2DA0.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 811bab851b73b7eeca176124d62f2632
SHA1 7cbbb94afd71829bc83c9403c46c595c2fef88eb
SHA256 9fba4085f4835b4e7ac359303c0922a93ef6001e6361477a900785f9d658ce3c
SHA512 9207e3cc71fa3f75f8efe752fa55a4a60acd64ed532f6f34340d60714e0351a9c0dade39717f368d9c2d0082e6f0df50a2844601aa01acd5214e1a499181b9f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58543ee6460de7c2c41fe548125fa1bf
SHA1 81bad8beae110dce9278cefd034e2c76b2bb7d35
SHA256 15ae6de1a7df715be483b0159e6cf0546442459bdedfeccb5fbe7aa2c60accc1
SHA512 b190bb01abc43273faecd6330092b7c98dafac48780b46895ec6d09ba1cbe422b06ae560297d98387e2b696dacfa4ca0dbadde338b5c26c915d16aa059b7cb58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c6be99c75d0344fe33fc9323de558232
SHA1 25d7919aee14aa95abe9b5bf0e7a4fa108b03b50
SHA256 bd5590128e854d0be7cbee4e9a47a418fe40e7e725953389b7c8a0f2d1039d66
SHA512 a574171c62e90d9ec20a9d6b693f8de68e4dcb2d6379ba30d733a87e371a7dc4e1a881c9d1064a7e716faf15e05dcf54bb9033e02d88cb24de87ba6376770566

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6e33ebe92b8b35b9bc0c4ed0c0d642d
SHA1 50980b83e1642c57bd048f4ebd40497973c30a3c
SHA256 b57794ac1d29671f17c9b3c167dcc0f381d7c792b3ef528dd7f9941896e7bce2
SHA512 ed6fbc4b3d0b22ded5d051072467700620f063b331b7236d05ef688090674c423c44a716c3b422d926234453e8ab3357086bf46d9e8b1e4dd2f5286f76b2c923

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b446b28cb5eaa92c5af1b0fe28fd0903
SHA1 fcf3acd59dfd23b7d484574aa4a5994a14a5b20d
SHA256 f94e942f9eba51970667c3fdeaefc4699b08e767a41de3b8a8ea4deffa5e9c01
SHA512 496cea4be6400731b481cf6c986045ea6b6be618b9803a9c024480db77031996fa2ddf5771ea0767112d7b018fa114be5b28bd2dcc39c1300c87c6a7188e0fd1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3252d26ef806d108f59b8ad2193d6a19
SHA1 6c1559c2e85773a79a86b2014fcd6d531baaf439
SHA256 ce085f37b49f77fa0700cc1ba5bff96396484dafbc1fa67b26218928b2eab394
SHA512 2a9e3f25f1383846e7453ab1ae089ca59afdcc17464b1dfc384379d11dfe550addaaf25e50c2a8d66951231bf1d43b9dfff5eb6aa31a46e6fc7ac92f373d5c0d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04485460f45581a110123e54b5168ddd
SHA1 87176c3fdd3859b35c6f30315db7d8a7ea60464d
SHA256 411304ec473b63c17ae349ec2af88828836cf8bb47e03d41460ae8e32eabc835
SHA512 57e85a933c5e8f3ae89cca948920c03a58a843482a719bf7f2da5f33bb35769d95502d8d045013220f5545761f4c658d279a7a089a3150c1890f602496533d0f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 238e8f6ecd877575e4743eb425eb0c51
SHA1 106ce78f3e878af29d7634f56d1cedba40fc360a
SHA256 cfb27d9d32fa44053b793fa957318da79819c2f698f0b17970a79a719a501b76
SHA512 5114761e0d33198280395948366256a5d4e5c00ba1003d7f2d4f7187b886f4d9f0602d2b046a7accdc5605c3e2f1a0b17b7fe986c5f488d93c116d9e5c254a60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 997d8bf3f8aecfa25e3c34b7e378a681
SHA1 4a311fbad9b34c5006da4d3e8d5bd7ec58a1711d
SHA256 43103236f943f4dcb823419951efc332187902a31b1b8c8b0ce4ebe30f28b2ae
SHA512 ce6bc4ee53ede70667744847dde2688ffd108b0252ac9c07ee7ed04d9d7d603114ae1427aa64febb099ab12aea79ce0d705c400131b8c6f3c6a45a971019f10e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7aeff0f5cf23f5cad7b39db7be3c599d
SHA1 da2158364fc59f494e316a9110a4235e1cc2088a
SHA256 b8f888d978d9f273a99dc04c6cbd7c589a562e1669b2abf85b2790bf487b0fa9
SHA512 db9d0ad617d6a9b4eb75b69a474f3824093bffe60273922c07b123f307851bec3215f4f853da12876908690cf7101a8c6e877625d45934cf8172b179cecb78f6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1d8da93d9401e4bd542124df68666c6
SHA1 0194687dc5c524e7ef8368d941109716031b3f44
SHA256 2f4de256d3144dc1dc14690b0f4d792387ed3842c0b450289b37c9abc53b008a
SHA512 4ff461c85eff90c4a79cc154e7977d5819033024e45aa9f2aeff417bc8a91930578cf9061ce45694d22b9c194f10c65bdd5c2cb372103a67e570506c77499352

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0f900e376d09caf9a903bce165023a9
SHA1 681b69b2aff08813aa27356dfcb788cb20c107ae
SHA256 4a9005fc32591ad7a8847aaf41c89fa48aa1a972509f548c4f17a567e65ab34a
SHA512 661b57f490841aa9d6920c66e7ada32a15f1ab74fa236b4685247ceb325b36cd683a3e896b79cdc8bfbec9cbe415dffafb8b83e390783fec7c6e66adfbe5d53e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dac63ee61810a448f6b1389b87c0a53a
SHA1 2faa89f331e1c92b6bb54724bf2a1c024f61b417
SHA256 c1e2f96862d26d5c74e4d0d1ed5981c121c2696ef443a3d7814357f03ba2cc31
SHA512 66c6811bac635bfa9c1eb1bc9ad94ec76789b237a959c28bfaccfc59b2bb320dfe8e87d4ef92974a2dd22a0d6a79ece8de80da862bb03e16e42004a7b044a131

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 555541354a5646afddbc7a6609c7e4dc
SHA1 a9cf4eafe3f5bf4b92526bf402e99ffb602e8ee6
SHA256 743dad4cab8cf68ef4c2377dcc53ee9ac43a3a56685ac332a3258b05e6d83df4
SHA512 966078acb94e153fc558edb5939122713353fe22aa1341e64f9ade02ae084b6835dc9b7959c26d42e5b766d60d75d1a32c48bb2c553dfbe0743a758b9b61edcc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 969f36d55ac2e062908ac659dbfe3c16
SHA1 489f78bae67dd5a4fd398a54c530b6de165f5365
SHA256 261f613ad862389426042b3736a274922d7189684361eb81c0a67080798a5d6b
SHA512 c874f59b4d507d89422aa2cb07a190edbab6fed7dd12f1b802fda4279fecf04529d363a32caa40d45b11107da449a17fa55a1a9538532d6c5283484dd46de2e4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6600c9212ec7e3fdb73e887dbf48f189
SHA1 337ad12fb2a12c650f1a7e76c8272179d51c0265
SHA256 e855c27983142bf98f76b5be60eff5850fccaaf68972d51ad396b6d0d0598a8c
SHA512 85b61cccb5d85a2bbfc370696372b2c70ba33944d6382feac0b38d6b562097e38445e8e45ec382ff61acd71be5d77a5f183d264ac1805b556de70ff86d17b8a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cb3edaa9678ee365727e6e1ad4491bd
SHA1 3d18eebf4a1ea879b08611070ee7f975634109e6
SHA256 3472c87ce03313b148be02f97bdc9d531b9e5348ce184f458a95b2b0bf2a76a1
SHA512 9460f454e24dd9fd2e9039282dd81c0bc282f688c9833f3e3f287dc5a7188d39b3d767e52cd966b9cdf5b1b8aeda77edf2111d2748a24f08800e1539d2055e90

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9cdfe8ef33ba3e823bbd65825664ebfd
SHA1 fcf896823fda985d2f40fee8b83dd72d2b0b424b
SHA256 848e27427cf74127f441999ea2b09d6b62611c0db1577726a7a73dfa282b503b
SHA512 a9e067bbba6f04041f20b3bff6b540921d953c750955ff81d0f282cb0a1e7b26e7b6d616ede0671ffd0bf70176c0528be2858c0122d8602bc61a600ac509b9c8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b38b14365231a6241c05cde420abdd34
SHA1 99fb7c2e363db8c4416cc73d0dd94afeefcca7c2
SHA256 7d3b4189a08e58af13779514b282b4c0b4c4647bc67e405e7c1ec64b8dde1803
SHA512 6a2d4a6cd32c9df1feb19e943aedabeab3924705ce97cb8a0e423725738f43f12c0cbb9ce9ccc58db9c4e8dd1159c1d895b4134b19b8ce7a4e8bd24884f858bb

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:23

Reported

2024-06-13 09:26

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d504e108f58f5ea61aecb9d1f8ec86_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d504e108f58f5ea61aecb9d1f8ec86_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4732 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4668 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5724 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=1044 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3828 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4028 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 105.77.117.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.136:443 www.bing.com tcp
US 8.8.8.8:53 136.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
NL 23.62.61.168:443 www.bing.com tcp
US 8.8.8.8:53 168.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 252.15.104.51.in-addr.arpa udp

Files

N/A