Malware Analysis Report

2025-01-18 00:58

Sample ID 240613-le22mswhmq
Target a4d8c9e8a2ce1f2d36a6ae60d16da77b_JaffaCakes118
SHA256 89d281ac420db3a3fd1c287a7c3ebc03b0998c3bd882070f0426ee7fa73aa71b
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

89d281ac420db3a3fd1c287a7c3ebc03b0998c3bd882070f0426ee7fa73aa71b

Threat Level: No (potentially) malicious behavior was detected

The file a4d8c9e8a2ce1f2d36a6ae60d16da77b_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:27

Reported

2024-06-13 09:30

Platform

win7-20240221-en

Max time kernel

144s

Max time network

146s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d8c9e8a2ce1f2d36a6ae60d16da77b_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432725" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 40e9301a74bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007448f154243b0049a847b23b2a8a269800000000020000000000106600000001000020000000c789d26405fe35c3bebd04efef4030aea530a7e066c025a087b142f22178a629000000000e80000000020000200000002e70042e6aade0bf69169669d923b6570ba43443a4b620f127f56646495da11b90000000f9a3561daab476728685f8a9c6e48656ddd9aad8e6fe9a95931786f62bc894eb7e089fdc536c3c8103186a71822808eaed11f7981536cd690387449403ed49ded4ed6599ea6607fa3efede7622420523c559d3d4e4fd82f08fb830bbef2ac1c765db1a1e14d44263e779ad52e92855424df995dbef2a547ab90a17063c4445cdbb4e97e066fe68d31289ea0b58d2be9440000000664af5453aa46e1ddcf69c5d49c1f1fe1de1438790483d9e0f75b67bbdc2a9ce4df1b3490fc424d8c4e4f1bea4f528887852240504a8e2798ff041b108165405 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007448f154243b0049a847b23b2a8a26980000000002000000000010660000000100002000000092de13dd2296551b14a86224ae097052d0dce5083ee8737fe645fa0a671d14dc000000000e8000000002000020000000a292212a6fcc15be8090d37b83fc16cdc41c72658f2117cec9056f6b9647d36b200000006fc41b700192595d906cd3444705d0d46b232b32c5d93c9240092c9a3a65c54840000000e74ec2a79704e46d96e34aa3a681cb2122a68f2fc67b4d6ea20123621c8248b8ef341b5321e6dc040fbde114ba0f95cadcf7f418370dcbf4e024ca02b83f6d27 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2C5430A1-2967-11EF-AB07-4AE872E97954} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d8c9e8a2ce1f2d36a6ae60d16da77b_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2004 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 razgovorchik.ru udp
US 8.8.8.8:53 masterhost.ru udp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
RU 90.156.132.125:443 masterhost.ru tcp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.198:80 counter.yadro.ru tcp
RU 88.212.201.198:80 counter.yadro.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 90.156.132.125:443 masterhost.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2DCB.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e1ea556e9ee9ae20992def115437319
SHA1 79ddce370658c5a4145ed992ec6afe54a5e914ca
SHA256 92a09fbd5e615b53ca44269af204b623ef5a2380fd5392f021c5b5e8e52830af
SHA512 87af451178fecfcb2e5b413ee5e5aef08107cde51ce65f79ae1408e0170c6c53075e931dfae29a6b413ead96cd18518fdb0984952785213a0600964e1be88c81

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 474826442a6fb871818bb0aabfd9b2ed
SHA1 21d5f87e03f004e7ed854105a839265fd33c1a19
SHA256 766953cb473d426edbbf2b33e3b12d0c4b0e3c04f474c045264a4430c077c2e2
SHA512 4344364a5a6312c3b5f0d65f7f6e72985badd895ddc01cd2011a51b93156fd272723b427b1c9595438ab79b4dc80bcb1079c3bba552666f48f0857cabc1342b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 017bad542d8cdd9f0ab8c1dc616a42a8
SHA1 3939438f5466ff5bd6cd01d820eb9377887f2442
SHA256 d1e1f568fce92ccd785079776a31bd2db62be064e98f3a1b334d8da0154c1463
SHA512 87a89e25abfb97073d8077546fd80c4933ac20a47d6e5df2b83f4c08d1b598f42a4266878fde29865a6374f87bc7a086ee7c0aba4d47026340b75471a594b23b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 c7404fc6e147f9367fed3a97d39acdf6
SHA1 9f6e1bb2bce453812a04010b3170dab76803fca9
SHA256 cd025d6e0954760ffca0925fc4abf99d51d44821b8e86ba6479dd3bf80916697
SHA512 f87865914e31bbc1e4d2fae7f945e2cb37a54f298d85d1ba0b720dcd396c216d1bf5d83709e85f58f9bc1bdf6576726f51eab01a80a735fe0ad3b2d345d03f43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 59efd7aa2ea539d40677a3145bd83c1d
SHA1 eaaec64227ac45357ec72457be49294d0d0a312e
SHA256 b0e19d4fa1e7b01ea09fbedf2339c59697253ef8139dec66301aae411522afb6
SHA512 9a1f4eec41ff922dbc8190fd9b6567f0e473393b3f88936e1b5a285f5abff8f1d23a36c335d31bb964976251cda372ac6908f0af7c5018b48f8f43c163195be4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccf92a15b7ecf100ad5ccc6502a52e6e
SHA1 b0e9434d65548d061db22d72793e160dc7e028f0
SHA256 aecc2c3f3df426c341fea7176f593b79a4fb1c58ca288a91b072e731ab1dadee
SHA512 11801476343498578f28b8cf8989a818e20eb165a3dae2bf46187347310dcf04d64fde9a40c0d741701b5b857a8bd8c87d8ffa7842884cf455504d0741697009

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 12c4ddbd7f435f64c85d9e0b2733cda5
SHA1 e761569d936a0b9d0b23d544a27ad24dc9791985
SHA256 8fc33aded24c25294403293e6d693c03e4ea3d6d231bf4522e4469cce8048eb7
SHA512 aa2dbf2952418dcb2b0efcef16cf008a7959df604126277339bff6cc15bb0e0539552d47aa2b589f2cd2ad6c1b07bccbfc99653e8fdfbcfd43f87db34f7c2fd4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 545dbeb12350c677a1a5dcec041cdf0c
SHA1 fcb826cd6e9a3089abd002a8f0800072bc108ced
SHA256 37b81166fc8b705fb6c9727e8e899f7f11fd38ef7510a0c60f31edce1dceaf4e
SHA512 e593f5a925df072c78c5838621a78f74e4518ce7c63b6fd71252e3d815bbebee46cd24ff56d8a121c65850948f373d69472a3a2df81d8f2301a94fe7cf451522

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e6b17c329a7e924b6f6ef7eaafef42f
SHA1 3aa0eef287719965a726b64d628372938917e353
SHA256 4db3e22131f039d7e304e8d0bc8f24315a3820cf78aba41185f670342006e332
SHA512 4df424330937fe940ad044f76c45c1c6afac80cd931f5eec588356dd4cf2edb7955854b6551da3e92a935dd9a7e76dbef3fc493f6c69d1efcbd6822160b4a243

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9f439470963555286f542e2f0a074177
SHA1 ebd8598f97873cb4e03fecf479c2ba57cceae5fe
SHA256 f8fbaf4b59439bc01f35561deb82e2b4cb59ad9d12546ba9a38f92fdbba6ec04
SHA512 a55b98e14968dbafb181c53b8db005aa8bc2303c70df8fea0b4ab48bceb29faf0b9ca8abb6c6828f7223c1426cd8c46913b9c62cf95413e76466cb71691fa2f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 327640adc1ea62ecb34bdc37bcd18884
SHA1 91cf11fff7774f93b76168512e1dd9867bce949d
SHA256 787d9b059395c451b2804861b31270ea5e19a1645bf3c59ff50eb7b4f6a71db4
SHA512 0d819468013f6bcdfcda06542c713fb08ee8eeb7b9776e916ffe5284586398c5ea0771ea0310ec9384f06f8786aea51121470eebdbecccd6f4a91faa112cc6c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b9d8cbee0028e28f79e95c776e855ea
SHA1 315df52de4ade0f6109c91dea1275c7292886eee
SHA256 c7625d47d4bd3b39c7748fa1f98908a44c51969d890b191dd9fc8f036af47a4c
SHA512 084c975ef81048a27dc82dcc74e01e7c079d3e3be5b2ecfb28ec1b602d0e7c0660779f3abe63e611e84231367943b8c3c52a0bd83c5a54c3a2de96066e187015

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3603e7b693d834b263b28e949c6d3ee3
SHA1 4dce8952defc9de889533955018ea7b852609de2
SHA256 754852e565a7eda9e3ff88dd4ce9ab7bf7e9f09beccd15509cfc6c361ab6ad6c
SHA512 e64590dedb0cd3317510b15dac65dc1b2805cec81279952c1e98a8dd53b28184bc972b91f6e9d7344d56406fb16155fd677cda3821491b4e2f7d0b8ddaf47c36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22f4402b64b079630badf6d8951202ea
SHA1 6ddad676c372146261c91159edf3c60e3cde80c9
SHA256 697a72e5930e5f0837131706691671a874ac0510d9ac498a75eca7e88030b5a7
SHA512 51812a86bc277977db4ff30a63ce911d4d07f018c2d9ae01a5c2937e1be2afee805a447b99edca138f55694ed9ddec75e3e2590567648a2ed7e24d6028085be7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9ed00a8a5ce911cce55c5ce289a5847
SHA1 955091056462c0a1b063a61e29d70a2d3166cf5e
SHA256 2c0fcb9e4aa85c9a3f04ce932b6f4f87cf40e67cf3b2c1308c0779374833c171
SHA512 72cdac7a5a6244ff3f4118a5f75b3e94be8edd976930935a438108d5da871ec3f5322a65416d6c273b90871dec081e90a065d3f81d121e243a7d1fb4e53faf8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dccc03f5479fa77248f6a04c5f061516
SHA1 8ebb9a07ad300655b4d11d21de34b7db82331bbc
SHA256 970f1c63543d84710153f7a890adf969d1f6961c1326177e8f3585f292541165
SHA512 5a4f33e7efe1b0362b6ce0e0e678338d9928b32d244861c9de82838e7c3a367377da88840bbeb603deeab1449b6425c524d039f34bb4835a48f87a9e26fcc6f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d72af5587cd878c909a4075f938d0fa2
SHA1 dc6e25fb9b2160f2f8a418307fcc416ccf46c3a4
SHA256 15ca58ccdb44ce1f722c85f7a19f43ee27536102cca9c4d60d0ff24aa2955223
SHA512 959e9cf316e0980926ad61a6875a8df464ff779404de4c7fb46b4c634d9b7c40d3d21063175a2f551cc7e8d482b425379f77a3e65bc9f9db86c351d3f829418f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 558803fd72e7fb0975bc140e92dd72ac
SHA1 1b04b316edf1acaca439ab717697672fcccbdc3d
SHA256 2d5f0b7bba75c67b666565abdb54851925c8c5940f3bd158660c2b174cef8128
SHA512 3b7e52671e6afd25afd0796ca247fa8e9f6309c39f692127e52a48d1aa23cf4e8dcd31d91f3622890ff773f38cad335f111048812d1a8b374a8908e0742f7d18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08fca44c0ad2bd69b658553a37bf5f40
SHA1 36d59171818b0ce630beac9cd5653857c3b1f0f6
SHA256 050755cb1d3416e0505cb4829855514ca4e9a26890e93fa552c0c69d0fe6b33a
SHA512 2eb322a4bf7120b75884669a12da68a367628b05c0e505944388249067ea573cd1c55318d5be516fbe02fb23ca29c88509e33926cff261e7fe04ce389efee7a8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 762d7c51a794da986fde8ea03f289042
SHA1 465fb5fe0a782f751b58a2173faa768ec293ef01
SHA256 cd1b152ca859bdf9258af9537367a712f8bb2526d49194bd559f3a4dac2a620b
SHA512 e97dc3af3add02d6a5966c5c5066a0beb3843926e6128f7a5f874e8a64874e81907fca5b36abfd31957a170b3c22999acd35bd8761719478b6b2f039004deb00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b7d75d95ea2a7612945d39465f2aca1d
SHA1 13e0996f88421ea1b28bf60ef57d24f41b7814c8
SHA256 d32a17eb238be886541bc8b7d7db73ef5ed0733661ee4157e27badcbc16fbb02
SHA512 b2308d2a2e795aa2ea3ecc0c1fe965d1bbe5b3537590b72b192b753b2cc0e82d708d277b6145fdcb3ce1f1fd0a44ff5bba362d3023f2f6c095c959ee58d59ad2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f8ca22d37b54ba6cdb593e3eacfd2ea
SHA1 208772a1883c0c47a10a18e34c9db223cd818f6e
SHA256 3561e6cad830dcbd4ad412a5dc2d2f56be76b1f0719c8cc11adc75369a8589d2
SHA512 63eb13b59d1b491e7d8a6636e0e2f1661f55cece1ce6ceb3699802ae214db2d0f88530d0b30697609a44f08a568c8becc31a479b69c90a4684e05f2b4091c62a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6d6946c2f1325d9b47d3f0fd8f6ca90
SHA1 b8dc51f34f783d165490ce8bb6f72f156db6900b
SHA256 367d264f11c9428c1bafc34b66ba8c171ce0f847ac246b9ba68ceb33ee801b5b
SHA512 33d1675e27227fd4dae1155edfef7901c42f71f486f597a20434905d578737c7cafd5847cc621a43c0e9027f368de7cdf521fb6b5d9bf5c52b8572460fdea471

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:27

Reported

2024-06-13 09:30

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

152s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d8c9e8a2ce1f2d36a6ae60d16da77b_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d8c9e8a2ce1f2d36a6ae60d16da77b_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5348 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4936 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5680 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5752 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5808 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6108 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.9.158:443 business.bing.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.9.158:443 business.bing.com tcp
GB 142.250.178.10:443 tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 razgovorchik.ru udp
US 8.8.8.8:53 razgovorchik.ru udp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 bs.yandex.ru udp
RU 77.88.21.90:445 bs.yandex.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 ads.serveuser.com udp
RU 90.156.132.125:443 masterhost.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 163.205.31.31.in-addr.arpa udp
US 8.8.8.8:53 125.132.156.90.in-addr.arpa udp
RU 88.212.201.204:80 counter.yadro.ru tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
US 8.8.8.8:53 204.201.212.88.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
RU 213.180.204.90:445 bs.yandex.ru tcp
RU 87.250.250.90:445 bs.yandex.ru tcp
RU 93.158.134.90:445 bs.yandex.ru tcp
RU 213.180.193.90:445 bs.yandex.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.198:443 counter.yadro.ru tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 bs.yandex.ru udp
US 8.8.8.8:53 198.201.212.88.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
GB 23.44.234.16:80 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.22:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 22.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 77.88.21.119:445 mc.yandex.ru tcp
RU 93.158.134.119:445 mc.yandex.ru tcp
RU 87.250.251.119:445 mc.yandex.ru tcp
RU 87.250.250.119:445 mc.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 13.107.253.64:443 tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.146:443 www.bing.com tcp
US 8.8.8.8:53 146.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
NL 23.62.61.121:443 www.bing.com tcp
US 8.8.8.8:53 121.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 233.17.178.52.in-addr.arpa udp

Files

N/A