Malware Analysis Report

2025-01-18 00:59

Sample ID 240613-lflfaawhpr
Target a4d99fb08847a5a5b45cf3fdf97c113f_JaffaCakes118
SHA256 077d0d1a69bcd71311a043593c49935a551e3856aa3b4737ab49a0e75290ea02
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

077d0d1a69bcd71311a043593c49935a551e3856aa3b4737ab49a0e75290ea02

Threat Level: No (potentially) malicious behavior was detected

The file a4d99fb08847a5a5b45cf3fdf97c113f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:28

Reported

2024-06-13 09:31

Platform

win7-20240611-en

Max time kernel

121s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d99fb08847a5a5b45cf3fdf97c113f_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4FE6D181-2967-11EF-968C-FEBBC6272832} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c070c82574bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000fcd7b5e2e250ab4e1fe3f13eabc06255056863e30267c53e12fcdff70e22c7b1000000000e800000000200002000000044b40da94148e4f664bf261214e837c4fa261857d362b0e9dafb47a58d13b3f5900000005e15f8feee08a866c09ea30f10fcfb1c46864b430240354ef05ce8dac1c750f0f4502befbadd506edb14f2c47bf8a48d8aa7fb8df32015f50a137d8b67216a003b461470601bdd3fc8cfadddada9175cc6aa13b9cb081bb7c8b3ab4fe5f43418796c02bd379dadcdfbb53ed9749d008b3b6cda6ad2a26375a61d97d32ab2d97a006948b4ae11f2fea2abfdc29d79259240000000bc0982daaa682b313cf0016e76c81ad3db96b6121e3410b22177b7483cb7c7b81f637e65539c3c61f75f8556f464912eaee92733dd34c69c8077a1c459564a6a C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424432785" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000fadbb16481011d5d0396b31a546214f71626dccfe848a3e89a53ff78f5191bcb000000000e80000000020000200000006d43a63c61dc7828a192ee791ce192f6e565f6387e347bcd74fc24d907da15cc20000000f251868591e76604836067af0650b4dce97515b43c46abd0b43393f186accc8c40000000b405ab56667d63c74615b2a2aee91fcdd4580353df40ec9fdd153fc9ac918c98ad08a1f1938318a4321dd5dff17dcbb1ed66025ec6f76106e77ab5b7daab613f C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4d99fb08847a5a5b45cf3fdf97c113f_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab85B6.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar8675.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 906ceeafba1e5fa8efd4c51b9abf683d
SHA1 b3a18ed0de1ef48e5b74e54f94d94717d917086d
SHA256 d35a6558e80bc76997e4d7ad6418f2b25ffdf8c2012433ae02722e7a4aad555e
SHA512 b42816b078279dd4a95cecb2abc703b564a58aca7ed4f30566ccf37a34665c1f0595cdeba0ef8928cda21efcdaf15d785584bbea7a1ce892c243332978e8d1ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5126e4cce956616b880c2893a1b158b6
SHA1 553f2d4c390fe91d6295121e7506e59c095063d4
SHA256 1e9f4da9daaf5d9f2576175babc71b21227db49889ed64d796c17da77c30072a
SHA512 5167d55dc734773eb92cf7118dcd231cea73ba109411ec7649019890cefd1384fc8f167cd4b2414832c6bcb74d27c6afbc16d994e223133e664e0948bec825f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 afaee3ffc3aa4ca354231e050426f996
SHA1 3530e5a20863ad218d0ac2c3e888d1fb99f3a207
SHA256 c9a4cd5eba3659e13a6c490e0b3d0af35244f047e9ed43fa78055e101253772e
SHA512 4847a061875ef02807ff5a1dbbdfd6418bd8b56a269cc963e9a6055a62dcb32ffbc7bd15e7100c89b3c4de4d7ec8212de3198b60539a4e90923f3a5612050dc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c40034aa01398b8447e5227ca5a6284e
SHA1 d5a1fe56f73782049f72c63202ca5393c58e5728
SHA256 b138f0aafadcd00ef005ec945a885e0f9e092aa476cbc656bcb86986f96cffc2
SHA512 fe657de359a4c70031270b6efda63ddad3e9baf3837f012ba113d53a9ab9a701db64e4cfe3fee25d2524ecc89a50be96e40421d9d796b8d5423f81783d46b13b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f9a287860537ef877e9c4b9ca91b1235
SHA1 a1b782ca7bd536dc5cc91752e8a19c445aeff996
SHA256 5348c152a4a3a7a5d7c56113b52b7bf39c3e791f5b815a63a1295a0dab988aab
SHA512 8ef487e8b4898ff0f85e9ebd64cf59b142c228e7e59e7bc3ec1a1a2f253c8836f905a2eb1340162976e5bb702186cdad78017f422ac659912ec7e8fdefae3067

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9ba9d82463738869b220e2f42fcb2d0f
SHA1 6132f5f0e12142ed9c3a7453589f60a1003bf65c
SHA256 b3e88ce3257712519317eefb0238663179747c0ca1c4d0e2e26d86f90bd95d58
SHA512 0c7d9942c15605a34eaad1507d8275fbb51e7afd3eed70f548798348e8e23b78370e15949476dc64a37d6bfb1efc9322742746365d61cfd4457662f2ba1b3b91

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d86b39bc90606af9d08ea5bca0b7eb88
SHA1 a9c89b26f520fb5d83e1c54b376b9fb193874c45
SHA256 e162197e424a49af856380fcd98737dcfa57677ba6f89bb0b9e5f2a72ed3d5e2
SHA512 9cf044c2341f7c6830105c615ce4d461205d1a671c1964e99277afed88b9919824100cbf8faa657bc9b26f1a868f5516afabf6f4d0c203d381e423482251cd7b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e819f6316e9beec5610918fd3a66e985
SHA1 3ea95d481ce5627db276c92f170c76668b88d92b
SHA256 092860c74b219165028c589a6e9f4f711439d868fc3193fe3ef64e38c2faf5c6
SHA512 1dac35f54ed7fe96ec3a6bf4046282cd74162faac495305c730dae61877b389cc067eb944a331547712afbf9c62c478d7b707e872f57b26663ec793d5440c1d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bd3d328591ce0d9b2dbc5a79d09eff9
SHA1 76ab7e161909bfe75b1b97f4763d2b49f7802ded
SHA256 50b5d57ce86d45296e28892a8b825856f8e49a514745cc6cecaa85638dcf29fe
SHA512 0d17416d17189119b843f9d38f4729a8c8ad657138d6a228a61c1f8c4dc238ac988b280b8cbb944d7035636559f93a8bfc579e52839706404aa7fb3c4e45de50

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0de302ae6f6db929a68447353afa4e0f
SHA1 ad1bee0055988a841ee8417cd36057477c5d4f44
SHA256 9bb694885f101052212c9eb5d1306b9fb8bc68c10ef561711756cea9df5b2f7b
SHA512 b4e1c2d8af7154df64610b7cddb0c48545a47cfdc0e479d8577992d7b0beab972c1c7906f931af79175a6ba4c33deaf13a5aff67644540ece638f63cbb5f8bbb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39614c8f39735b582385316965519b62
SHA1 7dfddf0cf91091fcc1dc39f968b310b731bc5e1d
SHA256 7930d94e97cccd2a6f13045df7affbb713ee47ecc5ec5cc7de2006dcb82a2e12
SHA512 11fafb437041d9c8f62f93b7bc74fab52792cf9573d4e2649c30328ee9e4e468ada432829a32668fd29e290ea628f1fcd6b0878e2b40d25f58ce38ecb6ca80d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c38aec57ae754896858c9b504ae35fae
SHA1 23773eb37faeea1ca0bce928b262e0c4fb95134d
SHA256 ca810984b43136a6549237fc5a62ba6a648a372d4c53f0f70a428fc77f12f02b
SHA512 ab460cfc26cb3646221f78aac5379b81600df0ae27c2a764b706941a72cb2c5b5849969990c497ad8998c8acd94defb9ca7d7e110bdf24aff225a6e017fc0c68

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5319230fb27502b911f3ef4cdedfe21d
SHA1 dd855a02508ad06d8f190893347a5d0b557ab37b
SHA256 876dcd1ef9c5d2047eb515c5a37d464aa46a568cc13a22f59ff70d0ae685ff12
SHA512 d8c25cbb600dff99a535757aa475bd7f9295bb5cdc921ec7166859fb2008008f14943c7d7007ae24371687a407df0046b3b0bfbd2c9859f37faac3ac7d675871

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba34ed6d2590b0a11a86032024964b81
SHA1 9bd4fdb9832b685230948f23c2383af8471870e1
SHA256 f617f6dfc3a78a22549064e96355f263847411040722399fb9b8e433e721aefc
SHA512 337984d87ab8b78e514842f35e3fa2403ab8d38901459f50861c7ab19ce07df8f93622e42d464b30bd6c857cc5e5ffa1e5c41619a26c0caee79976aa1cf5bdc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 446c59788a970b31bdafc5435622c31d
SHA1 1284c7d1dce21b07a8f8c9f03b7fb525adf0f8e8
SHA256 5903c744f776fdc196bbc8bbdbace6c3f9e95ed7fc5f270dc0b180786db9bfdb
SHA512 cc6611d0f17c4a388a4bd4e29a72b6d9a19c642e868e8e20f1de3f4fa8b15b2c5e68470881234d59dbf74c43828420ab5bfb0e5c9006272f4f1d9c8dcdd5dd8f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63127d599fde89994d95fa2ee8e0a97b
SHA1 7ffa3f894728888b42343e0efa2fde4d22b5d3b9
SHA256 0f5cd2b434793033b5b1b412525e5df550494927568b4e9c4aea64f6c50f699b
SHA512 1a415d943759f4a6c2949f5e23758f322711299543d07e3849022e62691e19cf4b93b8ea5ad0730df2cfff748b836a56285ca5cc401abea97df7ee9490fb167f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2aaf830bf6a99b651ece2e82bcd78fbd
SHA1 dcd5db06c5241f6af6b0db614f81d7e2d57407a9
SHA256 06abae40b47e1b26b09789a84da1daecdf78ab97a162bc45e664edc1b814599d
SHA512 573027d600e5c6633bff1f5370f8ba21ec4df460863660df5711dee3060dcf7a6c312852a4df20af96815709b1ab6db68cec2d5db8c647fd5f1e13eed3ea148f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 57cfc3c546dbfae7f9bb96a22a79658a
SHA1 0c5ca38bcdc079b0280d5ca5c761e61239de8b3b
SHA256 8300188b223951d4421ccc199a2bba2aa141a6ecd84ad8c0c6b1dae5f5b428d6
SHA512 dc96f4db31bf74095d82f1c717bc734b68cecac8780e4314788238dee9ce5726d27a67d50f22745aa917c1d2352b1f868b1ac6455013c1d0d550a85d7a18d0e1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0d291ea3bfaf9d8e882b1e38a33e371
SHA1 a02a9ae7950c364cdc61fab99279725f5f98d174
SHA256 73a8a92d07600277e2d824ae230208d13eeaef633235b5361b3250f987e95e2b
SHA512 8efb56b2f8742bb4d021c29f0ac1ae48fe3cf112556465c08ecde73c2a298f96909b6fb8f5fb44a929cda68892a14835e01d1f1a6ccfd49919f6e6854e507ae4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0553e5c3a0a6fdab63c149cd19ee308a
SHA1 5a995a0d1aaaee83dea461434c1adcfbffc91031
SHA256 a235167874ea543a5f2a41ffa8d0a4b1341aaee5a59a3fdf977b75bb73dd9fb2
SHA512 a6d9f933c7bbf6c73571ea2a7ecdd803dca5ff15cf9af0664918252a7b46d1631c3a6b82ba54bfb4d15b3303bbee51150fdb4ab0ecd2f01678469bd96f6ae0e5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:28

Reported

2024-06-13 09:31

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d99fb08847a5a5b45cf3fdf97c113f_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4d99fb08847a5a5b45cf3fdf97c113f_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5652 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4900 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5832 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5492 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=3696 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 96.16.110.114:80 tcp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 content.incapsula.com udp
US 149.126.74.200:445 content.incapsula.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 content.incapsula.com udp
US 8.8.8.8:53 bpyhz.x.incapdns.net udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 200.74.126.149.in-addr.arpa udp
US 8.8.8.8:53 138.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 149.126.74.200:139 content.incapsula.com tcp
US 149.126.74.200:139 bpyhz.x.incapdns.net tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
GB 142.250.187.234:443 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
NL 23.62.61.99:443 www.bing.com tcp
US 8.8.8.8:53 99.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 217.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
NL 23.62.61.186:443 www.bing.com tcp
US 8.8.8.8:53 186.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 24.73.42.20.in-addr.arpa udp

Files

N/A