Malware Analysis Report

2025-01-18 00:22

Sample ID 240613-lmzw9axclk
Target a4e4a34e575d0fdc475659aaf62c4bd2_JaffaCakes118
SHA256 98e71565a60cf29e04f318c70d53b342ffb5b98a3ddfaa7a58d0935ad300aec0
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

98e71565a60cf29e04f318c70d53b342ffb5b98a3ddfaa7a58d0935ad300aec0

Threat Level: No (potentially) malicious behavior was detected

The file a4e4a34e575d0fdc475659aaf62c4bd2_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:39

Reported

2024-06-13 09:42

Platform

win7-20240611-en

Max time kernel

121s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e4a34e575d0fdc475659aaf62c4bd2_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 402feeb575bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006222f339ab34b5273bf9617644f824942e50fcbc9af1d66bb123972770660e0e000000000e800000000200002000000030e7491ee96a8e62c838f69e4e7307a30f0d2786e1a39ac9c53f3e590a058e7620000000af606ee974f8da74bc9ea5ddb7c19f60e27aa0096cc911007a46253d32774c7940000000105d9b62ba486c23a3c997f4fceb1c473565d933e16804af620996a2efae0d356ecdf565ea28c54ce81bb223c8852f2d617bb4c86ccbb7033b924ec8ff2c3733 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DE97CA51-2968-11EF-968C-FEBBC6272832} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000006fb635062be039b9bf31f5075b6175ef289e962aa5c7638c5979e89106b034a0000000000e8000000002000020000000149008597d224f4ba92e6426bf285392b21dee0547ace2347533e3a494d57321900000009b2600c136301a0025edab4d17bbfeb4ad1bc8b333a64bd3d16f8467e65ce990aab4cf5eb6a883a35f7ae1fd79c2747bf8fec34fa7cd421af03ae6969ced0c14fdeb62af573ab3295fc27d57b1f2851363070a4923d5b90212f478988d7da46b3b33354372150f3a24fec5cfb39743f9c7b64342512674f7000704c41da2a9be5b33e71f7c5112b989ac579fc4d16d43400000006fa5c075f9865faef25e9c494009fbc61c47c8a72becd276639e13fb58060258ca18c2290aa082de846291a5d1ae356256c999ce8f2115ced3af686d243bfc26 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433455" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e4a34e575d0fdc475659aaf62c4bd2_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1672 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 coinhive.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 saltworld.net udp
US 192.0.73.2:80 www.gravatar.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 104.21.57.186:443 coinhive.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 172.67.166.97:80 saltworld.net tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 104.21.57.186:443 coinhive.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 172.67.166.97:80 saltworld.net tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 8.8.8.8:53 gamingw.net udp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 172.67.160.162:443 gamingw.net tcp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
US 192.0.77.2:80 i1.wp.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Tar6308.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab632A.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 753596f3c2f638bf094dd7a3b445528a
SHA1 284f746359cb3f6dee0f567cd9f3a0bf283e465e
SHA256 8ea70cd7b450dcc4bafff68c429e942811185331451522933ab71032e99b55b1
SHA512 b8a592c03ca998af5a2781e8625fe76e7060fdfcbab17a455fc912abd92c43c0a4a89145a79b5de840ccbb2f21c3527e798af0c4240be6d79f92423745a9e2d8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 53c6904905f0b798901d75fb827704cb
SHA1 91e56a70b8a5839c61d6b865ddd7524c13f9cfae
SHA256 218e88880750d8cebfe92b7b5411fd9d85b6e48d91d062ecc1608f880d9c2756
SHA512 f35bdd485890ab86957fec282f619830d7da1d0e616e185b226c90a7cd6525bd879146fa306e4c0f3cd7c0a7e7553bc08bb0a1f50cadba869c8a755b0efb55c3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac380c2b81c517c6a9c492d2f4bfd203
SHA1 6ee176108627e0051c811154293b988e8971b4ab
SHA256 15390a00aad987d2a91f344ad4f01c821b28e51d9721019678eadc14040147fc
SHA512 d607490e7f4227af956a2a270016103dde0b996578fb61dbd5ca4b39a7c96328b2609786ce2a83c62bbdf3ec0c562acd7b5d40d333faa096d56eaa2328ef9145

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 8202a1cd02e7d69597995cabbe881a12
SHA1 8858d9d934b7aa9330ee73de6c476acf19929ff6
SHA256 58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5
SHA512 97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

MD5 5144b3cecc8362435ac04694d9aaa535
SHA1 38aacb903d08f926169ece189e5d5a01b9a54b56
SHA256 8630c071bd8530caa3d42e1440014f3d18489138d106fbd7730e5ab31d840b9e
SHA512 b61c8823af2c5728bb0d22e8d5a01806159771a2682381ccfa2b272abdd23641aab7b28e3c036712a3476e83087b4f441c9fac51b3041f65124818da1f8e618d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 32624dfc168a00b75c902425a5e4da34
SHA1 890cf67a1ec1d5e17bc6040ede1351f55ed185db
SHA256 3871e57040a6db646c9056c480554289e81f10944ec0ae40df882443f1637efc
SHA512 5bd1672da409914805ecfa5beb3092a887330ce17e977b5527a1941e4c2109baa603545519df222b7370515076ebe331e9b376ab126647a9999ea2d01fcc452e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E1C4B6144E7ECAB3F020E4A19EFC29_B5F77004C894173A10E3A199871D2D90

MD5 97524e5cf865f7061e4deceee2e32e22
SHA1 f7c3d9f96767f8d3f63bb5f632d427b5c85da1d6
SHA256 5424f0b106eb9d33ad0d70a029c91bff015c49d3e0548a4c98f3374a79f947ef
SHA512 3b7a8f8315f5761f702d90f07d1930c4b43cb343a9a486dfa36a59c51cfb469cc9f7d491284dba2705c98f34e299839cb9148ac712b6414f94ce16539239aac1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a2bc1e62ba6543d78bf6d2d2af185b9b
SHA1 2d63b10b61728a36356cc50afcdbb9c8cc14d059
SHA256 54d3369c0b5c81291f5bfd99b9325693a15cb25ddc85e47154a311f9a2cccce5
SHA512 4e63517ac7509f705f388632a61772bd8a05de1079beea1754d9357f7fb21c4f8616697d43af3cf488b034feb3f6741af5feff1328ad99d4983dc5278418ac88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 370f09a296f1eae50df069c810974355
SHA1 72502b4728cd2553f7c01b344908f90922a07c81
SHA256 d29b20151966d4ea2d1c96c78185e40e702e6be9623385a329c24bb76546e867
SHA512 34457056ab8bdeab6950bd87607ed5631a5a753ffd1fd4aaaebbedaeb8614e5fe6d138135a49ffa73c22e09af5c27b703cc8fd7e4e3df4dbf1445a3e6e87e83d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8a7b9c78477d804c4a74e4d91d7221d
SHA1 34c14eb615065509c98cf355349bf9534baa1a1a
SHA256 015f29b8684c597e67eb27434bfb67a0478642f0353ce77cad19258697fc98fe
SHA512 b5bd5a2855828806370167738044f454cb56115668ba1c799a268c5b1c50cc5fe6600c4267a626fa8bd922dc520e6f0ce7152d15ba37e6252137ce1db80488ba

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a02bd864c8cce8af2f5ca6a926c93350
SHA1 5414cfa88e102cae3b20e58040fe6af48a6022f6
SHA256 0cd0b5c98d22e013574d1dd62fdcb4b3c334cf6c318ec0dbbf0a280e6a691e55
SHA512 1d1b1f57af9af7b385987056e15d1fd03a68003f6757573392bb113175753532d46c11ebd91625b9b6ae68a1164b58b6dfe4805919ab86b9e754989df2459d55

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2d8687775197dc77d1d7bdaf47e075ad
SHA1 6c4a0dabaa5ff2666d4d66340e69c8c306976591
SHA256 4031e4e3cb8cee37ff51cb1f84b31d0ee29b1300a271e7a0746424e91ca7b05d
SHA512 e34727ad4b5a204abfc520a004ad87c0eb31e89720d7e14c95579dc9e3a9acc10672d8f677cdc084ef25b2fe381c91cdf0e72e4d2a1296ca357657d418ce8bad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14c28d480e9e35e77d4f277ddb6f45f7
SHA1 16e04659664e85804ee7e661906f9999116015fb
SHA256 50d70ef5cb299d09e3e6ac065bb2922baee3fdb6d25b5cc4d9e539887f655446
SHA512 27b76bef32f46945aedbead9ae6b6d8188440c9a16c2f30f8c0cc0f0c56bbb236707bc1b96188fe9b24d73d055452f9262b32d7a402477b7becd9e49d44e2e06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0a171643d54774724a283a9c31ea569
SHA1 afd0e776ed70bd1b4c91d9b9fb38b151f84dfc6f
SHA256 12c34726fe26bb702b0d3f1f41e62654b4070289fcd80aad82e44ad9aba3e589
SHA512 a8d2415a51492c7183bf6d5d4aadf27552ae726937bc59a5815f02f8339cdd6f2daef0755bf71e8d6bf79c28a388867871d322aa66052025f05a355926fc2042

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 031e461c06eb30fa3d9c5f311087499e
SHA1 5a346a63257f1046c85c785f52293b909640dd3a
SHA256 31a1b4a6801700f78ce9d08fce35fbaefb6e5cee132e897de8fb586d461b344c
SHA512 51199f62ea978df49abc4c4bdce1147b1dc37e0b9d3e827cf69dc5b11a6a13954feda23279ce5eb2eb193d70ab32052f17f7abdbd5c4976c4fdc9fd262f25e48

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 22b8520881ef9bba4d59a23d1ba76b78
SHA1 9393bfac2aadfcf5d0df81deb50dfc2a9fb16366
SHA256 b72e76dcd9e014d9c3ce97d5768774c2b57341d1a8660101cf2d65a4e8487e24
SHA512 b62a5dd143317a0519f5b5a0040c774b00249297cb0e46bdd724c2894b351774f84d1edc16897dbb0550166208f7c94981e279a4552aadcd33f09c7e60af8f6b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 04b3fa141db1d54918f838e59e8d3e9c
SHA1 00aa44a07ee1a747ea6229b713ae835908b380b6
SHA256 33bde73b11907939ee4184da744a9e0794355ed36e683027d0e373c26c06da3c
SHA512 30672f1a4ed8eef5810049641fd9e0d4249c2dc3a00d7a773687db197c5009aa7e6d9eeb3d9cbe2acf96265dc7faa25d1fe76a2f0d6d76acef0439b9a1aebf66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8cc682df36b1c4eece1e5a152d4150be
SHA1 bccb6c684659897b81401e685cbc1c820e521a5d
SHA256 97b52706384773adf7de9aebb061e16104eb51391f02ad6f7acfeef99e832926
SHA512 df7ce2b1587c02382bb150d6f6c496962308bb62a6d14919d96e6fc9a7ca65ffb61805ee7c8d3787f17dffe240cdddd6dc3a386f04701d2742c44bc815f7fe67

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9010dff9e2ada49e7fe03a48e858a0f
SHA1 4ff9f141e92ea32c2bd1dd49467088bcaabecd63
SHA256 255739784e8ae27d173a2e20e299aa058a7bfeb3b79027698efce580e8a7bb0a
SHA512 b8d6c4240fc03956259e1370c62dadf55b599079a2b15e1df1d6ea241b31971eae4ac1dd73f50b28ea13a7575224dea81d4de6619cb475e1935a422d3e0314cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ba1bb1facdbf04174224164441ff54e7
SHA1 be815e71ac1ae9313222d0ca84a1bcb66d4fc660
SHA256 9b37104ea1c726fde6d985f8f5a12871ce57c3fa655b85d11c57ef3dcbcb4e75
SHA512 f9965c7bb06bd9594b82904615a3d01fb15da8db191ae228a9b953ab07524786feb4c31b32804f453a3d3d47b4719816f7fedbd4a729795edfe0087b5296a3f7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd7c8a355d4b2266e601f9a069742589
SHA1 d39ad1c0c19d32ac237df7891da6253e3c16c8dc
SHA256 9787fa45806d1e92d2139409e0584e6906ae6f71fbb67315e5d8137731312b37
SHA512 67c67018da0cf1000f02f14ef1224b4143552d338bf4f71f115c9a3149f6f4a987ed283480e27a8da15f1816690d5a18c57f7e7eaf8145e2c1999bae2bd06750

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a6832d5a6519f3fa4e8305621088e4b4
SHA1 bd969a2d37b75c8fde3fbc45c952491febba24ff
SHA256 4c2dd8bc52bc6a70f9d9ec45057f06c560c0a7be5a34ab3c19cd357e1691b894
SHA512 f5edf6375a5d9dd86128e74b61f20987be6cad6ee4be00563ff2b040ad9ddb3359c0e813b799860e7d8870023b41741248448f1b489df4d65cd01d6c753089cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2c12e6a836ca3039d5e63de86e630a08
SHA1 9a231d261610b5a00edccfdd1367a69680c79104
SHA256 a7e5bdde3e421c9ba4659c622e2232396f36d3c59c4ca93d7c794941e72d76e7
SHA512 9b447636691fa728159c11efc9bfb48c33c7c5208a20d817b2f868cca364dc2915f4c90a40f87403f7fc36e8c4d4eb08429e7ca923198999111ba00e7381b855

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 876ef1970820688f408f7c4e8c135bc9
SHA1 c4b1bc3edbb62cba29e5d1d33966794c70051beb
SHA256 f8a79867abcbef2ecaec71f262006ecc5e311ded5930bf1654203aae661aa3a3
SHA512 3d9984b092683b89313ee676d215c356cc7f670486b03e550fb26fe8f3ac72fd619793e08f7bae4472e991150f2781a9477eceaae772d75393cc79782c3b90e3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 14b0bc64c7a1819c33a1f07546b95f47
SHA1 272070b14f75a8cc46a72c246debde5d6cbba8f6
SHA256 78ed43dfd960b88ef4375502c9f783e4c77259616eff3d5ccbd2ceb970c14e23
SHA512 accec9f5dab44fbb2fb38baebb3791665aaac84554c2381d550a13227a8f822dce2258b257475a877d1b647ba88b03fe323ba4c040eed8274e7731cf2c97fc17

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adefa213618c19734bfa5e6c9c305bda
SHA1 7c5f92d19b8fda6d35cf5a24ac416012d1f279a6
SHA256 80b4ddaa4c3254ef064c5cfc49bdec513dd56cfa3a2b928fe4809aa6e0e6a2b6
SHA512 29b295d8abfd3bba7e02e528d14c8a1c2ed2b2a3ca180ba0385e6d4548fc23d175209c2d5c8024b47b584ef48e3d3ca4504e65aeb0430555cd4efc73cbdb8b2f

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:39

Reported

2024-06-13 09:42

Platform

win10v2004-20240226-en

Max time kernel

141s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e4a34e575d0fdc475659aaf62c4bd2_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e4a34e575d0fdc475659aaf62c4bd2_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3708 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5064 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4840 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5544 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2140 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4376 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 23.34.233.128:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
SE 184.31.15.40:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 8.8.8.8:53 saltworld.net udp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 172.67.166.97:443 saltworld.net tcp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 gamingw.net udp
US 8.8.8.8:53 gamingw.net udp
US 104.21.65.85:443 gamingw.net udp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 104.21.65.85:443 gamingw.net tcp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 172.67.166.97:443 saltworld.net udp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 192.0.73.2:80 www.gravatar.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 85.65.21.104.in-addr.arpa udp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 97.166.67.172.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 www.gravatar.com udp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.16.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 i1.wp.com udp
US 8.8.8.8:53 i1.wp.com udp
US 192.0.77.2:80 i1.wp.com tcp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
NL 23.62.61.144:443 www.bing.com tcp
US 8.8.8.8:53 144.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
BE 88.221.83.234:443 www.bing.com tcp
US 8.8.8.8:53 234.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 105.193.132.51.in-addr.arpa udp

Files

N/A