Malware Analysis Report

2025-01-18 00:56

Sample ID 240613-lp8beaxdkm
Target a4e8073d9621d80dd6581a667ed2e8c3_JaffaCakes118
SHA256 d1fd400b04d1b7f1a70e09d57e98fe89ff58d8970fe7e4313b4bf93b01128474
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

d1fd400b04d1b7f1a70e09d57e98fe89ff58d8970fe7e4313b4bf93b01128474

Threat Level: No (potentially) malicious behavior was detected

The file a4e8073d9621d80dd6581a667ed2e8c3_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:43

Reported

2024-06-13 09:46

Platform

win7-20240220-en

Max time kernel

133s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e8073d9621d80dd6581a667ed2e8c3_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c24c05cfe4d3a4f83979171b6b2c8a5000000000200000000001066000000010000200000008e355ab57c1a2082b48b118bdd168816349044db14438cb731e45f10dae309a4000000000e80000000020000200000001d72203b070b1cde490ffc13cbe78accb108784c1fe3ed26383cdc6618c707d520000000dd53c40b998a7d937d76815e2afa80ba0bd969d69f71e889f97c882d07807bdc4000000011ad865029e593ea10ce3906f6675382e8ad7383c5a12affbc93fa24e14fc5b4ea72226b2226545d86527bc3ef5524b106e2d1cd32227bd8ad6e0d11da5d6cc6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80d8183d76bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433685" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003c24c05cfe4d3a4f83979171b6b2c8a500000000020000000000106600000001000020000000cf5cd4d67a5c4905e7f6ceca88deb62a22f289a7100896d799cc8e27a2b5f657000000000e800000000200002000000060cc8a34b22a0b1671ae043b742c7869b966afa9ff1056a1d56508d7579b31b090000000772cf6cf7654d238d0ebd5ab4892da1c91ccaea4d81456c72b1e118bdb3f4b6ddce1061254ace2748a8708fc20de90d65f0c30c9aafd29baca61c6cbf7fe611f246d9f605bc1ae1a59c6d82d6427be36f5d0ecf5c14aac8d66762b0128cbb8ebcb3720f5fad6357786fffd1b3c157dda11f87b28c10089a9e326adcbf06a2d3a96b94fc149a4dc2936fa94cd7970d2af400000009e83603e8284b109e787c076b4cb01808574902eb938b43387d2087826dc7be7cb1d390686adb412961d2d0140a0e9e156b0baa1a6120da02b79a451394d1b00 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{6878D931-2969-11EF-9A72-56DE4A60B18F} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2721934792-624042501-2768869379-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e8073d9621d80dd6581a667ed2e8c3_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2914.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar29F8.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8113d9a758ce15d4e3b37b2ac35f724
SHA1 bddf4cbd9ac05dbd5fca6ef8b75751df665141bf
SHA256 9ae43d0393b29b4d04cf4c23bc34d0bb9b5dc510a15b0f0ca1286e9203a596ae
SHA512 7b619e76de6b82b57eaeaf97ed61d0e3eea1e7e85305a8d82d3c6099bb0b7468298faf52d3b5e18430590bb37aa17b84db755ce591661401c55ec22c884a6011

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6216130c6d8c2d0151d5a3cf2173a835
SHA1 c300b07b9f86e7fc45e217c5b213bac76089d32e
SHA256 81c9d85b0541f3e8b8b53527f78ef011cd3c09fe8da86fddae03c94b5ebefea4
SHA512 7d1d8c028f65ca07a388ca373cff1d6eb973db77e3d9d54d8ef35ba5b3769eb52ae49e5ad3ef3fc3b111ba2206fb0b1dbce483ae584be5c9f1e28fdd6b5e413a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f076757386be64f8bf09a44578c54938
SHA1 4b17996c5461a2fb1f45aeeb4689c05a2f46c48a
SHA256 906998e0f0553e404338a2e12165ee917856e03edcd8545eefd3dbff8b2ffcb0
SHA512 99681d9e0129006d9c55f8b5cc73d89ae1a6b52550b1a9451689993846029bb3a22040dec7133daf0b0085880b4cecf90e252d2dba82f06b3e6315a913144f8a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 18728f44dc37a2e110f9aa642b1c2cf3
SHA1 9e1bd9cb80d3660dcd847dd5f223da83c77f481c
SHA256 f77212474001da420e2e1e0d8f10ba0b2d4b675fda56539e50ae40d37c8f289b
SHA512 05756941cc5ad8bde7f8435b568f05b19641b768bacaadd7a05855209b66fb61e6e73b87859b4e7e8090414db9ebd7de7dba883c39dc709b77be6a76d47dd02c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 308c4ba04b48f1385a0fb04bef186c04
SHA1 76fb0ca8eb2e8c894adfe3752a803e76523dcc79
SHA256 4f379a347cf53b03d318fb25400d9cf412f7376076f74c02a5eaab53a5f9e4f7
SHA512 64fe4ed2f99b73f26da02a093e4bcc175dbacd1f42d86cc80a6f2373b32c5012a3d333639878e37347c76287eb0fae7143b3147ec47fb9a7887182726cfc48b3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c7659de77af2351dffdbe99a405d22bd
SHA1 76aac20d25d7d4e2dd9c575ede537b87ce703447
SHA256 8958d378ede47702087a48f2edbd992ef528c3b724aadeaad25a2ce73da8face
SHA512 b4aa35e86af2d3575ac16309c431f6e0e3146c32079181b3845ec813a6ff7cca2674549e76c215dd44f11888ded8bf46a8a77d1e5f43bb73040044175b9b12b1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70d617b87d5d5134097cfc1e241f5592
SHA1 bbbee1586c82975f84f99373a167edf12ae551a4
SHA256 b11531107e0e42a23e399f2856b8f3fb8684c512ca43b30268d78bb7db1a5a2b
SHA512 1f4c59ea7a9f2774bb4e938493e0e93ee3200ebad3c6f8bf876e2333e60a114494af555bf4bbbb3e5ef2ae788ecf4344b108f3e497e0b9da8ce8e8f88fc77abc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70ced42d9f06b7bb8bde441590cf5925
SHA1 cb96c7ec17279e5c46a7431a78761134c8c2a21b
SHA256 f1c8df32b0cbef4f15c1ee24ffc60d34e7ad9c81478c0d2fdd8622a5929286d4
SHA512 f6219e487a45582ea8b65858ca77b2c123d70aa309270831891776b8f965e399b32fce2ddb099258fa1bef8ed6f6a3fc3d50455ae1c52bc8c5a4a2b78f59f451

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b85d434b867d877a50400edb43640583
SHA1 59f21d71976e0659f081c14d1b86c0ff7971d91a
SHA256 9198986174396e2cc110563c2aa67bb7a14a1f7af639ff3cb9b769407a5e09fc
SHA512 6f66e38e362c59f59c6df2b1163fb89249b93f37fa836ebf18a83f9143fa3fd5692c881e976fe1beb358f138f6b75924ad1f4bd16794a702d416c27a93df26f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 552cacd180989da16ef8a8107b6912e5
SHA1 a6c214001246d0644555058d7681ff0fe5cd30ab
SHA256 7af0f3c72f1c6e516ce10e1071bd3d0f0cf7617d5865aff306ce7e1a67d37c92
SHA512 65a06776caefb04793a53cd5ba0a70dc17fd4e96337e69c449f91e1ee49d348f65dbc6ec4ccb2f2f00ea3b54d6bc9ce0371b1558abb6b8bec94d666ed56d4df3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 65f2fc7b39341c4c7cd76cb911e38bc8
SHA1 d7e1dc29ad2607cfb75ed3ca3e0a34c8a982f5c8
SHA256 c97fd612e68c9577f6cbaa18aebfbf4508c187f5f1e78846c7a4dbdc00fe58e0
SHA512 667bb7964fdaace85bc425a2fa728cf4c08515f3bc89dfe8f3613ecffa946d2b8a3134dadded8ae0eb13c3b12a0b12acc7d00a184702efe59a3e570226522476

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d1b4108f433767bccc0c5c8b0befd8d1
SHA1 be7a5b25204ebc48373b32a6cd84fa4860e027fe
SHA256 051855e7ed437719ffc5fd947f00f42182a6aa59e2f7c3b2a7496301deb50077
SHA512 d85c13a2564d03234306b1a3ab7e1ffc28def4985ffabeefc72a854e87f4d267ef162c6b6c33d37d6b2702271ab378e3c3c7d85143dbf304f1b7a19258ac4f43

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee03ede38080689ca3f1656031ea04d4
SHA1 ab7923dfb37b6e16253372dd663a400b9c6ed4f7
SHA256 4db66ea22955fd35987b069998e6d5857e03b6ebafedc45ad80cc20a0d2707e1
SHA512 0741203ccdf28f45d4243f4ae02d4a6d5147702472b42d8c8cc5c672568a3d6aaa3f1000eaa604bf8ac8d78b965d4b8e1e328c082a477ca07fa91fba79a692ef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 41e3220ef2b16e7d5996458b4b57d045
SHA1 f47df3da95e9c35e109e9c3de39805ef1c181e34
SHA256 ca474072ef4c58563b72975e47d4a1352b16e131574684fe07d5be1b018daf5e
SHA512 1fe4840ebb01ea81842ed353ab24f1ef8625d8b7670c089a56be4dc322e96306931a95972d015143c1b289b87e5e8a7d8712dc8ddbcc514f144088cc5d27a8eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3cde062c5650a2ffb0db48d41aaa62e6
SHA1 3595b7873ae170d68db5a08361662ff2ae98061d
SHA256 d9ed33646beb0c111ff38c598c60c973c84f28dc1c00c4508c786bb0cb91003e
SHA512 32a901bc2a3401bd78d9ea30591200df038a18bc41dfb95d825e41f9e8d6f97f2d591dc2b88e0645e3516e73e5239856d82f664deb6c1946a8b51145b73ab79a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ee3257b13c5e69e9b72571cb31c80b3a
SHA1 9ff088b7e03aaf28434ca6227674df35abc4e3df
SHA256 8a4458b88d344ec365d7c2a4db8518d69ba8fc63a0d49effd56f8e7bcee86de5
SHA512 a759d09ae2bd3a2049e4834a0bb6e1c8ba902c62904446ab0d24c64a4fe8e0c3d5ab0ec9d1673f6277b1b89600a0b0d5c16be2af807788cfafcc4aab0fb6aa5c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6f9aa20074cfae75b8fbde3e398123cd
SHA1 4ffb29740a9c2ac9b1f680b2ded7ef09b65c365f
SHA256 fe8a298af177ade594bfb438e46c024a5fce2a42219b4df1f46f5661a8b1bc9b
SHA512 5253c6b50e5752d19ce4b151d2c475196eeabca9e97e088677ec4fc64179ae7a88d5e285c1c1b77174f014f76ed7c52f745a5cec0ec9448d35afaad57af49a88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dba06eda465b2d3f0c239b1ef75eb54b
SHA1 14de16c37264999ee66fdeb8b26502be84fa055b
SHA256 b2dd58b9a7028fd38f1b1e64ffca44240aabe8a29d6086fa58417b353912fad6
SHA512 fdc89f82189b424918bb5e6a7fb3e190d93589a921bd11023b341d1585bff636477c4344934229acd62d6ebc819d9eabd476ae1bd01c2073df507a2a40ef4445

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 67899caa6cc4cab6ce8f8bdfdf5188d9
SHA1 b887c4cd9e690e0ed9a8ee2b05bcae1235f04993
SHA256 8d00068f1e7b35347130f2db28ee4a0bae0d8395d19a6cfd4f02b2dc80fc2035
SHA512 34fdb9ff6d6d2e6247e9bc790f8fb004b0ceb9293969719c0d68048a395835a334a2a6bcd52ce3e7262db7d82880e7f8cbd70599ebe0b3b3850d22b0b685d6d3

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:43

Reported

2024-06-13 09:46

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

142s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e8073d9621d80dd6581a667ed2e8c3_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e8073d9621d80dd6581a667ed2e8c3_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1876,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=760,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=3808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5284,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5436,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5452,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5616 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5288,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=7028,i,9746875443948590908,1444894342962555245,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.8.8:53 edge-http.microsoft.com udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A