Malware Analysis Report

2025-01-18 00:54

Sample ID 240613-lqreaaxdlr
Target a4e8ff2c9a9120d4de062b3419ca1912_JaffaCakes118
SHA256 e98b46f00d185739a226df044f9ffc65e6685781af80290b8a3b3a63071f8dd6
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e98b46f00d185739a226df044f9ffc65e6685781af80290b8a3b3a63071f8dd6

Threat Level: No (potentially) malicious behavior was detected

The file a4e8ff2c9a9120d4de062b3419ca1912_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:44

Reported

2024-06-13 09:47

Platform

win7-20240611-en

Max time kernel

140s

Max time network

150s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e8ff2c9a9120d4de062b3419ca1912_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000399d3c62ec40a5a88c907bdd55c6bb42138c52a38180683aaaf28e1036510068000000000e800000000200002000000078d2b676e17cbfd06a051ecc63b0fed2e28495f7f89144971fed6dae8929965320000000ce6fbead3c50d0d65a86edc529f3593b93a64074897064a49022e31fc16f5c24400000001894d16313d74169bc838fa54f39535053c47a34151102db3ea0917c9105c6ccb47ff87c3f351151ddab069a8a1b689156c62111544c968342de4f568cbf2b1a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433745" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f7342a1cf034956c6e8ea854913b1946d3074780b98ca1bbf85dba37ad914941000000000e800000000200002000000022d9ff31bb605229a9ffe87036ecc026d5a40e33bd534389f6d341b3e821d27590000000e89c87d6fc68eacb2722ba3a31dbee4a42eb3e90950df7244288c2e110ad861303a4f8435efca962e8b07a45543894c93e2b53b695c955525c9c4d73d34f077872f34fdb6ebab1387783c2476fc291ae5a67dbd96c69a97ab87d653185cc29bf7b8c39886e9764d22d4dacf6f05c294199673ba98bd1627dba7e32503e08e03bea22fb522edb0d1ff190a27d9d69437d40000000e46a6f729aa902f9fa1f8e0769ce12266a30436966e0c5207c2aec1a72c8c3a5751d6af0e0307c2a335cbf9a6e7c89ca4181fdbab3eb2d26949e37c47963e473 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8B9678F1-2969-11EF-8A4F-62EADBC3072C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10b1966076bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e8ff2c9a9120d4de062b3419ca1912_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.squid-cache.org udp
US 104.130.201.120:80 www.squid-cache.org tcp
US 104.130.201.120:80 www.squid-cache.org tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab8FA4.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar9044.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d9cd5b297236b6aeb7980c4f1591cc3
SHA1 c4bee8af6cec5a24a413f45059f9719443c82f23
SHA256 bcf2293f35207cbf57afce8f22c9b0a49ce72f02d99f8c687db3a5b557d316f6
SHA512 afeef841681470aec0f425569ae7655ea8595355df662752ed22eef988a4dcbfd2ed13d58de3957f0d79489bc9d330b6c5fb7b6eba07b9aa5c164d0f0c4b9ef3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 35d19ee8ff7542b0e835e95bd6d131ee
SHA1 5fea6036918548e6c4433613c1b77892b5d734b4
SHA256 4845c3f508d755ebaf81f0592aebc7c0b3351a54f23c488696c0465bd8050237
SHA512 78facb22dfce25216e95ce2598a90c347ed8b0ef23b703821b1883ffd61e0b490403f1ba6c44e818d9221ffbb44c42fce9b77b0eb00964176969cfca19ea5b88

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9122d8dc0ce270e7d6fe9630331222b3
SHA1 d96f888144c17bab01be72a06010b2a63a75f009
SHA256 dcac73f23218f5a82ab1c3e13625017e53e04e3a693e6286097ab9ea112b219f
SHA512 7d652bd667cd24e41cb82ac99c64cf68e906ec512a4ce45465c78e7690ec2c486da0e572da764242d7a5374b7ef9ae425429c5d31a3517da285f87d359a0a8d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc5c312ba2a890fe07d7e20cff7a806a
SHA1 b574773e413c1a6139fd4fd5c9e4fd826fedc1c4
SHA256 726eb8222a4cb9d790c066ce575af3c79998c2b27c3085bc406a6f083b9bbb8e
SHA512 466f9d859529cd676eba50d4d2e4eb9f6d41aeeb8a9a0a3133bd8549ec5f005f568474684f025b1537a45116df4b1ea547376332cc72ba64b763f97548672610

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 995899b1fbccfbef7d62f3d4326ca7b6
SHA1 6a29dc7205bf147e4d79c9a7d3674da56aaac7ed
SHA256 c442253b99c52e9eca403d7718499ad773a1d6ddda01d2ce0249e379d19cc5fc
SHA512 079ac00f522a3fd19c55c90949d7371b4c247be5a3ee835b13261f98a3fcee93c9b409e40156797272d16fe93dcca4228f221e7875e0d62488ee2232403c2f89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b96dcf5d3f2d2d3e4c86f6bb1df35646
SHA1 6fa7d991c1bda9985a6917cd1dfcb15d12ad0691
SHA256 95fad047adc584a116036dfa22d30fec25d64a5b000a195c52aeae89942d0ebc
SHA512 188b5d2d34ead5d2ff1cb5ad5b00e7c813139158639af4896e0cc617de9d34a456aeaf2eaac465a2c1cb7ceb06964769e11122bee7167853dc290ed18e74b547

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 068c1a3a914c186b0cec2ee8263263c0
SHA1 739a5aeed80c52acdb4a89a47cf521aa298bb309
SHA256 861b4cff1d9809fb0e93dcd0b94c4a0748172b29ea7bc979dae7cfcc769baec0
SHA512 aff37a05eff9aa4d35cbc60f46555e220699b3e276efd1e182b030709e5d560d5bac18c78e8bbafc555d162ed939e4f4cda577214f0bde15a8ea62580193fce2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f78a534bc7cf9d5f22d1167fda23d0bc
SHA1 0b4a0c585fb7bce4c5334c24273426840035f498
SHA256 015f18271ea0b7544c817f64e2d5e4c9bf890b7174d733de81587a2a937a9139
SHA512 9e8ed221e23deb9f56f2cf31d57598bcaae1baeebe559021710632fe2f501c0d1fc4d769aa4cc7bb58e9c1e20671c35aa5159e82bcde2ae1946236ad06de0ebf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7fe0336df73b9ac4dd4a19e0003ca390
SHA1 33ee8370fa15542123e84d3bc94a0566282f6240
SHA256 64ceef17615f3eae53692c849aafebb6aa0f59378047e4d50f1cde7b0ed0dda4
SHA512 591abc359c9abe0fe44d259bb1a6879303034d260d4fff704acd75cca6032a8f8bf59535cefb271aa6d26a87c587c8af7d5d24d0b33cc8b3d69cb6c94ee9c5ca

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 887adb4bb2d28c45d29410234155b820
SHA1 9e172fd5a0428d3c9fd5923cdb466b9bcf3d9a78
SHA256 5802f474d86b30291d107b9a8026ac84ee2b3e578a7c25710d24766e60ef1785
SHA512 babbae3fd115bb2f04cb5af5f598eeb40a2a9fe7f0a78138ef07c0fa59e8f4c0d210df762f58f561804bff54f820081b06f3b7e3c60cae7d040ba8de843852c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f62d82ec62ef68da28cc76c662a9625
SHA1 262e419ed4e5bab533b90b5bc71cb5ce246af268
SHA256 62b623716b0d1a11678735b377e8f61277caa827565516560ec44d7c05947e9b
SHA512 95f6e94e31d3946ef81d3183603abdda9991d158da300d80b9f9dbf322f34bb728d9720d2af2b8e57a1090906dd1170acafb3b3c53bb5f80afb6457b6c9e74d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a7428c05f1369936213cea19823dfd39
SHA1 6e4c2f3d4878a7af9986a2fb9f9964561a1896da
SHA256 39b419ad5b63d51d93aed3f1b37a332609008ba88024c372aae9f5c7f22d12db
SHA512 1626a65855781b4f4154361341d2b2be9202cbe3e49816614f52779b6673381ebac25c9d9a7aa3464e9e065bce68a1426d96b05af47bf7e3fe7536eab1567b08

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9edd252f24c12f15fd2dc174ad651124
SHA1 a06d23ffe01e5a4a169aafe067670b971e0e631d
SHA256 72284059bb4e1da4e4a7398d8cac6ac592db9fc48b7ec657a65f9155225d4308
SHA512 1bcd05025c51edd138ecc5854b2866ab3b7f7ea481efefae96f0d015dfb5099a3ca9e06cc527e2777f4a4ef578fd531a270a0526a716ea4f587c61ef1224187f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93d481d3aead0745f267cf7463689e52
SHA1 db28a405f4e4e821ed2fbfb5dd6ca17066a97f54
SHA256 4bd41840352e31778879621c772346c1095c98e7f613853a6dae7f48deb08c37
SHA512 71a6f61be777aeacf1b57448227a698ded9abf4582c7dff8000c0075f19fec683ce8102ef15ebfbb6d3a34dc005feb25c9b38bb5ae7bdd5313fcc2d055bb6ba1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dc4fd926218b17daa202ed16ec966bee
SHA1 1f9cd0011c9635e1bb53f4c976d378d2262715c6
SHA256 53a5b422169cb1c993b7b91c5ade8d9e264980756243b681120eccd4377c0f10
SHA512 60c3b019085195c9715923a8d2f246362d9bd0af8b30790541705dec9d33d26d094357c8daa496f74c8f8c6fb10c33d5c18b7db1d44ea47dd7f891b668f82d21

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0dcaf970991ddae368cb0fc072315949
SHA1 e322af0ae4541e24bf0f53f5b34c559c45f5e4d8
SHA256 8573d6b149330b7c400bc5373823aaa3ea13aa0f46c275dab8e1cb78c2549bd1
SHA512 6703f107a807c39bf9e942d6e6d8e3ca6cb41bfbab4d7d06855d7227065ceb0e190881e61699ccf05b21e7a8e0dc447f755818338e519388492f617101ad0859

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64245b8715f6b19bbe22751aee138e2b
SHA1 e7dcca53ced711af436da9eb1e26cc5d75e60fb3
SHA256 61cdacb74c92efafbf0a400ae2194e1ccabbb4117bb45769e3876bc8b66446e8
SHA512 3dcbd3e22ce6a0fbec660ff2e9f02df625c1f8499970808b19e29a128fd641a86c8c820dd33ff83b3249ab2ac90aa200c2ed03e390a58e9d4872e04ca5322d24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e0d8e56d5ed5b54491db5ea1a2e1992
SHA1 69dd19fc11a8a893cb45f3a6b0882ba557284be6
SHA256 4c782ee5a5c29007d912d7c059e1c7427d98905ef9df16c8e90c3a97e55a03c6
SHA512 0d2a7a83cd30371b2d49060bdd7d4581d812e75bae33262a61e2e1239edeae5500f803b4331f9ff49baf0128c6b3fa3faa6210904e83dfd239e5f2ed70e57197

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c731eb13b46ad3ec80367b3f68e6349e
SHA1 841a671b3f5acdb0764ac1ff2254cc94dd6195f7
SHA256 230ba9c5bbb77db2a812ad8ff95e926e0e41678930f5916f7e2a21a73654b58e
SHA512 e10a3f155298617705d3584f5c5557c5c8de027d1d24d1cedc67fbf596f691223e7fe2463deb8f888c5b442e4b231ddc341b701ab6d5b0d37c085f97237a9760

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:44

Reported

2024-06-13 09:47

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e8ff2c9a9120d4de062b3419ca1912_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e8ff2c9a9120d4de062b3419ca1912_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --field-trial-handle=3952,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=756,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --field-trial-handle=5104,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5400,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5428,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=5228,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5744,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4444,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5952,i,16710585221322798697,8586257254049248207,262144 --variations-seed-version --mojo-platform-channel-handle=4108 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.squid-cache.org udp
US 8.8.8.8:53 www.squid-cache.org udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.squid-cache.org udp
US 8.8.8.8:53 www.squid-cache.org udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.squid-cache.org udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A