Malware Analysis Report

2025-01-18 00:54

Sample ID 240613-lqs8watbre
Target a4e90581e0e90e47670849a5a910297e_JaffaCakes118
SHA256 575f5bc99f2fc94dcd294c4105d409a8f1795dc7c567b3e2d6e4af39b5589f41
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

575f5bc99f2fc94dcd294c4105d409a8f1795dc7c567b3e2d6e4af39b5589f41

Threat Level: No (potentially) malicious behavior was detected

The file a4e90581e0e90e47670849a5a910297e_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:44

Reported

2024-06-13 09:47

Platform

win7-20240611-en

Max time kernel

134s

Max time network

133s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e90581e0e90e47670849a5a910297e_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433752" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f94d504470a4eabf32482b5fd1c3e12970f1ece9b9b6dd5c4a0e8b34d252effb000000000e8000000002000020000000ff21d23b6c0bc231a3089f17f90fbde2f5721a626b8a79ecea3bf337641345c390000000c243e718db24f2e3d0e28865de07618c8d8c6611e7c0d1c3be1b9e6d61a8534645459db6e1d19c4dd1fb5f50fc43e4b6e40472ce858f369ac68db67e3ffc2317b27efc514ec27b380a491cce46b0d481fbd456aa9785db1ed0701dbddbb7e395cfa9585e33ff75b247e6e11dc45096709b362024509a5ba3a84875f18b68c464967ce51a0d309fbf5ddfb71289e7f22a400000002e4253f403a3e663c270312208ab67f84b3a7ceedd882bbe4ad6d9879de0e04cdd56d152171de17ccf91d02eaab843254a44d582588e1f4d53329b8e33872275 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8FBA12C1-2969-11EF-AA16-D671A15513D2} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000003b9f3fc099eb76c2080f5ad087275672a786d74866b51e99384919cd0a8fed32000000000e800000000200002000000049aff1c443774e61b6899bbecf18a39070a957d87be98f96c909fff6a30d5ad120000000cee16e581df282092758f86228f6d4e727356b727bae92d297e683258ed9d15f40000000b17b0cf521bf6f8dd9e1fd1b3e7bb5ed2f1bbf82781962382bd6271a2e283efee333dc83cf727df02c72337dec7d159af4adb279c15799de010cd5052f186d99 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50a4976876bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e90581e0e90e47670849a5a910297e_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ag8aq.cn udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\CabA1FC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\TarA2AB.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e848a203accd06d19f89a0796f44df54
SHA1 e32eabdb1bc6a72e59739ee44944945f40b4e106
SHA256 b1e3dea31348e9cfd022d3be7c8cd93b2b2a5fdb7be1c30812b400105e7a0b14
SHA512 4c7a0db2f09b2aefed4523d1087680e2ed0ab2b6407b9746325671db724be405cec61773dba297f4b24b98ab65a1aab14e0d33d74df81fd520eadc754625a5f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e3b46922161d294e2538c880e485f07f
SHA1 35aada10cc9c586e8a1f64285aa8340db65ceee1
SHA256 d599e8de9384684dd81bab8e660dc832e58bd06dd713170be7d6867b8e7e0808
SHA512 40ed588581182346e2fdd3c9136416e6bd31033567a8a31e25d0b651ab0d7980e7708cf4ca0181ce5068c5d685867ab2ea24029fe3ac4f1de96d11900b5b789a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d79b9dfee45241afc8842e41f0861abb
SHA1 1e5a27044e5fa97dfb393effb39e1ba827b05eea
SHA256 ef1e2dd5bff70da89ab89e0dbf20ee2b51b4b136c751891a0a7e873cde132e57
SHA512 7bc1666483483b1e02be4d11f0a3244fffbdb8f419861179bcc7db0615b96848dbd7e684c3d83eaae355f7a8d52537ab64056de46388920af565d5c0cb8c4656

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 392fe92f9485e0b4e0438a4d1dcafe68
SHA1 d4d028a332acdab7e2e67962016e1d0b0fb9bba1
SHA256 d848f00f25e2e548578d452d8b2f6a9d4fde2622b7dd561efd87ef084e0d736f
SHA512 49f248bcf48197a305363b32fdb3a0aa9172a821ea469fee266d5db894485417e37cf80edef479fd707a61d1e8b9ee6da6534036e64b490384331cdbe3401c65

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3b45182da9f57d0899ac8aba410121c6
SHA1 c9f233e120335fdc2b29ac0a61bf21dc43c514fa
SHA256 587de56cf68e9025f54c2e2434dca1e89160afcec4b93695a9b41b1d64c841be
SHA512 2ab5635c58abe7274dab9561438821e9bb414b75debe5b576c583082604ab012c11ebb0888c3804592aee4ab204dd5ccbbf0e8530f5493bbfdbbf7dac3ca1ed8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 879e99e74674c596cc14621f96b265cc
SHA1 a698766fc5bba79d42377e15478b3c7e07874b97
SHA256 720ed78636156ffb7324cb565b1ffde4066178d784c742965cfae01b2ee4b8e2
SHA512 76a8cda86cd3b872f9f3323127fdfbbf16bd6e6c4c708e54c147f5edba9c42a851f48cb8e5f08782d0038ea25fb5dd4305a7b3ea4ad9f3992e79465bcebc3cde

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 576866296bf5f20de5631af578db999c
SHA1 7048df204d4a039917b3e132fab2bd2dd419958a
SHA256 8ffdb52fc9063be4c9d8ea5c9bf0b26da0a6f0acc6d19c2a25fcd2fce6581cf9
SHA512 409f95a10df0856cdd41af4f7cb11109b207223bb63d7a9a3df77389a79461b28960d4258d53f76a4fbf565685d8a8a66c60871202ab96c029291dcf4d1a772c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bf872455d60ae6fa7465a16eeeaa45b7
SHA1 783e13eeeb177e7daa527d162131951cce0e2197
SHA256 c598320379bb28e5a17be21eede72ba81d6706edfde3c8bef2cbf11a0f12c72a
SHA512 517aafb83822914c6acb74bac0e244ed18d1bcc960678b532baa6056b78dfd53813589ea6ce3584d691da687a0aa632ed8865d81166ba133b25c3a58273ce44d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3dd56a026941a9c1f19b7b28446e62c
SHA1 825622ead6d6c6c8ca6998212a691fe144c6e689
SHA256 b24c4c1700d5ef78e7df42901cbaeed7c4842f6db4c9d51ddc227dfc57696400
SHA512 1d59a8fcdd9407e710ca90aaa43899e5ac4571818cb99516164d7523218fd2b15c57ffe2bd7a0d4988ce9a49210b616a0a27a9cee64f2b89a4eb781e76ae6756

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 279cbb7b90f62b35e36096e47d7f2525
SHA1 13bae19ee8441e4b38b5521218694691fb6030a3
SHA256 146533768b39730465b2c14fe1c3cd176e2f943bc2291e0a29039bdd109744f7
SHA512 1336987b1c90e4d60e39fb2b15e66cca924ae978682e5479153f9a081607aacee7b9b3ae5b1af6944110614922d77dad9b15fed1a5cfaa857b10458c5683dfab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 27adf0c67bc5b832ae1e83903f874538
SHA1 9b98282b5e081ab385d40d393a1bb9b235340c44
SHA256 ae685ab15f4f088056f3fef67d117c1c07ab6a64b3a75be9718fa284e1126931
SHA512 0b6ed2cf09a5b8796ddea1380c3b2768658c2dc3ca6f3529a41db0ebc00fd58b52de6a68f707208e07144d7240edb7d63feee79f6667fe4fa7ac8dd471699ee2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f11d383444b95c80e2831dfcda51decd
SHA1 1d5a80384ef0db62d34a3b0c43212e397f354131
SHA256 99a09f114a76b39e57aa777daef4a2b3f98d1040d82c0f367c060c00788cfb19
SHA512 c1165311f9ce7119351c95a8076881ed88da99e97f9d49d04efef5e17ca54e3435a3a9500e5baf3871b9228643e216d2ab80ecfe625853b85c196552592717a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68b5710803e6c9988c74fbdf5245b78c
SHA1 9b16803a345f2d0ddd2fd15e8f2a5799bf92114c
SHA256 e9ac29c6daa3656a24f842b208d36869e4632ced3d8215cf616867847886de17
SHA512 d46784355d5424a4f5c354778e9523b8a3e96e73b464b7d29ccd49d9a12316aa15ef7c8736a7b856f7c1550d82640a52987f87871fe00e64451f8052226a1e72

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfd5e02e5afca7104253715e087886dc
SHA1 f7abaa6385915c1b017d776dc15cb2e1dae16838
SHA256 0264850c2961d26244275984debb27f40b9b0810bbfba43002dc6a9e1ea2df31
SHA512 95cf90a3b795a9c2939df0375b6ea280eff67fd9c0829e0bb22145fa95e8667ebea751db3591299bd5e94dd8aa6144b55d5b54c78ada8fcb2129a74de6f2ca2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 905827302a9b5254341b45661763a95d
SHA1 04e74b72673198c09d826bf61b85dcdc7ab89bcb
SHA256 8f992b936f706e4046a64b8c6fe565a971a6456a95a7ef5ec65d8052a994babb
SHA512 dd4ffcc900ea13d1879ed63ea3556c0faa5a79ce67936eb89d6c7eccbd4910b32142d3c62094c7ca1328443158712e9fe5092812f7911a8e8f2aee8f941d3d15

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5b4cca447bc2865bf37bbdec398f30f
SHA1 ff1a8eaeec9bf66c00a7d5d063a9dbf6312ad3fb
SHA256 9db6af83c910a7111c3812fabc6f4eb9b096914d10e9735ba196d168c1e03a2b
SHA512 4fd4e3e3cc755ea4730e4ee5e4719ed6c01085a00510b3fc533021ba6f6de7c7b7dad5a3c4482338c8a1a981773da534ec3c8ae530fec439fe75dfde3fd233c2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8713bda6fdd79e6f2c7e4e6f76d4dc9e
SHA1 d1f34176d3fc14c548b6c77220a832e544ba91f9
SHA256 fde1129edea215c8776f7fdb7c279a05d3fdd8c14ba954ec584d05bfbc77c67d
SHA512 36785d89b80ff964c68f8408e023fe22498b7601ed38708b58a70e22094bfd2dca3456a4a8e980bf3c79a3d6e690368942a6235ee6ca5fed196c714fe9917975

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1798316ad98fa5ad532f96dd0ac17d80
SHA1 b75d96d92da155dfaa11f06d22b7f7ad9d4bcfe7
SHA256 5c93c91cadb97f08952acb38c6b9e32d9be32e34d08a709dd45b7a35f4e2ee94
SHA512 32a4eea7ea24ed63738a36af67a4caa8306f38e24f67f02161b9fb2dddc4283cb41050f6533d03b2f9bdf3a7143db6cf4e04c0c45c2bb6ff283bcea20087de71

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16742ebf0a5507e011d5eafd53dd70fd
SHA1 7ace2c18e56fc7219bbc9f2026577b5c934aaabf
SHA256 5417a5e8f32a4b44a390c8314d60684425714562c5b59a974c0b1230c335678d
SHA512 6c2462bed8dc2778e802b95785a01cf7da75a3782f3d7375d67447c36fda0b7fdf5f9488572cec1ca0653db440709cf456ed0e43c20be369126d555bbb4999bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 529bae1fde4cf14e3d6640527351e688
SHA1 2c6ec855ea94623831f0398bfb1d958980aec484
SHA256 388419bbd3872349dcb1b8c943b2c6e60734d0651e28d1bf71779b6fe0210687
SHA512 6adb87aff6321b1283b0713f506abaa98dc9ea1484b159b23f2e869e9d1d144e36025af91d3ec36d7740fcd01741697e061bb3d11a4efa6f4882f12c337a6c34

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:44

Reported

2024-06-13 09:47

Platform

win10v2004-20240611-en

Max time kernel

129s

Max time network

139s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e90581e0e90e47670849a5a910297e_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e90581e0e90e47670849a5a910297e_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4432,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4444,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=4752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4072,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5468,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5492,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=5556 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5972,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5852,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.140.242.104:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
BE 2.17.107.115:443 www.bing.com tcp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 104.242.140.51.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 115.107.17.2.in-addr.arpa udp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
BE 88.221.83.184:443 www.bing.com udp
US 8.8.8.8:53 184.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
BE 2.17.107.98:443 www.bing.com tcp
US 8.8.8.8:53 98.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp

Files

N/A