Malware Analysis Report

2025-01-18 00:53

Sample ID 240613-lqytcstbrh
Target a4e94463c9a0731df3c9b206e4a1b074_JaffaCakes118
SHA256 75b1c7487d8d185a5c9b4c6e421ed7492f7eec4423ceccbe30e7d64c533b980e
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

75b1c7487d8d185a5c9b4c6e421ed7492f7eec4423ceccbe30e7d64c533b980e

Threat Level: No (potentially) malicious behavior was detected

The file a4e94463c9a0731df3c9b206e4a1b074_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:44

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:44

Reported

2024-06-13 09:47

Platform

win7-20240221-en

Max time kernel

136s

Max time network

138s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e94463c9a0731df3c9b206e4a1b074_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424433763" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9707DAD1-2969-11EF-83C2-E25BC60B6402} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4e94463c9a0731df3c9b206e4a1b074_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2520 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 112.34.113.148:80 bdimg.share.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
CN 182.61.244.229:80 bdimg.share.baidu.com tcp
CN 163.177.17.97:80 bdimg.share.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 182.61.201.94:80 bdimg.share.baidu.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 14.215.182.161:80 bdimg.share.baidu.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 182.61.201.93:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp
CN 39.156.68.163:80 bdimg.share.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab1EF8.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1FD9.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ba6a6d56279ff78b84532aa80d2b779
SHA1 65c1a83b5f23c1f380cb4330f6407e2e9dd2a80d
SHA256 7c1e8041bf5266ab64ddab62d230afd6cf662d3e4fe57d63250fb2eb8ab4b46a
SHA512 f399e433c30eba83c638b30b4a8ca370d18a60104c967a4b2b86465619bcd9c8b6522e51d1c85e7ebd3c13146e05ae6bda875b368ef7ddc556d2d1c91e7e9c37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 507994b913251f21ac01170471aede8e
SHA1 44f2475c1092ff6d4bc6797ae6cb57462419d0ce
SHA256 cadf8f8ea2277eefd3b625520d472baced3e69fafdd59d05835d4c54af076b2d
SHA512 fcb61b549311b307727a309ba08ecde0473611633b44fd3c1c6dd86ff9489ee6e4662ab210ca1aa666136ba058c361b4acc659557effad8a3ab0fa48b1589def

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3eb40bcf6f659cdbbd8b0f69a12c153b
SHA1 212b694b7a8f8306d2557ed8aafb9cca050463b5
SHA256 b86677e190019579a78abe0a32fbadfa1edb1c8ed402aa4fa87bf00f1c51fa09
SHA512 e19cab42ef9618e80a317c70b89bc8069732c13d96ecd357e67f8236bed1722893cd01983908df7b2671f2d9dbca1d406d6f6f5e304e67ff1d27d2c4d6a1a58a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4d8c78cfd4f337f59866c076a908e2f
SHA1 793921dbe7161e84e774f7b6c65270c6c583dc38
SHA256 c03155da4d394e7cc444c76b22623a107af147dc6ea4eeba4e72022063dd3381
SHA512 48d2b8a3cf3fd564b38b552889a6ab9c938ad4fe43eba6425fa15dfd93ead7bb78d162b2135ed475954e9dc49e335468f9f4b28ad56dda1c12b3bf703031cd2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9391017e7095d553de1d131e9fbb499d
SHA1 bc51f17382c31fd7cc0f3d707f06b5a7a602b0bc
SHA256 27427b3ab1a9d3d98fec0d995b1a3930f2f0a3c291c3f44821fb310d98d70e2f
SHA512 c80101980a8797a6f05839b1d0d44c5474bef182fd2de60d9a2022053ed7f6d026af55e9bfc51ce597159fc83b7f2399d30536bd6f93e3ac1ce24b21f1f74d02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f2e34b9c474e0c330edd4954f6c1329
SHA1 edc9545c13929ea0eddadbcb1c92dd180bb38e05
SHA256 8723a7c99765a1f3635abf8f929570416e30c949e797e3d19eeabf0f2ede7d4d
SHA512 937e9699336140999ba1f54127ddb856c96d27c716edb68321545cd522fa8245b80c2a699c4ed97855b4cf8fa84e78083d368cfa6dac0443662e3a87946039a3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 775ba7f573b1344f7c9d31eb51dc8ab1
SHA1 1729493eadb79fc8b4b4c14cd782649103108222
SHA256 336d78489e62b158a0e8c6a5b2c6b0598d417d245837493dd90f71789ec4a719
SHA512 d662b6011bccd6a8e058b1f1df555e972a8288cd74f05f43adcb32685ae6fe3c46624a98368ac444cde1fba00d11dcb6706eb78eab0c8b6c32352fa64cc98966

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 de9a6997d9a4400ccea95e1cff93ecdd
SHA1 d92e0b313b22b5b2bc5f4215b9ec893b00f71faa
SHA256 bc0dc592442f34234a48a2fed9f19cd8932bf399cc723a0280993b9cd773046b
SHA512 512100ddc215bb6dd7a1f20345454a96c24d0498c670c8036c4060fbbeac88830dba72f01068a8ad75998c21705dd2c0983ce45c02992a4099ec16d696980d3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 809ccd61b1c76c98858f810f41e0108a
SHA1 4a5d87e4b9380c603c9bd02060f58e63a2664240
SHA256 068f99ed92186910a8ef3dc75a61fe8972062277ca40c8b7ce57b44e8f677b87
SHA512 bdd847f9970cb898c5ebf5d6ed7beda015a677014c94e74eb7c54ce7a29476247b57d6e99ea51b28385aba290482982d8fc9a1fbc96fbaa91994534851cf4db9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f05d15025651dedf170918e9c8ecc9de
SHA1 6d222ec11afd9fc37a4987d79f1abe992102be78
SHA256 11c1fcb8e80fa31d70470c55b9177101e46a81a2ec26719210d19fb133d7fca2
SHA512 808c8301d37ea29f5f682b7fe0b27765d750e257f2e3950515a7da4c0d51093907fd30dc87441d82c4aed8dc505f2f742a11056ff404631612173279d6791d10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d19db281d4c8e81fdb1ccbd90581a584
SHA1 dd518660e3f267473e9a246f9e8a28ecadd89642
SHA256 e98d76b7262a5e282a6cb9119712733f0311cbf4e4c536691795836b47a54a88
SHA512 5ccaa0a1a35c11d8ebe9e2e2d11a24b367386d55d2fb0ea9b9042e1ed0ab6bf45cfe81d8505a530a1e75b2c8132300b7b368cf81d23e9567365992d82f32b23e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7a8bb1e39ea2c0892a1de1e9f267dbcf
SHA1 fbde1d48293ad17fb72a2dc65f2161975e0e5f2e
SHA256 4cb591a6ced2d2d777c3806ac53438e6bfa34fc562897eac7b95d6e837aa0e64
SHA512 06434183adbca46846f0110149c542e596af85f1a8d5ea36b850fc04fabd62b6fb6fc80808d484dbb2362ca6a969571b684157650d6dd5c453328e6efc0ff298

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16628cddd764e750a66c80d048bfce06
SHA1 1d5921d558af2bf1f73011f2c7eddc421ab5c548
SHA256 6ebc1bb31e018797a8ff8197262cc5bb0da1a46ef4c7509b14ffd75de4de76cd
SHA512 322101c1c9150141cff2e916d9259494d53cb6ac2fe62505977f389db7e4b6b25d5dccead85d3b1f14df3a92128721e23ecc0a66b4d61d5d5785d186ac9a93a4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ef922b6f3e698a2f02c64191c1a0489
SHA1 a8cad0e363b64d8a7eb25db13a1bb02912678bcc
SHA256 76dd43fd9716ac8c75da21a5bd305e12e72325b3e93cfebc0b6eb70e1b088341
SHA512 2ba00ed14d603a2da2d4d193988b3e94c20a0e33cd3e3500aefac8592732a6456d262c72140b21e1e7b7ee71d5fa3c1cd7d65919ae252c4b3e265fe5cde12c3c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9984ad9afd166f49f6e708cde372dd70
SHA1 7f3fa121bc08d05bbe36c74edb039561f71a1aa0
SHA256 1da0b6aa2a86f0622afe82a281919e71aa2207c1ff63d4b71d3acc2fa83494c6
SHA512 6fedcab28695e46c12b2ced5a71a9bf71338d69a0085346706843ddb9f4f3785f58085bdc61878b4291733e5033cf6e0acc803934a5a40f95e191af409354078

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e91f495e416398afe07011943acf833b
SHA1 9e46d91c97ae1eafcc8a7e536922f54d4fd71886
SHA256 319a3a9919604c937bcb67e63571d3434ace558f9a1bf17b3786bdb1719cf0e0
SHA512 7cbb83cfec7cec8554964123b6dbbf62b53001d282561fd23d76cb57924b8a4751c0fe3f3b2c8b9676cb58fa23175ad7a0d70b64056fb4f9c9ff65e0eab0a330

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3e1496bcda44ae6fa46938ecedb446d7
SHA1 f970d22232486729c8ef53f5f2aaf32a733260f9
SHA256 c10b4b759679267ec8b45fadce1a3d369f97a54e8b4854338189e6c46478a6bc
SHA512 eb4fb7c0ee6007eba16c944b73399625a7532c6e34ef10975164f86c738ab3491d622c1571720a8a7aa331759fa140b05d84198568ee4814164fadd96f113ae0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 df5d3ad4926d09e62ce9ed584d081ace
SHA1 3346dffdf0eca015ab8e62b6a95ebf058f0569ba
SHA256 88b65aa710e8e7b5a5f19df70143c4ec1ab02e144fc3486b45c2ddffa60f8ab8
SHA512 161faf50a36fa2340bde185ceca82ef3098d24559ccb8e358b95719f39f8f4bbe9d750c2e99b45e9f8e7da0c771f42c66d5d383910ebd618ae17ee1a71821f11

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f8c9750d6970388f9f6901a6cb6775c5
SHA1 104f346ac04fceefe52f028808256a0c48ccc348
SHA256 369a98788ee8b46144dd2fdac7c002029c011a34b2a277b76fd4a908facfbb14
SHA512 f5bb80d8ac10c3bcfcfbc2c1f2feb9a3a7a97156bbcdf191edd8f9dc59aea021a68d227da2f89bdd4318cec7fcd4587efc2db2333439a0d07e2ceb00f787dcd1

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:44

Reported

2024-06-13 09:47

Platform

win10v2004-20240508-en

Max time kernel

145s

Max time network

153s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e94463c9a0731df3c9b206e4a1b074_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4e94463c9a0731df3c9b206e4a1b074_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3804,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3516,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5272,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5344,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5468,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5908,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6372,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 bdimg.share.baidu.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 www.578z5y.top udp
US 8.8.8.8:53 www.578z5y.top udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 239.249.30.184.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A