Malware Analysis Report

2025-01-18 00:55

Sample ID 240613-ltrt8axenl
Target a4eecf77690448da3d6b52cfdd132be5_JaffaCakes118
SHA256 cb58c5f6fea10f0d8d8030db21c193429f67c4ce80d53459a844b4c9fad4e434
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

cb58c5f6fea10f0d8d8030db21c193429f67c4ce80d53459a844b4c9fad4e434

Threat Level: No (potentially) malicious behavior was detected

The file a4eecf77690448da3d6b52cfdd132be5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 09:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 09:49

Reported

2024-06-13 09:52

Platform

win7-20240611-en

Max time kernel

133s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4eecf77690448da3d6b52cfdd132be5_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{46D8BC41-296A-11EF-B93A-F6C75F509EE4} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d01c6e1b77bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb81000000000200000000001066000000010000200000007cb1318a88dbfd6bf937b89a2513f0547bc34e2f235c3bce916790722b728629000000000e8000000002000020000000c8ca8af78a0e96a342cd1b2e2fb4b0311039a8f09e378e4a10b57662c7e3d6bf20000000e4c54edc5c7da537a798809137c71e60f6fe75ccdfe03139a120364cf002248740000000324a9bf17ebaabd185fbc250822c099f096de05c2161294da8493fb8bc96fcef7fce170e4be3c2e1e8019f72ef6ffb3e3517cddd8fbcda9505f0ecbf5f64cd99 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb810000000002000000000010660000000100002000000009a811644e0d6117765a0c258a97a010e0758660697efce1261b6322d616d617000000000e80000000020000200000009680891518beedd731e781339458ef735d727d1b29f0cf24c6b64d2d43176bb990000000bfc3290f1acbfc3fb66e56d386ed088be06a7813ca2959a6851d9d5923c15209a019a523692f46ef1a27ef7180e72d13d31b381b4f78fa2df27a683b4ba2fe2788ddd109ec467c380302c30b432ef67f8791cb23fa31762a8a14fb2043559ac85a36f9d4071780c986ecea71705ba0686db48629d863d3ced282f7a10b7d6cba0c99cfb9ae4f61965b0d57933325b6d5400000006c3e765197a626f4ab988e6da802ef83c6b993174536b872999702b83c4c11780165e542a3e69b4da5afa933d4696908848eb8b37e0e9abbb921af86054256d6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424434058" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a4eecf77690448da3d6b52cfdd132be5_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2124 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab25CC.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\Local\Temp\Tar2680.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2b40ff2454e132f85beba09b9f32b33e
SHA1 84ba2417c126da94e9833c8a6f35c98572b1e7bf
SHA256 feb4ae563e0681f839c544ded706083b06bbbc6517c2adfa336fdcc257045900
SHA512 d3b9b3366fedf5e24b27b95b135c50822bdf69f51d6852af679fc74c5f9bd16b903270094b9e86eec8a7daf9fce622c98fc43aa5d35df3bbdcda289d8d22a374

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 38ab5e671308cce9899d0467d9735da8
SHA1 d53b13d59db49034e0383553a2300a7fb2538e89
SHA256 5748349ed2e387788b6958568b46234953b156b9e7db5ca4c0e360854b210168
SHA512 a221f58fc97785ba6a8fce1e4a7ba1780addb6e0d71d48c23a7d21012a95702c9588d1ddc411a72fc5ce3b95a0fb0e6ac6b7276dba8ccf9add4b1ea784b602de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ff91bf6058c9f9e58379d0c7b0275c72
SHA1 a55c1a1bb44792b6f996e76b8ffebec331248b89
SHA256 cdac4c18699ebe75d3029eb72d9f1ae91d6620e75958dd01717a4e567e86405d
SHA512 50bbce919757614e65ca481db6d1b1a91a606b590cd4d81b9dd721f4d01ce7712ccf5118001fdaf5a1f6910c33af44bfccee77f0d2e3eb9f71a575fd6cb69a5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4ca29a544f01cc9dea715213cd1605d3
SHA1 ef747932186ba69fadb4298902991f30321808e4
SHA256 9868e3cef3de11d510bc91426e0df032a51e48fd5052d1ba6b456638695aa359
SHA512 6c38ca346e0ee94055f49ee6304e1bb19f8b146f1c6a1fef6cfd023f8917e4fcc6197794f8b98e3acbd491bbf2cd794a03f2e8ebca9ad456965977e9ab3b7957

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4cba486d034d3b794848cbd501f566f
SHA1 ca7ffdcd4fb11ab7de76868a0eba971cbbba2525
SHA256 6f154e91f8bd93575396eca3daddf7c5992fd3170a34319df6860203554b5701
SHA512 14dcfd20a62ff8e520a93f720dadde0358d3b25e46181f181f4ee5fd47eecc13df03adb40e637b8527fdde1f885221aa3a719e6287d92f583c3ddd6f81f08c3b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9157b3428e866bda96beeb0e6256bc5b
SHA1 6120198098eea2be1eb847d3aca469ed48062d75
SHA256 dd9fe70d0d46b02ae20f2a340a7f47e3aea6c7df71816b3c916c95f6b439b519
SHA512 a6a5ee59da49e4e8621f77af1cdbe11dddfef8cd8b0e50fd10e0fa8dfa7fd0ae8aff0eb7bd07637d5689ddfe6aa8647a6bdbb22a00d9ebd57e942f9749bdbd10

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b3caafa0546c6a11e23cb71454db20c
SHA1 d2a5a275e94e31e4a0e55231f3c22fc8b2328748
SHA256 416a3fd9c2caa88675747f849643aa915c1cdf39f31131377b4ca65d894010f7
SHA512 e2a3e5499eb08345700bac51fd249ccd5368f3696d89cdd5112b4279ec5e99f530b27c0bb8b4d03f4c2c45c101662394675e56f48987b74bfd3be19ad2fe3301

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06689116eb9bfd18bf0e7db19e33c693
SHA1 c1dcdfab6051bcdcabbcbb33a468907390b2daca
SHA256 f870f857a3d48b8aed6681f1826f926b470005ac0e31ae4640981e2cc85fbb14
SHA512 feeb72da6f7a4d726e1f025433af99dd96b52a8cb70feffdd296a7b573988fd64379d9c0c469dd3e622919c15220e989d36dc444939d3480eb20c0e31688a6f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30a170a90166606f92a63c7646acdf94
SHA1 3ed22e7fd7e3457800ddd9d24cd7267910a30afd
SHA256 1b0cd922166b5c587dbc0a14aff3bc172db639aa91562ffe251faef9c02d0985
SHA512 b604dbcb8bcc357d51d91ca7e0ab704d91f6db78c6794b74db014705a769393aca25c99a8acc02aaf7f7eade4a358fed0174759664182315608a8226921491d5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e961a7e39bbfe04493b758a619facbdf
SHA1 719ad6b3296344c5a513772bd925c69ba02635a8
SHA256 d84c32ecfbb127b6be4b86276ce71acba6724d2b7deff3d487aca636d5c8a38f
SHA512 33f2197e7caaa8d14816b6ae070da9a7b12f74fd69b8d7a16bf61cb552dd5c3b05d5aef36bb4f4e2d9d0aea7adf72f3ed0606e2a013f824aac801de3e2df80d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e62588cdcf9e1672d98b7063e4bf5372
SHA1 4158e2e4f4d6032e1c17afaaa909c1d031879626
SHA256 1803b2f1813a56d12dacaf2059496799198dbbc7c643182aad7f9a4c93604a2b
SHA512 a48abfde37892898104e46170b825056cb960aca93160bbc26d182b6d04622fbf41a94dd327f5b389bedb8c4f14fb2263e842ec895797dffd78627001b2a9275

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 008af2b012e6ef8e27c6740fd4847b88
SHA1 64ecc8baec8c9caf1739ec37309b45ca6e38b80f
SHA256 164fe59dfbf02ce1b453ad83e3bde8c38bb9175be867d53b48adda635ef46d57
SHA512 72dd0c6540fc59abdb3066cdee5840a34e01ca70fc14e2221ba999bee4d2de5e711f4c9f5d2aa16e634ce95821f523fca237d13b2c746c7b2e34c5415b58c04b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b7f7288709c4f9ee00a2d0263d286a4
SHA1 96cfb7e4a6645b33205587f6e7938c67616eae1d
SHA256 71c36f0a65a4eeede10bee8e08f737d57de8e8132db8de98ee7ffeec360a1679
SHA512 69b81d2894d6cb3a3da98cbd380ea38ea13ecb2622c6e5e6c22b2931f45d42da98892b6bf5e43b26507d19c533b38d176daea45ab08be58217f1c5d0c0e78db4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c40f699b8a42a001f17abd0a5033d089
SHA1 14ffedae59edc5cf6c6ef2b63d8394afc8182f56
SHA256 f9bce1356b77c5cf8bf8db93308e1ae94803faadff71910210bc0ac96c2d8411
SHA512 65cb9c1368f8ad4bc932c0f7c7bdefddd653052a9fbc82951ede7777d5d28635a54d5c1827b76b82d73f5c98097cf1cd9bf67812f836f77b17fe22598e9415cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 58a24f174bfc04c582e5fd7940260a79
SHA1 85c5123a1bd1de9d865db0be93cf0d3dc93f65e0
SHA256 f262203d342d90149d8b460476b6f5fff51c615178e7d5d54d3af5fe61734300
SHA512 8e632bf392aed77730dddeed954e1d8c0ce0420fc188c114d5e3098a105e47eb7d81ffafa45fa5ab4e2c3ba0d34566e089e03534f7bb94287ad962fb0a3f5641

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ed0f650c810b540885550643fe4682dd
SHA1 02d0dadef50e3e0bf7e197f2c9bb8dd306ddae5c
SHA256 340355741726c98fd9c60c1084376132b70d51aef88dbfc2ce5a6112e693c257
SHA512 add377b2b491e8f89ffe0a8761f1d26910c43f5f5f0c86587a879461d317615c7d8d8e20c4c059626b834e5d9d143512b12482b8c1b318ffbe0693c584c05c2e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53fde58402d4c2141f3617ca2d935179
SHA1 6ea3065c8eee0adb1a211c2c951f12bce00fb965
SHA256 a5c9ef38c1566b4ff2b060a0bb803e17357a559dff04cd8c23b117064c426f4d
SHA512 74128bcc49c9957bd286c2d1891c5b9d54d13d5d83602474af02fbe6d42f9cec935a69155f4f6e6e4eebf5e141e41e4608c255c7647bf3b25abfd1038cd9c8ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ac46331d5cbc203a2dc362ad32a0e291
SHA1 ca265c0e20e9f331654d563e35941a58bcdfa639
SHA256 ce2d50c082265682f9c3d177f4a75b7dbe3bb6df043cc24f33396859baba33da
SHA512 b35501322150b20b036a21bf69fbc2de47fa918099a39b64b562c9abe8919001fcfe8ec68f48f761ebccb614d3838c2efb86c658a5baed33c5774856696029be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70b354507acef611db877c80a603d3d8
SHA1 fd57c536e7f35245571621d6df6b37ec38ed2cda
SHA256 fa6404dd79389286f17723acd40c67e39fe3137b82cfd51bd912c64831d128ac
SHA512 daa28b13f99d06b8dac4f048b27ec6667dd67a99a3503926d064903602fdb463cbbc356ffd336b1f3b6e1f454aae1ecb06beccb2594545ec492439f7fb2adba7

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 09:49

Reported

2024-06-13 09:52

Platform

win10v2004-20240508-en

Max time kernel

133s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4eecf77690448da3d6b52cfdd132be5_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4eecf77690448da3d6b52cfdd132be5_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4176,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4196,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=4008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5276,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5304,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5360,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5944,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=6104,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5796,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.4.4:53 google.com udp
US 8.8.8.8:53 4.4.8.8.in-addr.arpa udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A