Malware Analysis Report

2025-01-18 00:32

Sample ID 240613-mae7ravanc
Target a50822630023dccf71ae3e1622a30d08_JaffaCakes118
SHA256 2aac6bc31f1c12e837dec272e10de600337f52daa919f26da56ac9b906b8ab9a
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

2aac6bc31f1c12e837dec272e10de600337f52daa919f26da56ac9b906b8ab9a

Threat Level: No (potentially) malicious behavior was detected

The file a50822630023dccf71ae3e1622a30d08_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:15

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:15

Reported

2024-06-13 10:17

Platform

win7-20240221-en

Max time kernel

133s

Max time network

128s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50822630023dccf71ae3e1622a30d08_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0cfaeaf7abdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000089cb2e0bd79eeb4b85c2b596cc48dcd0000000000200000000001066000000010000200000009fec2ace8f041dc91505724909c9795cecd40d1be8f73914ffab0d3e450ea39f000000000e80000000020000200000007c2a653ce695d1d8d81c83b3d742ad0a18339158c709b58d1781e7986a05f8c790000000ae7b0f9d08e598abb1d3dbfc5626809ab427775bca495346987d25827419623fe8f9a84f607d2ff19cac26c85b0a971c1a526d100444252e76b7eeb9f93593622d05eca53049b6e5c7b5539a9f46917652b70bd85a523bbb803cfbca0d1c76814d73190b18591bf4c10a2508da62c7b00e72e215868dc327b550126b824d2b0cb6f01a88327b608fbef7e2ffd3d502c640000000173cdf157fbdb90483597435fdcefff8b4409b5567651223119b47f5cb0e8e71a7d53d39ebd9ce26540b523e5c775d5cfcc74635bbdedab9ff50f7d016fb41d2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DAF10F61-296D-11EF-A564-5267BFD3BAD1} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435595" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000089cb2e0bd79eeb4b85c2b596cc48dcd000000000020000000000106600000001000020000000e1a34f8545f49ebcf9eb3e1c0e214822501c1dc0cd4685ecf26d6984be594008000000000e800000000200002000000018942011593cc0962a4e470160ce4c0e71f85b943ab84ce122acfc1963840c042000000084868c66ab51828b7b1b44e34db4cb26fbd28564e2d161d0e66343dc750f79f040000000d52147bf28e5de57458970d3459838619bd571b839b15add2b4592affab3b20ed4fe361d97dd922ad58666440a6e787563ac2ac48581cfcab8c9004e8e3efcef C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a50822630023dccf71ae3e1622a30d08_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1612 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 party-nwvqdtumtz.now.sh udp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 76.76.21.22:443 party-nwvqdtumtz.now.sh tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab4377.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 392e4b9be177c386e4bff8fc589b6d71
SHA1 ecaa1e1f0039cc3ee8903c8856927593eebee925
SHA256 37b306bb815dc2ac50bc5dc31f98ea02e8864e96358c1dbf72524a4dc14d518d
SHA512 7f51cd289d016d1ac825ceac8fdac8f567637518caf78a0c9054337b41350dff0bb0bf0be60db57ef2ccde9ddb3bd3ef672a873ed76c057201ebfa256ee8cdf9

C:\Users\Admin\AppData\Local\Temp\Tar445A.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d28fbe33dc39f5e221f2e7619e3e388c
SHA1 2f36dc25f38bfef56dff46c84e255615fc58c01e
SHA256 c3cf740f58edd5bce249bef63ebe11480c2d9962fd42b578e16a17f77dd77c64
SHA512 286afdcd1dfa466eb8e34de35817dc8cfe3e7121577d246bcf1d012e9c272bc39ffc6c6ea69e21094e1e31327ccb2f44de0ea173634962d39d09f96d9afc4dd0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 70767236177d4701d47a90f7a7ce01d5
SHA1 05dc903c30636f42ebd76f0a12c3632bfb314c97
SHA256 3e86c732cc3d36fa6aacd3d6daadad93607c9e21eb743a3b3ad943d193ffa47b
SHA512 c62d1a5c177c2ff59aa341d19cdc78bcd8a9c060b2f46d50859c2aa7058d87602396adbf4c6bca6765c44462eb53b5fba3bdefbee3d52a7e018a21308c3a257d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 633f036d36e7ec14ebe3e17ad8b68d2a
SHA1 77b1f0766171e23c4db52df3e657cba574ada9f3
SHA256 1d66e592e791018c6d94a72aa183721bb3dbd9c3efcde3e6f4a928846387b51c
SHA512 e4e17f7199d1f7bd617501dc3ab062c7e4e2280f07093e8ea60deae60cca085c10f487a312ef5b4956f257561c8906cb3a099551f281571fb03a5452c388ac7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6973b02bbab44fc888a9b3aff7ce07a5
SHA1 24a572be2b81a062c8b8dda495cf1171a1da49e3
SHA256 a194c1292726f624d4ae7e364eb02c60cc2f1ee22f9ad755284f54738a72c086
SHA512 cb76c0b6fb42a0ebcb006ddb47f6d91fdf58547d078bc5604aaeec2703fec17a1511c05b7a20d01757fd1fcba38060520cd5022b97b84f74060b18471496e5a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e65d8f8f9b6282932caab7eee935408b
SHA1 2345f98dd318a2c81b8755902991833dc3a608f3
SHA256 ab355b72f00d02ca473167614e7ec9d8bdd25a0e7a4a61909a1caba9cb08fec8
SHA512 4b1adddfb2eb09d6435bc3010090d82da62604c52ad2159e4e220d959477b01ef652e82549c19eb972c97b32173f99510a5a81c3aeec41943579dd0d78e9194f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 780a9619d9dab55184023d4b30a195af
SHA1 a8f13319bb7feac180e1edf04c6896d494160f09
SHA256 3626fcb10b567148f87e809218c4cb208e1bde03d605dbbc0b41eb4462ab3d39
SHA512 c4a1de69af7a7ecb971d1ff0dadf5922876757e1219d41646d1252ef8773354b45cf051712cf66c20227c0aa542c38c14f6139c196cd00eae5930698d5075ffc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8e1ac98a34cf9b0ed23688217c525cc8
SHA1 1806ad94f5244110a65a7c30968825315c80ef0b
SHA256 775d3e95032265206d5c2853e7949d148810824b5a543c870edeba1dff5f4467
SHA512 2288650e82ff6eaca7c1ca09d3a8019d0475cfee891a72cc1b49e38e3c79ee6722cf3accd92a8505dee95cb654d34ce5cd809c8398fd8ef0be2fe4386ca8c47c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c898ab9832964ebc61fe3e58801cd37
SHA1 0eef2b1a15bfa2fb35402236499b21dcd6139b13
SHA256 190afd091e0c6192b6e67a519642b3839c94544da9f3b894e862a0e0b6d34007
SHA512 22f15e8c96da3e33047b69f124b80b2ea36ef9c9399091caa2ad54884d25cf6fdd39a345836e776c6da11085eec0dd72b832de5ed5791777b45c286fe7e2feaf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4422b044253a8e4c2b602fbb44b39d1c
SHA1 5c2fcf226db9115fe0e64bc96fe62a1f4b4712eb
SHA256 e21a15a712fa751813f863cb00aa034da26ecb7469766774e2b37e1f4827a542
SHA512 c89a3f0e9ab1922ce2af001d6d7f26cf88c983ed0bb32038fcfa51628271a0be879cdb930abba15fd66cc14c359843766e3ee9d7164a3fb7ed0b2401b0b734aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 332ed94ad22e4856962468c670845c9e
SHA1 d518135699c9f41f4ad3d4b3dfc8f27ec61f33d7
SHA256 867b85220c7fd83b1e40f586dff984596242669cae925bfed99c40bb44633d98
SHA512 a0c5a8eeba9f3de9048b8498614fa9589e1d6952beca40336dcf2695d6327dd6903de7a6eecaa6326455f0673bf90ac7a8aaad2112aa48ab1d40efa8f342657b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 66152dcac899754fc0d4b4373ba2d33b
SHA1 9c86547274111e7a55221268b688ae6e88e3c919
SHA256 4d25268f6bf2b86960b6fc84a100737a65b35a5799d97fa0edd9abefad2b69a7
SHA512 385aac062e16952a04dacc562a32666cc9084c58a888e1ac25868af88cada028e07fdd69f3db074df08d440bdf9bb9bbedee103c820d07875d206158accc62df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d4000e34997e3ba81b28e2b38db87a1
SHA1 25ac4f2bba6bf3faf603920d3d0d9dbda4faea87
SHA256 082043129d0f3d0f42351038f4cc45c8762591f80b0d258554f458d40bf03189
SHA512 2ca5ecaaec61e76ad4a569890249551dcd6a4cfcc43c1cd8c478d76ab54eacd02e601fb748a452a183e48e814716e20553a7f342d75a82713e37bad536d081a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 954e69464ee0577885c3e4a86c30773b
SHA1 f35a2bd7cc3e14d42d3a4ec6a95d366b3abd9d1e
SHA256 489306095cd24f9f1e609fc6bb4bd4d3ef704cae9aa75c2df3a5385406bb420c
SHA512 741857900cb5c8ce23b05e4143068c3c174233f17535191ed51920e03d5ac4272bb57e29b1f068441558ea719720f208081c47686533337dfaa6136f6bd4ce57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cd2c27b033d8a68adb32efb599c9e589
SHA1 5ebd3c587c1e6000903a5eb5bdda57d55aa930bf
SHA256 86ad07332f8fc1ca806596eefd4a062686a44c8933879c6c37cb4997954df244
SHA512 0b4866a9fc09130d3b45b243d555a18e1017702244405e064b72e571dc90c6d99534973c6da5ff01c277e352e78ddf70a8ace1a607b7287d806cfbec4a969f4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 894d8eeb1dc9eba50c65f18466c8903e
SHA1 fcfeb866a8b2c39d6aca9bf2e3ba8c94fd1036a2
SHA256 ac2d15fdb4ff3f4b0ff34ebee0eeef62a59c4614f69f97c4a3de5f4d1be623bd
SHA512 bae7a115e7f57ea341851d2512a1d5e8f45c1ba49ece356d4366d040ad163893b9d3b4bbf6325a7066fe9970be6a0ff6f765237d575bc89532dcb2f9c585be89

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0e975049097d0539e7ed27bea33eefac
SHA1 a7fac55885590ef3404b91afc33375dcd0d181bc
SHA256 540befd29533a2e6102d6e4eb16664bbd9dc8e05906d743b650170e4e3a4a287
SHA512 6741c3fba012e97ad29f012d1a5111d8197baf9abfbcc47f29a98e392a71f71eb44b9b28ccb28839b5425704f37c4550f14984bbc34050ec0e8c094d4bd81e6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 333d4e1a8502e4e9a1a4c68bc2041635
SHA1 0e0c37d6d3ee84e701308822f4fc47817f443e06
SHA256 f26ed92a92722f3956913c6a38edfbbac42feb58f0ff1bac70b709618c8ff007
SHA512 d43ec3e308ee0955569dbb2abacc568cc470c76237c99e2e4aabd17e1e19a136f61796501cebd238d5be69d1f457ae4c945f627d646cc402dc9002b151a10d4c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a2501ccb477a938af9d568f9dc97619
SHA1 02a8933d38325bc176ae163e61b9e3e34a24fb63
SHA256 1f7c839c17bdd1d6471e54f23648b6e4e4973ef2bd23a0cbbbc3f8033015ede6
SHA512 70b87d13f9603e5b1a13ed6904e001c4b110bf1cbb6077fee32b7b1b6fbd2acec7f6172b35aae3e33671e6454dd5e8fbffa3edbef4a43c4117ac26daee12c45d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e30d6256e00ab7f9a86ebbbee80cf60e
SHA1 fff282cbfdad27d4a5ccbd6084b800a1f2e9951e
SHA256 203495631e2f862f975dad87d5900b95f4955e2c87042d6b02e0e49054910369
SHA512 8e3e909b413f0666dd5c3f447f07ecdfc54a6d04554b36f71c1008567c8a57bf28f006fdbcdd5e17aaeee6d8408487a10bc399044f0768cb611312be8376f093

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:15

Reported

2024-06-13 10:18

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

138s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50822630023dccf71ae3e1622a30d08_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a50822630023dccf71ae3e1622a30d08_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --field-trial-handle=2080,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=3960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --field-trial-handle=3880,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4408,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5344,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=4404 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=3100,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=3864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4412,i,6870419347051655189,5491911050420577193,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.9.158:443 business.bing.com tcp
US 13.107.9.158:443 business.bing.com tcp
US 8.8.8.8:53 party-nwvqdtumtz.now.sh udp
US 8.8.8.8:53 party-nwvqdtumtz.now.sh udp
US 76.76.21.93:443 party-nwvqdtumtz.now.sh tcp
US 8.8.8.8:53 party-nwvqdtumtz.vercel.app udp
US 8.8.8.8:53 party-nwvqdtumtz.vercel.app udp
US 76.76.21.93:443 party-nwvqdtumtz.vercel.app tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.20.12.101:443 bzib.nelreports.net tcp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 93.21.76.76.in-addr.arpa udp
US 8.8.8.8:53 101.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
NL 23.62.61.152:443 www.bing.com tcp
US 8.8.8.8:53 152.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
NL 23.62.61.185:443 www.bing.com tcp
US 8.8.8.8:53 185.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 84.65.42.20.in-addr.arpa udp

Files

N/A