Malware Analysis Report

2025-01-18 00:16

Sample ID 240613-mb9sravbkg
Target a50c0b2a06dfacc59b961438067e8a99_JaffaCakes118
SHA256 0d1a67eeffb3debf46a771791173f483d8ea6ae8d0330db9a601cdb8343e07ad
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

0d1a67eeffb3debf46a771791173f483d8ea6ae8d0330db9a601cdb8343e07ad

Threat Level: No (potentially) malicious behavior was detected

The file a50c0b2a06dfacc59b961438067e8a99_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:18

Reported

2024-06-13 10:21

Platform

win7-20240221-en

Max time kernel

136s

Max time network

122s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424435787" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4D6AFFB1-296E-11EF-BAF4-4AADDC6219DF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d22acb614eb8f947a72b347ac349d0fe00000000020000000000106600000001000020000000540c5f3dc58b1c9550c171ed1223fb48b8aacb6febffca17948ed3733db5edc0000000000e80000000020000200000001bfe65e48c9ffbab403eeb439c62a0a68491b524d3aa8c6d68f3587b436e03e4200000001a54cfb2f94d80ba5976a2631a1f59cb15aab60bbffdb5a606cbd9f6f8f79034400000001d4ef5c184ebc8e0b87ce76310436574393717d0f3317a25011f7cd06ed9b502c0c9a6e1df29e243059fc0b84969ad94b2ced70efb4189f71bd2a1001905439a C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d22acb614eb8f947a72b347ac349d0fe000000000200000000001066000000010000200000004521b9337c7d3ec1386c7dde764770c49d7dd955cfd914aa052ec8f6e8725f8f000000000e800000000200002000000070d0e1ff042e2a70cc22090a26a4c553e7789ed6e4a99944000a2295b50f98ab900000002a59f240d0b1022f9527dc11e07e4800683d508c193393db85bc82305fdc7b4a201e5060434efb942873fee51d3a880c879ed66729e059ad808f61119995f5288edd14b73938dee9fd5ca960be7949b3e5dcdc59c50e6df57ea68461364eef1317fa33b88b97aa5019479dee302f027452dcd6a54b14dddf6f287419a484acc2380581acf0445991c03c7d546db063dc40000000989edcf3a68152271dfa01e52e27d42e5dd9e6b742c054ad35822b3ec6ee37600e1e62f72056e2e7d3e3aedff4776a9681af0ff09da1aa8be44b5bc6a2368374 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50adcd607bbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2872 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 web.nba1001.net udp
US 8.8.8.8:53 hm.baidu.com udp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.182.140:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 14.215.183.79:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.3.198:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
CN 111.45.11.83:443 hm.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp
CN 183.240.98.228:443 hm.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab256C.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar266E.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 017101faec858c00fd7e547798d11645
SHA1 e4703bf4b278f932a0a202038304daa250a266d4
SHA256 967d591368c8d18e18c3fc75a234fca81cba9b8170989407d2726f3420cef86c
SHA512 79fe0ac2ae8c4bcee46fd12dc22db4ad67faef033f133c9b502e4d762474919861f2ae1dd6a49fad6a86a712734f9fe5ea8fe85b3be3b6da6dc66663bc6d912d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 48d24390be865f23588f912f2bb3ba8f
SHA1 985c1ec802b441ac93f6531b92f1ce7b4ac8426a
SHA256 cbcfa08979e4322022f8601e8ac3e6039b3a7d2744c1ef68a079e5f7f24aec5f
SHA512 fcf2a86c2ff4924dc510e8706e85c57352021748a05ddd94382635dcfe4cd9b66d0a1619d23df1f524065f2cc81278c0fb85477cc52896f0bb28263d38abbb7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0f100fc4fd6f6b12cadff901734b6b4
SHA1 57a17b736f1e9559c20cf08d35ca833d8feab4ff
SHA256 fec62d7edfe72050309ff23f02782017053b2a394ee414ea03388b610a459670
SHA512 4f426ca78fa69a7bcaa8c89be7c4e447258eb18a1c94b63271ef2dfe6bc67b56a68f6856fd9087ae433b35a3ce96e145f8e3f871c490e602ba77c94be9cf8333

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e147bf3ff4b789005c4ddea2fbec3fb6
SHA1 9fbfc5f1cd0d964fc47d2c5e9b76b8fb4631d072
SHA256 6f2981bd3077fb4aad4a4cab351429c0e97bdd2a947ff3924a8489d5d540476e
SHA512 837a92cc6b642db25498bbb0acac38d05cb07d58bfd47eac097aae4963a494c31e55241a74e6f15e280d0dc4ca642fc9e605938d123bb494a91667534a069c6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 610200f5d52f9733152ca36e542df11c
SHA1 89011cf34bdb2ca533234b9c60c642267d2aff87
SHA256 c92f5847aa0efec6d93d2dd628896fc4d75ede827644606149e608073bd91040
SHA512 10ffc593fd5eed63d84b37504112980ad6969d5bbd734f038f510e139bbbf52875c7ca954e1c24f4e353e21465447183ba27030a267dfbc2cc4b8f1a01e1705f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c3b26f9f0f8a193dde69f7fd3599a78c
SHA1 4860506939b0e075abe41dead48d46b873f16c27
SHA256 f9b47f19d9482f17d33376577fbc90ee23b74cd1199e6a533e8b70121180ed8a
SHA512 44f26ba9de6c39c78fd8774a9e7f3f918f52b04658db053258610c9b6f2dbce569fa31c288b711eab7f6b17b2eb007f172c79ccc2c22a7d5cf9a6afc31563799

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dfa9e231c7bfbd4578d0a98df260ab85
SHA1 9e394fa5c3a64624e5e5553e5af17ea06ec7e439
SHA256 3bdf53fc00c118f794c41e32bcfad0689514bec6c8269d96ef9e9c54d447873e
SHA512 7ad373153bb5ac42ebe1195872ce7b7360841ed7ba8006b78f1eb54c451296ab0d56b0596445c88d096f050550bbdf9f22cc24b35a7f1afea3691b0343ca564a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e7c6d0908511d31d4d48fa6b6a80750d
SHA1 e880ec167873fad1325aac4bc9d118ff6acf22a5
SHA256 a14caa49dfe1beca8cd359e340e38478a45a33c8fca2a0421012434116b3d175
SHA512 59605716bb8f7191fcfefd3d8c1a8643249680d13df3932738236183def33cd7e9596a3ef0950dcd15ee1159a26d002fd35389ae3605d2fad5c2e5ed7c173791

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 80aefe4322547e4e70da86911df55728
SHA1 0401a19e0c2add017f10fc20e0b247e99aaea269
SHA256 aa3e9184ef2dec34ac89db51dd713af2c4b0461afbc5242dcfe935865900f2de
SHA512 31afd81416645be0d6ef9f3e2ab70b79acd9dee8be0daf88168ad6b648c09d16120f3fb241962ab96040eaa39f2368cfaadfa0e273d4ef1b8ddc5f4658abcecd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e9d405c18538f468bb6c4ddb79c2a5ba
SHA1 5d091cbde9e16ba0723a8ad90ff5b208cf621c04
SHA256 e53c29e2ed872e7bc4119903d1a774d1648906248bec1db113e2bbea8844a089
SHA512 ffbdb71afa990bf53de0e9fbb84638cc47bbe09b79e3dba4fb0280071bf629c95631f79f376b70cb81b1ed3a73555fdcd13a4b23f6428f95b7df4a53eea4ee7c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e7604aa8b8f838252b50c279f9b4bfc
SHA1 5d83748bb97f3fcd6ef0439efab32635b133a801
SHA256 a0999064d252320cca8243cc976a6cb1d4823c684dcb4cc986e927e5937e3e77
SHA512 38a21db79a0d6d5473abb942f9a214cae7edf67b0ad5647e2ac32b0203773272d392ce2ab2eab33cc583d5a103def3df25af9605328efc9cf279a1c654500af3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a158b5d2b0b35a120ccb2cfe582ba69e
SHA1 02b77751c3b064d239de3d8461e38a4eda045233
SHA256 647c45d568860b7849b0bf530cc8e28f43d9b7e6d75b45e37deb7b267c3d3c6a
SHA512 2f5f95104eb7cf3cd2aa1830af49744271df3383b1917b61226ac8e6b2545efa1df174e055f43d49e26c17ae2a33254275817fd868b02fc54f64ae7262716aac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 95b0f755e502d2a780da93f64cee26a4
SHA1 4b150040db3c7875995de73dd0289bd5d14f375a
SHA256 b3542e167f66c88e7fd5c1f09211ffa7f5104cef22d4f14882b97e4cef733cc2
SHA512 08d2aa17730ec336333aef0bcaefdb5cbfa8fd3af668d835d1ef57222648c8fe0dd00f848f61a088daa98e1b01f243f338387d6241db36bc90199ccb29e5225a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 776e4bf1f5aad4cfe99a0cd70d02c72d
SHA1 0e7b5a2fa1b675a3a6f9805ffbdaf787d99e3513
SHA256 b00303644c5718d3da5b9c37cd612c7e276738a21efd06fc1765279156b38c12
SHA512 0f132614f50aa74ead2b0d40120de37df0afb9bcc67dd365a9f2c4f3b2cb031fae1015912cc3daf1b50b876cdeddbdbc009bd268d0cf4c9e4445c98b0bcb8ab7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 187d43ed51d3346cf7cd09006ab3bd40
SHA1 c42a8e1ef9dc23f3f12d6b10e7ca92b7055069ae
SHA256 2dd026035172d1447ddf5be8d0a9ec19b768e793e1ce20ccc8b924a45f0e9a04
SHA512 1801d6aaff7250f490ba89e78e98b4d5284f14f4f2696aa0b429d87cac6f0f75890f0dd22a881bff67f69a9ea8314ef6be322e01d7d806c001bd5233b3cf08e5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17ff320e672513bdbb1ee5700c0245bc
SHA1 423b0eebe64e2107a411fd44128a73b8623ef69b
SHA256 d09d916c2703a7962f0d07abc6a8bd2d5fde50c154e21e4991ff92f382cc42d4
SHA512 9270cb15fb7dbe70495d3b3f1242e9574f572683978c0bf936f91937a06fe65b076d91c71fb47d758ed0574a52c6d8f1e3d7547f075cd8b22c3348906c364274

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 acdc30e10275d62e5b7d4e712bc02524
SHA1 26b2aa5f5ea675541560898c853d097cdf30b9f4
SHA256 f17e890f265a137916728dee3e507e26bb8c65982966d30b0b8f7f902a4a5b34
SHA512 debfe49e42745abede114c67e90cf793b6b3b48040af0dec87f8ebc526611c2055cd60951b97f64518b91ade6a67f40d364a23b79ce963fc1b38a7a48061a89b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ab924db7c9cd2a8e50f3c16d5362fac1
SHA1 1f070f84ff05ae301cb1ceb541144aed812fa555
SHA256 e43a232b5407a2a0587b1b9a10360862bb007dbf119323cc3c3c4530bb2b8dcf
SHA512 6b1efc828461f080cca234458672c5a3e90346b1df2370216cf48648fe371fe481bb0f48611077d881344626014b0b53a446a7484456f557b00219557ee7aba8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9f6760121eee5f88ef52e8d97bdca9f9
SHA1 0b6adfa6699972f3ab2f5c0befd34c67f252014e
SHA256 8c84c0a22f8a8927f67bf2749a98ee76aa67493f7965701ac6b6c79b880b1099
SHA512 041722ae31bb681cfa5b6fe81c2af86bcac0734f33872917fd7d3d66bebbfc7309c776dc934bcaf76ed687abec8d3f1853feae1bafecc9575746e197d08c07d5

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:18

Reported

2024-06-13 10:21

Platform

win10v2004-20240508-en

Max time kernel

142s

Max time network

148s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3980,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3260,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=1636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5284,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5320,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --field-trial-handle=5532,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 web.nba1001.net udp
US 8.8.8.8:53 _8888._https.web.nba1001.net udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 web.nba1001.net udp
US 8.8.8.8:53 _8888._https.web.nba1001.net udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 web.nba1001.net udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 hm.baidu.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp

Files

N/A