Malware Analysis Report

2025-01-18 00:18

Sample ID 240613-mexbtsydrp
Target a510538a437b0c1036536b6f2af2cafa_JaffaCakes118
SHA256 8f981cf9ad6884c59579996cd8867b672c0f96b7a97211d68ab331e65c68786f
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

8f981cf9ad6884c59579996cd8867b672c0f96b7a97211d68ab331e65c68786f

Threat Level: No (potentially) malicious behavior was detected

The file a510538a437b0c1036536b6f2af2cafa_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:23

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:23

Reported

2024-06-13 10:25

Platform

win7-20240611-en

Max time kernel

143s

Max time network

121s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000e0943b2615a43046d86bf7c9cdc56e8e8a805c699c6e18c6466655cfdf7a01dc000000000e8000000002000020000000f563ab42c64a039b0b3fd82911fae9dac69d95b6734b988fa5c140d598faddab9000000019e842d3485469cf46cd90f5b6c55067117c1b6129e68600bb4687ef995529ca9eb5ef330a9fad3d9cadc690e01c56558c25a4b9f270897eb3d16702fb2d2110ea77ed425444ee6cf296e2dfb126d5fac80c0958b8962ac19fc490f2b4e5cf396e755d7022affcbfa228e0b5b02b57b14860bc5e98692735c3dc5d7b3f0f6a6fcf5208cc0c790b2311b60d4ceedc218440000000bdd7461ae6aab0880d9555db7c98ca19d6b61ba7fcb66db01a54dc146ea76036a71666c6f9841092a77923f4c6cab8ae4243bcadac88f9ef1a696dbad9d87894 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F3AA8211-296E-11EF-AFF4-E681C831DA43} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424436066" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000b2968c6cf60b74b94229c882944fb8100000000020000000000106600000001000020000000e7de58e9aa854f8c42dc0c5323f5e915a23106def034c42f0c75e67e73edd624000000000e8000000002000020000000ab068130d253dbb2150e44fcc7aee7bb1f3db25b5be14e12e8184979af82196620000000ea499012957615014f72789665c19ef8132dcf4db88d71bb0b24b4ed4b8f3179400000004c13bcd8c7b3248be0e8e4a753f8f01785f8237679cae3b30f7f7a39a17c6b9575f1434f62402d6e423764927f0b0a674fab35e1e32d2bd6ac0b0f04b9e913dc C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60a43e0b7cbdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2812790648-3157963462-487717889-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2432 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 q42.nqytc.cn udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab908.tmp

MD5 2d3dcf90f6c99f47e7593ea250c9e749
SHA1 51be82be4a272669983313565b4940d4b1385237
SHA256 8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4
SHA512 9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 88e551f5073a1f2eb3f59e5202c724a7
SHA1 72774e7352811257b72d58274b3157055ba6716b
SHA256 68bc97fa34735b37fc4b17a731173eab256885a732c7724381e0a2d7a32346b8
SHA512 fad87425940042c55a153493da0e3d20db434d9cf85dfa5ed8e669f1878a5100a8f64f8b9ff1fde4f2ea544b9125207d02ad2c5c1232be25ba372696a2d4c777

C:\Users\Admin\AppData\Local\Temp\Tar9F9.tmp

MD5 7186ad693b8ad9444401bd9bcd2217c2
SHA1 5c28ca10a650f6026b0df4737078fa4197f3bac1
SHA256 9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed
SHA512 135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f24a6e727fee4b25293788badfe59baa
SHA1 2349ed044bac77321cf4a7149198b379a03f74b4
SHA256 6805f04341bd684f2b3ae1398a66f6d72a12158d074f4a3a4d36b1b57d54a9b0
SHA512 9c98869f1313d2c8d0560cf77d5e9798a6ee63ffd7fa9cda08f731c60ca8babf2d91da626838397c9faac61f50ac61a96dfb701ed707e9eb4d184ae3559eb2bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 da74c6281659958b45b51ab53c92364a
SHA1 f19f015fd47b042a111bfa8cb8c3e2edcddfc1f4
SHA256 6e8ce360fc789548ab750d4b0ccb953bbfd5a31ddca2aca91475a2c71e4e034a
SHA512 ced09ad19bd0a5f90209cad12ab0fff20cfce9ed44b9bc1c42a56fc32d3506b8749a21b5fe44a4162f367e385dc7b99fd4a3e67ef939f689456e16fbc34daac3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 17799f41fd831f531374f300cf4f83b0
SHA1 09b501155d978cf6d74478e21d487baa29e46d7a
SHA256 f884b663f2c3da08ada2d812c4e6aafe7635634c9498a7d5226af7889d733144
SHA512 ad23d8af8cc7060057d00521d2ec1812aa36bb40fe4b0d93076e4da5fd84d9c9328dfe6d6c105b82eb8ba2dea0c3099aa1ebeae387c5e7dca22ba07f6b46fe44

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 404791afdfbc0b51c6b19f14b4f9e15a
SHA1 ffc8d39cdfe04c22f73c61866bab4a33b9ac720a
SHA256 1237f98ba25df70466d4d0d0f7f5f051ddda0159c1e4473913df6d39f225f5f9
SHA512 71896c30ef56d9da2d8213e25f013c2f4403dfc3469d1f64aced99f7cffc96f2a12a57123758d71bb1d8388501e164478c0a1c028322d7433e191506ba448da7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82f9c9af310e661796ea816e83b1e6fa
SHA1 15e47497d6757cc052576b9494cd46c8dfa4b972
SHA256 0e7126036c50ae062cf4e50e4e4740dc3e603449004972345157b511dae2d377
SHA512 b38a2216bdee9747e3eeda4deb89a20b585e22ba830fe758b06cc45fc09e1822a564ec413e6d1c47115e35139c0fefd678355cfd20aeb9bbc2ae82cd9e32ed46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db670f6416fc0f3718645333f3c96150
SHA1 0a6bc6010c33e19a1415db657512840e01c1e8ff
SHA256 5559a7db2f7edb979d3c3f004c0dc4741eb92a8fe2ca3185fa2b5e2495fe15db
SHA512 aadea18a11b5e4da4a652b62c4907d3001f2bd7b061f9d1c274075a28e590976858062b04fa95a20aa58b4fe64272f308e0f408b431cb9bfb65cd513b9c6d77b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fb12c7a8c2972f85c7840365bbd67f1c
SHA1 13f90cf2000a886c6e9687e5938ddb27289ee012
SHA256 523d4b246fd5c3ba8aeb641160a5e118d34b054fd429ce43384947b5ead6d8d9
SHA512 82ef0e61ef5090a8cb75612a511ad914856bde08e47dcce2048da8ab48e467185f3be38116d02f776ce416f49082df4ebe04284b395f35b8b3344cfad47ad73b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5955e26cdf4cb4fd3d2fe48aa3b2698
SHA1 e3ed483719294c051032664506ba2aa95bc3bdb5
SHA256 b9894221062be43688732d6ffd37c64f94da0c80dec7c85f1fa6429d9a314229
SHA512 110758381ac6a4e816a110f98ca93cde1b0eceaed34cc3e76accec2f3922083553f937b087a4cb7562ecd8a5d7a5d056f2715a8cff0bae8da9ade89c034c5793

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1166a2705d948bc57e5c5c5a0de281ea
SHA1 8015e7dada4e427c401ae7b709228cc62a3cbb18
SHA256 e696be0647a3fb5aeb39bb31725d8948b68cafcb5bfb698ae85132b2b39aa5f2
SHA512 386c6c6d47387d95cf127a7813f2b26c299adcc239b917495557493a11bc5c3049e4809b144cab961cc2936cde0c9f7ee2edda46074ec62149248132225ec0bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ead9f4f9f76a73af731fde2cfcee74ad
SHA1 2be6788a91f87e00c9040e91a1596183760c4901
SHA256 c56cd24b79a0fc9ea5474e07de34b5db2b5f8266a585d3ae7060d1a17f2efd1c
SHA512 fef9b644f33371126988109f06ca93da22de31ab74c8676222ae96832eaf57e2e844f12704d1d282986357b49051eb88c60db66d8754616ecbd2fd26f37fc263

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 491a33d8402623ee2151edfe34326694
SHA1 fecd49ffa22bc620cc01732093ac808acae5edcb
SHA256 f5a4c88e2b0a38da73d23c1594221c88454445acd646b0c1f973ac98c07d1082
SHA512 14e41ca3985c8b1e2dc0f05700c238bd68a1864d82bb5fc55937d034fc9ede6e1a01900418bbc11b51e7008286c2fa983f68ddbca6c574d61f64180922db9064

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4e116233aa2fbd77e6a1292c7e577459
SHA1 cb59e2f4015be1f91d00225df533936aaea12d12
SHA256 6b61e29649689272882c095af02c2cfa40aece3c64c4f7a46e86a9cb96fc1855
SHA512 9dde085b2246f0c5ae4e1f79ce2385aba27f3612e6f1b0cbb8ab598a9d45a78f270242820b8f8b1b6541b6701d1539d75946f359c2a7ef0993cdbed7dce53fbe

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb2bc9997c4b69dc04817466046c4c16
SHA1 93a9524e50797ab19817eab5b6c881e1ab4fb11e
SHA256 8f42325d28524eca88b8091215af0480c5636702f8c530f953bb692bfaa5428e
SHA512 2cec1f7ebe66ce2409c034e073fb66f21bb2eb9200f547b071273bc1baba18fc1f44ca5450ed76b79afeae0d43b9ec084a7d95c5694e9b98174a7cbba43af5b9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cfe8400c4a34db7f5680c860cf0aab5c
SHA1 411da27f28a140b30a32ac557afbb1eea560d00c
SHA256 f7cd7aab37325a1a5da6fe435eb18b7fe6d13b78c4a9f2740e8f914d16618632
SHA512 eb956cc11f99eee2aecd43dca456991acbe09eba8fc52c3d49b2321680c7fdbf0a4c314ace1d86a29f9c5f32f3848418814d621e9c39f45c358995196f4797e7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 aea78bd17e4f446e3b6f8cf312f36bfb
SHA1 9b3f6fd96d4c2dba7a743583ab4cdbf7744d263e
SHA256 315fdb01f1beb51dc84abf54080c814d7240dc4773e4fe61413c24d86bc09dd9
SHA512 34079692e1072d45e057db3d2e81c9db324e64a165e89e85db8442aeae88ed20dd2fafc0590ed36be7049fe4c1620f38be5370f83531db9a5beb8799c62f2a4e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bd8f8e21b5df994d0a55f420214a2894
SHA1 bec8e3ebf043a3306cf518d37d852bb89492ef2c
SHA256 c3fe51c15dfdffb32175f1d50bfbb976ace35eb8fa5dc9a54f4ceb566630f7ae
SHA512 070bd8871634011a17ece7294e67e0d61b7a6208afa3cdb8e3b02c804dddd3efa977905d56977977ffd4c512266747d0f2a8c8163805ca71ccb877c723e622ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ef2a915489f744d4772923b071cfc84
SHA1 46b418a773b3308fcb60c8ce9e80900f2db0e754
SHA256 2d911dbd5ae7397f9912b313d0206c293b3c28bae9878abd36a564d4286698f6
SHA512 c5231ce9faba97103c18607b3948d7909a0d876ffcfba7e2dc91341dea64d9642e8869fffa95aa2838df91b55727c9c3d0ba23b403e3df0bb2c8f8ac38e09b84

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a8cfee84470fe8825c0719622f703be
SHA1 cafb9658838a6f5880e0813b666711913c5e8431
SHA256 2db797f780ce27ddbd9db9b3500f01c99613223c145d64c4460b122ece97f712
SHA512 30b268ced8f0713e85e337910281f2b5c6bcbec40638623ef29e9ba6e08ae91dcdccf6a9df9cb6f8a1c2a2caa996342e2bd575cd0491fb423dd08b8e1c0bdd80

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 10:23

Reported

2024-06-13 10:25

Platform

win10v2004-20240611-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3852,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=764,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5216,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5488,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5508,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5296,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=4300,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=7164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4072,i,1236064252342462940,13180713657498721890,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 q42.nqytc.cn udp
US 8.8.8.8:53 q42.nqytc.cn udp
US 8.8.8.8:53 q42.nqytc.cn udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 2.20.12.101:443 bzib.nelreports.net tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 131.238.35.23.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 push.zhanzhang.baidu.com udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 131.253.33.237:443 g.bing.com tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 101.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 237.33.253.131.in-addr.arpa udp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
CN 182.61.244.229:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
GB 13.87.96.169:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 169.96.87.13.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
NL 23.62.61.161:443 www.bing.com udp
US 8.8.8.8:53 161.61.62.23.in-addr.arpa udp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
CN 14.215.182.161:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
CN 39.156.68.163:80 push.zhanzhang.baidu.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
CN 112.34.113.148:80 push.zhanzhang.baidu.com tcp
NL 23.62.61.89:443 www.bing.com tcp
US 8.8.8.8:53 89.61.62.23.in-addr.arpa udp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 163.177.17.97:80 push.zhanzhang.baidu.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 180.101.212.103:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.93:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp
CN 182.61.201.94:80 push.zhanzhang.baidu.com tcp

Files

N/A