Malware Analysis Report

2025-01-18 00:10

Sample ID 240613-q1rv1svhln
Target a5d9985924ecdca24e5e53d85e012d63_JaffaCakes118
SHA256 b1f1ed0583ea62b6f28fd7777669ee86f6186ec59f24f6530e4797b77b1e2c96
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

b1f1ed0583ea62b6f28fd7777669ee86f6186ec59f24f6530e4797b77b1e2c96

Threat Level: No (potentially) malicious behavior was detected

The file a5d9985924ecdca24e5e53d85e012d63_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:43

Reported

2024-06-13 13:46

Platform

win7-20240221-en

Max time kernel

141s

Max time network

142s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d9985924ecdca24e5e53d85e012d63_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 101ef6d197bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d67da1ed9211b94b904a1336002731b50000000002000000000010660000000100002000000043e5050b9a171d595771e386ea8c6a67e964fafafdbb5d536aabc318b6c854ed000000000e8000000002000020000000b0ebbc90d8b76418e9557c98304fad4f22d5f02c55e9f00256779c5a87b8f3f0900000001ae20e73401f19fb919f1774ebb646ab2a198bc6e1def95dc26e7f54be08c62e03ac753398b046c6c48a5d176558476b09c2e89a8fdb4416bc7dfd53a90bf2231f9e23b5022eb3c48b0dd781bf54c15e29107a40b98181645c13244fa4a650a2aabc790ed4105d79b76363f85f4dfaf1bf629a3c73eb7e10ff689e451cd01e5513b922c830a0967d333b4026ad2966b44000000024cd0ad7f06bffc55b3c419168e14a944d7a20a651c53d3f93c7b1f53497ea4a613f9d02d78f278a7ed9b212a8d1481a3a0af0c5cf600d8d32f27705be9846c4 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424448108" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d67da1ed9211b94b904a1336002731b50000000002000000000010660000000100002000000074dc548a60eb5e870ca09941dbc7c5075f684815639017d40c661d01dbd0fda5000000000e80000000020000200000003ff9429fd0f1a059f6f4be771f5d31173607759e2c1bee360822a93bdeebe46020000000fcb9a227ff4eb71f004add1538f76a6b707c68ce16d818f2075d2d96795329864000000036e01d8e4fbb5e358f8b287fe7b0510073b6081115e67dfaad192611a66e45acbf8670ebd953c18f2b2a59606ca639cfa9b99118d47e12e46140ac88bfa70eb8 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{FD3CF171-298A-11EF-B238-4AE872E97954} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d9985924ecdca24e5e53d85e012d63_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 xiaolongcom.com udp
NL 190.2.139.23:80 xiaolongcom.com tcp
NL 190.2.139.23:80 xiaolongcom.com tcp
US 8.8.8.8:53 statinside.com udp
US 104.21.57.149:443 statinside.com tcp
US 104.21.57.149:443 statinside.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 8.8.8.8:53 apps.identrust.com udp
IE 2.18.24.9:80 apps.identrust.com tcp
IE 2.18.24.18:80 apps.identrust.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab2657.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\Local\Temp\Tar266A.tmp

MD5 9c0c641c06238516f27941aa1166d427
SHA1 64cd549fb8cf014fcd9312aa7a5b023847b6c977
SHA256 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f
SHA512 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar2769.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ec3ad681e21b330fe01f83943fc4a51
SHA1 8a2a41d68c139b9ddabc448b3a492fe646c34990
SHA256 d3cd92aead05e339f0dc2398b4f4ed4ed9c06af7ffc27866736b887de3b1947c
SHA512 6db9da5562421ba9672a5a7195fa5d0b03cdc41a3c2ecf2e9ed37e4eab121d0f393dc21e7edbf7a59fc0f08feb711b17bf390392d0189b8a0ceb2b0068774c76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 901c99e797f2b439856e72ae28f7726a
SHA1 cb0ae9501539365664f868d7e805e330ba8a4192
SHA256 0fe654af1d69da05a10be8de2480c52ec48265834238d5e9e29a224060bb6fe6
SHA512 49e1e22b0c7834ed7e313b046d67026dc8080fe18a83afad151a2c9b73911d50a250b93344ea78b41c3f1d61d541f8ce74572723b4c52ed6f5e6f6b07507360b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 609a4fcefbd862a7d5c612601f7889ed
SHA1 a5f41060ac83b5afff7076b7c18820305f080a6b
SHA256 80cc69c1492d225c8125e334b04f3ec52eb84dd83b2021dddbd410f208b3c8c6
SHA512 6cb70e9506508c628a52324f75401917e8fa6fa2272ab203c8afdfabe4351f83232a9ebda1f45b241549de4b07f5b1970feb62a6a624e791e6118ef7d6c7a42f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e4c26c4b9b84203024025db21dadb6e9
SHA1 3acd6e42b19b7773e01b00ec59f3e5d1a7e67e5a
SHA256 ac8b39ea841be6e0e4ad1086c2791a537a1b34de4b0ed5a4adca17ff0c2545f5
SHA512 dcbf778d6a5dd5c623381df0170e06c97b85acba6bac4326d5abc2b9a3f61e85b83c4a470ecbbc869b95c5925834fb3a6afbb8c32055cf06d1a84a0e6bba3e54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2e3872fa4d58fe20638a7d442edd9048
SHA1 b2a0cf94947c7f860efdc3a896b25c10f2d4ede5
SHA256 30eafa75f0dc2b62118fe6aab2a29d6ea945a3b7abf26cb170452ff00753ff2d
SHA512 8649693b7c7bf6c6d706b028430b2a5a14f9e652c43b3c456200caa12ad29a3654cec253a1bc799003b4452b57ce83b71c1651795927a9cd02b038f8bf93339c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0617c14cf5b1d8348223b56518d583ff
SHA1 e6dee3d4ce40cf5381ef60ff127dbdcacd17d05d
SHA256 68333b1494f722eb309263567a9b1bec34ee8f345089e7c104ae480298687b54
SHA512 05506b9818c010f9b78074ac5fdff7ee3dc0202d0d43b3e5559c3cd9414b9400d4afe24df27cfcd6fce6d39bc631a1afb1c1391cdaa70aaa548cc8820d2373a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d5659f7544fad41e7dd2287f13bfe81b
SHA1 4712da02d9db7a4225e788417e4464ed70afe260
SHA256 8ff5a10ddf853e7e68ea974e250a557ecc1a49573c45765b355fa43306d2b488
SHA512 86a7f8acb8e27c6698e31662730973bd68bb9290ee3af13ecf4a38563b390ea76ba35005f4b05d956fc305ebd775b69551c72637610d03e692570f05e3312dc9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3ffb6cf9ea72dceadf3fe8ad95c9d530
SHA1 d90a2c9622cbcb1d2d6ad4d1366305f9268e0f74
SHA256 b0e77ae79c761097024d5119a86c39b6cee790f784f22b6f6b7ea108747c92be
SHA512 e7b333475e1622a6bf10913076304e6116ce331268a8bc7d5c8c035974253ac890e46d76c225288ddcb79907ebcc6c3368025c9962350c8540139116a26ccfae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 849d4d5b4ed1a31069f0ea1ada2be7bd
SHA1 cab5ad41847cea468d2315ba52b3570f9e4cc1ac
SHA256 e6802f47814fb4874e93d41f69c3a5a3290d652317a3adc88520606d99f711c1
SHA512 86b1d0f7a01516c45cf14754f61ef71ea46d24e02d34e1d81d9b4402a896901c36f79e53e6c2dcf58d160e7869a98e6932be9bf32a8620ef28e7d0f0da337dce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec12ef264d725b80a86a28d023d54f15
SHA1 b920e068941164b4b8ee3034a2d271cd1d605b11
SHA256 11311f96342fa306594aa052d254e9ad6f50c9f7cfef04fac980342a1b53e112
SHA512 64ff377568d18a452e1485a085ee969a807612a68b6094ebc058dd7aeac46976b57106dbd9a2b5e0b7c778b8c8a814dba9ae358588bf60fae7a203de38a426c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e52411b82f0cf516149ff946547352f2
SHA1 18665e70789bec33124238b46389aa6e8945e8bf
SHA256 10b9377ec52bce5f60bb548544850a1dd76ac8d94e00ed31b50790066aa1df33
SHA512 7eeb9537c1e891f583103a5e0ef0196210877dfe73c884718e69cd2a9a262be5f8c16735b54c178d71dd94499768634a78561be13b684264101397037174594b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bc60e47c7070e0b42d5f8821e4a89f14
SHA1 a11f83a9862bb090e07b4ea8a2ab275a5c66eaa0
SHA256 56cc6715d7a038144a59c95716f2cbddc160c07792a518f19e3062c4b171cb19
SHA512 e3389f12ef7ebccdeb37f888342035ab5660e0b95f6ab463567693b5243a8d9b58e6ce17ffdc029ef3c37d194c20aeedc4228b2a7cae6fb7739e41eb1bd31154

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 446ff127eeb5d509a477208918e6a1d2
SHA1 5e80faab3feda042caefd1d040bbb414da26d665
SHA256 4c85381a5c78ab1e65d47fa79f6f9bc9448be079dc85e04bfe9082c5d7ebf044
SHA512 a1131f793853e2dd5f032d2dca4c27ce8ff35aac64822f6eb613b17ff0f57b8ced8d611c56f5e970cfa1c2189bbd430945e14a267fe1164753ae677a132ad92d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef2065d3bcd08e4c6fc248cafe5c94f3
SHA1 fcb63cdd9bb830f4ade027b29f6835925c083c30
SHA256 4b315e9c10e62b1dd0971f34e308b9ac722eafb35e6eb04a841ec58214b1aac5
SHA512 4a0e978f955999f0e307b228f696b2cbbd189bf8077d11bd55e974835c7c205c92bef909b4ed16c297c1126871e3d5247abb5a3d37c705479da12d99e6dd6635

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 5895f749342977f3e55878c58cad2261
SHA1 afed221b52b7239bf0a6fe9e89b665337c9d541e
SHA256 f176fa315e00a2f92c3e0d76819d582954cce8a9b22d229a12e0dc38d0513ecd
SHA512 02a1517311969b9f649adc23b2d73404ed1e31636d8a0102ebb95a64923ed5fff49350ff487aba399feeb0dbf553567cec9940fef77318061fade040729b7a00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46bd988350bbf379e40d1f513d7f0c95
SHA1 f1736d8bf03d1e3e1d933efc6b0adee3e24a959e
SHA256 2dec24824378236a91bf84e40b709fb9627c2d44e68e9736505e3512f361b39c
SHA512 3b9ed0f906aa99fe52cc1113cf72acee940ea7a2f7e7da7ed55e92e87712b19218cb04031b1ca15c1f7d314d84af430129f4d87b1150590c9082651437652555

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5be0e961f0c0882533b538e68958f009
SHA1 b7ea97c6b8e955a653cf5ddf9916a58ba59aca85
SHA256 57411918f2e71ba62c1bd8c984cc87f4578cf996bb029c4293815d59bbe0f589
SHA512 58e3c0814a1968e717c8e20832fe483a66a0ecbd6af8498338749e28b55b220f03e0c29266d7f6357ebf65a926ce7fdc029029db7d4661108d817c29a3d59b9f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbf896f9434c28a9c8b33d073beda515
SHA1 9989188f2dea513c8f5ca560e56de86713a79346
SHA256 4aacf8c63ff31e77958a4d21b998752657758cc48504e9a8267bdd303c539507
SHA512 9e406bb66ad4d4dc89461d286d82fc4c7c8dbec8d4e71e9562438b0f62c08ad5070124c8508debf0c2ca98504365482802d53e0cb4a321deef3914b3622e1c38

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a3689d1d688e9dab9f425c69ffddb4e
SHA1 dbd8cdf621afe60bcac3ce6a565b4c5011b3285d
SHA256 aa32e5524344d15873d7bf2ef07f2a762795c0f8e93421771f40485fe4acb3dc
SHA512 7deb116b58851aa9db38a3970931fe380924a7caa0c8e9df66f05f1c8494204709850885e8bf55c19efbd669e87c12f90b793170ce1d70a1288784f13dc7006b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 bc1a1ead1662ae89954071f3304ad33b
SHA1 76f112951d9189e65015c113dcdb955f65d74894
SHA256 23b2f1a60b272723901fb69dd9f365c113504b72eb9eef9fd77231e6d2f61632
SHA512 94a2ed7280d7ac5162207d23cb209fe44679474c408b4f9024ba25c7449ee7f11ae2f89155d30e42c3cb8662d7142b6ebb09c3b32b76e732bd15b4984d1c886c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 96c1bd2766e6551def745036ba47afa2
SHA1 669b326d7f4ab370bba69ebbf9e3e1eb89be29fd
SHA256 d9fbea1e8a8dcf5d6cd879fab7cc0f7020ac156a87f8abfc8e19387243a4ea02
SHA512 0df016848d862c93b5c0e555106e7ae0d0fd54e8c6388b60b831e70e4e4f4402c05856306deb766fba79b42080a93ce1fb9ccfbe86477b597052f239ca440968

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9842b9f319a7bf2eb4e55c037f780edd
SHA1 7ee058b8ea515c9d94cd0cf7e7c9d3eb2dfdc6c4
SHA256 2800b29c19d8de29dad019af3e7bd5bbc716c1b9cea7671138101318a04b2566
SHA512 7105624b201edaf1a01c9714381e2efa57fa2153b4c2ced3551d55907813c459f6e04472ddbccfcdae7c728bf1f07f0361767a0caa3f020503ee1f9b474c0de8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 509b2e71edb03bbe261df6d2675b4a43
SHA1 e07263da13dcccdf670a02865d4007ee5d99cba1
SHA256 a97efb84a2f0573c1776e8bc6694e8c475568d8dcb9796a1195d6f061ac0b388
SHA512 23c2be9b61a72e8fb186078d30867ae7c23c1867fe5d0258517c56db0263f376cfe39baea87439041bc0019aecfd892caafbd21b5e530f6d9ea3bf16989f1228

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ae3f1cd2d2f59d127127f62c12382f97
SHA1 70ea8024c8222bf42a487b68bf78899fb3ccddc5
SHA256 f233b552cfcd04d5fa55d4a732ccd5df39bd19660193c691de8f83167b8bc0b9
SHA512 fede5ca5545286f492bb1735109b039419fe0d90887113e0d1e9bbcc5b4edf7c86e4190346fec2f2ba9d1860bd124fdc0e8a1ca72bfcd55e636136ab792d46b0

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:43

Reported

2024-06-13 13:46

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

137s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d9985924ecdca24e5e53d85e012d63_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d9985924ecdca24e5e53d85e012d63_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=5056,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=4732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4872,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=3804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5288,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5452,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5472,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5284,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5656,i,10925946972013221578,8820669985803190952,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 xiaolongcom.com udp
US 8.8.8.8:53 xiaolongcom.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
NL 190.2.139.23:80 xiaolongcom.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
SE 23.34.233.128:443 www.microsoft.com tcp
US 8.8.8.8:53 statinside.com udp
US 8.8.8.8:53 statinside.com udp
US 172.67.146.166:443 statinside.com udp
US 172.67.146.166:443 statinside.com udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 23.139.2.190.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 166.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
BE 88.221.83.179:443 www.bing.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 179.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.253.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
BE 2.17.107.104:443 www.bing.com udp
US 8.8.8.8:53 104.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
BE 88.221.83.201:443 www.bing.com tcp
US 8.8.8.8:53 201.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp

Files

N/A