Malware Analysis Report

2025-01-18 00:14

Sample ID 240613-qhrsasvapq
Target a5bac47f92f191b556c6448443157535_JaffaCakes118
SHA256 7e39c3f241f3a73c774e420202d2efafef00f2a2da5b51fa10855103693adc92
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

7e39c3f241f3a73c774e420202d2efafef00f2a2da5b51fa10855103693adc92

Threat Level: No (potentially) malicious behavior was detected

The file a5bac47f92f191b556c6448443157535_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:16

Reported

2024-06-13 13:18

Platform

win7-20240611-en

Max time kernel

120s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5bac47f92f191b556c6448443157535_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000003a24bb9b386d104f283ca5a503863fe945948db14a81bd9b68f8d1c3a1d23d48000000000e80000000020000200000002d2489064735a547281db0df413fcfd909a6ddea76a701c9d2bb0c70f177b53290000000fd88745d9139b48013b5c76b7cb468f99c9d19e0872580cfe7ffa86097c351d58491a7ce27837bff160072a16a8d059af5c8b244b44a7ada5a55add2fa198f0e96ac76ff105a58a40b1c58c7066b3778aa92db9ad7d5f13b690a226b46142992bc168c7605f4ce5a6848d89b2bef27064919f448f43ee445271fc7cb3377cad9a2876e39b39d29d4c32954fd60e169b640000000e4598cb0d91b8ba99a5be823adf750afe932879d49495a0aca6191f5efc1cdbe0e06bf8f217062c8c3a0a869687d98e17b0977973d8f9126a53cabb5c98be347 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{17E823E1-2987-11EF-9A64-5214A1CF35EA} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424446437" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 601b82ed93bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a80760000000002000000000010660000000100002000000007facbe60541c444e271d6601fb995d9ec6047b6cb694d4d556f4615b5969581000000000e8000000002000020000000eb8fbec42eb846566cf54a2901f06acf3c859b8ec64bad2235f783568693fc33200000004525ec3c5e9e6f60ece7e1f6f7f0c3e07d1f4a4e3cdda08f8e7da1bde61cdb3a40000000f2b8b48771d38fd38b5ad5e0cd155062d18e25d05480610d6a12785655d7d116dfad3658443ccafd5eed8d8f578e5c036b5028485b7701aec3a47d50e231d497 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5bac47f92f191b556c6448443157535_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:80 www.google.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
GB 142.250.178.2:443 partner.googleadservices.com tcp
GB 142.250.178.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 172.217.16.238:443 syndicatedsearch.goog tcp
GB 172.217.16.238:443 syndicatedsearch.goog tcp
GB 172.217.16.238:443 syndicatedsearch.goog tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

MD5 cb85f3fcf86ef0de7ef258539cae87de
SHA1 c73288fff07885a62f8c7033b348863ed3b8cad1
SHA256 7430a96d94b1faa5363b7656b323ffa416fd262e0405e498bb143dc93443963f
SHA512 dc152f2e8c8f7e316e84f7a1f3996e02c08d582d6d0e40b8bf7171e359ea952a80b7452e56690b30fe98b4655d4744e8529a930449ef1cd853e377f86294b2d2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 7bdc55127c78272388363e8d712cb7f6
SHA1 2c0607b85ccf2c9f4192c4636f7fbf10cae6cb1f
SHA256 580c91267d91c152f4efc0badbd33ee9ed1b0b835cc0850c73f35675b2296786
SHA512 1ce8f2014af4eee96e0fa9df9f3fa7a98c08617713a7507125c833705bd1c3e8b8c47db4620cb15720847b97561a877787a20ee531853a52dac7f19f64e32cb7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

MD5 ac89a852c2aaa3d389b2d2dd312ad367
SHA1 8f421dd6493c61dbda6b839e2debb7b50a20c930
SHA256 0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512 c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 adaebe12e2c941bb2f2d07b780fa4364
SHA1 6d41b584d2d53fc1d166b64c7109eb677e676267
SHA256 f66f6915614e5926b950688bf31687efc878bbf02ea80e02c02b25e798a37d59
SHA512 e46e7a913f3f10b4cf0a79c664707a004cc22d736986f591af4c688089ce426f95607fba5232d064987ac384347d4f4220004e5257ce29af165ab124e29469fc

C:\Users\Admin\AppData\Local\Temp\Tar764D.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\Local\Temp\Cab764C.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f96f05820812084ccfcb4c2f673ad85
SHA1 e1de49733fd419519e0bc14d1e65046c9ad33ee4
SHA256 6caf7febd6bc8e481326d193cf5f03b7f9f0a3861825a72e5bcd7d39d9601719
SHA512 eba04f47260657299f570e5695a5d73b042b2b6e73ba37319dbdef2764eb939116e358e83a4950ad9dc5881e89bcad7e9e54da961f3fe5809cf8e525c6c0ee27

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c37a4c83d7f77dfcc2ec7b40057518d9
SHA1 b30622e6f3d2b9ee826d91111d2409eb5a0ace57
SHA256 ffa7739ab7612327ff69e53a51a1be139c219d8655caf470e7b863ca7c7488b9
SHA512 6999816a78f155bf836a143ea72dd49a22826165f2fa2371155cde64b1a97a9fcc0d652a8a5d34ff59b5a8e9f9f877f83a439cb06f144ceacac6be7e74129220

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 53aac7e604fc3f1f81411e26765f9846
SHA1 eb5ee290274b07b57bbc3c9b22ddbe98d86ebb94
SHA256 bc78d038c57e880c436515afc9e34a80b46d60633af60b5c6976dc461915e796
SHA512 c7f9b3f256da52fad0be1c925112006acea5524798faaf5f16bc1ab0047b05c8013886449397b03b05190e650245c458ed5f69e9bf1caedc2e381264274b19f1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 444d727ecf28f07b41675112f82c2174
SHA1 5a284925bdffcfd0b1d3beb8a62ceadf32632936
SHA256 44977cdc3bbdbbd7d2ac2e233d76433f483db8afef1dd4d79fa7ef388f666a04
SHA512 d2c5ebb90904be62bd4eafe913dcf16774c5ee340676ed062652fb6a45fbb94c7b37741100caf762851ffb7fb8cee80c9648b8b245a4c437356f1181646777b7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9e6593f1425c58e8211dc3d477d4edbe
SHA1 66247a99af0571aca27ef3c675dc81631636d186
SHA256 3f283d40bb3952d3254610e84c9db09c9336179df4c103f61418b6ee22065615
SHA512 42f5353019f08e1b00b750407c88c763a1f911509668b58902ff30fd61390b06708eb6d1b2f6f0536638019be86e71cd1281187202a255a7cc82f4835f18871f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b1924ed5224f0a9f6c444076224202b
SHA1 0138a13747988702e0d2cc228508f2cc15c0626d
SHA256 90c950ab6c89dd64b58ec7f01bd671a205a389cd62f95602cd8aa808db80b3c9
SHA512 ea238af34140b9462e681142ffc9ca289f91bc94eed2bcfadab2ae7bc41e56407dccdf9c0dd335299991fe2a7f61dab1767a29ccdf30d041e59e543c2ddadeaa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ec858bfabd7848670b046f00c9505fcc
SHA1 4f7e459a3942a07a306d315165f927e12a8567b4
SHA256 12535525a4ab6075cc453d6774226efb4a51e0a51878fdc77c4990c33de72502
SHA512 8bdd289d683e8181014f216ca2542c4d86c2d663fd6d15ca9650ee0384b9a5e345aca2760fb35db61a91b764fcf65efe87b49a4aa4c23c0602d763d26958b385

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1e7ae5212167a33d00cef5c40489d86c
SHA1 552bfea1999872217df4c6aa173a9569c404da04
SHA256 9a0bc316c74a8163182229c4e08d28f6908777ef8525b217ad87cefbf294ab5d
SHA512 a1cbbadfe00fe82bb371f3a466f6a8164ef7860d8718658aa1be10972a58f1fbf80fbd71d01f0d1aee0bfdda38312137f5cb71cf2c4706eea3a0069b53f57f4f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bbfae96cff5d8887d82f5ac931380df
SHA1 5795c0722ad22c1e3dc9dc7c1abdf1f4d5f27f75
SHA256 58604aa259df3781ec9ec9813a590c9225c78b12549cfc8fe0bdfe04ad52b36b
SHA512 e23b08a7557e36111b44889516eb1cd5857f821dae3d59ed0779f3835784d1fd773ec909431b3731416ecffc198cfc291ef55c512fdaa0ba92e4d821e56ac7e9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 45400d66d1b040d98c8a7b67a9eb81f1
SHA1 17993dc3f2ac6c839d19984edff964eb76448e8c
SHA256 73fea37e7ae3022ca2b47b993a84d1fcea2d764d78be32179ba340b22114ddea
SHA512 224ccf13d6b368215f8104914210690aff3f38a58141d8b093ba5e7036f9cb4589ea7b770bed9f5b6235da15f371f8e8de981e7aced69b4093424cd9e6ffba76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9a0d2c5bf9f53d8ceb2e3514e8f3767b
SHA1 a8212ee11db96b06776a46d5b488b85a0dde0d08
SHA256 4917c39ba017557878db362b4272dd6b7009f9e658aae5b6eb29d47f7aab1f33
SHA512 e5eb4169c31f3b2284f0f1651e3ec347ea4e1e9425dffe4acb45fe4a1db00664bff674adeb41e29d2194ae5e6feb7b3891f7084f2a94da2ff98b2b3c60387b8d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 93bec111910d7e2947f80cee44394ebe
SHA1 f685e127982b5e79412a3178a1f1cbc7db988078
SHA256 ef0b3bd2b359c9b416b4dca905a1b39f43d264a4b40cb414251edd87d9c4eb0e
SHA512 82fd4eb23e0c4e4eccd8b7d8a75396d58bc4e2be24c8f5eaa6f7f5b23a340aec46d7ccb7f3352b8616fd6b5b908960b5657ecf20e7b837d7fc869c9f7017d434

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5e5ad7779231022545fa2aaae577e70e
SHA1 cc64c41b5c8d0cfcde2f4fdb43aa42f251798dec
SHA256 2d0504ab43b92c071bc2a263f0322a4dcb7081b81a4fb50f3d4ee113ca97d0fa
SHA512 cfb438413c90a6a84255de762fb73fbbf7c94366557d85b301c372b318972bf15b10dc5ef5517b8498244c4af0812ad25ff93b0f50827f0d3271a35058373f8e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7820226359d684e99ce0e7f393dd47be
SHA1 dbca1081f4ea7f9f2e2deeb7a1aba86e8b451715
SHA256 742d3bbe9dfb9b6d9785550c7b39d8df175a6515feb17b669e9490c37e0c9cfb
SHA512 3ba361527fcbe85f8485dc5a79be3f0f79c791f1abf217ad7037647f489e9664f0c75c12145abc3389ec6149bf98d721601f61064d968c088b3adfd99b972ec0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d350fce071ec60d3ca655f91fb46d62d
SHA1 d9cfff706fc3dcc767cf4ebc9435ff28d6c30142
SHA256 103eaa33ecfbbc28096d0f9244a427f3f12749c94629c34d25ebbc2638307265
SHA512 4cfc6c0fcaa20096e7b9240e2283ca1fa0cf852332f55cb22d9159b4a0e8f855bffbffd34dfc261f9c38adf5d01d4ee71d48a984e0d972982a8cfa06fb344d42

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19cfa736e1ffc814a8cf01b65b70c3ee
SHA1 ccf9f9db5660471ca3b7d0c12155ffd764cd3841
SHA256 ace590a14a10b934bf152c7e11acfa7b5e8cde0f8cb1f7b75192b4d1597f96b5
SHA512 8c8f32ca2c42ad68706ef885a26eca56291831063b69cef26ba57ef9de0e0e301272d7c943fff9b697c6d513d1b5a07dfef49c4bfaf46d818c08b108caa1a1cc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a461f03c147292ff8d3d685ba99e90fe
SHA1 c2f6bc078c9dc5cdc1d8ce911a9ebf13b3fa71ae
SHA256 00214403c19b8effe1e3ea3c4dd5a0a42a2f814cf22738ad515ae22a738338eb
SHA512 92a1a3728055499fc08babbc5625d530c813d2134b5d5d47610cb80e0e23a71db6e9c6a8a5ba2cd5b3d985231d8422ada993e3e56ab9946ce990e50648985427

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 876f507ec38b4a5330877ba437cd6701
SHA1 fb59f6263b645a5e5c55d544671a21ef9b44de39
SHA256 0f51eb4391ec0fd6de018508e5637eed7baabd3d129b80bdf3555e64f1e7b2ab
SHA512 9435591946921be754fbc1afd4a92ae32af007243266e23c9231eb83e442bc7700f883fd2d1b2012ff5505bee8fbc115c6b93b1e29657fece91aa616f5365275

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 00816be0e74408e919a224df62fdb827
SHA1 abf56d6b0f47cfbbcbc94fcbd62064363282af4d
SHA256 7c61677e898e85db1e27ad33e22d92f4da9a08e09b4a65ade7bbe6ddd06f09b5
SHA512 cff762079d6c647a4bb2981cfecfa2f50c90d202474f559e691835ffadbc914665e85045845628154d065f87b208e185fc930cc603c9affb097045b0312c2812

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8f6bbc09bae4e0790490a002c1a602c
SHA1 6754009a077b20472a9ee7d36d1a160051b8ebd7
SHA256 10926603831213dd2b7b4e7601cc53b97e5735da5db597466088576ae9bac928
SHA512 70d6eb1aafce96a8364089de72159300e2240530baa0de0002acdba9fc51c1173facd4c9c532e1d0ee9cd386de79302e88d355008730b8cb4c27f92e47f0aeef

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 978f9270f9bbae28c74912bd43bb2605
SHA1 6bca6a7f4188e50eead88c118d7846e63a0f34e2
SHA256 5f165752edbe8fdc30efe9efdda24c5e2d71130bfc19e7e0045a94fb6792d0cb
SHA512 444e533e8f3f92bba1b7e06a113ce1ea33fad3e0dcc38138ac7e5d901fa9c7e4feff2609da76d87507e99301b8dffcefe28411e31fcfb74d54aec118266268de

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:16

Reported

2024-06-13 13:18

Platform

win10v2004-20240611-en

Max time kernel

128s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5bac47f92f191b556c6448443157535_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5bac47f92f191b556c6448443157535_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=764,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=4648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4440,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5348,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5512,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5528,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5360,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6216,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=5880,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=5740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5896,i,4778049104057176787,6631751660692402210,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 img.sedoparking.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 205.234.175.175:80 img.sedoparking.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
BE 104.90.25.175:443 www.microsoft.com tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 172.217.16.238:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
US 8.8.8.8:53 syndicatedsearch.goog udp
GB 172.217.16.238:443 syndicatedsearch.goog tcp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 175.25.90.104.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 195.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 ww1.gahyraw.com udp
US 8.8.8.8:53 ww1.gahyraw.com udp
US 8.8.8.8:53 ww1.gahyraw.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 172.217.16.238:443 syndicatedsearch.goog udp
US 8.8.8.8:53 ww1.gahyraw.com udp
US 8.8.8.8:53 ww1.gahyraw.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
BE 88.221.83.209:443 www.bing.com udp
US 8.8.8.8:53 209.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
NL 52.111.243.30:443 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 211.197.17.2.in-addr.arpa udp
BE 88.221.83.210:443 www.bing.com tcp
US 8.8.8.8:53 210.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 232.197.17.2.in-addr.arpa udp

Files

N/A