Malware Analysis Report

2025-01-18 00:42

Sample ID 240613-qv2s2a1cpd
Target a5d1684277b21e2efee24da953265179_JaffaCakes118
SHA256 36f54b1654cf12e7ff28eabf23ad011367e0eb4229f7b5eb3b6f73840f78c97d
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

36f54b1654cf12e7ff28eabf23ad011367e0eb4229f7b5eb3b6f73840f78c97d

Threat Level: No (potentially) malicious behavior was detected

The file a5d1684277b21e2efee24da953265179_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Suspicious use of WriteProcessMemory

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:35

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:35

Reported

2024-06-13 13:38

Platform

win7-20231129-en

Max time kernel

143s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d1684277b21e2efee24da953265179_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 80e696ae96bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000f337f2d23cf4a418a25328dbd27000000000000020000000000106600000001000020000000c64d3e0b4b4d65fd245378cccd3a93af6426aa75eef32698ba1eaf8792d1723d000000000e8000000002000020000000232337b1ad9e69ef3878280fda996422fbd946fb70128e0881911aa53afd462790000000da040ae8fdbc6179c1b8dcaadef8ec53b0a0197e75dab2b39a6b8f13096a6ff22f748ef609b622572a453dab50a2b0e413451f3b109eada54e162c1b36438da68f736f1f9026d5aec4bc0cd4d9a4bc3063029b960c9c44a8b36b1d5a0f1bfdb1d902ec9a748ce81cd574186d9767890c65a3e8335ad9eade20de3fc1452f526719a4e0939c1256f1c396a34bbbd53db540000000e2270a3282a832ddd8d4cc7b62a03d503ad0c608cffbc62acb69ff176cd76b61cc0057ac5190acf4d804de5cfb89830af21d4bde09e72416de54f44e833b8a78 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000000f337f2d23cf4a418a25328dbd270000000000000200000000001066000000010000200000009cc1a65d9e96a00a9beab5cc2bd5fbad732e12be88be494764af283d37275c35000000000e8000000002000020000000beba3ac49c187bea6c3eb6e2cec199055e5da020a6d39c688d806fbacd4303bb200000007b27c5f521d5f45d41a37f5702cd37bf7f43e59f9616b0b680778140147da668400000000f5f93fb6ac8b9d1ea9f8db2cf0140c4ac18f5cedfd1199f9f2359cf6125fa282d9b70b56c6b8a38019a5a4c5bd305355a6829d916656ebe7c2a2fc510f1fe08 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447614" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D6D4A831-2989-11EF-9E06-5628A0CAC84B} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d1684277b21e2efee24da953265179_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.medicina.tu1.ru udp
US 8.8.8.8:53 www.tdsse.com udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.204:80 counter.yadro.ru tcp
RU 88.212.201.204:80 counter.yadro.ru tcp
RU 185.26.122.50:80 www.medicina.tu1.ru tcp
RU 185.26.122.50:80 www.medicina.tu1.ru tcp
RU 88.212.201.204:443 counter.yadro.ru tcp
US 8.8.8.8:53 www.microsoft.com udp
BE 2.17.107.105:80 www.bing.com tcp
BE 2.17.107.105:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 71392b686059e2c6731e1957dfa0536a
SHA1 89537506660ab9364eb546029a7f03e4f8c62ad4
SHA256 69b55e254c2f40c370979a864e1006c6bffae025bbf41bfa1a924914513a117b
SHA512 3b5cd0c8525c2dd23426c10f95160e54a2e8bc6cff8a7d0d6b29888ecfcec780a1d4f4e3783cfa1a2fe170ed16e913f8498a7a01913296873631daf721353c53

C:\Users\Admin\AppData\Local\Temp\Tar324B.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 77aea6271fc145bd078b6f287b2dfc74
SHA1 a744a1f9dc3c824f7dcca86979e6941fd52a39fa
SHA256 4cdc9e03e9d5fe9b0e430707b1fafabfd644c9a6261d0dda612a19a53ab6efee
SHA512 6b8859264c5047532adc9ba07344abc8bdc802ab2f8e698d510f10e3450b1bb950efab53f4f9c8b783349a20b2af4c6fac25d7555d3ff6840fe92b533228618c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ef35640a633d6f5a01bd2ee677d8db5
SHA1 3ce0106cfe3866d024f4ff528748bcfabda6f275
SHA256 fb4cb8bf233731e3fb399bd7e1393446a1cba36a7538c940dd7cf37e85536c58
SHA512 a9fd7369ecde773991770d9de38bcf1099f728ba96aa3b70baca453965d94cad7bd4e23005d987dc8818fb9c0a6ad9447bf68f06e3ff768bb87274e0168c01f5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6442a73478c4efa205eaa4112d162a1b
SHA1 37503d32352559eea24bd01ffe81c3896dd05196
SHA256 bc2a9246ddbea16f35408a8bd6f7804b35917fd068d0b4c65f5053ebaa4f2984
SHA512 617c403eaea4b0b64925e17ef2d9dc67cbcacdbf6363229cdd9721de105f46a8fba47395083adbf234515b2973c666787fb075d7a62477c7747f37d55abeacfc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1abea6c19931108bc8dc7172b6754c47
SHA1 e0f0fcdc457c304254e45ab59a7103452832c8b0
SHA256 28ec8d004ea7bfbd5610c83051f343ce91fca7cc2b4ecf6d933ba26006a8744c
SHA512 d88f724a9cbfa3e0e2659724f673b201b3e0501f4b0382531e11be52e8b9a9bfbdb107611fdd75b2eb9a53770502ee0ebd565b7bf3333f0d26b0f4194b458aeb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e8093d71ce32fac851f9a5c0655b261e
SHA1 cd4c5fc78558017039d67041a94f2d63c74d041f
SHA256 86a8822c3fd46070d98757c5bbcb5bc908bb68bdc39067670b28591fd3e54c68
SHA512 b47528182541bbcd88fec9af469cc2817683a6301fbe4c5bbd3351aebaf63d5e89184401a2ed8fb2125f3831d5bdf5d89a44730ce5118e98e7a8964b63c66953

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a55289d631acec3046b18bcadb833137
SHA1 ed199e54ce280053b494d18960fd96ce9e11650c
SHA256 c52dfb6f4bae91bf0da03d4deccc48826515a4166dc04aa61c556184e3ccf573
SHA512 ee5ced3923b80aae5f6294f25240b7c4fe02ae1b40aac7c70d117f049343d8b2332f24cc7e37869687314341e198e6d1716689c9aef95830c571cdf9079ca3ab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 8f7c320cd40daccf40a3554e01f9849d
SHA1 b13d3070fdd8dedfe700f9e4bf4cac00717000f5
SHA256 d409bca1dbfccaee80c790ee332d930c80d679057f022bbdb446ef3aa7e56c1a
SHA512 933c45d415697a938a6b085607b36f0365d2162fca2454fbddd4f6917a332f626d80d5407caa8cde7a88ef2d31159b50cbe6c0fb20b2d775c814054b253e5a23

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e0c06880e04132d6bbe73dbe68beb9b3
SHA1 ff6c9337fda1924c3e86eeb1a778b9d07b6ef7cc
SHA256 6c996e36454aa0239fd135d01426644993149dd7d6d0edc0e46be2eb92ed7404
SHA512 7ccfe3ffe33ce0d0f52ba7892d199e951e54da8d5c82099abe58dd3f6eafaa89f16e491bfbeb0c410b9c77f789249eda1df96444650ec6a9e628f3570753264e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f12ae17438f99702fdc68596eed731a2
SHA1 f2cf833a98e9c61d7e281215dd9d388e879acef5
SHA256 845252b03e501703e76982d52fb11f9e208db5d331ed72dc365f6570bcb2781e
SHA512 53dd4fd44a85771e77d1adf42c172f8ba216a5f38190294ebc4d77e5b041cd8241702022e03fb9c183a9bce2ae5b9ffc0943632a7254fa6619703619f40d656e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4bb2bb9c942431738ad648079e6a16a6
SHA1 4f061199e718f3dc9f668896c882e4687629b6e8
SHA256 5099bfe43a337de77a4016990109423134fff67dc8dc0229067f437e3cf85b64
SHA512 95e9856582cade870b4a1a21519157ea96ad6db67b733af599f88d47cd5de3512e5ad76c446c727324463963857d5711572fbc8060fab91c1ec100bff18830c5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5509c2bd09a687315c9fc9e366718b56
SHA1 3f2896b647e7171a160ed47b05cd5dc24cbcdbf5
SHA256 3bc16c75c46c2b0b4c0d7a6e40a2703a94286db1a676ae7b014b9f7b206c7dfb
SHA512 5ec961185e7c8649444a205699c57f9674b4f7d69a9f364b281549e97b2fca084df398d65022e93a377cf94aae4ee8eaaaa46335ff8a33a328b36a9082267bf7

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d0abd46ae3415d4aaea629d8b4720c7
SHA1 0ba43775ed6c911e163cc2ace48435abf534f2d9
SHA256 c0fe35fa1fbb14803e68a7a2e37bfbb987037711d1dba1b77a65855a2215aa75
SHA512 a8c201144d1b88b3406aa9a00add4ee840a64be3ee0b6a4af5263805971244b96150e7ee81b61a754c8f71b9056772de4d79e05277918b795ca51290650d2d25

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 68aa75ba6c1fcc5b763a17d4506cf0db
SHA1 7d77f66f0a435ee1c79aedee6bc7f99985117f43
SHA256 ec22d6b19bee5fe06c1ec99b6fad464cc29987778076c6bbe3bbf0ff32c9d2cb
SHA512 30588a32bed084c0319fe7af868cfdddfd70d2c92130c800be5bc23cf0295efea52aff1389062acd978fcacf6460c04b7c184555a081c099c9508074c89a0869

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3be6f0b84e8d9700b7e77b9489307966
SHA1 c5c06c09ce9c1f456a22138cc47269e034815e14
SHA256 4c2dd76777888432a23b1ab17ecb0df947045262b8c1f1a6ced9b62a7a656ea3
SHA512 bd6929bfd19a952233ba1c21716c7a27c9da902f2a293fcf0fb1394818a489db13c522ca5810b8ae38fbec1914d5135f851227be76ea64e9151a0f3bae758fad

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d35204b50fb5cafe82abf5b821f52ee2
SHA1 2bf2f280f76bca5267bb638c8165ff1b6475154c
SHA256 5db7fae953dc487910038a2b01025ed58c1acd74f8a11e48babd330fb7c1b569
SHA512 b85108bd38d0d94287eb10322d680e51d7c5fc531d653f5f7c0210693f7de2e8aadc61ebca9c8f77fb5a3272b7d10c14f2f985c37e6ad5a39459d971ffd4adc2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6d150cf9d0cb7d78d3f5965dc27b438e
SHA1 7fc6ce357f2352ccb08bcfb7a3d5bf6a56264a08
SHA256 4ab2a460e197fdb982627c084e026f0dbb087a077f93d5f10ab3a0ce81ed6193
SHA512 bcfca12000de29245b9923c3d8b7251927ac4b53aaef4b278d29b44c4c3d68884b5adc21825f8ad59be689ee3a377d2a8a78d6c48921b2e854ee1ded979bf460

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7bcf43243f259ebd6f7f3044ca205277
SHA1 0c984bf154f7ff5ca07f7377b47a35646ce24a05
SHA256 49ce68032bb5728b03d6e1158edb7b6884d6b046fb115b49ab72a260348d1cdd
SHA512 af8ab8764514610c40fe8fdf77a9d9455082477a2b4aa2124f91643cdc8ad2e6a450990d151c9604e5a5d61b94edf4dfc4e3ebadd63bc47755bf3b67fd7862de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7c13503a71bfba099550067e5b95f232
SHA1 51ec3daf2295261f4df5fd660fcf40c8680dd834
SHA256 b1e2b15ae5144f09e0ccdf2ed7b006eee69582f144937c8dae5f6adb87c4ea4e
SHA512 15568d398adf6337c53e063543a43b02e86de16b156e66a1ef38daab1dda15b1cdd3dcffce6b726285fa1a4644d5b726dc0c8e5450527153393d3a00b8ba74c4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c5c4c57370c249ba5da0232135cf5fa7
SHA1 6a63a4d6d845d17f53b55b95f6adfe15e1ff1913
SHA256 7bf8220e11f7829ea66c34261c14265673073215e9e7308d4909ceab05db403f
SHA512 c80dc763afe3afd32e4a0e22bab6fb2386cb6a7ea823bf5b8251ce2e8537d7be06209f2e2e23591fa7c081011c37d74adc79d5b16f48c120b97ff1b2ce3b622a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 229d543a0849eefa0db220b35fa20e80
SHA1 446716790284a1a4b1ca5dd63b45bf14e54dec75
SHA256 56d696cf31ce1e33f43d1835222cabe12edf0836b2222d90c9bdb032d34deabb
SHA512 c6baeb3e1a18998586993beaf5eb21b98bfa751047c555c65cbf234663b9bb971441ff142a72d5ffd729c7399de8852e6105704dbd71e542c8d0ba5b6902cd20

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 85c1320de18540f7e206fd2a32042fcd
SHA1 e549257e123a49b0d595d1955b0264b781f7dee3
SHA256 86c412f54492904257ec2d7b9155c544871aa30a4c90bd7bb724a69de65c482d
SHA512 e81e05431c4f97a8d29e6e58dbf2b24cd00d3c3f6bef55ae4a5260d624c4f20bcdbc45a7083f5165871558f93d7ceeab3e79fec40c8d32864ece8eae17edb33a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:35

Reported

2024-06-13 13:38

Platform

win10v2004-20240226-en

Max time kernel

144s

Max time network

154s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d1684277b21e2efee24da953265179_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d1684277b21e2efee24da953265179_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4792 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4780 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5340 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5940 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5436 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5600 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4792 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.9.158:443 business.bing.com tcp
GB 51.140.244.186:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 www.medicina.tu1.ru udp
US 8.8.8.8:53 www.medicina.tu1.ru udp
US 8.8.8.8:53 www.medicina.tu1.ru udp
RU 185.26.122.50:80 www.medicina.tu1.ru tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
BE 92.123.52.36:443 www.microsoft.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 158.9.107.13.in-addr.arpa udp
US 8.8.8.8:53 186.244.140.51.in-addr.arpa udp
US 8.8.8.8:53 www.tdsse.com udp
US 8.8.8.8:53 www.tdsse.com udp
US 8.8.8.8:53 www.tdsse.com udp
US 8.8.8.8:53 www.tdsse.com udp
US 8.8.8.8:53 50.122.26.185.in-addr.arpa udp
US 8.8.8.8:53 36.52.123.92.in-addr.arpa udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 www.tdsse.com udp
RU 88.212.201.204:80 counter.yadro.ru tcp
SE 184.31.15.35:443 bzib.nelreports.net tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.204:443 counter.yadro.ru tcp
US 8.8.8.8:53 204.201.212.88.in-addr.arpa udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.65.92:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 92.65.42.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 13.107.253.64:443 tcp
BE 88.221.83.251:443 www.bing.com tcp
US 8.8.8.8:53 251.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 216.58.212.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
BE 88.221.83.192:443 www.bing.com tcp
US 8.8.8.8:53 192.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp

Files

N/A