Malware Analysis Report

2025-01-18 00:43

Sample ID 240613-qxyjds1dlh
Target a5d4ef32ce32a7899e4e113e1da6b206_JaffaCakes118
SHA256 1d41b2ba0185a71e768d33308760c0bc50dd562654659f4bafae7eff20a464d3
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

1d41b2ba0185a71e768d33308760c0bc50dd562654659f4bafae7eff20a464d3

Threat Level: No (potentially) malicious behavior was detected

The file a5d4ef32ce32a7899e4e113e1da6b206_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:39

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:39

Reported

2024-06-13 13:41

Platform

win7-20231129-en

Max time kernel

143s

Max time network

144s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d4ef32ce32a7899e4e113e1da6b206_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Factor = "20" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d8a5ad48449e446b8bd96aea6ca91a500000000020000000000106600000001000020000000b3d3f2cb28f85ef2a2dbe23d6990aa7739033e273f87e85c6fd5037ee50bee13000000000e800000000200002000000041544c84f55025f28d494b0d00deee6f9f28c5b93a3f6263c904d1468812d9db20000000ac09378a5826bb1ffa2b961750546486df1d2909021b71eca6fdb66136ed7dcf4000000006153c286034bb83af6c6c97d61a5a39f7f693b833c287eee901dd5f9dea43116b8f68fdadbe0f188e4e404adc88c0b3baa93bddff51cd27cc8d37c0e71a4ae1 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits = "100" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Enable = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005d8a5ad48449e446b8bd96aea6ca91a500000000020000000000106600000001000020000000cb525219f5a8d167d098271775c64395a72c832b8e566f9abb67fea9aecd1eb0000000000e8000000002000020000000fe4382050febe7ffd5ae241d0c81addee57cfaede71478b99b48a3202aca4065900000005935096768cabf9b9a0d166ee5143137a748a92ba1c7b31f2351785bf6d8b8f0abf6af5b228249d8352438e00c7824bbf90a46d03fb8811c068ebcbfd56a2c644e08314a1908d2b069ceea333e2ba8af3de0ca3ed0497a98b784499a341a01331c125a1bda2eb791191cbb6d7ca4e0146a167f591bc1d7c9e837fc066c6fe9317b926e764ee8a1bd76aa1ed7d61c2244400000009008509a92fc6c67da277e937221713e9a69818aa83c7a1f605441429e598d9c8b93c8aedbbb214d6d99cb09b05ee144e1fcbbdbfa8bc987ca8fed6898dfee3d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{4CD45441-298A-11EF-A140-5ABF6C2465D5} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\International\CpMRU\Size = "10" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50e8ba3a97bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447812" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d4ef32ce32a7899e4e113e1da6b206_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1712 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 razgovorchik.ru udp
US 8.8.8.8:53 masterhost.ru udp
RU 90.156.132.125:80 masterhost.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 90.156.132.125:443 masterhost.ru tcp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.198:80 counter.yadro.ru tcp
RU 88.212.201.198:80 counter.yadro.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
GB 216.58.213.14:80 www.google-analytics.com tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
RU 88.212.201.198:443 counter.yadro.ru tcp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 www.microsoft.com udp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 90.156.132.125:443 masterhost.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
BE 2.17.107.106:80 www.bing.com tcp
BE 2.17.107.106:80 www.bing.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar1FA6.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b54a9bf72bde336ebc9e18751703ec7a
SHA1 354e91ddc82be69af06c404a7341f3199066e794
SHA256 1bdd3af32a3450245be6fc8412122e5bed2c09cae5a2bfe27026be9b5b908806
SHA512 7f0998573ae79c5034c52ffef76d33c8f66a7e44f07b16f5cca7bcbdb9ef9867b57dcb1328a40f2d594bb6f3cff14d59c2e0740e81c772fc3214c7f3e8add562

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a80d53ee6e182d0c3b27e9a7571d857f
SHA1 2653081618849c8a72401706e10e136c3e722ec7
SHA256 c629c4818b5abd470c6e93137b768c4ed27f58127278b4b15442d7d5fd1484a0
SHA512 d6f05c1e028ea177a54b41a1676b319d8ed425b15ac4752a7df2f1fec9da0b79640009ce2b95cc61c4a02223b2ffa1d5fd5a8467b27cc628fc0b16b8153f6ead

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 586db868da25eea3dcfeb5fb7ea6ba3e
SHA1 4800c64d87affe7155fbdbf07297f9b649a1590a
SHA256 2ea473ea666376c362cb549d1015a1bb2870afdfaa538d6647ac9d6f482d207d
SHA512 3bc48e3483c9d794e4bfb47682557ac6a90ac4aa7571ffb4aaee820eedb07f985251aa5079ead5860667bf875f6fe6704489dd9c2036b5daa578a3069e7bacb1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 21affd9b5a8d03a1c71e28cd85727d31
SHA1 3982d665c76bcec2e838387fcfeef9a734b6b2a9
SHA256 7a1e3eec9ae84491f48f9ce2f7652780c83c80c564982d0c85bb558dec0077f7
SHA512 2631b5ddcb730c644277d349e73671011e3228cc2561d0b9e94d5f33b042747103ec8a68c2b3a30adb08c00cfed3633f525cec8781f114e9a44b490a694ca2f3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 760f4aab491670108191d2f4ce7711eb
SHA1 6ffdf9b8dc9c07a8017ac0dbea3ad2a0de32d565
SHA256 6fb18381873d8ede7fedfe6ef92f255a6f18c11fd582ff7da782bd6590e62d28
SHA512 f26b768e321690e0f9ff0f6e84a73c4c035d9b3f10793c70514793855adaa86df074a720bb6d49245651798dae9a09683a4e4c6722637614141509410b3d06ae

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cac5208bcb8018d29671673f85341770
SHA1 93392e5c485679a62d54544c23bfc8f49b37b614
SHA256 13c913a8db8f5f916931e43f87fc138b16be7228461ea2bfe33ab810e5d5e2c9
SHA512 0ffe809afcc99a7a19383f760ba62dd1de45c75171a290f323adb04ac4802dc7b7152042829018d6b4379eb89dc870a3cb821ac9701f45b21088536da31dec3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b03530d8cc49ace27d99df30e90734e
SHA1 4200f9ef6a9ddfc813404182e872fc926bfcae18
SHA256 60f4e0eaff74aedb85eb849ef4d25a30e4e2b9e34db835c8a4b5cecd5e772cb0
SHA512 b4c39ba8972778e4e16de812df71cfc081d88d1e29aed83a93ac2b76e051f082f9b361265c8771f081fc66bfb4279cdaf4b542996f57c2a50af965197bb6655d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46fa52e17f249b71208349f3d643dae3
SHA1 0c391e0785b13753a5d7568ffe16537c6a23d90f
SHA256 6209cfd73a15c4508904ad586ee4a5a8b489998218325a98ecf00234094c3cde
SHA512 ee2d0dbaa7e18de131fc0a2a279d176411de70bff47a88ffb2722ad21aed04a7a3533fa675fba4beb1bde69a1f7d055062f38af39fa8bd74d024720926c7f4dc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 847352130f6b1443723c44df32cf5209
SHA1 ce71fc8017567facfe3b2b06655641c24ce60f98
SHA256 3050dd08e97a0ddbe82024c3bf889d953764a3519aa95bd65f2eb9a65fc1ef88
SHA512 87b01baa906033e3d9129ab64b958e9dd1d7136935e9e420839fdf14e44d389ab5aed1adb09368b0f877d2310f9ccb2012ac496f35a1e2ed21a71d249ea577fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5b8f6f3c95909a09057aa51feb476aef
SHA1 9875a4478c1afb1d5ec94efe9ae37af9e27741fc
SHA256 dd51447b986970332266b65049caa7b5f5b21c677c4a7a8632b7b7f38bd43bea
SHA512 11b5b3aad28fa4e4012b53c80e9ed7c7f610bdbe2b2d779b063bd0b42e907c40cff514e4a83c60cf573e0d18d2aec2da6c2a1cbf42e60c5dfee2f5cfb0fc6ce6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2417dc10d53c431ce40b8e5f5145a0e1
SHA1 17d469bd232b2cf0ccda5d9fba32952bc917a34e
SHA256 f7cc6d51cd1dd77350c9d2bd0325c7260ffb3c9a9dcff20e2ab270bc00addab5
SHA512 25358122d99e69dba0928aac7b448706f5153858aa931b3bf1c2a8a0769fb0fd68051c1082bd08842dbbcb16660c82853cd58a6795dbd5a64b23183ecfe46678

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0c5de907315118aeed8b38aec1f6aadd
SHA1 12749992cabc7b468319565c249d181f5a8f8dc2
SHA256 47895a69eb330f3d53521a632e0a93118f6a8296b70df26fa5a0672456325ea3
SHA512 d3b1a74a03c7ed4ad636ecfcc27a1388ec3ff08b10ef2a9f101c5a34b802f7c8ca17f4737c8142b00fbe0988ca541f62e88cc1f38302cacce7c35bdc89148c60

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 f23a032e7d4f2208cde31415a21d1c0e
SHA1 d28934fe714fe49689dd18345d8bc2228782b9ff
SHA256 592f32f7a72ef1c9a8d57ed95f01f3e87e50bd9fffe2d3af12823e5089102a18
SHA512 145c7877cba70e93f35e52b4b67aee37618d43dc521786b6ca7a5ae07ad8928bb3c827b152d59a4ef91e7e010e6d11360ef5ddcf15c35b87937df7988fe88326

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 788a7c8994bf9e573e1d4a580275f505
SHA1 b2b3ca33a21ea538f4f5fb6b5cdb36ccb7c968c0
SHA256 a2ee16f1f92057f0881125229be9d35a5bf2fbb52e101fe20928a3bbb81b2484
SHA512 41190a69a9978ed26d57c93a4500f57e376ee04166557a5ee9bd6429aa27388f67bf3dbe883823ca2e2e28eae283f58e6edebf2b0971c985ed75d21ab08a99d9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b47a7f00919427783ae40443eef5acda
SHA1 e4cedee0a0e0f399beba5a3be45344572c7bc5c8
SHA256 fc910d16c5cba7a928accf54284d444d45298097d7ff5c81128cdc6ce3f0020c
SHA512 33e3de675cbcb6948f0a1c7d3a4003279ec46e39ee56fde442c881f336ab59c9b3e690b61b9b01225adc0c2316fc320b53a18d0863c500b4155cbe7fd9906eb0

C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

MD5 da597791be3b6e732f0bc8b20e38ee62
SHA1 1125c45d285c360542027d7554a5c442288974de
SHA256 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512 d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 44021dd9b340bf709b5712ac7c68a5b9
SHA1 9a931002ca51540559dd0bdb3bdab51a94f84a10
SHA256 b66fb95db690384a4ab1ae3eb649174f694052d78ba9c89a64b6524ebb357217
SHA512 848d0069f44066d81291a128bdeb9b2fb113ef5bf8dadfaf34f4fc3f63ccc21487f413d7a44c31bd3174af42aadef19cbddc83d05ca39cd404d06b24dc99cddb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc92d51c380ae9bf58eb1525917c4181
SHA1 982651c24f51e2130e0eb2a3b490677076aaa663
SHA256 fa629b1ea976f70349a446d0fff47d614fac86f49fa78c071b16cf07fd1b4fa4
SHA512 f7f1cc3dbc7414fb4e9ebcb92d47271d7909c5a0b3e84f19e0cf1f5d216a281176ea2277e6a5cfaaf6f351845e0c135be853cb3f09b1e8d8750ce8b7d7c628f2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d91909ab676697f5cc7fda4bd19134ce
SHA1 fe5033375ee7476b0795084f2e3fefed700dacda
SHA256 a83935e7b0c0ba495ceb5016c9e4ef60f114122b6f3a5f51bf893763029d126b
SHA512 5ded4c197612169ce1ebe30efe9b15c4aac99d2433f62c6970bb424b7c5c344eaa5fe75c88fdf1baa797bab10f305dfd740f96f34667b97d98a4a2ee478a7fd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2ede5adc02cd2f262091960f2bddbf00
SHA1 28e09a138301d4b505cc6d4813e338ab73398655
SHA256 2551c6620c3ce7f598d48ca8b06e8646f2a068b0e9ac1270ecc8d4870371798d
SHA512 236aa946ec81e8d0b0206715036f17e1ba5daa22c6441cd9b51836fde18a132852b0120740e909f6f743427ce0377476f990501be14fbaa55827ad31785a6910

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2131f0e2189c239788d17f530e042ec3
SHA1 65e4cf74bd6edb21c571c1b4abfed638ab800750
SHA256 7873bb269591545536217e9857731d9abfa967e353cbfdb6af8d487726a1a6ca
SHA512 1266a281bbebc092efbeea4ab96204b88441ee59c7151df6bcad158a2b6e32c2b7b5b767fb7729360720ae59601311cee97230bc724fe385cf4cecb8ec65e244

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cb3c124a46e5e8e6aed7a4158809419e
SHA1 2c053fc9b9bb485d3531f7ee9ab8e6092669736d
SHA256 3edd545a6a33b6ae70d10d495884939691a3ba1db3b6e0b6851e16f08581d666
SHA512 cf0d1788e63d193ca7d27306d01f1bb89e97b9fd130d3a0740d98af7a25f540f9010aee27fa31351f7fc367fafab33474daba857fe306b7ab95652d30ec0ce29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77bc595d9e22df637a63b195a9cd2fe8
SHA1 6eed055604d5c1b6cefe41067255e66666dc1b9c
SHA256 5ba066a9586b2bdd5e15e997acaa521d47d20902258d5bbf6186c879a729d257
SHA512 1965f499e049da75c6d6afbb8fd9fdfa42735133585ffbaa06e5513ae6451824cad8b51a04db5fac7d547bbdcb1ada37fc0b99ef2e7baf85f16def6f056b195a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 319732e26c8eb3223aef2756b0f4aeff
SHA1 819697b891c45d2871c812091f6ad25cf0c06914
SHA256 801967e695b8eb1111e7ce905e40024109516a60bb1a84907eff316f0d415274
SHA512 4388b22de661da10cd0bc8a850f0d8bf3e5d78c8dd6c35110fb11a8996c561a4b93aa82ecdc6867a3db680dea1d939e7c07d83fcd109a7a82dbb0265392787c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a09d0ec97d27cfa00a7f384677a70d27
SHA1 72d83c87a20c2c30c4d3aaf18301109f48370383
SHA256 2ab6f85d6aa6c50e550599e5b5f384c56203cebbffe260fd5af1c742572e9fb0
SHA512 c20104d853841bf4c233c6a3d8a03f3e1a9fd02a8e82492f424aba00ba0cd1b757be9524c28e9d84b14a7a71daaae8c146dae7825b08bd007ebeeb9db2bf7635

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 16e00ca3172bd890a229ef4b87655976
SHA1 76ae2c6eab3235ddb8e4e1950248f32822f864a4
SHA256 187e65b4ff0eb744fff114d65f4ce5d975ae7d8d6a14af58ea0a747f1d9e27c9
SHA512 5f56cb2c22b5e7152bf02e68d5ea7559517846d5a3588a43b80f08df7d589fa2aab1fd2478d87deb504747b3dbb48697f6d9418f40e02ae4a6245af1f8489e7a

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:39

Reported

2024-06-13 13:41

Platform

win10v2004-20240611-en

Max time kernel

132s

Max time network

143s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d4ef32ce32a7899e4e113e1da6b206_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d4ef32ce32a7899e4e113e1da6b206_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4160,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4144,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=4488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4972,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5460,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5472,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5940,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=5936,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=6924,i,7977653611488681184,6839495125838449898,262144 --variations-seed-version --mojo-platform-channel-handle=6892 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 ads.serveuser.com udp
US 8.8.8.8:53 razgovorchik.ru udp
US 8.8.8.8:53 razgovorchik.ru udp
MU 41.212.227.208:80 ads.serveuser.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 dd.cb.b0.a1.top.list.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bs.yandex.ru udp
SE 184.31.15.40:443 bzib.nelreports.net tcp
RU 88.212.201.204:80 counter.yadro.ru tcp
RU 95.163.52.67:80 dd.cb.b0.a1.top.list.ru tcp
SE 23.34.233.128:443 www.microsoft.com tcp
RU 87.250.250.90:445 bs.yandex.ru tcp
MU 41.212.227.208:80 ads.serveuser.com tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
RU 90.156.132.125:80 masterhost.ru tcp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 counter.yadro.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
US 8.8.8.8:53 top-fwz1.mail.ru udp
RU 90.156.132.125:80 masterhost.ru tcp
RU 88.212.201.204:443 counter.yadro.ru tcp
RU 95.163.52.67:443 top-fwz1.mail.ru tcp
RU 31.31.205.163:80 razgovorchik.ru tcp
US 8.8.8.8:53 masterhost.ru udp
US 8.8.8.8:53 masterhost.ru udp
RU 90.156.132.125:443 masterhost.ru tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 178.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 40.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 204.201.212.88.in-addr.arpa udp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 6.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 67.52.163.95.in-addr.arpa udp
US 8.8.8.8:53 163.205.31.31.in-addr.arpa udp
US 8.8.8.8:53 125.132.156.90.in-addr.arpa udp
US 8.8.8.8:53 105.83.221.88.in-addr.arpa udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 g.bing.com udp
US 131.253.33.237:443 g.bing.com tcp
RU 77.88.21.90:445 bs.yandex.ru tcp
RU 213.180.204.90:445 bs.yandex.ru tcp
RU 213.180.193.90:445 bs.yandex.ru tcp
RU 93.158.134.90:445 bs.yandex.ru tcp
US 8.8.8.8:53 telem-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 telem-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
GB 51.11.108.188:443 telem-edge.smartscreen.microsoft.com tcp
BE 88.221.83.203:443 www.bing.com tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 237.33.253.131.in-addr.arpa udp
US 8.8.8.8:53 188.108.11.51.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 203.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 bs.yandex.ru udp
BE 88.221.83.203:443 www.bing.com udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 87.250.250.119:445 mc.yandex.ru tcp
RU 77.88.21.119:445 mc.yandex.ru tcp
RU 93.158.134.119:445 mc.yandex.ru tcp
RU 87.250.251.119:445 mc.yandex.ru tcp
US 8.8.8.8:53 mc.yandex.ru udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
BE 2.17.107.128:443 www.bing.com tcp
US 8.8.8.8:53 128.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 145.83.221.88.in-addr.arpa udp
BE 88.221.83.187:443 www.bing.com tcp
US 8.8.8.8:53 187.83.221.88.in-addr.arpa udp

Files

N/A