Malware Analysis Report

2025-01-18 00:13

Sample ID 240613-qywq7avgnj
Target a5d621ffff7ca312f51280968f25c385_JaffaCakes118
SHA256 e66581c0aa82a03bea594ba7ccf0b2992a1f63ea54a06e6d8226fc3ec6541b72
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e66581c0aa82a03bea594ba7ccf0b2992a1f63ea54a06e6d8226fc3ec6541b72

Threat Level: No (potentially) malicious behavior was detected

The file a5d621ffff7ca312f51280968f25c385_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary


Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 13:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 13:40

Reported

2024-06-13 13:43

Platform

win7-20240611-en

Max time kernel

117s

Max time network

134s

Command Line

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d621ffff7ca312f51280968f25c385_JaffaCakes118.html

Signatures

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000fec412f7fcbfb79a4003100f1831f4b0d682d87404b111599f459c8a4dbdd8aa000000000e80000000020000200000000abd433e015cfc7ed941eac08de098da4cb3962722ea3414483b3c12d245a05e200000004ed7da2bdc9dd552ec9a55e41706b5c520f48a671796dd76b21cedeca3b98fc540000000721efb88fb9feb2ee1f3b01f9457d6926a6aa31a9ab3218f8571aa6c6837c5200123a489990ab09a555c3d2f8b615ab5a0014b955d1a3f5a89a49d14740138fa C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000f2a3796a5c1b464429898ba3caebb63f2384a2d5aba4373d383515545387ef5f000000000e80000000020000200000005f7a611436089597fe5392b59ae54e942357c85fdccb481419f33bac76cab57e900000003375811dfa96d5a9f5b1e3e37633c3b96fda117c539665af8841b60e272e84d61e0aa1bc428ccaa08ff3da0ced7a22b57daca6d873bc7ad545065c236e7d108fd31d6737f12b08dc8ec48be99787ad82c2dc83bb9dd1460ad2e240f2951260d32d8fa37765da4c448bf9b91e873026e69a4609c8ff1c9dec708af3b2cebd26bad2818fe366e55e276a904f3c73180b9a40000000fda5ff8552ca9f217939295cfef635d1465f191160c011d792379cad90133ecfd34d20a263cc8a803d5f5bf556ddf92dea92090e90e27095a507080f218e339c C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424447917" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8A3B23E1-298A-11EF-A8D3-D2DB9F9EC2A6} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0f5266397bdda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Processes

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a5d621ffff7ca312f51280968f25c385_JaffaCakes118.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1520 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 ag8aq.cn udp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\Cab842F.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar84EF.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 11aeb9fac9fa21c3a59fdce0175e42a0
SHA1 7af5c5c72579ce820a65e68147b25fea7a882af4
SHA256 d1f2087fee5d9edfc91c4a1aafbdd7ef08ca8a2e8c17b0dcddb12d92b36a44b9
SHA512 50ee9c0afd0f46e378b610a66a4e7d184ddcffe67dc316f5cfae418ad1e22ab01074ca0bbc54a5bec452fa75162db1c195c388c07b287ccfd70b07ba9e23f695

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 84af4a247b20ae8149006dc698efd506
SHA1 10095ead12e745da4e12b9b8d1915e5c372a471e
SHA256 9150ac0785898f1d2b6c7e0f5ec93de85dcae9e3445981bb3b36691c5ffd89fa
SHA512 4809fabb12059dc550683a9de3460efbaaad351c4ff114b129298457899c3841c33604960fe006560e40289bd321fe15592017ebe602c5fe46d46248c2389272

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 078fa5bc1fc7b415cc1116a16e315011
SHA1 9cb87ee4a9e54f0106045184ff2c5346ebc500a4
SHA256 3de8061b46468d0ed3f68b2df58e25e9dc9e3c51d83a4daa2afbed97413cfa9c
SHA512 f350c96bfa0ca22deed3c649eba16534ba322130fd70493ab592623c4cb6298fc589a44566cdee32ed34c5b8e317f7c3618030f09f527f4d42b89e66fc6553b8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bbee4349962bc26000c33117493fdc4c
SHA1 1b44fb4423e91679b7010a79936edf43b9c7ce56
SHA256 626a6af231ba206719c1cc1a09c39b28af488ab6c8bf49287a0b30528f903801
SHA512 8b88e8f0b4aead5e14ea40323d2f6272dccf686fc9072504afbd4e11a1f6316f2f1764021249301cab9dfe04bcbbc1452b3af298f3d1aa200f9f4e3dba3310eb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdab67428973fa88fce113ae3b1141bd
SHA1 4b5f909cf92a58d8798d80126ab3bb459a61feed
SHA256 a86e6de15471902aa47e2d1dc6eef45d641dcbd5a6508e0a56ca8ec9f140636a
SHA512 bfc648c880aee67088afffbf1db9e6da8c3511c1c4e7d29d642f3751631bb82e56ef48d51075b9379bf50d16fa51dc22e1d167782f8ffb835e073bf71dd23f76

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6534c9459cf83a386fb620bcf44a2e34
SHA1 544e37361d5c4b173ff93c4f8deb0cc04002a16a
SHA256 f1a6c16b93501079fb213a5c9df56ef5488826a10cb8ac35b1f8b8cfb05e4052
SHA512 54ae831ba826453eb83217f44c2bc125520cbbeba0bb4b549d08b6e4259fe09e4f1f96986dbbfff459689be67b53e37c72321f3896f7ccb56a4de47429114f58

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 51eb144a862ef24fc8f99207d3941e71
SHA1 d2f2e98da92e9e9b3706a127665ebf4e05151e1c
SHA256 6b03c79cb174869c3dca55acd5b8d63daadb4d10e5dfda9dce501337ce54c802
SHA512 7d5fe71cba42bd39a106b1e045358867e04d82e00a8895d3f61bd6b8439cf55bfe7f2ea2df397b228b8debb8ca702529128aef9985fbe0bf1bf5517776912ee4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fdb0ae470ad867d5fbe095cc579e0d5d
SHA1 6627f30d2add78c07e9dddb89beb3db406cdd40e
SHA256 68b19dfe7063855f713fec52e5271c5e6d20f4326ee02d5464a9356d51d7e586
SHA512 4a0e58c8c3282f9dbdd0ed3d7fdc27bd9faf0762537951980ba3f8eedf178d05a100e78fa92f5f442a48bda2fcf461e71f7072dcce67735e24b60f4e06296fc3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a80c781d734296cdf57f8be44b838d86
SHA1 8e7e55b507439bcfec73f0e043cd8948eb95de74
SHA256 323d28508d7d3254f24d50b994ee4afad4aef68efb1d5272424fe968291b45cc
SHA512 a4ddb685dd50feb19b672d20c12217c1ba7ea7c7c0e025bcd3c7ff98d9d0fbdc4a64007c2024faefa0518f14691428e7494c5f1d791e1eec7c1b0b5739df58de

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8fd399c7b2d2ca74d336daad7208c839
SHA1 1d220d54b44b5a8cc5ed224a3f37ebe3c414ab58
SHA256 cc1e6a526354f113719243189c1b507a4d4d82a34bcc6810379de3745e2b88d4
SHA512 aece0962db195fb3afcca182bb2056dccea0e3cf76ba7bd537f35de5b65f5cbaa9639608b012ad2f225d0ee19bda2fb088ddde7d5e85e982944b711853acb794

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1d9e43e1b356d4c9e37c42bbe6b35d4
SHA1 adbc8ee3646d717e6238541b75588469ca12ff65
SHA256 79712ebc7d309afb0e63a74403b078d598c9ceb8e9c0db4d52e03d54b878075f
SHA512 3dc89d8b28820d023757c21ae639c502d128d76eb5c1af82f2d51175be98d58798b6a382963214d44da3c38c192f3beee81ae18dbee66610a05afa1cf8bd969f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f6ba5be3afd2b0ad0832098caa2c4c59
SHA1 2f4a48e42aff1caad0d290e47b31712d7f06e481
SHA256 0ac549f6c52af052cf8388f04f39fab6ffb7ea70e6173a1c9896049905c0c377
SHA512 b3baf0c8ebd0cb7d7dc04bbca6a5b3b557fd62ceabc43f91ee82a84d5582ed2cad5ab6380f1f512ec5328ea485f5a5c930f64fe22e24b10ceebfbd29c7a014d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4d8d282725d7a96a21990a849795c3d7
SHA1 83c79f217dc2bf0f762024493370c6c8b319974b
SHA256 88af6c7e890327d5e0defa7203618a13b61e5ebc56cb3ff885875e9614b4e4bd
SHA512 e63f67e1395f9d0ba2885fd0d6f5e7bc406f72b5ae6c90e02b1150cb5a00f6cddcae764ee81c0defc3855b15ce5801d012ff39056a1d749de5a2d6c0f48f4157

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5d724db2f37824895febdd53eadb7281
SHA1 a9ed2844d6d98aca4dd602f89285c29f7f92a821
SHA256 0328b7debaa3c2340132112f52a6e6a05de7796e493972b2bf884ab0f2a7f40c
SHA512 0ae0f397651e07799983aedf308d9388da3faa700b4a59a5c73c1697ce034d5f417bff00daf015ae740c1e1e4d328a75ae21d0fe6c8dde8eecc478c3247562d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cddeed130c27e5cb19fa1f2bca6d042a
SHA1 898b687ed1944e2a5c3d4ec88d6a73938f29b30f
SHA256 80efc5af1ef7948813b4be9e6bbc070259f0f058752780b784566179006d01cf
SHA512 b2f8652a3e183d5a1a1d01ac3eac8f72aa727ba1dde9c4ce1dbb0d3e1c1b2fa532b7984c96e13c30be701a199109fd125c26ab2918ff86937716a0b6181aebe4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca5a0b089639d3f7bc31f9e8b848f3c1
SHA1 51ce72860e8bd6f88cb2bb277bd69258be92b9f4
SHA256 67cc5bdddea161cc96497560cd4cdf1bd712e863863633f3ce047a8cbcbeb65a
SHA512 f82e851ced8c0e73fa22734aa3acfadfac9ec5dc3c655996d761a08fea03e3b9aab5cbf14b5ed6f887dc9dd22a9ea982f60c1ada18969ed28b54b30d4f149579

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5f4ac85e9413eff470b20f84d91af4f3
SHA1 f3a9540031da928064243088806a9081b774d4c2
SHA256 bce1632ed1baa19379e343d45f674876e5faee45303e483cc8a6384c5b5caa6e
SHA512 7cdb8e4c40c6feedaca929adf07a4053fadd01eb928888b1112887fc12c90fc6986944c8b4b58efc057f68471facb2fad526ef068e6243e04f722579355b9dcd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7b162fb5e1fa8baef75a5a8dca167ac3
SHA1 59987a001af33dbbc7a5fa107feb15b352b0eac2
SHA256 cfd668bf214a901646c43962353678a758a4e352c470398a79a1300b80c47e78
SHA512 819f4868cb0c77a16085019329505001fea398d06f4d7a70f472163660b1da1f54bbc40650dad7c758e0d47f8fc3936e16f58ee59dae6a5a638a6887ad4c1fe3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f2c9ee5173cbbebfab725b3cb0f23e00
SHA1 f94c287d01ac6567473927ee2d85fc0afcfec039
SHA256 d278ea529614add78ba923ce857219a6f3c299c674b1d112a0d8721c95df355d
SHA512 c82ef84d80464072febb9ec41bbd10fc50be9db7d76572329848fbd2a8933bd6b4be275013706a9573505ac919b028c83994dfbcfa84bc973580c957b6bb264e

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 13:40

Reported

2024-06-13 13:43

Platform

win10v2004-20240226-en

Max time kernel

143s

Max time network

151s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d621ffff7ca312f51280968f25c385_JaffaCakes118.html

Signatures

N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5d621ffff7ca312f51280968f25c385_JaffaCakes118.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4748 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3288 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5772 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5244 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4812 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
GB 96.16.110.114:80 tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 13.107.6.158:443 business.bing.com tcp
GB 172.165.61.93:443 nav-edge.smartscreen.microsoft.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 76.234.34.23.in-addr.arpa udp
US 8.8.8.8:53 93.61.165.172.in-addr.arpa udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 ag8aq.cn udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
SE 184.31.15.35:443 bzib.nelreports.net tcp
SE 23.34.233.128:443 www.microsoft.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 35.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 128.233.34.23.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 98.58.20.217.in-addr.arpa udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.42.73.29:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 29.73.42.20.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.253.64:443 wcpstatic.microsoft.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.234:443 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
BE 88.221.83.233:443 www.bing.com tcp
US 8.8.8.8:53 233.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
BE 2.17.107.105:443 www.bing.com tcp
US 8.8.8.8:53 105.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 210.143.182.52.in-addr.arpa udp

Files

N/A